(RADIATOR) mikem's back

[Mike McCauley]

Hello all,
Im back again.

Thanks to the folk who helped out while I was away.

Does anyone still have questions that were not adequately addressed while I was
out of touch?

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Access to SQL DB via PostAuthHook

[Mike McCauley]

Hi Remi.

I have not tested this, but I think you could do something like this to get the
data you want:

You will have to identify the AuthBy Clause containing the SQL database you are
interested in by using the Identifier, let say with

Identifier mySQLclause

# find the AuthBy SQL we want
my $authby = &Radius::AuthGeneric::find('mySQLclause')
my $sth = $authby->prepareAndExecute($q);
my ($attr, $val);
while (($attr, $val) = $sth->fetchrow)
{
$$reply->add_attr($attr, $val);
}


Hope that helps.

Cheers.

On Mar 15, 12:22pm, Remi Godin wrote:
> Subject: (RADIATOR) Access to SQL DB via PostAuthHook
> Hi
>
> I finally got some of my PostAuthHook code to work.
> PostAuthHook sub {no strict 'subs'; \
> my $reply = bless $_[1], Radius::Radius ;\
> my $attrid = $$reply->get_attr('AttrID');
> $$reply->delete_attr('AttrID');\
> my $q = "SELECT attribute, value FROM
> newradius WHERE ((attr_id=$attrid) AND(newradius.type='R'));";\
> print $q."\n";\
> }
>
> Note the "no strict 'subs'" and bless statement.
>
> Now, I want access to the SQL DB via the PostAuthHook without opening a new
> handle to the SQL DB if possible.
> The SQL stament above will return data, two columns wide, and any number of
> rows deep.
> What do I need to do to get the values?
>
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Remi Godin Escape Communications Corp.
> Jr. Systems Support665 Stafford Street
>   Winnipeg, MB   R3M 2X7
>
> [EMAIL PROTECTED]   Tel: 1-877-372-2730
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Remi Godin



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) reject:message not working...

[Mike McCauley]

Hi Chris,

On Mar 10,  1:19pm, C Thompson wrote:
> Subject: (RADIATOR) reject:message not working...
> I put an entry in the users file like this:
>
> username  Auth-Type = "Reject:Pay up"
>
> This gets ignored by the system with the following DEBUG info:
>
> WARNING: Could not find Identifier for Auth-Type Reject:Pay up
>
> It seems in the manual that the Reject:message is a built-in Radiator
> function that doesn't have to be defined elsewhere.  If you do have to
> define it elsewhere (such as in radius.cfg) how do you do that?
Yes, that is built in to 2.13. Is that the version you are running?

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) expiration not working?

[Mike McCauley]

On Mar 10, 12:59pm, C Thompson wrote:
> Subject: (RADIATOR) expiration not working?
> I tried setting an expiration on a user at the top of the 'users' file.
>
> I have my DEFAULT user at the end of the file.
>
> I have a default realm that looks in the 'users' file (AuthBy FILE) and a
> dummy realm for AuthBy UNIX.
>
> The debug info showed that the system tried the authby file and said the
> expiration had passed.  However, it then continued on and authenticated
> the user based on the DEFAULT setting.
>
> How do you set expiration on users if a default user will allow them in?
> 
> My entry for the user looks like this:
>
> username  Auth-Type = System, Expiration = "Jan 31 1999",
>   Reply-Message = "You didn't pay your bill"
>
> I've tried it without the comma after 1999 as well.  Neither works.
>
> Help?
Its a bit hard to tell without seeing your debug log, but I would say that the
expirastion is causeing a rejection of tghe user (as it should) but then it is
falling throught to a DEFAULT that is _less_ restrictive and is therefore
letting the user in.

Hope that helps.

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) DEFAULT entries...

[Mike McCauley]

On Mar 11,  2:45pm, Joost Stegeman wrote:
> Subject: Re: (RADIATOR) DEFAULT entries...
> Stephen,
>
> I think DEFAULT entries are only processed for usernames that haven not been
> found in any other clause. So only unknown users are checked against the
> DEFAULT user entry and thus let in and given the reply-items.
Actually, no.
The DEFAULT user will be checked if no specific user matched: ie if either
there was no specific user entry, _or_ if there was a specific user entry, but
some of the check items failed.

Hope that helps.

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) DEFAULT entries...

