(RADIATOR) unsubscribe
Re: (RADIATOR) cant compile DBD-Oracle on solaris 9
Hi DR, I had the same problem. Easiest thing to do is to download and install the 32-bit Solaris version of Oracle 9i. The problem is that the ld command and probably a lot of other executables on your system are 32-bit versions. The instructions for extracting them are on the download page - a little different from standard Oracle fare - they don't automatically extract into Disk1, Disk2 and Disk3 directories - so read the short instruction on the download page. 92010Sol_Disk1.cpio.gz 92010Sol_Disk2.cpio.gz 92010Sol_Disk3.cpio.gz Regards, Tunde Itayemi. - Original Message - From: Datareactor To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 7:01 PM Subject: (RADIATOR) cant compile DBD-Oracle on solaris 9 Dear all i am facing problem compiling DBD-oracle for radiator2.18 perl Makefile.PL output is OK i get following error when try to " make " ld: fatal: file /u01/lib//libclntsh.so: wrong ELF class: ELFCLASS64ld: fatal: File processing errors. No output written to buildcollect2: ld returned 1 exit status*** Error code 1make: Fatal error: Command failed for target `blib/arch/auto/DBD/Oracle/Oracle.so' i think there is some 64bit vs 32bit issue i try to compile both with 64bit perl and 32bit perl with no luck my system information is as followings 1)E250 Sparc Platform with Solaris 9 and Oracle 9 2)v5.6.1 built for sun4-solaris-64int 3) gcc 3.3 Thanks is Advance Regards ./DR
(RADIATOR) startup script for radiator on solaris sparc
Hi All, Does anyone have a startup script I could use on a Solaris 8 SPARC box? Pls attach instructions for installation :-) Thanks. Regards, Tunde Itayemi.
Re: (RADIATOR) startup script for radiator on solaris sparc
Hi Richard, Hi Roland, Hi All. Thanks. I got it all set up now. Rebooted the box and it came up with radius running. Thanks. Tunde I. - Original Message - From: Richard Grantham [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:52 PM Subject: Re: (RADIATOR) startup script for radiator on solaris sparc Hello, I use this as /etc/init.d/radiusd. You may find it useful seeing as you are and Oracle person. What you should do is link /etc/rc2.d/S80radiusd and /etc/rc0.d/K80radiusd to this script too. This will start Radiator in run level 2 and stop it in run level 0. Richard -- SNIP -- #!/bin/sh ORACLE_SID=SID ORACLE_HOME=/PATH/TO/ORACLE/HOME LD_LIBRARY_PATH=$ORACLE_HOME/lib PATH=/sbin:/bin:/usr/local/bin export ORACLE_SID ORACLE_HOME LD_LIBRARY_PATH PATH case $1 in 'start') radiusd ;; 'stop') kill `cat /var/run/radiusd.pid` ;; 'restart') kill -HUP `cat /var/run/radiusd.pid` ;; esac === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator on solaris SPARC
Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pmcc -c -xO3 -xdepend -DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS Perl.ccc: unrecognized option `-KPIC'cc: language depend not recognizedcc: Perl.c: linker input file unused since linking not done/usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris -I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend -DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS DBI.ccc: unrecognized option `-KPIC'cc: language depend not recognizedcc: DBI.c: linker input file unused since linking not doneRunning Mkbootstrap for DBI ()chmod 644 DBI.bsLD_RUN_PATH="" cc -o blib/arch/auto/DBI/DBI.so -G DBI.occ: DBI.o: No such file or directorycc: No input filesmake: *** [blib/arch/auto/DBI/DBI.so] Error 1bash-2.03#
(RADIATOR) DBD-Oracle problems on SUN
Hi All, I am having problems installing the DBD-Oracle-1.12 module (tried v 1.14 also)on a Solaris SUN box with specs: NetraX1 (Solaris 8) perl 5.6.1 DBI-1.21 GNU gcc 3.3 GNU libgcc 3.3 Oracle9iR1 install. Below is a sample install run and the errors I got. Thanks. Tunde I. bash-2.03# cd DBD-Oracle-1.12bash-2.03# perl Makefile.PLUsing DBI 1.21 installed in /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/DBI Configuring DBD::Oracle ... Remember to actually *READ* the README file! Especially if you have any problems. Using Oracle in /export/spare/oracle9swFound header files in rdbms/demo.Found /export/spare/oracle9sw/precomp/demo/proc/demo_proc.mkUsing /export/spare/oracle9sw/precomp/demo/proc/demo_proc.mkReading /export/spare/oracle9sw/precomp/demo/proc/demo_proc.mk.Reading /export/spare/oracle9sw/precomp/lib/env_precomp.mk.Deleting ORA_NLS = $(ORACLE_HOME)/ocommon/nls/admin/data/ because it is not already set in the environment and it can cause ORA-01019 errors.Deleting ORA_NLS33 = $(ORACLE_HOME)/ocommon/nls/admin/data/ because it is not already set in the environment and it can cause ORA-01019 errors. Attempting to discover Oracle OCI build rules...gcc -c -o DBD_ORA_OBJ.o DBD_ORA_OBJ.cOracle oci build command: echo -xarch=v9 -o DBD_ORA_EXE DBD_ORA_OBJ.o -L/export/spare/oracle9sw/lib/ -lclntsh `cat /export/spare/oracle9sw/lib/ldflags` `cat /export/spare/oracle9sw/lib/sysliblist` -R/export/spare/oracle9sw/lib -laio -lposix4 -lm -lthread -xarch=v9 -o DBD_ORA_EXE DBD_ORA_OBJ.o -L/export/spare/oracle9sw/lib/ -lclntsh -lnbeq9 -lnhost9 -lnus9 -lnldap9 -lldapclnt9 -lnsslb9 -lnoname9 -lntcp9 -lntcps9 -lnsslb9 -lntcp9 -lntns9 -lnsl -lsocket -lgen -ldl -R/export/spare/oracle9sw/lib -laio -lposix4 -lm -lthreadUnable to interpret Oracle oci build commands. Using fallback approach. System: perl5.006001 sunos solaris 5.8 generic sun4u sparc sunw,ultra-5_10Compiler: gcc -O -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64Linker: /usr/local/bin/ldSysliblist: -lnsl -lsocket -lgen -ldlOracle makefiles would have used these definitions but we override them: CC: cc CFLAGS: $(GFLAG) $(OPTIMIZE) $(CDEBUG) $(CCFLAGS) $(PFLAGS)\ $(SHARED_CFLAG) $(USRFLAGS) [$(GFLAG) -xO3 $(CDEBUG) -Xa $(PROFILE) -xstrconst -dalign -xF $(XS) $(MR) -xildoff -errtags=yes -v -xarch=v9 -xchip=ultra3 -W2,-AKNR_S -Wd,-xsafe=unboundsym -Wc,-Qiselect-funcalign=32 -xcode=abs44 -Wc,-Qgsched-trace_late=1 -Wc,-Qgsched-T5 -xalias_level=weak -D_REENTRANT -DSS_64BIT_SERVER -DBIT64 -DMACHINE64 -K PIC -DPRECOMP -I. -I/export/spare/oracle9sw/precomp/public -I/export/spare/oracle9sw/rdbms/public -I/export/spare/oracle9sw/rdbms/demo -I/export/spare/oracle9sw/plsql/public -I/export/spare/oracle9sw/network/public -DSLMXMX_ENABLE -DSLTS_ENABLE -D_SVID_GETTOD -D_REENTRANT $(LPFLAGS) $(USRFLAGS)] build: $(DEMO_PROC_BUILD_SHARED_64)Evaluating `cat $(LIBHOME)ldflags` expanded `cat /export/spare/oracle9sw/lib/ldflags` returned '-lnbeq9 -lnhost9 -lnus9 -lnldap9 -lldapclnt9 -lnsslb9 -lnoname9 -lntcp9 -lntcps9 -lnsslb9 -lntcp9 -lntns9'Evaluating `cat $(LIBHOME)sysliblist` expanded `cat /export/spare/oracle9sw/lib/sysliblist` returned '-lnsl -lsocket -lgen -ldl' [ cc -xarch=v9 $(LFLAGS) -o $(EXE) $(OBJS) -L$(LIBHOME) -lclntsh -lnbeq9 -lnhost9 -lnus9 -lnldap9 -lldapclnt9 -lnsslb9 -lnoname9 -lntcp9 -lntcps9 -lnsslb9 -lntcp9 -lntns9 $(EXPDLIBS) $(EXOSLIBS) -lnsl -lsocket -lgen -ldl -R/export/spare/oracle9sw/lib -laio $(THREADLIBS) -lposix4 $(LLIBKSTAT) -lm $(USRLIBS) -lthread] LDFLAGS: -o $@ $(LDPATHFLAG)$(PRODLIBHOME) $(LDPATHFLAG)$(LIBHOME) [-o $@ -L/export/spare/oracle9sw/precomp/lib/ -L$(LIBHOME)] Linking with -L/export/spare/oracle9sw/lib -lclntsh [from $(LIBCLNTSH)] Warning: If you have problems you may need to rebuild perl with -Uusemymalloc. Checking if your kit is complete...Looks goodLD_RUN_PATH=/export/spare/oracle9sw/libUsing DBD::Oracle 1.12.Using DBI 1.21 installed in /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/DBIWriting Makefile for DBD::Oracle *** If you have problems... read all the log printed above, and the README and README.help files. (Of course, you have read README by now anyway, haven't you?) bash-2.03# makeSkip blib/lib/oraperl.ph (unchanged)Skip blib/lib/DBD/Oracle.pm (unchanged)Skip blib/arch/auto/DBD/Oracle/mk.pm (unchanged)Skip blib/arch/auto/DBD/Oracle/dbdimp.h (unchanged)Skip blib/arch/auto/DBD/Oracle/ocitrace.h (unchanged)Skip blib/arch/auto/DBD/Oracle/Oracle.h (unchanged)Skip blib/lib/Oraperl.pm (unchanged)gcc -c -I. -I/export/spare/oracle9sw/precomp/public -I/export/spare/oracle9sw/rdbms/public -I/export/spare/oracle9sw/rdbms/demo -I/export/spare/oracle9sw/plsql/public -I/export/spare/oracle9sw/network/public -I/export/spare/oracle9sw/rdbms/demo -I/export/spare/oracle9sw/rdbms/demo -I/usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/DBI -fno-strict-aliasing -I/usr/local/include
Re: (RADIATOR) radiator on solaris SPARC
to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:64: dereferencing pointer to incomplete type Oracle.xs:66: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:87: dereferencing pointer to incomplete type Oracle.xs:87: dereferencing pointer to incomplete type Oracle.xsi: In function `boot_DBD__Oracle': Oracle.xsi:18: sizeof applied to an incomplete type Oracle.xsi:19: sizeof applied to an incomplete type make: *** [Oracle.o] Error 1 # - Original Message - From: Eapen Joseph [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: Elias [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 5:41 AM Subject: Re: (RADIATOR) radiator on solaris SPARC hi, i have radiator working fine without any problem on sun. The compiler i've used is workshop6. All the perl modules installation also went fine. rgds eapen - Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] Date: Tuesday, August 5, 2003 2:06 pm Subject: Re: (RADIATOR) radiator on solaris SPARC Hi Elias, hi Richard, You are both right! To think I spent the whole of yesterday on this! I have started installing the perl modules in less than 30minutes! Ok. I uninstalled perl 5.005 which came with Solaris and installed the GNU perl 5.6.1 instead ( I had done that before reading Richard's reply)I guess I could have kept both. I also installed the GNC gcc 3.3 and libgcc 3.3 soft-linked /usr/ucb/cc to /usr/local/bin/gcc and I am compiling away! Thanks, it goes to show that Knowledge is indeed power! Tunde Itayemi. - Original Message - From: Elias To: Ayotunde Itayemi Sent: Tuesday, August 05, 2003 11:00 AM Subject: Re: (RADIATOR) radiator on solaris SPARC *** Your mail has been scanned by TMnet VirusWall. *** Hi, I'm running my Radiator setup on Solaris 8 with an Oracle DB. I think your problem is more with Perl. The default Perl installation that comes with Solaris is linked to use cc. I normally reinstall Perl to get it to run with gcc. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: Hugh Irvine Sent: Tuesday, August 05, 2003 5:31 PM Subject: (RADIATOR) radiator on solaris SPARC *** This e-mail was scanned by TM Net E-Mail Virus Shield. *** Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pm cc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS Perl.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: Perl.c: linker input file unused since linking not done /usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris - I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS DBI.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: DBI.c: linker input file unused since linking not done Running
Re: (RADIATOR) radiator on solaris SPARC
