RE: AS5300 log to two Radius server simultaneously

2002-04-14 Thread Lutrika Mufti R 



> -Original Message-
> From: Chris Parker [mailto:[EMAIL PROTECTED]]
> Sent: Friday, April 12, 2002 9:38 PM
> To: [EMAIL PROTECTED]
> Subject: Re: AS5300 log to two Radius server simultaneously
> 
> 
> At 08:08 PM 4/12/2002 +0800, Raymond Chen wrote:
> >Dear all,
> >
> >A bit off topic.  Does anyone know how to configure the AS5300 so it
> >passes accounting records to 2 FreeRadius sever simultaneously.
> 
> Nope, can't be done via the 5x00.  You *can* setup FreeRADIUS 
> so that it
> replicates/proxies records to the other server, though.
> 

Actually with a little bit of workaround it can be done. You need to configure 2 (or 
more) groups of radius like the following:

aaa group server radius myradius1
 server XXX.XXX.XXX.XXX auth-port 1812 acct-port 1813
!
aaa group server radius myradius2
 server YYY.YYY.YYY.YYY auth-port 1645 acct-port 1646
!

Than you set the 5300 to broadcast the accounting packets:

aaa accounting connection default wait-start broadcast group myradius1 group 
myradius2


> -Chris
> --
> \\\|||///  \  StarNet Inc.  \Chris Parker
> \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
> | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
> oOo---(_)---oOo--\
> --
>\ Wholesale Internet Services - 
> http://www.megapop.net
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 
> 
> 

Rgds

LMR

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to use Exec-Program-Wait; Setting Time Limits under dial-up admin...

2002-04-14 Thread Peter Santiago 

How does one use Exec-Progra-Wait properly?  I use dal-up admin to create
users and set their time limit to something other than the default value of
14400.  When I edit the user, dial-up admin still says Allowed Session is 4
hours... What do I need to do to make dial-up admin reflect the correct
duration of Allowed Session?... Thanks... A repeat question... How do I
enforce Session-Time limits for users created in the database?  Kicking them
out, whenever their allocated time runs out?  PLease help...

_
Peter Santiago
ICQ#: 2890601
More ways to contact me: http://wwp.icq.com/2890601
See more about me: http://web.icq.com/whitepages/about_me?Uin=2890601
Linux user #252132   http://counter.li.org
_


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and mysql

2002-04-14 Thread Alan DeKok 

Artur Hecker <[EMAIL PROTECTED]> wrote:
> again, the problem was not the SQL and whatsoever dependint on it. for a
> plenty of people here the problem are the *tmp files which DO NOT exist
> even it the modules ARE active.

  Add debugging statements to the module, to track when/where/why it's
making it's decisions.  Figure out where it's making a wrong decision,
and send a patch to the list.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with Tunnel-Password

2002-04-14 Thread Thorsten Wystrychowski 

Thanks a lot 3APA3A!

I've tested your patch.

I would say it's pretty close to a solution. But it's not 100% correct.

In general the Tunnel-Password encryption and decoding is close to work with
your patch. But the first character of the decoded string of the encrypted
password is wrong:

"decoding issue"
-
An original Tunnel-Password "p123" will be decoded as "3123".

At least encoding and decoding is much better with your bugfix. I would appreciate
if you have another look at this.

I've attached a file with information about:

* radius profile
* output of Lucent MAX TNT radius trace showing the "decoding issue".

- Thorsten


-Original Message-
From: 3APA3A <[EMAIL PROTECTED]>
To: Thorsten Wystrychowski <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Saturday, April 13, 2002 5:06 PM
Subject: Re[2]: Problem with Tunnel-Password


