[RADIATOR] Kill/terminate live PPoE user sessions
Dear All, I would like to know ,how to use radiator to terminate live user sessions when the user is either a (PPoE user) or otherwise (a normal user authenticating via radiator or another 3rd party AAA server). Is there something to be added in configuration to achieve this or is it a hook which is required, an example would be appreciable. Thanks, Thomas Kurian ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Quota Deduction using Authby SQL realm
Dear All,
I have 2 questions stated after the configuration lines based on Quota
deduction.
DBSource dbi:mysql:radius
DBUsername
DBAuth x
AddToReply Acct-Interim-Interval = 300
AccountingTable ACCOUNTING
AcctColumnDef USERNAME, User-Name
.
.
.
.
AuthSelect select QUOTAINBYTES from SUBSCRIBERS \
where USERNAME='%n'
AuthColumnDef 0, Session-Timeout, reply (I don't know what this line
stands for and what I need to replace Session-Timeout with, I require
comments on this)
AcctSQLStatement update SUBSCRIBERS set \
QUOTAINBYTES=QUOTAINBYTES-0%{Acct-Input-Octets} \
where USERNAME='%n'
1. Is it okay to define the above bolded lines inside a handler under
default Realm, since my requirement is to get the Acct-Input-Octets
attribute from NAS and use it for deducting from sql database the
predefined quota(QUOTAINBYTES) after a user ends his session?
2. 0%{Acct-Input-Octets} does this statement , retrieve value of this
attribute from the NAS accounting stop packet send to radiator?
Thanks,
Thomas Kurian
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Quota Deduction using Authby SQL realm
Dear All, I am using Authby SQL realm for authentication purpose. Once the session is end for a quota based user it should deduct the used quota (Acct-input-octets in bytes) from the quota left.(Acct-input-octets gives the number of bytes used and this will be available with accounting stop packet from the NAS at user's session end. How can I do this using Authby SQL realm. Please give me one example for the queries related to it. I did see one example in goodies directory called goodies/blocktime.txt but it is all time based and is difficult to relate in terms of quota deduction. An example like blocktime.txt with contents for quota deduction, is my requirement. Regards, Thomas Kurian ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] run exe file after accounting stop
Hello Hugh, I have already checked the "hooks.txt" file but I did not find the hook configuration lines which would fulfill my requirements, as stated in my previous emails. Can you send me the exact config lines for the purpose which I had requested? We are about to buy the radiator full license after getting this done, so please help me out. Regards, Thomas Kurian -Original Message- From: Hugh Irvine [mailto:h...@open.com.au] Sent: Friday, January 18, 2013 11:06 PM To: Thomas KCCG Cc: 'Alexander Hartmaier'; radiator@open.com.au Subject: Re: [RADIATOR] run exe file after accounting stop Hello Thomas - There are many examples of hook code in the Radiator 4.11 distribution in "goodies/hooks.txt". regards Hugh On 18 Jan 2013, at 23:33, "Thomas KCCG" wrote: > Dear Hugh & Alexander, > We already a separate 3rd party AAA server handling the authentication > and radiator is the meant to handle only the accounting of quota based > user with respect to accounting stop packet received from the cisco ISG (NAS). > > Alexander/Hugh , I am totaling new to perl programming and this task > needs to be completed soon. Can you please help me by sending me the > configuration lines to be added in radiator config file , for running an " .exe file" > after receiving "accounting stop" packet from the NAS (cisco ISG). > Thanks for the advice & link on hooks you have sent me, but it is too > advanced for me to understand as a beginner to perl programming. > Hoping you will understand my situation and help me out & provide me > with some kind of an example to work/build on. > > Thanks and best regards, > Thomas Kurian > > > -----Original Message- > From: Hugh Irvine [mailto:h...@open.com.au] > Sent: Friday, January 18, 2013 12:11 AM > To: Thomas KCCG; Alexander Hartmaier > Cc: radiator@open.com.au > Subject: Re: [RADIATOR] run exe file after accounting stop > > > Hello Thomas - > > This is one of the good reasons for running two instances of Radiator > - one for authentication listening on the authentication port, and one > for accounting listening on the accounting port. > > regards > > Hugh > > > On 17 Jan 2013, at 23:59, Alexander Hartmaier > wrote: > >> Hi Thomas, >> >> the hooks are just regular Perl code so look at perldoc, either on >> the cli > or perldoc.perl.org. >> >> You want system [1] but note that the Radiator process will wait for >> it to > exit until it continues process which might introduce a performance problem. >> >> [1] http://perldoc.perl.org/functions/system.html >> >> Best regards, Alex >> >> On 2013-01-17 13:32, Thomas KCCG wrote: >>> Hello Guys, >>>What are the hook configuration lines required for > running an ".exe file" after the radiator receives an accounting stop > packet from the NAS (cisco ISG). >>> >>> As there are no examples in the radiator documentations, goodies >>> folder > or mailing lists archives I really need your help on this. >>> >>> >>> Thanks & Best Regards, >>> >>> Thomas Kurian >>> >>> >>> >>> >>> >>> ___ >>> radiator mailing list >>> >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >> >> >> >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*" >> *"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien >> Handelsgericht Wien, FN 79340b >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*" >> *"*"*"* >> Notice: This e-mail contains information that is confidential and may >> be > privileged. >> If you are not the intended recipient, please notify the sender and >> then delete this e-mail immediately. >> *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*" >> *"*"*"* ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, > TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. > > Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. > > > > -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] run exe file after accounting stop