Hi Eapen, hi All, This is no longer radiator but ... By the way, I couldnt install the DBD-Oracle perl module - it seems anything short of a full Oracle DB install wont work - I installed only the runtime client so now I have to reinstall the whole thing again. Now whenever I start the Oracle installer, it crashes out with a JVM error! Why me! :-( Eapen, what sort of SUN do you have? I also have a Netra X1 here with me that the owner has lost its LOMlite password. I got some info from tech-tips about resetting a jumper on the board (J13) but that was for a larger SUN machine so I couldnt find the jumper on the board. I noticed though that there is a jumper right next to the flash card on the SUN ... :-) Any ideas? Regards, Tunde I. - Original Message - From: Eapen Joseph [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: Elias [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 5:41 AM Subject: Re: (RADIATOR) radiator on solaris SPARC hi, i have radiator working fine without any problem on sun. The compiler i've used is workshop6. All the perl modules installation also went fine. rgds eapen - Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] Date: Tuesday, August 5, 2003 2:06 pm Subject: Re: (RADIATOR) radiator on solaris SPARC Hi Elias, hi Richard, You are both right! To think I spent the whole of yesterday on this! I have started installing the perl modules in less than 30minutes! Ok. I uninstalled perl 5.005 which came with Solaris and installed the GNU perl 5.6.1 instead ( I had done that before reading Richard's reply)I guess I could have kept both. I also installed the GNC gcc 3.3 and libgcc 3.3 soft-linked /usr/ucb/cc to /usr/local/bin/gcc and I am compiling away! Thanks, it goes to show that Knowledge is indeed power! Tunde Itayemi. - Original Message - From: Elias To: Ayotunde Itayemi Sent: Tuesday, August 05, 2003 11:00 AM Subject: Re: (RADIATOR) radiator on solaris SPARC *** Your mail has been scanned by TMnet VirusWall. *** Hi, I'm running my Radiator setup on Solaris 8 with an Oracle DB. I think your problem is more with Perl. The default Perl installation that comes with Solaris is linked to use cc. I normally reinstall Perl to get it to run with gcc. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: Hugh Irvine Sent: Tuesday, August 05, 2003 5:31 PM Subject: (RADIATOR) radiator on solaris SPARC *** This e-mail was scanned by TM Net E-Mail Virus Shield. *** Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pm cc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS Perl.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: Perl.c: linker input file unused since linking not done /usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris - I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS DBI.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: DBI.c: linker input file unused since linking not done Running Mkbootstrap for DBI () chmod 644 DBI.bs LD_RUN_PATH= cc -o blicc: DBI.o: No such file or directory cc: No input files make: *** [blibash-2.03# === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
Re: (RADIATOR) radiator on solaris SPARC
Hi Elias, hi Richard, You are both right! To think I spent the whole of yesterday on this! I have started installing the perl modules in less than 30minutes! Ok. I uninstalled perl 5.005 which came with Solaris and installed the GNU perl 5.6.1 instead ( I had done that before reading Richard's reply) I guess I could have kept both. I also installed the GNC gcc 3.3 and libgcc 3.3 soft-linked /usr/ucb/cc to /usr/local/bin/gcc and I am compiling away! Thanks, it goes to show that "Knowledge is indeed power!" Tunde Itayemi. - Original Message - From: Elias To: Ayotunde Itayemi Sent: Tuesday, August 05, 2003 11:00 AM Subject: Re: (RADIATOR) radiator on solaris SPARC *** Your mail has been scanned by TMnet VirusWall. *** Hi, I'm running my Radiator setup on Solaris 8 with an Oracle DB. I think your problem is more with Perl. The default Perl installation that comes with Solaris is linked to use cc. I normally reinstall Perl to get it to run with gcc. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: Hugh Irvine Sent: Tuesday, August 05, 2003 5:31 PM Subject: (RADIATOR) radiator on solaris SPARC *** This e-mail was scanned by TM Net E-Mail Virus Shield. *** Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pmcc -c -xO3 -xdepend -DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS Perl.ccc: unrecognized option `-KPIC'cc: language depend not recognizedcc: Perl.c: linker input file unused since linking not done/usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris -I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend -DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS DBI.ccc: unrecognized option `-KPIC'cc: language depend not recognizedcc: DBI.c: linker input file unused since linking not doneRunning Mkbootstrap for DBI ()chmod 644 DBI.bsLD_RUN_PATH="" cc -o blib/arch/auto/DBI/DBI.so -G DBI.occ: DBI.o: No such file or directorycc: No input filesmake: *** [blib/arch/auto/DBI/DBI.so] Error 1bash-2.03#
(RADIATOR) modifying accounting SQL statements
Hi Hugh, Hi All, I have some SQL accouting statement that inserts the connect-speeds along with some other connection parameters into an SQL table. At first it worked fine then I suddenly noticed that no new records were being put into the table. The trace 4 debug logshowed that the accounting records coming from the RAS (Patton boxes) sometimes did not contain the affected fields (Ascend-Data-Rate and Ascend-Xmit-Rate) - not that they are set to zero - they are not in the records written to the radius log at all). This causes the SQL insert statement to fail. Is there someway I can get the insert to succeed even when some fields are missing? I was thinking of something like: INSERT %{Ascend-Xmit-Rate}+0, . Now I find that ALL the packets from the patton RASes (model 2966) dont contain the 2 fields at all - and I haven't reconfigured the boxes at all. "Radiator looks radiant!" Regards, Tunde Itayemi. The accouting-startinsert statement as it stands currently (the other one is for accounting-stop) AcctSQLStatement insert into accessaccounting values ( \'%{User-Name}', 0,'%{Acct-Status-Type}', \'%{NAS-Identifier}', \'%{Called-Station-Id}', '%{Calling-Station-Id}', \%{Ascend-Data-Rate}, %{Ascend-Xmit-Rate}, \'%{Framed-IP-Address}', %{Acct-Delay-Time}, \'%o', to_date('%o', 'DY MON DD HH24:MI:SS '), \'%o', to_date('%o', 'DY MON DD HH24:MI:SS ') )
(RADIATOR) time-based access and radiator
Hi All, Hi Hugh, Seems like I am having a major brain block. I am trying to implement a config which allows both time-based (prepaid) access and unlimited access (just two options). The description of my subscribers table is given below. I am having problems configuring radiator. Simply stated what I want it as follows: a user attempts to connect: 1. radiator checks subscribers table to see if he is prepaid -in which case it returns a the amount of time (in secs) left as the max amount of time the user can stay online to the NAS/RAS otherwise (the user is allowed unlimited access) Of course if the TIMELEFT field is zero for prepaid client, the user is not allowed to connect. 2. when the user disconnects (if prepaid, his TIMELEFT field is reduced by the amount of time he stayed online) - this does not affect "unlimited" clients or else there would be negative values in the TIMELEFT column I have attached my proposed radius config file which i am sure is far from being complete or correct. I think the above should be simple but I cant seem to get my mind around it. Other issue is that I have to get the accouting data back into my accouting package called optigold. I was thinking of getting the radius parser file from optigold to parse the radius accounting logfile. Any suggestions/ideas will be appreciated. Is there anybody on this list using radiator and optigold for acccouting etc? Hope to hear from you very soon. Thanks. Tunde Itayemi. == USERNAMEvarchar(100) primary key,-- Users login name, including realmPASSWORDvarchar(30),-- Cleartext passwordCHECKATTRvarchar(200),-- Optional check radius attributesREPLYATTRvarchar(200),-- Optional reply radius attributesTIMELEFTint,ISPREPAID int, -- 0 for unlimited and 1 for prepaidEMAILATTRvarchar(200),STATUSvarchar(10), -- Optional (used for enable/disable)FULLNAMEvarchar(60)-- Optional user fullname == SessionDatabase SQLIdentifier SDB1DBSource dbi:Oracle:radius00DBUsername DBAuth DeleteQuery/SessionDatabase # === CLIENTs =Client x.x.x.x Secret patt123 DupInterval 0NasType Patton SNMPCommunity public Identifier pattonrases/Client Client b.b.b.b# (surgemail) mail server Secret [EMAIL PROTECTED]! DupInterval 0 Identifier mailserver/Client # === AUTH BYs =AuthBy SQLIdentifier SQLClientauthNoDefaultDBSource dbi:Oracle:radius11DBUsername DBAuth AuthSelect select PASSWORD, TIMELEFT*ISPREPAID from SUBSCRIBERS \where USERNAME='%n' and (TIMELEFT 0 or ISPREPAID=0) and STATUS = 'Enabled' AuthColumnDef 0, User-Password, checkAuthColumnDef 1, GENERIC, checkAuthColumnDef 2, GENERIC, checkAutoMPPEKeys YesDefaultSimultaneousUse 1/AuthAuthBy SQL Identifier SQLmailauth NoDefault DBSource dbi:Oracle:radius00 DBUsername nitelradius DBAuth radius4nitel AuthSelect select PASSWORD, CHECKATTR, EMAILATTR \ from SUBSCRIBERS where USERNAME = '%n' AuthColumnDef 0, User-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, Vendor-Specific, reply DefaultSimultaneousUse 1/Auth #=== HANDLERs Handler Client-Identifier=pattonrases AuthByPolicy ContinueWhileAccept RewriteUsername s/^([EMAIL PROTECTED]).*/$1/RewriteUsername tr/A-Z/a-z/ UsernameCharset [EMAIL PROTECTED] AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth# Adjust the time left when they log outAccountingStopsOnlyAcctSQLStatement update SUBSCRIBERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \ where USERNAME='%n' and ISPREPAID = 1/Handler Handler Client-Identifier=mailserver AuthByPolicy ContinueWhileAccept RewriteUsername tr/A-Z/a-z/ UsernameCharset [EMAIL PROTECTED] AuthBy SQLmailauth/Handler
(RADIATOR) multiple copies of radiator running?
Hi Hugh, I have the following line in my /etc/rc.d/rc.local # Added for High Availability of the DNS serverORACLE_HOME=/oracle9sw/OraHome1NLS_LANG=AMERICANexport ORACLE_HOME NLS_LANGrestartWrapper -mail [EMAIL PROTECTED] -delay 2 "/usr/bin/radiusd -config_file /etc/radiator/radius.cfg -foreground" Now when I check the running processses by using "ps -ef" I get the two lines below: root 3421 1168 0 11:39 ? 00:00:00 sh -c /usr/bin/radiusd -config_froot 3422 3421 0 11:39 ? 00:00:00 /usr/bin/perl /usr/bin/radiusd - Is it OK? It seems there are two separate copies of radiator running? Also is there any command to use to restart a radiator instance started by restartWrapper? For example, when say an Oracle DB goes down, and radiator backs off for some time and you want to force a radius restart as soon as the database is back up. Regards, Tunde I.
(RADIATOR) radiator and optigold ISP
Hi Hugh, hi all, Please is there anyone on this mailing list using radiator and optigold ISP? I need some advice/help with a new system I am implementing. The system involves time-based billing where radiator decrements the pre-paid online a user has originally everytime the user makes use of the service and stops the user from connecting when the time has reduced to a value of zero. It also requires getting the usage data from radiator back to optigold for preparing customers bills. I know the usage based scenario has been discussed before on the list so I am just about to search the archives but I would still need some help with the other issues above. Regards, Tunde Itayemi.
(RADIATOR) time-based authentication
Hi Hugh, Hi all, Please I need to implement a configuration that involves the following: 1. pre-paid service users (sayd a payment for 100hours for example) 2. regular dial-in users with no time limitatation What would be the best approach to this? Two subscriber tables and a cascaded authby scheme? I have taken a look at the pre-paid exampl in the goodies directory but that only fits part of my requirements. 2. Is there a way to get accouting data back to optigold ISP for the preparation/generation of billing invoices? I intend to integrate optigoldISP and radiator tightly in this installation. My session records and accouting records makes use of an Oracle DB BTW. Thanks. Regards, Tunde I.