[Mike McCauley]

Hi Stephen,

On Mar 11, 12:20pm, Stephen Ollis wrote:
> Subject: (RADIATOR) DEFAULT entries...
> I'm trying to setup a DEFAULT entries to setup things like
> Port-Limit, Session-Timeout, Idle-Timeout and Simultaneous-Use.
> I put the following entry into my users file.
>
> DEFAULT Simultaneous-Use = 1
> Idle-Timeout = 1800,
> Session-Timeout = 86400,
> Port-Limit = 1
>
> This is not working. In fact, it's allowing invalid usernames to
> get access. I'd really like that to STOP! :-) radpwtst doesn't show
> the attributes being set for valid users, but they are for mikem.
> (ie mikem is not a valid user, sorry Mike!)

Because that DEFAULT user does not specify any check items other than
Simultaneous-Use, thats the only check that Radiator applies. That means it
does not do a password check at all, and therefore any user can get in.

I think you will need a more complicated config if you want to apply a global
Sim-Use limit (unless you can use MaxSessions instead, and ou can only do that
if the per-user Sim-Use is more restrictive than the MaxSessions limit)

Hope that helps.

Cheers.

>
> My users files is common to multiple realms, is the barest required
> to allow authentication and Realm AddToReply items are set per realm to
> enable VPN's, tunnelling and the like.
>
> An example user is..
>
> testuser   Password = "N0tL1k3ly"
>
> My std .cfg is..
>
> 
> 
> # Defaults to %D/users It only needs usernames
> # and password in it
> Filename %D/dialup.users
>
> AddToReply Service-Type = Framed-User,\
>  Framed-Protocol = PPP,\
>  Framed-IP-Netmask = 255.255.255.255,\
>  Framed-Routing = None,\
>  Framed-Compression = Van-Jacobson-TCP-IP,\
>  Framed-MTU = 1500,\
>  Annex-Primary-DNS-Server = 202.10.0.36,\
>  Annex-Secondary-DNS-Server = 202.10.0.66
> 
> # Where do we write the accounting file
> AcctLogFileName %L/detail.DEFAULT-%Y%m%d
> 
>
> There is a  to enable IPASS global roaming.
>
> Any pointers/clues appreciated...
>
> --
> Stephen Ollis <[EMAIL PROTECTED]>   Ph: +61 2 9911 1606(BH)
> Team Leader, Server Systems - Network Engineering  +61 2 9911 1555(FAX)
> AT&T EasyLink Services, Lvl 8, 15 Orion Rd, Lane Cove, NSW 2066
> Australia
> 'There is no traffic jam on the extra mile.' - Zig Ziegler
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Stephen Ollis



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) SQL help

[Mike McCauley]

Hi Richard,

On Mar 11,  1:09pm, Richard Hawley wrote:
> Subject: (RADIATOR) SQL help
> How would I go about having separate Radius Accounting logs for say,
> each day of the month, using an SQL database?
> I know I can do the following, but what I'm not sure about is if
> Radiator can create the tables or if the tables for each day have to be
> created already?
>
> AccountingTable ACCT%m%d
>
> Thanks.
As I think was noted by someone else, Radiator does not create the tables for
you: you will have to do that yourself ahead of time.

Hope that helps.

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) SQL help

[Mike McCauley]

I only have a few comments to make.

1. Most SQL databases of any consequence have no problem with hundreds of
thousands or millions of rows. They really are very fast, provided they are
hosted on a reasonable box (doenst have to be super fast, just 100-200MHz or so
and a fastish disk), and the indexes are sensibly defined. So a very reasonable
strategy would usually be to have one accounting table per month or

2. Many people just have one accounting table that they periodically purge of
data older than their billing cycle (eg more than 3 months old). Some databases
(like Oracle) like to have their indexes recreated after such a purge, though.

3. One table per day probbaly doesnt buy you very much. Probably it loses you
something.

4. Lon might be able to use some or all of radacct.cgi for his web page showing
customer usage.

5. Lons observation about not bothering to save Starts in the accounting
database is correct. Theres nothing there thats not in the Stops.

Hope that helps.

Cheers.