Dear Hugh & Alexander, We already a separate 3rd party AAA server handling the authentication and radiator is the meant to handle only the accounting of quota based user with respect to accounting stop packet received from the cisco ISG (NAS). Alexander/Hugh , I am totaling new to perl programming and this task needs to be completed soon. Can you please help me by sending me the configuration lines to be added in radiator config file , for running an " .exe file" after receiving "accounting stop" packet from the NAS (cisco ISG). Thanks for the advice & link on hooks you have sent me, but it is too advanced for me to understand as a beginner to perl programming. Hoping you will understand my situation and help me out & provide me with some kind of an example to work/build on. Thanks and best regards, Thomas Kurian -Original Message- From: Hugh Irvine [mailto:h...@open.com.au] Sent: Friday, January 18, 2013 12:11 AM To: Thomas KCCG; Alexander Hartmaier Cc: radiator@open.com.au Subject: Re: [RADIATOR] run exe file after accounting stop Hello Thomas - This is one of the good reasons for running two instances of Radiator - one for authentication listening on the authentication port, and one for accounting listening on the accounting port. regards Hugh On 17 Jan 2013, at 23:59, Alexander Hartmaier wrote: > Hi Thomas, > > the hooks are just regular Perl code so look at perldoc, either on the cli or perldoc.perl.org. > > You want system [1] but note that the Radiator process will wait for it to exit until it continues process which might introduce a performance problem. > > [1] http://perldoc.perl.org/functions/system.html > > Best regards, Alex > > On 2013-01-17 13:32, Thomas KCCG wrote: >> Hello Guys, >> What are the hook configuration lines required for running an ".exe file" after the radiator receives an accounting stop packet from the NAS (cisco ISG). >> >> As there are no examples in the radiator documentations, goodies folder or mailing lists archives I really need your help on this. >> >> >> Thanks & Best Regards, >> >> Thomas Kurian >> >> >> >> >> >> ___ >> radiator mailing list >> >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*" > *"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien > Handelsgericht Wien, FN 79340b > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*" > *"*"*"* > Notice: This e-mail contains information that is confidential and may be privileged. > If you are not the intended recipient, please notify the sender and > then delete this e-mail immediately. > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*" > *"*"*"* ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] run exe file after accounting stop
Hello Guys, What are the hook configuration lines required for running an ".exe file" after the radiator receives an accounting stop packet from the NAS (cisco ISG). As there are no examples in the radiator documentations, goodies folder or mailing lists archives I really need your help on this. Thanks & Best Regards, Thomas Kurian ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator Configuration request help please
Dear Sir, Find below the Wireless Mobile data co. (ISP) Kuwait's Radiator project status and also a brief description on "what Is remaining to be done ( I need help with this)" :- Radiator was successfully installed on a centos Linux server with MySQL database using buildsql and MySQL config file from goodies folder. Progress: . Radiator is properly configured and is currently receiving accounting-start and accounting-stop packets sent from the ISG. . Radiator is logging these details in a log file and also updating its MySQL database with the info sent from ISG under its respective fields. Radiator's Purpose: Radiator is implemented in wimd to manage only accounting of quota based users based on the accounting packets sent from the cisco ISG. Radiator needs to have a database for quota based users, with the fields username, password ,quota , speed1, speed2(to reduce to this speed after certain quota). Radiator has to calculate quota of these users after their session ends each time and update this information with the cisco ISG. Current Status: . The ISG must be properly configured to send interim updates to the radiator and this is still pending. Without receiving the interim updates ,further configurations on the radiator cannot be done, as it is dependent on the cisco ISG's interim updates. We are waiting for this to be done by the cisco guy. The steps pending to complete this project from radiator's end (After receiving interim updates from ISG) Please help me with these with respect to above : . We will create and customize the MySQL database for Quota based users.( Please recommend what is to be done? In the MySQL database, there is already a Table called Subscribers , which was created when I ran the buildsql . But there is no attribute in the table called quota. How can this be added and used for the following? .We will add the configuration to the radiator ,for initiating COA after Accounting-Start and Accounting-Interim updates with respect to ISG's current configuration.