(RADIATOR) help with ipass accouting
Hi All, Hi Hugh, I haven't been active on the list for some time since Radiator has simple been radiant! I want to get radiator to log the following values into an oracle table called IPASSTABLE. The time the ipass user disconnected ( as contained in %o) into both a VARCHAR2 and DATE field. The time the user logged on ( calculated by subtracting the %{Acct-Session-Time} from the disconnect time) - this value would also be stored in aVARCHAR2 and DATE field. I already have the first, but the second seems a little tricky. I though of subtracting %{Acct-Session-Time} from %b, but the problem is how to convert the resulting timestamp (in seconds) back to a DATE value (and a CHAR value too) Currently I have the following AcctSqlStatement in my radius config file. AcctSQLStatement insert into ipasstable values ( \'%{User-Name}', '%{Acct-Status-Type}', \'%{NAS-Identifier}', '%{Framed-IP-Address}', \%{Acct-Session-Time}, \'%o', \to_date('%o', 'DY MON DD HH24:MI:SS '), \'%o', \to_date('%o', 'DY MON DD HH24:MI:SS ') ) The first "to_date (..." is supposed to contain the calculated login time (some variation of "%b - %{Acct-Session-Time}" ?) while the first %o is supposed to hold the login time in char format ( to_char(whatever_i_get_from_the_calculation above) ?). Please see the LOGIN_START_DATE_DATE and LOGIN_START_DATE_CHAR in the table def below. HELP Regards, Tunde I. IPASSTABLE table def Name Null? Type- --USERNAME VARCHAR2(50)ACCTSTATUSTYPEVARCHAR2(10)NASIDENTIFIERVARCHAR2(20)FRAMEDIPADDRESSVARCHAR2(20)SESSIONTIMENUMBER(38)LOGIN_START_DATE_CHARVARCHAR2(25)LOGIN_START_DATE_DATEDATELOGIN_STOP_DATE_CHARVARCHAR2(25)LOGIN_STOP_DATE_DATEDATE
Re: (RADIATOR) Restartwrapper problems (notification mail)
Hi Hugh, I think the cause of the problem is probably the existence of all the rc scripts which are auto-configured when on uses an RPM install for example coupled with the restartwrapper entry in rc.local Though I haven't tried it but I would guess that one shouldn't (be able to)\ use a restartwrapper entry in rc.local together with rc scripts. Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: neil quiogue [EMAIL PROTECTED] Cc: Ayotunde Itayemi [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, January 28, 2003 1:48 AM Subject: Re: (RADIATOR) Restartwrapper problems (notification mail) Hello Neil, Hello Tunde - Neil is correct. Because you are getting an error when restartWrapper is trying to execute the command specified, restartWrapper is doing what is supposed to do - ie. waiting 2 secdonds and then trying again. You will need to fix the problem (ie. change the port numbers or whatever), and then restartWrapper will successfully start the program and then wait for it to exit (for whatever reason) then it will start the program again. This is the reason that you need the -foreground flag in the command line for radiusd , so that it (radiusd) does not detach from the controlling program (restartWrapper), which would otherwise cause restartWrapper to spin trying to restart radiusd forever. regards Hugh On Monday, Jan 27, 2003, at 20:49 Australia/Melbourne, neil quiogue wrote: This happens when you have a radiusd running already and you tried running the restartWrapper so what's going to happen is that the restartWrapper would see that the program is always dying (due to the already running radiusd) and would restart in 2 seconds. Check first that you don't have radiusd or any program binding on the RADIUS ports then use restartWrapper. Also, why is you radius in foreground mode? Regards, Neil On Monday, January 27, 2003, at 04:38 PM, Ayotunde Itayemi wrote: Hi All, hi Hugh, I forgot to include the sample mail I got from restartwrapper. == Your program /radiatordb/radiatorhttp/radiusd -config_file /radiatordb/radiatorhttp/radius.cfg -foreground exited unexpectedly with exit status 98, signal number 0 and dump indication 0. The STDERR output was Could not bind authentication socket: Address already in use at /radiatordb/radiatorhttp/radiusd line 413. . The program will be restarted again by /usr/bin/restartWrapper in 2 seconds. == Regards, Tunde Itayemi. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Restartwrapper problems
Hi All, hi Hugh, I have tried to use restartwrapper to make radiator "highly" available. It keeps restarting and I got over a thousand mails in my account before I stopped it. The mail it sends to me is as follows. Please note that I tried it some time ago with the same problem (on regular port 1645/1646). Also, I have another radius server running on the same box at ports 1645/1646 but I didn't use restartwrapper for that one. On my radius server (RedHat 7.2) I have the following line in /etc/rc.d/rc.local restartWrapper -mail [EMAIL PROTECTED] -delay 2 "/radiatordb/radiatorhttp/radiusd -config_file /radiatordb/radiatorhttp/radius.cfg -foreground" My radius.cfg file is as follows: Trace 4AuthPort 5118AcctPort 5119LogDir /radiatordb/logDbDir /radiatordb/radiatorhttpLogFile %L/logfileDictionaryFile %D/dictionary Regards, Tunde Itayemi.
(RADIATOR) Restartwrapper problems (notification mail)
Hi All, hi Hugh, I forgot to include the sample mail I got from restartwrapper. == Your program /radiatordb/radiatorhttp/radiusd -config_file /radiatordb/radiatorhttp/radius.cfg -foregroundexited unexpectedly with exit status 98, signal number 0 and dump indication 0. The STDERR output was Could not bind authentication socket: Address already in use at /radiatordb/radiatorhttp/radiusd line 413..The program will be restarted again by /usr/bin/restartWrapper in 2 seconds.== Regards, Tunde Itayemi.
Re: (RADIATOR) Re: IPASS accouting
Hi Hugh, As always you have been a Hugh help :-) BTW I was trying to customise the AcctSQLStatement and get the Acct-Session-Time to be logged in minutes rather than seconds. I have tried various ways of dividing the Acct-Session-Time by 60 but with no luck (e.g., %{Acct-Session-Time}/60 :-) Finally, I just implemented the division in the cgi script I wrote to fetch rows from the IPASS accounting table. The cgi scripts divides the Acct-Session-Time's column's content by 60 before displaying the result in a webpage. My problem (now) is that I would like to know if it is possible to restrict the number of decimal digits in a webpage to say 1,2 or 3. The output at the moment on my HTML pages have anything between 1 and 16 decimals digits! So Please if there is any HTML guru on the list, help out! Alternatively, I could go back to altering that AcctSQLStatement and putting in the code to generate results in 2 decimals places to start with :-) Thanks. Radiator looks radiant! Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, January 22, 2003 1:36 AM Subject: (RADIATOR) Re: IPASS accouting Hello Tunde - The radius accounting stop records should already contain an Acct-Session-Time attribute containing the duration of the session. So you just need to add the corresponding column to your database and alter the AcctColumnDef's accordingly. AuthBy SQL Identifier IPASSSQLAccounting DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold HandleAcctStatusTypes Start, Stop AuthSelect AccountingTable IPASSACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef TIME, Timestamp, integer-date AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef TIMESTAMP, Timestamp AcctColumnDef SESSIONTIME, Acct-Session-Time /AuthBy regards Hugh On Tuesday, Jan 21, 2003, at 19:57 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Thanks for your help. I have a table that looks like (below) now. USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP [EMAIL PROTECTED] Start Jan 21, 2003 07:02 viruse180.247.158.69 1043136137 [EMAIL PROTECTED] Stop Jan 21, 2003 08:51 viruse180.247.158.69 1043142670 [EMAIL PROTECTED] StartJan 16, 2003 22:58 viruse180.247.158.68 1042761506 [EMAIL PROTECTED] StopJan 16, 2003 23:12 viruse180.247.158.68 1042762372 Now, is there a way I can generate accounting records that show how long the particular IPASS user was logged on? I guess such a record would have to be logged when the accounting stop packet is sent to radiator. So that I have a table such as: USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESS [EMAIL PROTECTED] Stop 30:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop 15:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop17:23 viruse180.247.158.68 [EMAIL PROTECTED] Stop1:12:02 viruse180.247.158.68 where the TIME column is the length of time the user spemt online. (I don't really need the ACCTSTYPE column) My config at the moment is as below: AuthBy SQL Identifier IPASSSQLAccounting DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold HandleAcctStatusTypes Start, Stop AuthSelect AccountingTable IPASSACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef TIME, Timestamp, integer-date AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef TIMESTAMP, Timestamp /AuthBy AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier
Re: (RADIATOR) accounting without authentication can't write data to postgres
Hi, You may want to check ALL (ALL!) the column names you have defined in radiator's config file to be sure that they match what you have in your REAL database. Also, make sure the column format supports what you intend to put into them. From my own experience: I had a column called TIME in an Oracle table and defined the same column in one of my AuthBy SQL sections. Later I decided the proper name for the column should be SESSIONTIME, so I changed it in the radius config file but forgot to alter the actual Oracle table's definition. I then discovered that radiator wasn't logging my accounting records - to make matters worse, radiator was logging accounting-start records which does not containg a value for the Acct-Session-Time attribute which is what I intended to put in the SESSIONTIME column! But no accounting-stop records were being logged - strange eh? One would have thought the SQL statement would fail altogether ! Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Dennis Methelev [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 23, 2003 11:07 AM Subject: Re: (RADIATOR) accounting without authentication can't write data to postgres Hello Dennis - Thanks for sending the configuration file and the debug trace. It looks to me like there is an error occuring with your SQL server due to the contents of the attributes you are trying to record. You should check the SQL server log to see what is happening. regards Hugh On Wednesday, Jan 22, 2003, at 20:23 Australia/Melbourne, Dennis Methelev wrote: hi, all! my radiator can't record accounting requests to postgres database. in Authby SQL AuthSelect sets without 'select' statement (as seen in reference) - authentication not need. please help. radiator 3.5 (test use) [config fragment] AuthBy SQL Identifier SQLVOIPACCOUNTING DBSourcedbi:Pg:dbname=radius DBUsername *** DBAuth *** AuthSelect AccountingTable VOIPACCOUNTING #AccountingStopsOnly AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,Cisco-NAS-Port AcctColumnDef DNIS,Called-Station-Id AcctColumnDef CLID,Calling-Station-Id /AuthBy SessionDatabase SQL Identifier SDBVOIP DBSourcedbi:Pg:dbname=radius DBUsername *** DBAuth *** AddQuery insert into VOIPONLINE (USERNAME, NASIDENTIFIER, NASPORT, \ ACCTSESSIONID, \ TIME_STAMP) values ('%{User-Name}', '%N', '%{Cisco-NAS-Port}', '%{Acct-Session-Id}',\ %{Timestamp} ) DeleteQuery delete from VOIPONLINE where USERNAME='%{User-Name}' and NASPORT='%{Cisco-NAS-Port}' /SessionDatabase Handler NAS-IP-Address=(myvoipdeviceip) AythBy SQLVOIPACCOUNTING SessionDatabase SDBVOIP /Handler [log fragment] Wed Jan 22 13:12:58 2003: DEBUG: Packet dump: *** Received from .. port 1646 Packet length = 237 Code: Accounting-Request Identifier: 37 Authentic: 29188025215120025141H18819135147197 Attributes: NAS-IP-Address = .. Cisco-NAS-Port = CAS 1/0:1:17 NAS-Port-Type = Async User-Name = 22.. Called-Station-Id = 23.. Calling-Station-Id = 22.. Acct-Status-Type = Start Service-Type = Login-User Acct-Session-Id = 36/13:12:43.141 SAMT Wed Jan 22 2003/../F039911C 78DA00C5 0 4F8450F/answer/Telephony/F039911C 78DA00C5 0 4F8450F Acct-Delay-Time = 15 Wed Jan 22 13:12:58 2003: DEBUG: Handling request with Handler 'NAS-IP-Address=..' Wed Jan 22 13:12:58 2003: DEBUG: SDBVOIP Adding session for 22.., .., Wed Jan 22 13:12:58 2003: DEBUG: do query is: delete from VOIPONLINE where USERNAME='22..' and NASPORT='CAS 1/0:1:17' Wed Jan 22 13:12:58 2003: DEBUG: do query is: insert into VOIPONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP) values ('22..', '..', 'CAS 1/0:1:17', '36/13:12:43.141 SAMT Wed Jan 22 2003/../F039911C 78DA00C5 0 4F8450F/answer/Telephony/F039911C 78DA00C5 0 4F8450F',1043226763 ) Wed Jan 22 13:13:00 2003: DEBUG: Packet dump: *** Received from .. port 1646 Packet length = 528 Code: Accounting-Request
(RADIATOR) IPASS accouting
Hi Hugh, Thanks for your help. I have a table that looks like (below) now. USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP [EMAIL PROTECTED] StartJan 21, 2003 07:02 viruse180.247.158.69 1043136137 [EMAIL PROTECTED] StopJan 21, 2003 08:51 viruse180.247.158.69 1043142670 [EMAIL PROTECTED] StartJan 16, 2003 22:58 viruse180.247.158.68 1042761506 [EMAIL PROTECTED] StopJan 16, 2003 23:12 viruse180.247.158.68 1042762372 Now, is there a way I can generate accounting records that show how long the particular IPASS user was logged on? I guess such a record would have to be logged when the accounting stop packet is sent to radiator. So that I have a table such as: USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESS [EMAIL PROTECTED] Stop30:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop15:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop17:23 viruse180.247.158.68 [EMAIL PROTECTED] Stop1:12:02 viruse180.247.158.68 where the TIME column is the length of time the user spemt online. (I don't really need the ACCTSTYPE column) My config at the moment is as below: AuthBy SQL Identifier IPASSSQLAccounting DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold HandleAcctStatusTypes Start, Stop AuthSelect AccountingTable IPASSACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef TIME, Timestamp, integer-date AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef TIMESTAMP, Timestamp /AuthBy AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier noIPADDRESSauth Allocator mySQLallocator MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier pattonIPADDRESSauth Allocator mySQLallocator MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 /AuthBy ## proxy radius for IPASS AuthBy RADIUS Identifier ipassNetserver Host63.10.24.21 Secret AuthPort11812 AcctPort11813 AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N DefaultSimultaneousUse 1 /AuthBy #=== HANDLERs Handler Realm=myipass RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ AuthByPolicy ContinueAlways AuthBy IPASSSQLAccounting AuthBy ipassNetserver /Handler === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fw: (RADIATOR) radwho.cgi disconnect routine
Hi Hugh, Hi All, any takers please? I think any implementation using SNMP should work. What do you think Hugh. Regards, Tunde Itayemi. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 14, 2003 8:49 PM Subject: (RADIATOR) radwho.cgi disconnect routine Hi Hugh, Hi all, Please does anyone have a session-disconnect program/script that can be "hooked" to the radwho.cgi script that is compatible with Patton RASes? Any ideas, help etc would be appreciated. Please if you are sending me a program include the instructions for installation. Regards, TUnde Itayemi.