On Mar 11,  6:28pm, Lon R. Stockton, Jr. wrote:
> Subject: Re: (RADIATOR) SQL help
>
> On Thu, 11 Mar 1999, Ferhat Dilman wrote:
>
> > By the way, a daily working tables really work? 31 tables in SQL every
> > month? Daily tables are more reasonable since it is 11st of March and it is
> > around 400,000 records already in the database.
>
> You have to determine what information you want to keep and what you can
> discardi.e. do you really have a need to know the compression used
> on a given call three months ago? a year ago?
>
> In my operation, I only need that really specific data for about a
> month so I can do troubleshooting and the like. After that, I only
> need summaries. I need a summary that allows me to see usage statistics
> by customer for billing and statistical purposes, and I need a summary
> to see usage and other misc stats by nas/slot/channel for internal
> planning and the like.
>
> So, my plan is:
>
>  1) set my nas to send every radius attrib it can.
>
>  2) set my radiator to stuff it all in my calldetail table
>
>  3) provide access to calldetail via a webpage, where an
> admin can see 'em all, and a customer can see records
> that pertain to their account(s). This is for troubleshooting
> and customer satisfaction.
>
>  4) Daily, I update my custusage and nasusage summary tables.
> As an example, custusage table is thus-ish:
>create table custusage (
>   acctid text not null,
>   username text not null,
>   sumdate date not null,
>   numcalls int, timeused int, oct_in int, oct_out int);
> Simply put, #calls and usage info for a given customer on
> a given day. (the acctid is a local-to-us thing...simply
> a foreign key into my customer master table which maps cust
> accounts with actual usernames.)
>
>  5) Also daily, I delete records from the calldetail that are
> older than 30 days (possible modification is to move older
> records to another table, dropping all data that I really
> really never have to have...at the moment, I just can't
> see needing any of it). And don't forget to vacuum. (:
>
>  6) Again, access to summary tables via httpd, as appropriate
> for internal use and customer satisfaction (lordy don't
> they love the pretty little graphs).
>
> I also don't record start records in my calldetail, they contain
> nothing of any consequence. Anything I'd possibly use start records
> for will be handled by my sessiontable.
>
> The point is more that you'll obviously have to consider some kind
> of data reduction to keep the info you want/need readily accessable
> without having to have obscene amounts of hard drive space. Sure,
> you never have to lose the calldetail stuff...nothing says you
> must delete it all, just start burning cds. But you also want to
> be able to casually issue a [select month,avg(numcalls),avg(duration)
> from custsum where date(stoptime)>='01/01/95' group by month]
> query without having to find and mount the right cd(s).
>
> Disclamer: I'm not a database administrator, so I officially don't
> know what I'm talking about. I haven't actually done all of the
> above yet: I just got Radiator, don't have 30 days of data in my
> tables yet, the summary tables are still being designed, and
> the httpd server isn't even on the machine yet.
>
> But, daz the plan. Any comments, suggestions, or potshots delivered
> approximately now would prove helpful...a month or two from now
> and I'll be finding out if my plan is worth a crap in a much harder
> to fix scenario. (:
>
> Lon Stockton
> MoonStar
>
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Lon R. Stockton, Jr.



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phon

Re: (RADIATOR) Install on windows 95 problems

[Mike McCauley]

Hi Arnie.

Sorry for the delay in replying: I have been travelling.

>From what you say, it looks like Radiator is starting up OK.
The next step is to test it with the radpwtst utility provided with Radiator.
You can do something like this to send a test authentication request to the
Radiator running on the same box. Run this in your Radiator distribution
directory.

perl radpwtst

You should get some messages saying ACCEPT. This shows that Radiator is
receiving and processing requests properly.

If that works OK, its time to start designing your configuration file and user
database. Refer to section 5 "Post installation and configuration" in the ref
manual for a roadmap on this.

Hope that helps.

Cheers.