(How can this be done? Please attach configuration lines for this in the radiator configuration file attached with this email) . We will add the configuration to the radiator , for it to calculate the quota (Add/reduce from remaining quota) and send a max of 4GB at a time, since the ISG volume quota supports a maximum value of 4GB. How can this be configured on the radiator ? Please attach configuration lines for this in the radiator configuration file attached with this email) Requesting your kind cooperation, Thomas Kurian IT Security Engineer (B.Tech. - Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com Description: cid:image001.png@01CDE8E5.B84BC2A0 <># radius.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # a simple system. You can then add and change features. # We suggest you start simple, prove to yourself that it # works and then develop a more complicated configuration as required. # # This example will authenticate from a standard users file in # DbDir/users and log accounting to LogDir/detail. # # It will accept requests from any client and try to handle request # for any realm. # # You should consider this file to be a starting point only # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $ #Foreground #LogStdout AcctPort 1813 AuthPort 1812 BindAddress 0.0.0.0 LogDir /var/log/radius DbDir /etc/radiator # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 4 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with Secret ciscowimd85 DupInterval 0 Secret ciscowimd85 DupInterval 0 NasType Cisco IgnoreAcctSignature Secret mysecret DupInterval 0 DBSource dbi:mysql:radius DBUsername root DBAuth wimd2r00t AccountingTable ACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets # Log accounting to a detail file AcctLogFileName %L/detail ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator Configuration request help please
Dear Sir, Find below the Wireless Mobile data co. (ISP) Kuwait's Radiator project status and also a brief description on "what Is remaining to be done ( I need help with this)" :- Radiator was successfully installed on a centos Linux server with MySQL database using buildsql and MySQL config file from goodies folder. Progress: . Radiator is properly configured and is currently receiving accounting-start and accounting-stop packets sent from the ISG. . Radiator is logging these details in a log file and also updating its MySQL database with the info sent from ISG under its respective fields. Radiator's Purpose: Radiator is implemented in wimd to manage only accounting of quota based users based on the accounting packets sent from the cisco ISG. Radiator needs to have a database for quota based users, with the fields username, password ,quota , speed1, speed2(to reduce to this speed after certain quota). Radiator has to calculate quota of these users after their session ends each time and update this information with the cisco ISG. Current Status: . The ISG must be properly configured to send interim updates to the radiator and this is still pending. Without receiving the interim updates ,further configurations on the radiator cannot be done, as it is dependent on the cisco ISG's interim updates. We are waiting for this to be done by the cisco guy. The steps pending to complete this project from radiator's end (After receiving interim updates from ISG) Please help me with these with respect to above : . We will create and customize the MySQL database for Quota based users.( Please recommend what is to be done? In the MySQL database, there is already a Table called Subscribers , which was created when I ran the buildsql . But there is no attribute in the table called quota. How can this be added and used for the following? .We will add the configuration to the radiator ,for initiating COA after Accounting-Start and Accounting-Interim updates with respect to ISG's current configuration.(How can this be done? Please attach configuration lines for this in the radiator configuration file attached with this email) . We will add the configuration to the radiator , for it to calculate the quota (Add/reduce from remaining quota) and send a max of 4GB at a time, since the ISG volume quota supports a maximum value of 4GB. How can this be configured on the radiator ? Please attach configuration lines for this in the radiator configuration file attached with this email) Requesting your kind cooperation, Thomas Kurian IT Security Engineer (B.Tech. - Electrical) Kuwaiti Canadian Consulting Group (www.kccg.com) T: +965 22435566 F: +965 22415149 E: tho...@kccg.com Description: cid:image001.png@01CDE8E5.B84BC2A0 <># radius.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # a simple system. You can then add and change features. # We suggest you start simple, prove to yourself that it # works and then develop a more complicated configuration as required. # # This example will authenticate from a standard users file in # DbDir/users and log accounting to LogDir/detail. # # It will accept requests from any client and try to handle request # for any realm. # # You should consider this file to be a starting point only # $Id: linux-radius.cfg,v 1.3 2002/03/24 23:07:49 mikem Exp $ #Foreground #LogStdout AcctPort 1813 AuthPort 1812 BindAddress 0.0.0.0 LogDir /var/log/radius DbDir /etc/radiator # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 4 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with Secret ciscowimd85 DupInterval 0 Secret ciscowimd85 DupInterval 0 NasType Cisco IgnoreAcctSignature Secret mysecret DupInterval 0 DBSource dbi:mysql:radius DBUsername root DBAuth wimd2r00t AccountingTable ACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets # Log accounting to a detail file AcctLogFileName %L/detail ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