(RADIATOR) logging IPASS accounting records to Database
Hi Hugh, Hi All, I would like to log only IPASS accounting start and stop request to a database tableso as to get some sort of record locally - how can I implement this? I want something a little bit "simpler" than the long detail file generated by the AcctLogFileName clause (see below pls). One can more easily peruse entries in an Oracle table. Regards, Tunde Itayemi. Relevant parts of my config : Client localhost # ipass client for VNAS (incoming metrong roamers) Secret Identifier ipassclient IdenticalClients 63.10.10.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//Client AuthBy RADIUS Identifier ipassNetserver Host 63.10.10.211 Secret AuthPort 11812 AcctPort 11813 AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N DefaultSimultaneousUse 1/AuthBy Handler Realm=myipass AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ AuthBy ipassNetserver/Handler Handler Client-Identifier=ipassclient AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address/Handler
Re: (RADIATOR) Re: website access / ipass authentication
Hi Hugh, I have managed to solve the problem. What I did was to 1. create a soft link called radiusdhttp to radiusd file in my second install directory. 2. I edited the /etc/init.d/radiatorhttp file and changed the following lines from: RADIUSD=/usr/bin/radiusd RADIATOR_CONFIG=/etc/radiator/radius.cfg (under the stop( ) subroutine) killproc radiusd TO: RADIUSD=/radiatordb/radiatorhttp/radiusdhttp RADIATOR_CONFIG=/radiatordb/radiatorhttp/radius.cfg (under the stop( ) subroutine) killproc radiusdhttp So, now I have two servers running perfectly and can be controlled with the Linux service command. NB: It seems the killproc command uses the name used to start the process rather than the process id etc. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, January 13, 2003 11:45 PM Subject: Re: (RADIATOR) Re: website access / ipass authentication Hello Tunde - I am afraid I can't help you with questions about service as I don't use it. I generally use the restartWrapper utility included in the goodies directory. regards Hugh On Monday, Jan 13, 2003, at 23:38 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, OK. I have manually installed a second copy of radiator in /radiatordb/radiatorhttp directory. I have changed the port accordingly. I made a copy of the /etc/init.d/radiator file and save it as /etc/init.d/radiatorhttp I edited radiatorhttp to reflect the config of my new radiator install and used the RH chkconfig to add the service to the system. The problem I noticed now is that when I use the service command on radiatorhttp it appears to work on my original radiator installation! service (start/stop/restart/status) radiatorhttp actuallly works on my radiator service and not radiatorhttp. Any ideas? Please find attached my /etc/init.d/radiator /etc/init.d/radiatorhttp files. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 5:25 AM Subject: Re: website access / ipass authentication Hello Tunde - If you want to use different port numbers, why not just use two instances of Radiator? Otherwise, have a look at a trace 4 debug to see what attributes are included in the radius requests that you can use. regards Hugh On Saturday, Jan 11, 2003, at 04:02 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I have the ipass netserver installed on my RADIUS server. I also want to use radiator to authenticate access to some webpages on the same server. The problem is that the config for ipass netserver and webserver authentication both use the localhost client designation. The only way out I see it to change the port that the webserver uses for radius authentication and configure radiator to also listen on (this) extra port. The issue now is how do I differentiate requests from the two ports and process the requests accordingly using two different Realm clauses - or cascaded AuthBys? Please advice? Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. radiatorhttp.txtradiator.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radwho.cgi disconnect routine
Hi Hugh, Hi all, Please does anyone have a session-disconnect program/script that can be "hooked" to the radwho.cgi script that is compatible with Patton RASes? Any ideas, help etc would be appreciated. Please if you are sending me a program include the instructions for installation. Regards, TUnde Itayemi.
(RADIATOR) Re: website access / ipass authentication
Hi Hugh, OK. I have manually installed a second copy of radiator in /radiatordb/radiatorhttp directory. I have changed the port accordingly. I made a copy of the /etc/init.d/radiator file and save it as /etc/init.d/radiatorhttp I edited radiatorhttp to reflect the config of my new radiator install and used the RH chkconfig to add the service to the system. The problem I noticed now is that when I use the service command on radiatorhttp it appears to work on my original radiator installation! service (start/stop/restart/status) radiatorhttp actuallly works on my radiator service and not radiatorhttp. Any ideas? Please find attached my /etc/init.d/radiator /etc/init.d/radiatorhttp files. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 5:25 AM Subject: Re: website access / ipass authentication Hello Tunde - If you want to use different port numbers, why not just use two instances of Radiator? Otherwise, have a look at a trace 4 debug to see what attributes are included in the radius requests that you can use. regards Hugh On Saturday, Jan 11, 2003, at 04:02 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I have the ipass netserver installed on my RADIUS server. I also want to use radiator to authenticate access to some webpages on the same server. The problem is that the config for ipass netserver and webserver authentication both use the localhost client designation. The only way out I see it to change the port that the webserver uses for radius authentication and configure radiator to also listen on (this) extra port. The issue now is how do I differentiate requests from the two ports and process the requests accordingly using two different Realm clauses - or cascaded AuthBys? Please advice? Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. #!/bin/sh # # radiator This shell script takes care of starting and stopping \ # Radiator (radius daemon). # # chkconfig: 2345 90 15 # description: radiator is the radius daemon required for RAS AAA. # processname: /usr/bin/radiusd # # Startup script for Radiator on Linux. Install this as # /etc/init.d/radiator. If you have chkconfig, you can use # chkconfig -add radiator # to generate the required start asnd stop entries in /etc/rc[2345].d/ # Otherwise, you need to add symlinks to /etc/rc[2345].d/ # # config: /etc/radiator/radius.cfg # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 2000 Open System Consultants # $Id: linux-radiator.init,v 1.4 2002/08/20 00:56:30 mikem Exp $ # Source 'em up . /etc/init.d/functions RADIUSD=/radiatordb/radiatorhttp/radiusd RADIATOR_CONFIG=/radiatordb/radiatorhttp/radius.cfg RADIATOR_ARGS= # Source additional OPTIONS if we have them. if [ -f /etc/sysconfig/radiator ] ; then . /etc/sysconfig/radiator fi if [ ! -x $RADIUSD ]; then exit 0 fi start() { # don't do squat if we don't have the config file if [ -f $RADIATOR_CONFIG ]; then echo -n Starting Radiator: daemon $RADIUSD -config_file $RADIATOR_CONFIG $RADIATOR_ARGS RETVAL=$? echo else echo Unable to find config file $RADIATOR_CONFIG! fi return $RETVAL } stop() { echo -n Shutting down Radiator: killproc /radiatordb/radiatorhttp/radiusd RETVAL=$? echo return $RETVAL } case $1 in start) start ;; stop) stop ;; restart|reload) stop start RETVAL=$? ;; status) status /radiatordb/radiatorhttp/radiusd RETVAL=$? ;; *) echo Usage: $0 {start|stop|restart|status} exit 1 esac exit $RETVAL #!/bin/sh # # radiator This shell script takes care of starting and stopping \ # Radiator (radius daemon). # # chkconfig: 2345 90 15 # description: radiator is the radius daemon required for RAS AAA. # processname: /usr/bin/radiusd # # Startup script for Radiator on Linux. Install this as # /etc/init.d/radiator. If you have chkconfig, you can use # chkconfig -add radiator # to generate the required start asnd stop entries in /etc/rc[2345].d/ # Otherwise, you need to add symlinks to /etc/rc[2345].d/ # # config: /etc/radiator/radius.cfg # Author: Mike McCauley ([EMAIL PROTECTED]) # Copyright (C) 2000 Open System Consultants # $Id: linux-radiator.init,v 1.4 2002/08/20 00:56:30 mikem Exp $ # Source 'em up . /etc/init.d/functions RADIUSD=/usr/bin/radiusd RADIATOR_CONFIG=/etc/radiator/radius.cfg RADIATOR_ARGS= # Source additional OPTIONS if we have them. if [ -f /etc/sysconfig/radiator ] ; then . /etc/sysconfig/radiator fi if [ ! -x $RADIUSD ]; then exit 0 fi start() { # don't do squat if we don't have
Re: (RADIATOR) NAS subnet problem
Hi Hugh, I know the cause of the problem now. I just remembered some issues on the mailing list about radiator listening on different IPs etc. My radiator box has two IP addresses on the same network card: primary ip of 4.10.10.212 and a secondary ip of 6.4.4.12 (not my original IPs :-) By disabling the secondary interface (eth0:1) and changing the ip address of the primary interface on the radius server (RH 7.2) to the one on the secondary interface - which is what I normally use to reference my radius installation, I got the set up to work. Actually I could move the secondary IP address to a second NIC that is available on the Linux box but I am short of ports on the switch that I have the box on at the moment :-) I don't know if reversing the order of the IP address with respect to the network interfaces (pri sec) will have any positive effect. On the other hand the box is my backup DNS server (listens on pri interface/IP) so I am not sure re-arranging the IPs won't interfere with my DNS. Any ideas about this? Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 09, 2003 11:59 PM Subject: Re: (RADIATOR) NAS subnet problem Hello Tunde - Thanks for sending the files. It sounds to me like you have a routing problem on the Windows box when it is on a different subnet. I suspect you will need to add a default gateway or perhaps a static route so that the radius requests are sent to the correct place. regards Hugh On Thursday, Jan 9, 2003, at 21:31 Australia/Melbourne, Ayotunde Itayemi wrote: Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfglogfile.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS subnet problem + extra info
Hi Hugh, Rejoinder to my last mail pls. Just remembered that I tested the setup with anothet Linux box with the two IP addresses on different NICs and got the same problem. So I am back at the same problem - the radius server is not behaving properly on my multi-homed RH 7.2 linux servers - at least with respect to windows 2K? Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 09, 2003 11:59 PM Subject: Re: (RADIATOR) NAS subnet problem Hello Tunde - Thanks for sending the files. It sounds to me like you have a routing problem on the Windows box when it is on a different subnet. I suspect you will need to add a default gateway or perhaps a static route so that the radius requests are sent to the correct place. regards Hugh On Thursday, Jan 9, 2003, at 21:31 Australia/Melbourne, Ayotunde Itayemi wrote: Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfglogfile.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) website access / ipass authentication
Hi Hugh, Hi All, I have the ipass netserver installed on my RADIUS server. I also want to use radiator to authenticate access to some webpages on the same server. The problem is that the config for ipass netserver and webserver authentication both use the "localhost" client designation. The only way out I see it to change the port that the webserver uses for radius authentication and configure radiator to also listen on (this) extra port. The issue now is how do I differentiate requests from the two ports and process the requests accordingly using two different "Realm" clauses - or cascaded AuthBys? Please advice? Regards, Tunde Itayemi.