On Mar 12,  5:03pm, Arnie Roberts wrote:
> Subject: (RADIATOR) Install on windows 95 problems
> Hi everyone.
>
> I have just purchased Radiator and cannot get it to run on windows 95.
> I've followed the install instructions and have installed DCOM and active
Perl
> and active Perl is working OK I think. The test script gives me -
>
> C:\radiator>perl test.pl
> Starting tests...
> Starting servers. Please wait...
> trying to replace mikem without -u flag: ignored
> trying to replace rejectme without -u flag: ignored
> ok 1a
> ok 1b
> ok 1c
> ok 1d  ... etc. up to ok 6i
> Tests completed
>
>
>
> I used
> perl Makefile.PL install
> and have the radius scripts in the c:\perl\bin directory. There is a
simple.cfg
> file in the same directory and it looks like this -
>
> # simple.cfg
>
> Foreground
> LogStdout
> LogDir/radiator/log
> DbDir /radiator/raddb
>
> # You will probably want to change this to suit your site.
> 
>   Secret  mysecret
>   DupInterval 0
> 
>
> 
>   
>   Filename /radiator/raddb/users
>   
>   # Log accounting to the detail file in LogDir
>   AcctLogFileName ./detail
> 
>
> The radiator \raddb directory contains the two files 'as given' from the
> release.
> C:\radiator\raddb>
> .  03-12-99  9:08a .
> .. 03-12-99  9:08a ..
> USERS6,649  02-12-99 11:59p users
> DICTIO~140,998  02-17-99  4:43a dictionary
>  2 file(s) 47,647 bytes
>  2 dir(s) 548,995,072 bytes free
>
>
> When I try and run the server the cursor goes to the beginning of the
> line and stays there. Ctrl-C kills it and when I look in the log directory,
> radiusd.pid has appeared there. (It was empty before)
>
> C:\radiator\log>
> .  03-12-99 10:12a .
> .. 03-12-99 10:12a ..
> RADIUSD  PID 9  03-12-99  4:37p radiusd.pid
>  1 file(s)  9 bytes
>  2 dir(s) 548,995,072 bytes free
>
>
>
> So where do I go from here??
> I have no experience of Perl but I do have C++ experience.
> Could I add lines into various points of the radiusd script to
> output a debug message so that I can try and track down where
> it is failing??
>
> Any help would be much appreciated.
> Thanks in advance.
>
> Arnie
>
> ***
> Arnold Roberts
> Satelcom UK LTD
> Silwood Park
> Buckhurst Road
> Ascot
> Berkshire
> UK
> SL5 7PW
>
> Tel:  +44 1344 872677
> Fax  +44 1344 872206
> ***
>
>
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Arnie Roberts



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Performance

[Mike McCauley]

Hello Dat
I would expect to see better performance than that on those boxes. Some
comments:

1. If the Ultra-2 enterprise has a faster processor then I would expect
Radiator to be faster too. Perhaps you should be sure that you are not actually
measuring the performance of radpwtst rather than Radiator: radpwtst requires a
significant number of cycles too, and I would suggest you run it on a separate
(faster) box if you can.

2. The default configuration file radius.cfg that is shipped with Radiator has
all the bells and whistles turned on, and it is definitely not streamlined for
performance (it does multiple meaningless username rewrites, has lots of
debugging turned on etc.)

3. related to 2 above there are a number of tips in the reference manual for
tuning performance that you may want to consult.

Hope that helps.

Cheers.


On Mar 12,  4:11pm, Dat Duong wrote:
> Subject: (RADIATOR) Performance
> Radiator is a pretty good product and it is very flexible.  The performance
> is not too good though ?? I've tried to push Radiator both on my ultra-10
> and ultra-enterprise 2 and in both case I cannot pass ~40 tps and the
> CPU go to 99%.  There is very litte difference between an ultra-2 enterprise
> and ultra 10 (the ultra -2 should do at least 3 X better).  The user database
> used is the sample shipped witth the product so it has very few entries.
> Am I doing something wrong here or it just the way Radiator works.
> Dat
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Dat Duong



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Re: Radiator - lowercasing passwords?

[Mike McCauley]

Hello Peter,
sorry for the delay in answering: I have been travelling.

Oh, I see. No RewriteUsername does not rewrite passwords.

To do that, you are going to need to write a hook that rewrites the password.

This is ugly and a bit slow, but it will do what you want:

PreAuthHook sub { \
my $pw = ${$_[0]}->decode_password(${$_[0]}->{Client}->{Secret});\
$pw =~ tr/[A-Z]/[a-z]/;\
${$_[0]}->{CachedAttrs}{2} = \
${$_[0]}->encode_password($pw, ${$_[0]}->{Client}->{Secret});}

I have CCd this to the list for general information.
Cheers.


On Mar 5,  8:46am, Peter Duffy wrote:
> Subject: Re: Radiator - lowercasing passwords?
> Hi Mike,
>
> Thanks for getting back to me.
>
> It's the passwords, not the usernames, which we're wanting to lowercase:
> I saw the RewriteUsername option in the manual, but couldn't see that it
> would do the job. Does it lowercase the password as well as the
> username?
>
> Regards,
> Peter
>
> Mike McCauley wrote:
> >
> > Hi Peter,
> > no its not a silly question and its easy in Radiator.
> >
> > You can use the RewriteUsername to rewrite every incoming username to
> > lowercase with something like this:
> >
> > RewriteUsername tr/[A-Z]/[a-z]/
> >
> > See the ref manula for more details. Rewriteusername can be applied
> > globally, for a single Realm/Handler or for a single AuthBy.
> >
> > Hope that helps.
> > Cheers.
> >
> > BTW, I am out of contact all next week. You should post any questions to
the
> > mailing list then.
> >
> >