>Dear Thorsten Wystrychowski,
>
>Try   this   file.   Reply  if  it  will  works  (don't  forget  to  tag
>Tunnel-Password, like Tunnel-Password:1 etc). I'll commit the changes if
>everything's OK.
>
>--Saturday, April 13, 2002, 4:23:32 PM, you wrote to 
>[EMAIL PROTECTED]:
>
>TW> Hi,
>
>TW> we have a lot of L2TP customers in production and in the loop.
>
>TW> All customers who tried to use freeradius for L2TP purposes
>TW> failed. At least without fixing the freeradius code.
>TW> Most of them migrated to cistron 1.6.5 which does support
>TW> Tunnel-Password encryption.
>
>TW> Some weeks ago I've heard from a customer that new freeradius
>TW> versions are better now with regard to L2TP Tunnel-Password
>TW> encryption.
>
>TW> But it was a mistake to believe this. Lately we run some tests
>TW> with freeradius 0.5 with the result that L2TP Tunnel-Password
>TW> encryption is still very buggy.
>
>TW> The bug of freeradius 0.5 we are seeing is the following.
>
>TW> The length field value of attribute 69 seems to be OK.
>TW> But the content of the string field (the encrypted password) is
>TW> rubbish. It is looking that the encrypted password is too short,
>TW> since the end of the string is filled with data of the next radius
>TW> attribute.
>
>TW> On Thu, 11 Apr 2002, Chris Parker wrote:
>>> Ahh, then possibly the NAS has not implemented the RFC standard
>>> tunnel encryption.
>
>TW> No, we see this in the snoop of the radius packets. So this is really
>TW> independent of the NAS/LAC or of any proxy.
>
>TW> Comparing freeradius pieces of code from 0.4 and 0.5, it's easy to
>TW> discover relevant differences. The code changes are related to the
>TW> password length!
>
>
>TW> freeradius-snapshot-20011205 (0.4)
>TW> --
>TW> in radius.c:
>
>TW> int rad_tunnel_pwencode ...
>
>TW> ...
>TW> charsalt[2];
>TW> int i, n, secretlen;
>TW> int len;
>
>TW> if(pwlen < 2) {
>TW>   return 0;
>TW> }
>TW> salt[0] = passwd[0];
>TW> salt[1] = passwd[1];
>
>TW> /* Advance pointer past the salt, which is first two chars of passwd */
>TW> passwd = passwd + 2;
>
>TW> /*
>TW>  *  Padd password to multiple of AUTH_PASS_LEN bytes.
>TW>  */
>TW> len = strlen(passwd);
>TW> ...
>
>
>
>TW> freeradius 0.5
>TW> --
>TW> in radius.c
>
>TW> int rad_tunnel_pwencode ...
>
>TW> ...
>TW> charsalt[2];
>TW> int i, n, secretlen;
>TW> int len;
>
>TW> len = *pwlen;
>
>TW> if (len < 3) {
>TW>   return 0;
>TW> }
>TW> salt[0] = passwd[0];
>TW> salt[1] = passwd[1];
>
>TW> /* Advance pointer past the salt, which is first two chars of passwd */
>
>TW> passwd = passwd + 2;
>TW> len -= 2;
>TW> *passwd = len;
>
>TW> /*
>TW>  *  Padd password to multiple of AUTH_PASS_LEN bytes.
>TW>  */
>TW> if (len > 128) len = 128;
>
>TW> ---
>
>
>TW> On Wed, 10 Apr 2002, Chris Parker wrote:
>>> > > I know that it is working at least with Funk
>>> > > SteelBelted Radius in terms of interoperability.
>>> > > FreeRADIUS also works with cisco and Ascend NAS that
>>> > > I've tested with ( in setting up L2TP via radius ).
>
>TW> 1) Freeradius 0.5 packet snoops prove that freeradius is
>TW> sending buggy attribute 69 packets.
>
>TW> 2) Freeradius Tunnel-Password encryption code of version 0.4
>TW> and version 0.5 has been changed.
>
>TW> We have a lot of customers in the loop who are interested in L2TP services.
>
>TW> Cistron 1.6.5 (http://www.radius.cistron.nl) has been certified for L2TP.
>TW> Other radius as well, such as radiator (http://www.open.com.au/radiator).
>
>TW> It has been always a little bit painful to migrate all of them from freeradius
>TW> to another radius server.
>
>TW> It might be that there is a specific (snapshot) version between 0.4 and 0.5 which
>TW> is OK. If so, which one?
>
>TW> If not, when could we ex

unsubscribe

2002-04-14 Thread Alex Leung 




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Login-Time Limit

2002-04-14 Thread Kostas Kalevras 

On Sun, 14 Apr 2002, Mike wrote:

> I've read the FAQ for Limiting Time logins, but couldn't find how to
> do it for a user. Or where can I find some examples of these Login-Time-Limit 
>attributes?
> Thanks.

doc/README

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

2002-04-14 Thread 李海峰 



 

Re: counter module and mysql

2002-04-14 Thread Alan DeKok 

=?ISO-8859-1?Q?Pasi_K=E4rkk=E4inen?= <[EMAIL PROTECTED]> wrote:
> I'd like to store all authentication and accounting data in mysql and use
> counter module to calculate some time-stuff..

  I don't think you need any patches to do that.
 
> All examples about usage of counter module are also welcome. There seems
> to be no documentation about counter module with freeradius..

  See 'raddb/radiusd.conf'.  There isn't much there, but it's better
than nothing.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Login-Time Limit

2002-04-14 Thread Alan DeKok 

Mike <[EMAIL PROTECTED]> wrote:
> I've read the FAQ for Limiting Time logins, but couldn't find how to
> do it for a user. Or where can I find some examples of these
> Login-Time-Limit attributes?

  It's not named that.  See 'Session-Timout' in:

http://www.freeradius.org/rfc/attributes.html

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Login-Time Limit

2002-04-14 Thread Mike 

I've read the FAQ for Limiting Time logins, but couldn't find how to
do it for a user. Or where can I find some examples of these Login-Time-Limit 
attributes?
Thanks.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

counter module and mysql

2002-04-14 Thread Pasi Kärkkäinen 


Hello!

Does anyone have url to mysql patch for counter module (Reading list
archives there was/is such thing)?

I'd like to store all authentication and accounting data in mysql and use
counter module to calculate some time-stuff..

All examples about usage of counter module are also welcome. There seems
to be no documentation about counter module with freeradius..


Thanks!


- Pasi Kärkkäinen


   ^
. .
 Linux
  /-\
 Choice.of.the
   .Next.Generation.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: access time restrictions

2002-04-14 Thread Pasi Kärkkäinen 



(Please CC to me, I'm not on the list)


Michael Bielicki wrote:

> an easier way is to use counters. I have a quite similar problem but
> want to implement differnt units for daytime/nighttime, like 1 daytime
> minute = 2 nighttime minutes ...


Hmm.. could you tell me more about counters? Did you solve your problem?



>> On Wed, 2002-04-03 at 11:32, Pasi Kärkkäinen wrote:
>>
>> Hello!
>>
>> I'd like to implement following scenario with openradius or freeradius:
>>
>> User has some specific time (say 3600 seconds) one can use. After the
>> time is exceeded, radiusd return zero seconds as access-time for the user
>> when one logs in.
>>
>> NAS requests allowed access-time when user logs in and returns used time
>> to radiusd when user logs off.
>>
>> I'd like to store this information in sql-database (mysql).
>>
>> Has anyone already done something like this? Any ideas how to do this?
>>
>> Thanks!
>>
>>


- Pasi Kärkkäinen


   ^
. .
 Linux
  /-\
 Choice.of.the
   .Next.Generation.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html