(RADIATOR) NAS subnet problem
Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfg Description: Binary data Thu Jan 9 10:35:49 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 4 Thu Jan 9 10:35:49 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:49 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:49 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:49 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:49 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:49 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:49 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:49 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Thu Jan 9 10:35:54 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 4 Thu Jan 9 10:35:54 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:54 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:54 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:54 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:54 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:54 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:54 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:54 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Thu Jan 9 10:35:55 2003: DEBUG: Packet dump: *** Received from 80.247.158.2 port 513 Code: Access-Request Identifier: 4 Authentic: 2157Js!J1222125124430f229220[ Attributes: User-Name = sashton User-Password = Pz22167u188202}+17012188_190244q NAS-Port = 6 NAS-Port-Type = Async NAS-Identifier = NitelPat1 Called-Station-Id = Calling-Station-Id = 1 Service-Type = Framed-User Framed-Protocol = PPP Thu Jan 9 10:35:59 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 4 Thu Jan 9 10:35:59 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:59 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:59 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:59 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:59 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:59 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:59 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:59 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Thu Jan 9 10:39:14 2003: DEBUG: Packet dump: *** Received from 80.247.140.51 port 1198 Code: Accounting-Request Identifier: 0 Authentic: 1223?198e233198K?205s245149@174P Attributes: Acct-Status-Type = Accounting-On NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 34 Thu Jan 9 10:39:14 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:39:14 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:39:14 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:39:14 2003: DEBUG: Handling with
(RADIATOR) radiator 3.5 problems
Hi All, I installed Radiator version 3.5 and it refused to start. (I had 3.4 running prior to the upgrade attempt). I stopped the radiator service, performed the upgrade and tried to start the radiator service again. My config is RedHat 7.2 with radiator and oracle etc running. I got the following error message. Any ideas? Happy New Year in advance. Regards, Tunde Itayemi. == Dec 24 12:33:41 atreus radiusd: Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/bin/radiusd line 25.Dec 24 12:33:41 atreus radiusd: BEGIN failed--compilation aborted at /usr/bin/radiusd line 25.Dec 24 12:33:41 atreus radiator: radiusd startup failedDec 24 12:33:51 atreus radiusd: Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/bin/radiusd line 25.Dec 24 12:33:51 atreus radiusd: BEGIN failed--compilation aborted at /usr/bin/radiusd line 25.Dec 24 12:33:51 atreus radiator: radiusd startup failed
Re: (RADIATOR) ipass problem
Hi Hugh, Finally getting near UHURU! I found out from IPASS that they don't support chap and all the while my test NAS (a patton) was set to use text or pap or chap! So, the test worked after changing the NAS to textORchap OK. New problem. Given my radius config file which I sent to you in my last mail. HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS roaming client dials into? At the moment, radiator is allocating IPs to my Windows NASes and the patton boxes are configured to allocate IPs from pools defined on them. How can I get the pattons to still allocate IPs (not minding whether the client is local or a IPASS client) and still allow radiator to allocate IPs if the IPASS client dials into one of my Windows servers? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Sent: Saturday, November 30, 2002 12:16 AM Subject: Re: (RADIATOR) ipass problem Hello Tunde - Thanks for sending the files. The Radiator log file shows that you are sending the access request to IPASS, but that you are getting an access reject back from them. You will need to check with IPASS to see what is happening at their end. regards Hugh On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Please find attached the following files: radius.cfg (my full config file with no passwords) cmdtest.txt (test carried out with test credentials from ipass using the command line tester that comes with ipass netserver) logfile.txt (radius logfile after attempting access twice via the NAS 80.247.140.30) Hope to hear from you soon. Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, November 28, 2002 11:28 PM Subject: Re: (RADIATOR) ipass problem Hello Tunde - I will need to see a trace 4 debug from Radiator showing what happens in both cases. regards Hugh On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I am testing my config for ipass. I have used ipass' own config checker from the prompt of my radiator server, and I was able to authenticate the username/password given to me by ipass. But dialing into one of the NASes on my network with the same credentials results in a request denied . Any help would be appreciated. My config: ===Client 80.4.4.30 Secret asecret DupInterval 0 NasType Patton SNMPCommunity patt222 Identifier viruse1 IdenticalClients 80.4.4.61 80.4.4.92 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ /Client Client localhost # ipass client for VNAS (incoming roamers) Secret asecret Identifier ipassclient IdenticalClients 63.4.4.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ /Client # === AUTH BYs = ## proxy radius for IPASS AuthBy RADIUS Identifier ipassNetserver Host 63.4.4.212 Secret asecret AuthPort 11812 AcctPort 11813 # AddToRequest NAS-IP-Address=%N AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N /AuthBy #=== HANDLERs Handler Realm=myipass AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ # MaxSessions 1 AuthBy ipassNetserver /Handler Handler Client-Identifier=ipassclient AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address /Handler Handler Client-Identifier=viruse1 AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- # MaxSessions 1 # Show rejection reason to users RejectHasReason AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth # AuthBy pattonIPADDRESSauth /Handler -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. radius.cfgcmdtest.txtlogfile.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX
(RADIATOR) ipass problem
Hi Hugh, Hi All, I am testing my config for ipass. I have used ipass' own config checker from the prompt of my radiator server, and I was able to authenticate the username/password given to me by ipass. But dialing into one of the NASes on my network with the same credentials results in a "request denied" . Any help would be appreciated. My config: ===Client 80.4.4.30 Secret asecret DupInterval 0NasType PattonSNMPCommunity patt222 Identifier viruse1IdenticalClients 80.4.4.61 80.4.4.92RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//ClientClient localhost# ipass client for VNAS (incoming roamers)Secret asecretIdentifier ipassclientIdenticalClients 63.4.4.212RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//Client# === AUTH BYs =## proxy radius for IPASSAuthBy RADIUS Identifier ipassNetserver Host 63.4.4.212 Secret asecret AuthPort 11812 AcctPort 11813# AddToRequest NAS-IP-Address=%NAddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N/AuthBy#=== HANDLERs Handler Realm=myipassAcctLogFileName %L/ipass/detailRewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/# MaxSessions 1AuthBy ipassNetserver/HandlerHandler Client-Identifier=ipassclient AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauthStripFromReply Framed-IP-Address/HandlerHandler Client-Identifier=viruse1 AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@-# MaxSessions 1# Show rejection reason to users RejectHasReason AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth# AuthBy pattonIPADDRESSauth/Handler
Re: (RADIATOR) little help required ...
Hi Muhammad, Why not upgrade to version 3.3.1 ? Regards, Tunde I. - Original Message - From: Muhammad Mushtaque [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 9:29 AM Subject: (RADIATOR) little help required ... Dear All, We are facing a problem due to which radiator session hangs. Actually i m executing few AcctSqlStatement for inserting some values in Database. When calculation goes to infinity like (2/3 or 1/3) ... radiator gives over flow error ... the other thing is that we are facing this error in Radiator-3.0 not in Radiator 2.17 ... I m attaching the error and our config file with this mail. waiting for replies Mushtaque. ___ This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of eWorld (Pvt) Ltd. If you are not the original / intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, we regret the inconvenience and request you to please immediately notify at [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Troubles with getting MPPE Keys in Access-Accept
Hi Philipp, You might need to set the key first. For example: AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint # policy = 4 (40bit), 2 (128bit), 6 (any) AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy The snippet above is from my own config. Also I don't think the AutoMPPEKeys takes any parameter. In my config I have it on a line itself as just AutoMPPEKeys and not AutoMPPEKeys Yes Regards, Tunde Itayemi. - Original Message - From: Philipp Kolmann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, October 11, 2002 1:34 PM Subject: (RADIATOR) Troubles with getting MPPE Keys in Access-Accept Hi! We use Radiator v3.3 and have troubles getting MPPE Keys back in Access Accept; We use Microsoft (2000,XP) VPN Clients to connect to a cisco VPN3030 Concentrator and want to use MPPE Encryption. Our Problem is, the in the radiator reply packet there are no MPPE Keys (we use MS-CHAPv1) Here is the part of our radiator config file: snip ## VPN Service Handler Realm=vpn.tuwien.ac.at, Client-Identifier=/(terminator|sisko|localhost)/ AuthByPolicy ContinueAlways AuthBy account-sql AuthBy GROUP AutoMPPEKeysYes AuthBy radius-sql AddToReply MS-MPPE-Encryption-Policy = Encryption-Allowed, \ MS-MPPE-Encryption-Types = Encryption-Any /Authby /Handler snip any ideas? Kind Regards Philipp Kolmann Technical University of Vienna -- To err is human; to really screw things up requires the root password. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radiator and ipass
Hi, You didn't say anything about the other parts of your config - special entries in your client clauses, special client clause for ipass, username character set definition, format you receive ipass client username requests etc. Regards, Tunde I. - Original Message - From: Mike Blancas [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 2:29 AM Subject: Re: (RADIATOR) radiator and ipass Our setup is to proxy all iPass request to our iPass netserver using the AuthBy RADIUS and Realm DEFAULT. My local accounts are handled by different Realm and AuthBy clauses. This setup has been working for more than 1 yr without any problems. In the bottom of my radius.cfg, I have the following lines: Realm DEFAULT AuthBy RADIUS Host ipass.netserver.ip Secret AuthPort 11812 AcctPort 11813 /AuthBy /Realm Mike Blancas [EMAIL PROTECTED] Mosaic Communications, Inc. On Mon, 30 Sep 2002, Ayotunde Itayemi wrote: Hi All, Is there anybody on the list running ipass netserver and radiator? I am having problems with my config. I have installed both software but in order to get it to work properly, ipass specifies that the following lines should be added to all client clauses in the radiator config file: RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ After having added the line above, I (assume) then need to add the character / to the UsernameCharset set in radiator so as to allow names of the form IPASS/username ? Default of ( a-zA-Z0-9\._@- ). I have tried ( UsernameCharset a-zA-Z0-9\._@-/) and ( UsernameCharset a-zA-Z0-9\._@-\/ ) But I noticed that when I do so, a request with the name of the form IPASS/username kills radiator. It just stops and even there is nothing in the log with a trace 4 option. Please I would liek someone to provide me with a working config and if possible a brief explanation of any area that is not too clear or standard. Regards, Tunde I. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator and ipass
Hi All, Is there anybody on the list running ipass netserver and radiator? I am having problems with my config. I have installed both software but in order to get it to work properly, ipass specifies that the following lines should be added to all client clauses in the radiator config file: RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ After having added the line above, I (assume) then need to add the character / to the UsernameCharset set in radiator so as to allow names of the form IPASS/username ? Default of ( a-zA-Z0-9\._@- ). I have tried ( UsernameCharset a-zA-Z0-9\._@-/) and ( UsernameCharset a-zA-Z0-9\._@-\/ ) But I noticed that when I do so, a request with the name of the form IPASS/username kills radiator. It just stops and even there is nothing in the log with a trace 4 option. Please I would liek someone to provide me with a working config and if possible a brief explanation of any area that is not too clear or standard. Regards, Tunde I.
Re: (RADIATOR) users database format
Hi TDN, You can use AddToRequestIfNotExist or AddToRequest parameter in your Handler or Realm clause. For example, Handler AddToRequestIfNotExist Service-Type = Framed-User AuthBy ... /AuthBy /Handler See section 6.16.19 and 6.16.20 of the reference manual (version 3.0) formore details. Regards, Tunde Itayemi. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 20, 2002 3:26 PM Subject: (RADIATOR) users database format Hello, I have a flat file users database, which has the format below: user1 Password = {crypt}* Framed-Protocol=PPP The configuration of one of our new Nases requres that the users database be of this format: user1 Password = {crypt}* Service-Type = Framed-User, Framed-Protocol=PPP How can achieve this without having to change each and every entry i.e, set Service-Type = Framed-User as a default entry. Rgds TDN === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Antwort: (RADIATOR) Re: *GhostSessions Problem
- Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 9:51 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hi Hugh, I know you have said before that there is no way to query windows for online clients using SNMP. This is just to the house in general. Is there anyone out there with workable solutions for windows? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Christian Rautscher [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 8:34 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hello Christian - As I discussed in a previous mail, Radiator can use the NasType parameter in the Client clause(s) to enforce strict session limit checking with the NAS equipement being used, as long as the NAS can be queried successfully. Unfortunately, we cannot provide solutions for all types of NAS and all versions of NAS software, so it becomes a matter of trial and error for Radiator users to work out how to make things work in their own environment. We have provided a number of NasType modules and the source code for all of them is in the Radius/Nas directory. The only thing I can suggest is that you test the query that Radiator tries to run by hand to see what result you get, and if it is not correct then you will need to verify what is wrong in the code and correct it. It may also be the case that you need a different version of the SNMP code for example, or that your NAS needs to be configured to respond correctly to the query that Radiator tries to send. Note that we do not have any NAS equipment ourselves and we rely on customers to do their own testing. Many customers have done exactly this and contributed their code, most of which is what is found in the Radiator distribution. This is a vexing problem, I know, but there is little I can do to help you. regards Hugh On Tuesday, September 10, 2002, at 04:22 PM, Christian Rautscher wrote: Hello Hugh, i did post it already in the Mailing List last week, but i got no reply. That's why i thought, as we did buy a 7-station-licence of Radiator i could send it to the support list, and hope that somebody will response me there :) You cannot help me or? I mean can you give me at least a little hint, how the problem could be resolved. ;) Happy working, regards, Christian Hugh Irvine [EMAIL PROTECTED]@open.com.au am 10.09.2002 03:58:06 Gesendet von: [EMAIL PROTECTED] An:Christian Rautscher [EMAIL PROTECTED] Kopie: [EMAIL PROTECTED] (Blindkopie: Christian Rautscher/RUN/RAIFF) Thema: (RADIATOR) Re: *GhostSessions Problem Hello Christian - I have posted this to the Radiator mailing ([EMAIL PROTECTED]) list for you. You should post these questions to the Radiator list, not the support list. regards Hugh On Monday, September 9, 2002, at 07:30 PM, Christian Rautscher wrote: Hello Hugh, hi everybody, i'd like to ask if some1 could help me with the quite famous Problem of the ghost-sessions in Radiator-DB. P.es. AccessServer works fine. Connecting clients will be registered in the Radonline-DB of Radiator with their SessionStart-Entry. Now lets assume that at a certain point, due to networking failure or other reason Radiator and AccessServer aren't able to comunicate to each other anymore. Now we assume that Client A and B are disconnecting themselves right at this moment. PROBLEM:NAS doesn't send Stop-Session-Entry to Radiator, so for Radiator that client is still online. Now let's assume that the communication Problem between Radiator and NAS has been solved, and client A would like to re-enter. But isn't able, because of the configuration of Radiator the client exceeds the its allowed simulateous Permission of 1. As i've already tried with the Nas-Type Attribute but somehow it won't work as it should. As i noticed that this kind of problem appeared quite often in this mailing-list i hope that someone may be able to help me. Thank you just in advance, Christian -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible
Re: Antwort: (RADIATOR) Re: *GhostSessions Problem
Thanks, I have just changed the NasType for my windows clients to Ping - at least it is better than nothing :-) Regards, Tunde I. - Original Message - From: Andreas Stollar [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 4:37 PM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hello, I was having a similar problem using DefaultSimultaneousUse 1 in my config. I mostly blame our outsourced dial up vendor, who uses a chaotic mess of different NAS devices, so stop records did not always get received, and using either snmp or finger only worked for half of the NAS's out there. We were having a support nightmare with users not being allowed to dial up because Radiator had an active session. As a last resort I started using NasType Ping under my DEFAULT client. This has turned out almost perfect. Ok, so someone with a firewall that blocks icmp traffic will be able to get multiple sessions now, but this is minor compared to the amount of happy customers now no longer calling tech support. Andreas Stollar Speakeasy, Inc. Sr. System Administrator On Tue, 10 Sep 2002, Ayotunde Itayemi wrote: Date: Tue, 10 Sep 2002 09:51:35 +0100 From: Ayotunde Itayemi [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem - Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 9:51 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hi Hugh, I know you have said before that there is no way to query windows for online clients using SNMP. This is just to the house in general. Is there anyone out there with workable solutions for windows? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Christian Rautscher [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 8:34 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hello Christian - As I discussed in a previous mail, Radiator can use the NasType parameter in the Client clause(s) to enforce strict session limit checking with the NAS equipement being used, as long as the NAS can be queried successfully. Unfortunately, we cannot provide solutions for all types of NAS and all versions of NAS software, so it becomes a matter of trial and error for Radiator users to work out how to make things work in their own environment. We have provided a number of NasType modules and the source code for all of them is in the Radius/Nas directory. The only thing I can suggest is that you test the query that Radiator tries to run by hand to see what result you get, and if it is not correct then you will need to verify what is wrong in the code and correct it. It may also be the case that you need a different version of the SNMP code for example, or that your NAS needs to be configured to respond correctly to the query that Radiator tries to send. Note that we do not have any NAS equipment ourselves and we rely on customers to do their own testing. Many customers have done exactly this and contributed their code, most of which is what is found in the Radiator distribution. This is a vexing problem, I know, but there is little I can do to help you. regards Hugh On Tuesday, September 10, 2002, at 04:22 PM, Christian Rautscher wrote: Hello Hugh, i did post it already in the Mailing List last week, but i got no reply. That's why i thought, as we did buy a 7-station-licence of Radiator i could send it to the support list, and hope that somebody will response me there :) You cannot help me or? I mean can you give me at least a little hint, how the problem could be resolved. ;) Happy working, regards, Christian Hugh Irvine [EMAIL PROTECTED]@open.com.au am 10.09.2002 03:58:06 Gesendet von: [EMAIL PROTECTED] An:Christian Rautscher [EMAIL PROTECTED] Kopie: [EMAIL PROTECTED] (Blindkopie: Christian Rautscher/RUN/RAIFF) Thema: (RADIATOR) Re: *GhostSessions Problem Hello Christian - I have posted this to the Radiator mailing ([EMAIL PROTECTED]) list for you. You should post these questions to the Radiator list, not the support list. regards Hugh On Monday, September 9, 2002, at 07:30 PM, Christian Rautscher wrote: Hello Hugh, hi everybody, i'd like to ask if some1 could help me with the quite famous Problem of the ghost-sessions in Radiator-DB. P.es. AccessServer works fine. Connecting clients
(RADIATOR) ipass Config Question
Hi All, Hi hugh, My config is as below. In the past when "we" discussed about the state column of the RADONLINE database not being reset appropriately resulting in IP-address pool being exhausted, you told me to add the following lines to my config: DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%twhere YIADDR='%0' or YIADDR='%{Class}' to the AdressAllocator SQL clause and the following line to AuthBy DYNAADDRESS clause AddToReply Class = %{Reply:Framed-IP-Address} Okay, I removed them later when things seemed to have "stabilised" but I am thinking of reintroducing them again - please let me have your views based on the config file below. MAIN PROBLEMS. I installed ipass NetServer 3.9 as stated in the instructions and also configured radiator (below) based on ipass instruction for configuring radiator. The problem is that somehow, radiator is still using the handler for my client rather than thespecial handler for ipass - Handler Realm=myipass which should cause it to proxy the request to the local ipass NetServer running on same system. Please note that the IP address I have radiator running on is e.d.f.211 . I have also disabled the apache client I had running before because I guess there would be a conflict between apache authentication and ipass NetServer since they both use localhost (127.0.0.1) in the client definitions for them? Regards, Tunde I. # --- RADAR -MonitorUsername radarPassword mypassword/Monitor# Programs for Simultaneous-UseSnmpgetProg/usr/bin/snmpget# SNMP access to radiatorSNMPAgentROCommunity mysnmpRADsecretPort162Managers127.0.0.1, 192.168.10.8/SNMPAgent# Online usersSessionDatabase SQLIdentifier SDB1DBSourcedbi:Oracle:radius00DBUsername radiusDBAuth radius# DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t \# where YIADDR='%0' or YIADDR='%{Class}'/SessionDatabase# ===AddressAllocator SQL Identifier mySQLallocator DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold#DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t \#where YIADDR='%0' or YIADDR='%{Class}' DefaultLeasePeriod 172800# LeaseReclaimInterval 86400 # POOL ALLOCATION RULES AddressPool viruse1 Subnetmask 255.255.255.255 Range a.b.e.31 a.b.e.60Range a.b.e.62 a.b.e.91 /AddressPool AddressPool viruse2 Subnetmask 255.255.255.255 Range a.b.c.52 a.b.c.100Rangea.b.c.110 a.b.c.139Rangea.b.c.150 a.b.c.200Range a.b.c.225 a.b.c.250 /AddressPool/AddressAllocator # === CLIENTs =Client a.b.c.3 Secret mypassword DupInterval 0 SNMPCommunity public Identifier viruse2IdenticalClients a.b.c.4 a.b.c.5 a.b.c.6 \172.31.1.6 172.31.1.4 172.31.1.8 192.168.10.5RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//ClientClient a.b.c.30# pattonRAS Secret mypassword DupInterval 0NasType PattonSNMPCommunity patt123mon Identifier viruse1IdenticalClients a.b.c.61 a.b.c.92RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//ClientClient localhost# ipass client for VNAS (incoming roamers)Secret mypasswordIdentifier ipassclientIdenticalClients d.e.f.212RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//Client#Client 127.0.0.1# web server on this box#Secret apache!:123#DupInterval 0#Identifier apache#/Client# === AUTH BYs =AuthBy SQL Identifier SQLStaffauth NoDefault DBSource dbi:Oracle:radius00 DBUsername radius DBAuth radius AuthSelect select PASSWORD, CHECKATTR from STAFF \ where USERNAME = '%n' and STATUS = 'Enabled'/AuthAuthBy SQLIdentifier SQLClientauthNoDefaultDBSourcedbi:Oracle:radius00DBUsernameradiusDBAuthradiusAuthSelect select PASSWORD, CHECKATTR, REPLYATTR \from SUBSCRIBERS where USERNAME = '%n'\and STATUS = 'Enabled'AutoMPPEKeys/AuthAuthBy DYNADDRESSIdentifier myIPADDRESSauthAllocator mySQLallocator#AddToReply Class = %{Reply:Framed-IP-Address}#PoolHint %{Reply:PoolHint}PoolHint %{Client:Identifier}MapAttribute yiaddr, Framed-IP-AddressMapAttribute subnetmask, Framed-IP-NetmaskStripFromReply PoolHint# policy = 4 (40bit), 2 (128bit), 6 (any)AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key/AuthByAuthBy DYNADDRESS Identifier pattonIPADDRESSauth Allocator mySQLallocatorPoolHint %{Client:Identifier}# PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint/AuthBy## proxy radius for IPASSAuthBy RADIUS Identifier ipassNetserver Host d.e.f.211 Secret mypassword AuthPort 11812 AcctPort 11813/AuthBy#=== HANDLERs Handler Realm=myipassAcctLogFileName %L/ipass/detailRewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/AuthBy ipassNetserver/HandlerHandler
(RADIATOR) Final word on DefaultLeasePeriod
Hi All, Hi Hugh,Hi Mike, Hi ... :-) Okay. Final question on IP leases with radiator. What happens when the DefaultLeasePeriod expires? More importantly, is the IP reclaimed when the DefaultLeasePeriod expires AND the client to which it was allocated is still online? Also,are IPs reclaimed when clients log off (for one reason or the other) before DefaultLeasePeriod expires? (- just wanted a confirmation on this last question) What is the max value I can set the DefaultLeasePeriod too - a year (in seconds format)? Regards, Tunde I.
(RADIATOR) Telnet, SMTP and port 25
Hi Hugh, Hi all, Okay this is not a RADIUSquestion, but excuse me anyway. I have a RedHat 6.2 Linux system that has been configured asa mail server for a real Internet domain. Users can receive their mails but nothing (mails) can be sent out. After a lot of troubleshooting I made out the following: 1. The system can't send mails out because you cannot initiate a telnet session from it toany other system on port 25 e.g., [root@mail itayemi]# telnet10.0.4.4 25Trying 10.0.4.4...telnet: Unable to connect to remote host: No route to host This is the same message that keeps being written to the mail log (/var/log/maillog) by sendmail. Any ideas? You can telnet to it on port 25 from other systems. I have looked at all the common causes I can think of (DNS, inetd, routing, sendmail etc) Nothing seems to work. The system is not configured as a firewall and the port is not blocked by the router or any other device. Regards, Tunde I.
Re: (RADIATOR) postcard from Switzerland
Hi Hugh, Enjoy! I hope I will be able to find my way out of Nigeria soon! Seriously, I need a long break. So, anyone know a good school where I can do my Masters in Computer Science as a very good pretence for bailing out for a while? Okay, don't forget the expense and the exhange rates for the Naira! :-) Thanks for offering great support. I don't think there is any other software with a mailing list and support as responsive as radiator! RADIATOR IS RADIANT! Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Joanne Davis [EMAIL PROTECTED] Sent: Tuesday, August 20, 2002 7:16 AM Subject: (RADIATOR) postcard from Switzerland Hello Everyone - How lovely - I have brought summer with me to Switzerland! I arrived in Bern on Sunday (via Singapore, Dubai and Zurich), to find that the temperature was 35 degrees (C) and everyone was saying it was the first real day of summer! As you can imagine people were taking advantage of the break from the rain (there haven't been floods here, but it has been very cold and wet), and spending the day outdoors. Anyway, Switzerland is very much as you imagine it and see it portrayed in movies and so on, but still it is quite delightful to look towards the horizon pretty much anywhere and see snow-capped mountains in the distance. The country is neat and tidy and very clean and everyone is very friendly (even though it is the height of the tourist season). Hopefully I will get to do some tourist things this week, and I will be heading back to Melbourne on Saturday. As usual, I will try to keep up with the email, but if I miss anything please send it to me again next week. cheers Hugh NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fw: (RADIATOR) Telnet, SMTP and port 25
- Original Message - From: Ayotunde Itayemi To: Hugh Irvine Sent: Wednesday, August 21, 2002 6:23 PM Subject: Re: (RADIATOR) Telnet, SMTP and port 25 Hi Hugh, Traceroute gets to the destination. Pings are replied (reaches destination). Also telnet to myself (mail server) on port 25 (from the same box) works i.e, telnet 127.0.0.1 25 This alsoworks: telnet mail 25 BUT this does not: telnet any-internet-mailserver 25 Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 21, 2002 5:37 PM Subject: Re: (RADIATOR) Telnet, SMTP and port 25 Hello Tunde -The error message clearly states "No route to host".Try a traceroute to see what is amiss.regardsHughOn Wednesday, August 21, 2002, at 06:12 PM, Ayotunde Itayemi wrote: Hi Hugh, Hi all,Okay this is not a RADIUSquestion, but excuse me anyway.I have a RedHat 6.2 Linux system that has been configured asa mail serverfor a real Internet domain. Users can receive their mails but nothing (mails) can be sent out.After a lot of troubleshooting I made out the following:1. The system can't send mails out because you cannot initiate a telnet session from it toany other system on port 25 e.g.,[root@mail itayemi]# telnet10.0.4.4 25Trying 10.0.4.4...telnet: Unable to connect to remote host: No route to hostThis is the same message that keeps being written to the mail log (/var/log/maillog)by sendmail. Any ideas?You can telnet to it on port 25 from other systems.I have looked at all the common causes I can think of (DNS, inetd, routing, sendmail etc)Nothing seems to work. The system is not configured as a firewall and the port is not blockedby the router or any other device.Regards,Tunde I.NB: I am travelling this week, so there may be delays in our correspondence.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
(RADIATOR) DefaultLeasePeriod
Hi Hugh, Hi All, What happens when the DefaultLeasePeriod(say 86400 = 1 day) expires? Does the user get disconnected and the IP allocated to him/her reclaimed? Or is the user (correctly) allowed to stay connected? Let's assume that the checkattribute of the clients specifies that he/she can stay on for the whole day (Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1) Regards, Tunde I.