> > ---
> > Mike McCauley [EMAIL PROTECTED]
> > Open System Consultants +61 3 9598 0985
> >
> > Mike is travelling right now, and there may be delays
> > in our correspondence.
> > -Original Message-
> > From: Peter Duffy <[EMAIL PROTECTED]>
> > To: Mike McCauley <[EMAIL PROTECTED]>
> > Date: Friday, March 05, 1999 4:40 AM
> > Subject: Radiator - lowercasing passwords?
> >
> > >Hi Mike,
> > >
> > >I've had a request for all passwords sent within packets from the radius
> > >clients to Radiator to be lowercased before authentication is attempted
> > >against them. This may be a silly question, but is such a thing
> > >possible? (And, if it is possible, how trivial/nontrivial might it be to
> > >implement?)
> > >
> > >(I originally wondered about doing it using a PreClientHook subroutine,
> > >but obviously at that stage the password is still encrypted.)
> > >
> > >I'd be grateful for any advice.
> > >
> > >Regards,
> > >Peter
> > >
> > >--
> > >[EMAIL PROTECTED]
> > >Peter Duffy
> > >Unix Developer
> > >Netline (UK) Ltd.
> > >
> > >
>
> --
> [EMAIL PROTECTED]
> Peter Duffy
> Unix Developer
> Netline (UK) Ltd.
>
>-- End of excerpt from Peter Duffy



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Install on windows 95 problems

[Arnie Roberts]

Mike,

>From what you say, it looks like Radiator is starting up OK.

I'm afraid I don't agree. 
The installation notes lead me to expect an
Info: Server started message. I have not seen this.

When I run radpwtst as you suggest, I get no reply -

C:\radiator>perl radpwtst
sending Access-Request...
No reply
sending Accounting-Request Start...
No reply
sending Accounting-Request Stop...
No reply

C:\radiator>

I feel like I need an OutputDebugString("line 1"); (or whatever
is the perl equivalent) strategically placed throughout the program
to see how far it is going. I also feel a little frustrated as you can
imagine.

Arnie







***
Arnold Roberts
Satelcom UK LTD
Silwood Park
Buckhurst Road
Ascot
Berkshire
UK
SL5 7PW

Tel:  +44 1344 872677
Fax  +44 1344 872206
***




===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) FW: Hooks don't work!!!

[Arturo Pina]

-BEGIN PGP SIGNED MESSAGE-

Hi,
As Mike is back, I'm resending this message to the list...
TIA.

- -FW: Hooks don't work!!!-

Date: Mon, 08 Mar 1999 13:43:18 +0100 (CET)
From: Arturo Pina <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Hooks don't work!!!

- -BEGIN PGP SIGNED MESSAGE-

Hi,
Is anyone using some kind of hook to authenticate? I've tried to do the
most simple hooks (PreAuth, PreClient, PostAuth)...
Just simple
prints to a file... but they don't work
I'm using Radiator 2.13.1 with all the patches. Can someone help?
Thanks a lot

- - ---
Arturo Pina - [EMAIL PROTECTED]
CTV Internet [http://www.ctv.es/]
+34 902 444557

- -BEGIN PGP SIGNATURE-
Version: 2.6.3i
Charset: noconv

iQCVAwUBNuPGy9+A5jTOp/8tAQEU9AP8CYGtDCtl/dzccF9bRrKFX267FHKHHUj2
FjulXtILFNYbyekQHIkMSC4CjnPEEBRlnKj5QeA2/6wXzxPYXamTjfpKveDXOD3m
DA9Na+4deYdaeUh4U4iPXdn6KTi8yL4rRNDquID7i5ELT8pZmorI/6CPMc4bBZGm
lqbgw238SPQ=
=Bq3B
- -END PGP SIGNATURE-

- --End of forwarded message-

- ---
Arturo Pina - [EMAIL PROTECTED]
CTV Internet [http://www.ctv.es/]
+34 902 444557

-BEGIN PGP SIGNATURE-
Version: 2.6.3i
Charset: noconv

iQCVAwUBNu5Fld+A5jTOp/8tAQGUfAQAyC1G/YwIqhzjwWyAeUffQiuNvtEG/Ici
5Vm+OxDOV6R6WOkqtUsa064Me+/3Xe/7TNRJvAuSP60AmK2rGApV4STkhXWyOQgy
+q4N2SK1p9yD/vPU9Kv+5SIjq4pLu8ksIHENSiHGV9FzeRFW+lmCHvFw5ZJmSyJF
BJrXqcPZ2bg=
=bLyQ
-END PGP SIGNATURE-

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Install on windows 95 problems

[Stuart Henderson]

> I'm afraid I don't agree.
> The installation notes lead me to expect an
> Info: Server started message. I have not seen this.