Re: (RADIATOR) Re: DefaultLeasePeriod
Hi Hugh, One, I assume the checkattribute ( Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1) implies "always-on 24-7-365" access for the user? My aim is to allow clients with DSL access (alwayson-24-7-365)to remain on without radiatiorreclaiming the IP address allocated to themwhile they are still connected. What combination of attributes do you think can handle clients with DSL access (alwayson-24-7-365) and dial-up access so that the IP address is not reclaimed for the DSL clients while they are still connected - and still reclaim the IP addresses allocated to the dial-up/DSL clients when they disconnect by themselves from the NASes? Would setting the Defaultleaseperiod to "infinity" ( :-) or say a year, and leaving the LeaseReclaimInterval set to (say) a day handle the kind of configuration I mentioned above? That is, correctly reclaim the IPaddresses for clients when they are disconnected (by NAS, attributes, etc) and also not reclaim the IP addresses allocated to clients that are still online. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Monday, August 19, 2002 12:31 PM Subject: (RADIATOR) Re: DefaultLeasePeriod Hello Tunde -The IP address in the address pool is marked as available when the DefaultLeasePeriod expires.There is no relationship between the Session-Timeout on the NAS and the DefaultLeasePeriod for the IP address allocation. You will have to manage any relationship that you wish to have with your configuration.regardsHughOn Monday, August 19, 2002, at 06:09 PM, Ayotunde Itayemi wrote: Hi Hugh, Hi All,What happens when the DefaultLeasePeriod(say 86400 = 1 day) expires?Does the user get disconnected and the IP allocated to him/her reclaimed?Or is the user (correctly) allowed to stay connected?Let's assume that the checkattribute of the clients specifies that he/shecan stay on for the whole day (Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1)Regards,Tunde I.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Re: DefaultLeasePeriod
Hi Hugh, Okay you are right. But what if I would like to ensure that the max time a client can stay on is a day? That is, even the "always-on" clients get disconnected at least once everyday? In such a case, what would my checkattributes and replyattributes be? Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Monday, August 19, 2002 2:48 PM Subject: Re: (RADIATOR) Re: DefaultLeasePeriod Hello Tunde -By definition a customer with a permanent connection would not use a dynamic address.You should allocate such users static addresses instead.regardsHughOn Monday, August 19, 2002, at 10:10 PM, Ayotunde Itayemi wrote: Hi Hugh,One, I assume the checkattribute ( Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1)implies "always-on 24-7-365" access for the user?My aim is to allow clients with DSL access (alwayson-24-7-365)to remain on without radiatiorreclaiming theIP address allocated to themwhile they are still connected.What combination of attributes do you think can handle clients with DSL access (alwayson-24-7-365) and dial-upaccess so that the IP address is not reclaimed for the DSL clients while they are still connected - and still reclaimthe IP addresses allocated to the dial-up/DSL clients when they disconnect by themselves from the NASes?Would setting the Defaultleaseperiod to "infinity" ( :-) or say a year, and leaving the LeaseReclaimInterval set to(say) a day handle the kind of configuration I mentioned above? That is, correctly reclaim the IPaddresses for clientswhen they are disconnected (by NAS, attributes, etc) and also not reclaim the IP addresses allocated to clientsthat are still online.Regards,Tunde Itayemi.- Original Message -From: Hugh IrvineTo: Ayotunde ItayemiCc: [EMAIL PROTECTED]Sent: Monday, August 19, 2002 12:31 PMSubject: (RADIATOR) Re: DefaultLeasePeriodHello Tunde -The IP address in the address pool is marked as available when the DefaultLeasePeriod expires.There is no relationship between the Session-Timeout on the NAS and the DefaultLeasePeriod for the IP address allocation. You will have to manage any relationship that you wish to have with your configuration.regardsHughOn Monday, August 19, 2002, at 06:09 PM, Ayotunde Itayemi wrote:Hi Hugh, Hi All,What happens when the DefaultLeasePeriod(say 86400 = 1 day) expires?Does the user get disconnected and the IP allocated to him/her reclaimed?Or is the user (correctly) allowed to stay connected?Let's assume that the checkattribute of the clients specifies that he/shecan stay on for the whole day (Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1)Regards,Tunde I.--Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) hardware specs
Hi Hugh, Hi All, I wonder what the best config for primary/backup radius server is I have (almost :-) two radius servers, each with an oracle database. Do I set it up so that my primary radius server use two Oracle databases in every SQL access clause in its config; AND also set up the secondary to use both Oracle DBs? Or what is my best config? RADIUS server1 + Oracle DB1 RADIUS server2 + Oracle DB2 Radius server1 points to OracleDB1 and 2 Radius server2 points to OracleDB2 and 1 OR Radius server1 points to OracleDB1 and 2 Radius server1 points to OracleDB1 and 2 Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 15, 2002 6:04 AM Subject: Re: (RADIATOR) hardware specs Hello Ray - This sort of machine is in use at many of our customer sites. Keep in mind that you should have a primary and a secondary for redundancy purposes. regards Hugh On Thursday, August 15, 2002, at 02:27 PM, [EMAIL PROTECTED] wrote: Hello, Can I ask if a Sun Netra T1 server with 512 memory sufficient for large installation using radiator? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh, Somehow the Session-Id field on the patton was set to zero - could have been me or one of the two or three other people with access to the NAS. Thanks. Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 10:57 PM Subject: Re: (RADIATOR) Re: Multiple Calling-Station-Id Hello Tunde -As always, the only way I can see what is going on is by looking at the configuration file and the trace 4 debug.regardsHughOn Thursday, August 15, 2002, at 06:14 AM, Ayotunde Itayemi wrote: Hi Hugh,Thanks for the replies. I noticed a curious thing though I am not sure of exactly when it happened.I changed one of the IP address pools defined in my AddressAllocator SQL to the same nameasthe identifier for a NAS. Below is the DYNAADDRESS clause I used for the Handler for the NAS.The thing is that I suddenly noticed tonight that the Acct-Session-Idcolumn for all the online usersare blank (from the radwho.cgi)?Any idea what is wrong?It's 9.15 P.M. here and I am getting out :-) Talk to you laterRegards,Tunde I.AuthBy DYNADDRESS Identifier pattonIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier}# PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1/AuthBy-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
(RADIATOR) Multiple Calling-Station-Id
Hi All, I have a similar problem to Micheal's (see inquiry) If my understanding is correct, that user cannot connect under any circumstance to any other NAS on the network? I require a little more flexibility in that the user should ONLY be restricted to a particular NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR 0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of aspecial HANDLER clause for them. I guess I would need something like HANDLER Client-Identifier = specialNAS,Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ /HANDLER Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to leave out the poolhint attribute from the record of each user in my database. This should allow the allocation of IPs based on the NAS rather than the user. Regards, Tunde Itayemi.
(RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh, I assume I can have multiple PoolHint %{Client:Identifier} in a single AuthBy DYNADDRESS clause? Secondly, how do I restrict the special NAS to ONLY answer requests from clients with the mobile phone addresses I have mentioned? I thought of using Calling-Station-Id =/^080[234]/ but what stops the client from dialing into some of my other NASes? Is there some way to negate the HANDLER attributes? Something like: Handler Client-Identifier = specialNAS, (NOT)Calling-Station-Id =/^080[234]/ Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 12:36 PM Subject: Re: Multiple Calling-Station-Id Hello Tunde -For your second point, you would do something like this:# define Clients with IdentifiersClient 1.2.3.4Identifier PoolTag/Client.# define AuthBy DYNADDRESSAuthBy DYNADDRESSIdentifier AllocateIPAddressPoolHint %{Client:Identifier}./AuthBy...For your first point, you could also use something like this:Handler Client-Identifier = specialNAS, Calling-Station-Id =/^080[234]/The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything.As always, you should test such Handlers and regular expressions thoroughly.regardsHughOn Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote: Hi All,I have a similar problem to Micheal's (see inquiry)If my understanding is correct, that user cannot connect under any circumstanceto any other NAS on the network?I require a little more flexibility in that the user should ONLY be restricted to a particularNAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR0803xxx OR 0804xxx (where xxx is any sequence of 7 digits)I was thinking of aspecial HANDLER clause for them. I guess I would need something likeHANDLER Client-Identifier = specialNAS,Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ /HANDLERWould this work?Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me toleave out the poolhint attribute from the record of each user in my database. This shouldallow the allocation of IPs based on the NAS rather than the user.Regards,Tunde Itayemi.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh, Thanks for the replies. I noticed a curious thing though I am not sure of exactly when it happened. I changed one of the IP address pools defined in my AddressAllocator SQL to the same name asthe identifier for a NAS. Below is the DYNAADDRESS clause I used for the Handler for the NAS. The thing is that I suddenly noticed tonight that the Acct-Session-Idcolumn for all the online users are blank (from the radwho.cgi)? Any idea what is wrong? It's 9.15 P.M. here and I am getting out :-) Talk to you later Regards, Tunde I. AuthBy DYNADDRESS Identifier pattonIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} # PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1/AuthBy - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 6:04 PM Subject: (RADIATOR) Re: Multiple Calling-Station-Id Hello Tunde -No - you can only have a single PoolHint - why do you want more?For your second question, you would do something like this:Handler Client-Identifier = specialNAS, Calling-Station-Id = /^080[234]/# deal with the requests../HandlerHandler Calling-Station-Id = /^080[234]/# reject calls to other NAS'sAuthBy INTERNALDefaultResult REJECT/AuthBy../HandlerregardsHughOn Thursday, August 15, 2002, at 02:50 AM, Ayotunde Itayemi wrote: Hi Hugh,I assume I can have multiple PoolHint %{Client:Identifier} in a single AuthBy DYNADDRESS clause?Secondly, how do I restrict the special NAS to ONLY answer requests from clients with the mobile phone addressesI have mentioned?I thought of using Calling-Station-Id =/^080[234]/ but what stops the client from dialing into some ofmy other NASes? Is there some way to negate the HANDLER attributes? Something like:Handler Client-Identifier = specialNAS, (NOT)Calling-Station-Id =/^080[234]/Regards,Tunde I.- Original Message -From: Hugh IrvineTo: Ayotunde ItayemiCc: [EMAIL PROTECTED]Sent: Wednesday, August 14, 2002 12:36 PMSubject: Re: Multiple Calling-Station-IdHello Tunde -For your second point, you would do something like this:# define Clients with IdentifiersClient 1.2.3.4Identifier PoolTag/Client.# define AuthBy DYNADDRESSAuthBy DYNADDRESSIdentifier AllocateIPAddressPoolHint %{Client:Identifier}./AuthBy...For your first point, you could also use something like this:Handler Client-Identifier = specialNAS, Calling-Station-Id =/^080[234]/The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything.As always, you should test such Handlers and regular expressions thoroughly.regardsHughOn Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote:Hi All,I have a similar problem to Micheal's (see inquiry)If my understanding is correct, that user cannot connect under any circumstanceto any other NAS on the network?I require a little more flexibility in that the user should ONLY be restricted to a particularNAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR0803xxx OR 0804xxx (where xxx is any sequence of 7 digits)I was thinking of aspecial HANDLER clause for them.I guess I would need something likeHANDLER Client-Identifier = specialNAS,Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ /HANDLERWould this work?Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me toleave out the poolhint attribute from the record of each user in my database. This shouldallow the allocation of IPs based on the NAS rather than the user.Regards,Tunde Itayemi.--Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Re: Radiator and Windows Encryption
Hi Hugh, Thanks a million! I moved the AutoMPPEkeys to the Authby SQL clause and left the AddToReply clause for the Encryption types in the AuthBy DYNADDRESS clause. I will check out the hooks next week (I don't know much Perl though). Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: Mike McCauley [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, August 03, 2002 1:49 AM Subject: Re: (RADIATOR) Re: Radiator and Windows Encryption Hello Tunde - I will let Mike deal with the first part of your message. For the second part, you will need to write a PostAuthHook to do what you describe. You will find some example hooks in the file goodies/hooks.txt. regards Hugh On Saturday, August 3, 2002, at 03:34 AM, Ayotunde Itayemi wrote: Hi Mike, I have given the 3.1 patch a shot but to no effect. The relevant part of my config file is: AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator AddToReply Class = %{Reply:Framed-IP-Address} PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 AutoMPPEKeys # policy = 4 (40bit), 2 (128bit), 6 (any) AddToReply MS-MPPE-Encryption-Policy = 2, MS-MPPE-Encryption-Types = 4 /AuthBy I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the AddToReply clause above with various combinations of MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types. Okay, is there anyone on the list that has got this to work please :-) Also, about my other problem, is there anyway to conditionally remove a Reply attribute from the access acccept packet before it is sent? The functional word is conditionally Simply stated, after selecting the users record from the database, checking the passwords etc, stripping say the Framed-IP-Address attribute off if it is from say the 192.168.10.x block. OR alternatively, dynanically changing the PoolHint attribute based on the NAS sending the request? Regards, Tunde I. - Original Message - From: Mike McCauley [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED]; Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, August 02, 2002 1:43 AM Subject: Re: Radiator and Windows Encryption Hello Tunde, On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote: Hello Tunde - We have many customers using Windows 2000 and we have many customers using Patton RAS, however I don't know if anyone is using both together. As for the MPPE questions, I have copied Mike on this mail for his comments. There are some recent patches to the AutoMPPEKeys feature in the Radiator 3.1 area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an interoperability problem. These have been tested to be working correctly now by a number of people. Cheers. regards Hugh On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote: Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2. Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, someone I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
(RADIATOR) Re: Radiator and Windows Encryption
Hi Mike, I have given the 3.1 patch a shot but to no effect. The relevant part of my config file is: AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator AddToReply Class = %{Reply:Framed-IP-Address} PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 AutoMPPEKeys # policy = 4 (40bit), 2 (128bit), 6 (any) AddToReply MS-MPPE-Encryption-Policy = 2, MS-MPPE-Encryption-Types = 4 /AuthBy I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the AddToReply clause above with various combinations of MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types. Okay, is there anyone on the list that has got this to work please :-) Also, about my other problem, is there anyway to conditionally remove a Reply attribute from the access acccept packet before it is sent? The functional word is conditionally Simply stated, after selecting the users record from the database, checking the passwords etc, stripping say the Framed-IP-Address attribute off if it is from say the 192.168.10.x block. OR alternatively, dynanically changing the PoolHint attribute based on the NAS sending the request? Regards, Tunde I. - Original Message - From: Mike McCauley [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED]; Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, August 02, 2002 1:43 AM Subject: Re: Radiator and Windows Encryption Hello Tunde, On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote: Hello Tunde - We have many customers using Windows 2000 and we have many customers using Patton RAS, however I don't know if anyone is using both together. As for the MPPE questions, I have copied Mike on this mail for his comments. There are some recent patches to the AutoMPPEKeys feature in the Radiator 3.1 area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an interoperability problem. These have been tested to be working correctly now by a number of people. Cheers. regards Hugh On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote: Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2. Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, someone I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and Windows Encryption
Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2.Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, "someone" I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi.
(RADIATOR) Complex config?
Hi Hugh, Hi All, I am some "twisted" requirements. Mysetup is as follows. 1. 3 Windows 2000 servers and 3 pattons at location A 2. 1 patton at location B 3. All NASes authenticate against radiator at location A 4. IPs allocated/used at location A different from IPs used at location B (routers inbetween) 5. Clients fall into two categories (full access can browse) and email-only (192.168.x.x ips) 6. Email-only clients MUST be able to reach DNS server and Email server. 7. ALLclients can log in from any NAS I need a config to do this. I have tried allocating IPs to email-only clients from a single 192.168.x.x IP block via radiator, and using "weighted static routes" on the mail and DNS servers to implement connections to email-only clients by trying out each NAS server in turn to see if the client can be reached by that server. I suspect this would degrade performance with large email-only client base? The main problem is with the fact that there are two locations and a client's record in the database can only contain one poolhint. Because I need to allocate IPs differently (different pools) based on the location to which client is connected (also whether email-only or full access). So how do I implement a config that enforces simultaneous connection rules; allow clients to connect from any of the two locations while using radiator to allocate IPs? I have nearly beat my brains out on this one - all the config options I can think of seem to have one problem or the other. Regards, Tunde Itayemi.
(RADIATOR) Handler clause attributes
Hi Hugh, Hi All, Please it there somewhere i can get a list of all the attributes that can go into the Handler clause ( Handler attributes= ) and their proper name and format of their values? Regards, Tunde Itayemi.
(RADIATOR) addition to complex config?
Hi All, Just an addition to my previous mail. Since I guess the static routes I mentioned in my original mail would probably work, what I desire now is some way to: strip the Framed-IP-address (which is set to 192.168.x.x for email-only clients)off the access-accept packet IF 1. the NAS is the Patton NAS at locationB (I could do the same for all Patton NASes) so that the NAS would then allocate a public IP from the static pool defined on it. Can I do this though one of the Hooks? Maybe a little script that checks the NAS's identifier and if it is a particular one(s), then strips off the Frame-IP-Address and Framed-IP-Netmask? Can I hear someone volunteer to write this script :-) (seriously) Regards, Tunde Itayemi.
(RADIATOR) Allocating IPs
Hi Hugh, Thanks for the replies. I would like to know if there is anyway to strip or ignore the pool hint attribute for certain clients. The reason: We have NASes at two different locations. Most of the time clients would be dialing in at a particular location and should get a certain range of IPs, but for the second group of NASes, I have decided it would be simpler to just allocate a block of static IPs to the NASes as each one has a single E1 connected to it (30 dial-in lines). So if for example, client A dials into one of the E1 NASes, I would like the NAS to allocate the IP from a pool defined on it, on the other hand if client A dials-in to our "regular" NASes, (Windows 2000 server), I would like radiator to allocate the IP. The problem is that I am validating requests against the same database which has to contain pool hints for each client for the second scenario to work. Regards, Tunde I.
(RADIATOR) Radiator not emptying RADPOOL
Hi All, Hi Hugh, Radiator is not deleting entries in the RADPOOL table when users log off, hence it runs out of IP addresses after about 30 successful logons based on a particular pool of 30 IP addresses. I have tried both from a Patton RAS and also a windows 2K server I have also tried it withcommenting out theDefaultLeasePeriodand LeaseReclaimInterval config options - no difference. My config is as below (I have deleted a few sections): Another question - I am authenticating my web server againstradiator on the same box (separate database table though) - anything I should know? Any problems? # Auth Acct ports AuthPort 1645 AcctPort 1646 # --- RADAR - Monitor Username radpasswd Password radpasswd /Monitor # Online users SessionDatabase SQL Identifier SDB1 DBSource dbi:Oracle:myOraDB DBUsername orauser DBAuth orauser /SessionDatabase # === AddressAllocator SQL Identifier mySQLallocator DBSource dbi:Oracle:myOraDB DBUsername orauser DBAuth orauser DefaultLeasePeriod 86400 # LeaseReclaimInterval 86400 AddressPool pool1 Subnetmask 255.255.255.0 Range a.b.c.d a.b.c.z /AddressPool AddressPool pool2 Subnetmask 255.255.255.0 Range 192.168.10.21 192.168.10.50 /AddressPool AddressPool pool3 Subnetmask 255.255.255.0 Range a.b.e.a a.b.e.u /AddressPool /AddressAllocator # === CLIENTs = Client a.b.c.a Secret asecret DupInterval 0 Identifier myras IdenticalClients a.b.c.c a.b.a.b a.b.k.c b.b.c.d c.d.a.c /Client Client a.d.d.a Secret another DupInterval 0 Identifier myras /Client Client 127.0.0.1 # web server on this box Secret myapache DupInterval 0 Identifier anapache /Client # === AUTH BYs = AuthBy SQL Identifier SQLStaffauth NoDefault DBSource dbi:Oracle:myOraDB DBUsername orauser DBAuth orauser AuthSelect select PASSWORD, CHECKATTR from STAFF \ where USERNAME = '%n' and STATUS = 'Enabled' AuthColumnDef 0, User-Password, check AuthColumnDef 1, GENERIC,check AuthColumnDef 2, GENERIC,reply /Auth AuthBy SQL Identifier SQLClientauth NoDefault DBSource dbi:Oracle:myOraDB DBUsername orauser DBAuth orauser AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ from SUBSCRIBERS where USERNAME = '%n' AuthColumnDef 0, User-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, reply /Auth AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 /AuthBy #=== HANDLERs Handler Client-Identifier=viruse2 AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth AuthBy myIPADDRESSauth /Handler Handler Client-Identifier=apache AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 AuthBy SQLStaffauth /Handler Handler # default handler AuthBy RADIUS # Default values for all hosts. You can change them for a # single host in a Host clause Secret mysecret RetryTimeout 1 Retries 3 # Hosts to send to are listed below Host 203.63.154.2 /Host Host 203.63.154.3 BogoMips 2 /Host # This host has non-standard ports Host 203.63.154.4 AuthPort 1647 AcctPort 1648 /Host /AuthBy /Handler
(RADIATOR) Windows 2000, Radiator and Encryption
Hi All, Hi Hugh, Okay, I am back with my encryption questions :-) From the accouting request below, I noticed thatMS-MPPE-Encryption-Typesis set to0 Anybody know how to setthe value ofMS-MPPE-Encryption-Types to 1 or 2 on a Windows 2000 server. On the windows 2000 client, it goes as far as "registering your computer on remote network" then it immediately comes up with "the remote comuter does not support the required encryption type" - when I configure the VPN client to require encryption. I noticed that Radiator actually send an access-accept packet to the windows RAS and also that the windows RAS immediately send another accounting request packet back to radiator stating that the user was disconnected at "user's request". Any ideas? Acct-Output-Packets = 13 Acct-Input-Packets = 12 Acct-Terminate-Cause = User-Request The original access-request is below: Sat May 18 08:51:04 2002: DEBUG: Packet dump:*** Received from 80.247.140.4 port 1109 Code: Accounting-RequestIdentifier: 3Authentic: 219145210146203226\12185;248171tEO230Attributes: Acct-Status-Type = Start Acct-Delay-Time = 0 NAS-IP-Address = 80.247.140.4 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 5 MS-RAS-Vendor = 311 MS-RAS-Version = "MSRASV5.00" NAS-Port-Type = Virtual Tunnel-Type = 0:PPTP Tunnel-Medium-Type = 0:IP Calling-Station-Id = "172.31.1.18" Tunnel-Client-Endpoint = 49:72.31.1.18 Acct-Session-Id = "133" User-Name = "kdavid" Framed-IP-Address = 80.247.156.36 Framed-MTU = 1500 Session-Timeout = 54596 Acct-Multi-Session-Id = "3" Acct-Link-Count = 1 Event-Timestamp = 1027622370 Acct-Authentic = RADIUS MS-MPPE-Encryption-Types = 0
(RADIATOR) Windows RAS server and Encryption
Hi Hugh, Hi All, Has anyone configured a Windows 2000 server/advanced server to authenticate via radiator AND use encryption - between server and clients? If yes, please send me a copy of your config file (no passwords please :-) Also a Windows 2000 server/advanced server to authenticate via radiator AND use MSCHAP v1 or 2? If yes, please send me a copy of your config file (no passwords please :-) I have downloaded the patches in the radiator 3.1 area of your site but no luck. Regards, Tunde Itayemi.
Re: (RADIATOR) LDAP and CHAP
Hi, Depending on your patience, number of clients and time, you could get Mobius Freeware's w32crack - run it continuously for a few days after extracting the username and encrypted passwords from the windows 2K server or NT using pwdump2 or pwdump3 and hey presto! All passwords in cleartext! Regards, Tunde Itayemi. - Original Message - From: Dan Melomedman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 4:13 PM Subject: Re: (RADIATOR) LDAP and CHAP Hugh Irvine writes: Hello Dan - You can use CHAP with any database, however the password stored therein *must* be in cleartext, as you can only use cleartext passwords with CHAP. regards Hugh The problem is all our dial-ups have hashed passwords, and returning them to clear text would be impossible. The problem is Broadwing now requires CHAP for some of the POPs, and doesn't for others. Are there any work-arounds for this? Thanks. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Name rewrites
Hi Hugh, I know nothing about Perl even though I wouldn't mind having one with an "a" after the "e" :-) The following is from my radius.cfg Handler Client-Identifier=viruse2 AuthByPolicy ContinueWhileAccept# remove @domain-name RewriteUsername s/^([^@]+).*/$1/ UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 RewriteUsername tr/A-Z/a-z/ Would the "above" allow in a user with say wole.james as the user name? Please note the fullstop in the name. What exaclty does the Rewrite statement above do - just remove the part after the @ sign? The UsernameCharset above will allow names with periods? Regards, Tunde Itayemi.
(RADIATOR) MS Encryption attributes
Hi Hugh, I extracted the following from the dictionary file that came with radiator 3.0 Please can you have Mike take a look at it? Is it correct? I have tried to implement encryption on a Windows 2000 RAS server but I have had no success - I sent a mail to the mailing list some time ago. Please it would be nice if you can check the attribute values, and the data type also. #VALUE MS-MPPE-Encryption-Policy Encryption-Allowed 1#VALUE MS-MPPE-Encryption-Policy Encryption-Required 2# Is this correct?:#VALUE MS-MPPE-Encryption-Types Encryption-40 4#VALUE MS-MPPE-Encryption-Types Encryption-128 2#VALUE MS-MPPE-Encryption-Types Encryption-Any 6# RcryptKey Regards, Tunde I.
Re: (RADIATOR) Radiusd crashes with strange error
Hi, I had the same problem. A new notification (mail) kept popping into my mailbox almost every 2 seconds. I had to turn of the restartWrapper. I got the same problem when I tried to use the restartWrapper with BIND 9.2 on my (same) RedHat 7.2 server. I am interested in the solution. Regards, Tunde I. - Original Message - From: Leon Oosterwijk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 09, 2002 5:58 PM Subject: (RADIATOR) Radiusd crashes with strange error I've recently upgraded two machines to 3.0. I'm now getting the following error sporadically: our program /usr/bin/radiusd -config_file /etc/radiator/radius.cfg -dictionary_file /etc/radiator/dictionary exited unexpectedly with exit status 0, signal number 0 and dump indication 0. The STDERR output was Error: creating socket: Address already in use Undefined subroutine Radius::Util::get_port called at /usr/bin/radiusd line 328. . The program will be restarted again by /usr/local/sbin/restartWrapper in 600 seconds. == This mail message was automatically generated by restartWrapper, part of the OSC Radiator package. == What could be causing this? The Util.pm under the Radius dir have the routine called get_port all the way at the bottom of the file. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RestartWrapper for DNS server
Hi Hugh, Hi all, Okay I am being extremely lazy - I haven't even taken a look at the restartwrapper code - I know approximately zero perl anyway. I am wondering if I could use the restartwrapper for say a BIND 9 DNS server running on the same machine as radiator. The main question is does restartwrapper support apps written in other languages? Secondly, am I breaking any software agreements if I decide to use it this way? Regards, Tunde Itayemi (Metrong Internet Services)
Re: (RADIATOR) Time Check Item format.
Hi Griff, Use: Time=Wk1000-1800,SaSu-2400 Regards, Tunde Itayemi. - Original Message - From: Griff Hamlin, III [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 05, 2002 5:41 PM Subject: (RADIATOR) Time Check Item format. Hello all, If I wanted the time restriction to be Monday-Friday from 10am to 6pm, and weekends unlimited, how is the best way to specify that the weekends are to be unlimited? I can do Time=Wk1000-1800 for the weekdays, but how do I handle unlimited weekends? thanks, Griff Hamlin, III Quik International === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.