Try checking the config file to make sure log output is being displayed
at the console and maybe increase the debug level a bit. You can also do
a "netstat -an" in another window to check it is listening on the ports
it should be.

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Different Databases for auth and accounting

[Paul Gregg]

Hi all,

I've been looking through the big cfg file and can't seem to find a way
to use separate databases for authentication and accounting.

Anyone coming from Cistron+MySQL will know what i'm talking about.

Basically, I'd like to be able to authenticate from one database/table
and to account to a different database/table (for dumping/backup purposes).

Even better would be to use a different accoutning database host to
the authentication database host.

Thanks for any advice.

Paul Gregg
-- 
Email pgregg at tibus.net |   CLUB24   | Email pgregg at nyx.net| 
Technical Director|  INTERNET  | System Administrator   |
The Internet Business Ltd |Free  Access| Nyx Public Access Internet |
http://www.tibus.net  |  www.club24.co.uk  | http://www.nyx.net |

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) SQL help

[Stephen Roderick]

On Tue, 16 Mar 1999, Mike McCauley wrote:

> 5. Lons observation about not bothering to save Starts in the accounting
> database is correct. Theres nothing there thats not in the Stops.

That would be great if this was true, but it seems like most of the vendor
stuff is only in the starts. Connect-Speed, etc.

Steve

---
Steve Roderick  ProAxis Communications, Inc.
[EMAIL PROTECTED]   Internet Access Provider
(541) 757-0248


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Simultaneous Use checking

[Richard Hawley]

Simultaneous Use checking does not seem to be working.  I am not sure
exactly why.  I am using an SQL database with the following table

   AuthColumnDef 0, User-Password, check
   AuthColumnDef 1, Idle-Timeout, reply
   AuthColumnDef 2, Session-Timeout, reply
   AuthColumnDef 3, Simultaneous-Use, check
   AuthColumnDef 4, Time, check
   AuthColumnDef 5, GENERIC, check
   AuthColumnDef 6, GENERIC, reply
   AuthColumnDef 7, Framed-IP-Address, reply

My session database is as follows


DBSource  
DBUsername   
DBAuth 
AddQuery \
insert into Sessions (UserName, NASIdent, NASPort, \
AcctSessionID, TimeStamp, FramedAddress, NASPortType, \
ServiceType) values ('%n', '%N', %{NAS-Port},
'%{Acct-Session-Id
}', \
%{Timestamp}, '%{Framed-IP-Address}', '%{Port-Type}',
'%{Service
-Type}')
DeleteQuery \
delete from Sessions where UserName='%n' and \
NASIdent='%N' and NASPort=%{NAS-Port}
ClearNasQuery \
delete from Sessions where NASIdent='%N'
CountQuery \
select NASIdent, NASPort, AcctSessionID from Sessions \
where UserName='%n'


I'm very new to SQL so forgive my inexperience.  I am learning more
everyday but this problem can't wait for me to figure it out. :)

Also, could someone give me some pointers on making the Timestamp field
more human readable?  The seconds since Jan 1, 1970 is functional but is
there a way to make it a normal date?  I've read the section in the
Radiator reference manual on Formated date stamps, etc, but I am not
sure how to configure that for SQL.  Plus I don't want to make a mistake
and corrupt the tables.  Thanks all.

..Rich


--

Richard W. Hawley - Network Engineer
CyberZone Internet Services
http://www.cyberzone.net
[EMAIL PROTECTED]



===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Different Databases for auth and accounting

[Stephen Roderick]

On Tue, 16 Mar 1999, Paul Gregg wrote:

> Even better would be to use a different accoutning database host to
> the authentication database host.

This is not a problem. I am doing it now.


Identifier SQLAccounting
AuthSelect
DBSource dbi:mysql:accountingDB:accthost.proaxis.com
DBUsername radius
DBAuth ***



RewriteUsername   s/^([^@]+).*/$1\@proaxis.com/
RewriteUsername   tr/A-Z/a-z/

AcctLogFileName %L/detail-%Y-%m

AuthByPolicy DoAllAuths
AuthBy SQLAccounting

# The following file will have a default entry which
# specifies to use the "ProAxisSQLAuth" authentication defined
# in a block later in this file
Filename %D/users





#
# This block is referenced in the "users" file
# it is then used to do the authentication.
#
Identifier ProAxisSQLAuth
DBSource dbi:mysql:authDB:authhost.proaxis.com
DBUsername radiusUserName
DBAuth 
AuthSelect \
SELECT passwd,check_items,reply_items \
FROM customers \
WHERE (userid='%U') AND (status<3) AND (active=1) AND
(dialup=1)
EncryptedPassword
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply

# No accounting here
AccountingTable



If you wanted to you could set up additional AuthBy sections and log the
accounting to multiple different servers/databases/tables. You could even
split up the start and stop.

Steve


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Blocking users based on usage time

[Ricardo Freire]

Hi Mike,

I've got this from Platypus help:

"Keep in mind that it is possible for a user to use more time than he was
assigned, if he does so before you deactivate his account.  His minutes
remaining will become negative, and you can deal with the user as you see
fit.
The exception to this issue is Platypus users with an ODBC compliant RADIUS.
If the customer’s Remaining Block Minutes is used to set the Session Limit,
the customer will be disconnected by RADIUS when his time expires."
So what I want to do is tell Radiator to reject connections based on Usage
Limit.
But I don't know what is this "Session Limit" attribute.

My radius.cfg has the following lines (I modified the view as you told me):
AuthSelect ,sa.maxsessions,sa.timeleft
AuthColumnDef 0, Simultaneous-Use, check

What should I do to block users that have "timeleft" field negative or zero?

Cheers,
Ricardo Freire



===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) simultaneous use and flagging

[iqbal]

Hi

I like the simultaneous use nature of radiator, but am wondering if
instead of throwing people off, it was possible to say log to a file or
even email the user is/session is etc of the people using the process
simultaneously. I have taken alook at the sessINTERNAl.pm package etc
etc, but was wondering if anyone else had done this.

Iqbal

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) install on windows 95

[Arnie Roberts]

Thanks Stuart. netstat -an gave me a big push in the
right direction. I needed BindAddress in the cfg file. There
were some other problems aswell but I solved them myself !:)

I now have the server answering requests to a NAS!!
However, radpwtst still doesn't work. I get -

C:\radiator>perl radpwtst -noacct -trace -dictionary \radiator\raddb\dictionary
Code:   Access-Request
Identifier: 80
Authentic:  1234567890123456
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password = "<159><249>:<201><175>\<4><246><188>8<9><160><216>}x<153>"
sending Access-Request...
No reply

There is no logfile generated and no output at all from the 
server window (unlike when I use an external NAS).

I am using a cfg file which includes the following -

###
#localhost

Secret mysecret
DupInterval 0


###
#Realm


Filename %D/users

 

Please forgive me if the answer is obvious. I can't
wait to take these L plates off.

regards

Arnie






***
Arnold Roberts
Satelcom UK LTD
Silwood Park
Buckhurst Road
Ascot
Berkshire
UK
SL5 7PW

Tel:  +44 1344 872677
Fax  +44 1344 872206
***




===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simultaneous Use checking

[Mike McCauley]

Hi Rich.

On Mar 16,  9:47am, Richard Hawley wrote:
> Subject: (RADIATOR) Simultaneous Use checking
> Simultaneous Use checking does not seem to be working.  I am not sure
> exactly why.  I am using an SQL database with the following table
Can you send the Radiator log file at trace level 4 showing what happens when
you try to log in the first and seconds times?


On the topic of formatted dates, the answer depends on what type of SQL you are
using. Let us know.

Cheers.

>
>AuthColumnDef 0, User-Password, check
>AuthColumnDef 1, Idle-Timeout, reply
>AuthColumnDef 2, Session-Timeout, reply
>AuthColumnDef 3, Simultaneous-Use, check
>AuthColumnDef 4, Time, check
>AuthColumnDef 5, GENERIC, check
>AuthColumnDef 6, GENERIC, reply
>AuthColumnDef 7, Framed-IP-Address, reply
>
> My session database is as follows
>
> 
> DBSource  
> DBUsername   
> DBAuth 
> AddQuery \
> insert into Sessions (UserName, NASIdent, NASPort, \
> AcctSessionID, TimeStamp, FramedAddress, NASPortType, \
> ServiceType) values ('%n', '%N', %{NAS-Port},
> '%{Acct-Session-Id
> }', \
> %{Timestamp}, '%{Framed-IP-Address}', '%{Port-Type}',
> '%{Service
> -Type}')
> DeleteQuery \
> delete from Sessions where UserName='%n' and \
> NASIdent='%N' and NASPort=%{NAS-Port}
> ClearNasQuery \
> delete from Sessions where NASIdent='%N'
> CountQuery \
> select NASIdent, NASPort, AcctSessionID from Sessions \
> where UserName='%n'
> 
>
> I'm very new to SQL so forgive my inexperience.  I am learning more
> everyday but this problem can't wait for me to figure it out. :)
>
> Also, could someone give me some pointers on making the Timestamp field
> more human readable?  The seconds since Jan 1, 1970 is functional but is
> there a way to make it a normal date?  I've read the section in the
> Radiator reference manual on Formated date stamps, etc, but I am not
> sure how to configure that for SQL.  Plus I don't want to make a mistake
> and corrupt the tables.  Thanks all.
>
> ..Rich
>
>
> --
> 
> Richard W. Hawley - Network Engineer
> CyberZone Internet Services
> http://www.cyberzone.net
> [EMAIL PROTECTED]
>
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Richard Hawley



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Re: SQL returns %gt insted of >

[Mike McCauley]

Hi Carlo.

That looks like Rodopi has put > into its database entry for the filter
instead of the '>' character. I think you will have to manually change the
entry in the rodopi database for the filter, using isqlw or similar.

Hope that helps.
Cheers.


On Mar 7, 12:39pm, Carlo Marazzi wrote:
> Subject: SQL returns %gt insted of >
> Hello everyone:
>
> I am a new radiator user,  I am using it with RODOPI AuthBy.
> When Radiator looks up a user that has Filters in its radiusd config For ex.
> Ascend-Data-Filter ip in forward 6 > 1023 est
>
> Whe radiator looks it up in the SQl server the SQL server returns:
> Ascend-Data-Filter ip in forward 6 > 1023 est
>
>
> Any ideas n how to go around this problem.
>
>
> Carlo Marazzi
> Caribbean Internet Service, Corp.
>
>
>-- End of excerpt from Carlo Marazzi



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Dictionary Problem

[Mike McCauley]

Hi David,

The problem is that he dictionary.usr shipped with Radiator does not contain an
entry for Attribute number 38999. You will need to find out from USR what that
attribute is and add an entry to your dictionary.

Hope that helps.

Cheers.


On Mar 7,  4:26pm, David Rosewarne wrote:
> Subject: (RADIATOR) Dictionary Problem
>
> HI,
> I have finally got my 3Com radius server seeing Radiator as a proxy server,
everything works OK except for the following error
> "Attribute number 38999 (vendor 429) is not defined in your Dictionary" I am
using the dictionary.usr that came with Radiator, looking at the dictionary the
attribute seems to be in the VPN section.
> David
>
> [ Attachment (text/x-html): ".prt386pNh" 758 bytes
>   Character set: iso-8859-1
>   Encoded with "quoted-printable" ]
>-- End of excerpt from David Rosewarne



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) IPASS modules for Radiator.

[Stephen Ollis]

Platform -  Sparc Solaris 7
Radiator 2.13 with pm patches
ipass3_2-QSK for Solaris
IpassPerl-1_3

Problem:
Inbound IPASS authentication works fine (ie my customers at someplace
else can authenticate). Outbound IPASS authentication is failing Whilst 
doing the perl Makefile.PL I get..
Note (probably harmless): No library found for -lip
Note (probably harmless): No library found for -lssl
Note (probably harmless): No library found for -lcrypto

The current IPASS kit does not have these libs, but the old kit does.
Unfortunately, the libs are not for Solaris 7. However, being the brave
soul I dragged them onto the Solaris 7, tried to make the ipassperl
module.. attempted to authenticate and found a lovely core file in
the radiator home directory.

Is there another way for Radiator to interface into IPASS? Is
there a way of getting those 3 libs compiled on Solaris 7?

Steve O
--
Stephen Ollis <[EMAIL PROTECTED]>   Ph: +61 2 9911 1606(BH)  
Team Leader, Server Systems - Network Engineering  +61 2 9911 1555(FAX)
AT&T EasyLink Services, Lvl 8, 15 Orion Rd, Lane Cove, NSW 2066
Australia
'There is no traffic jam on the extra mile.' - Zig Ziegler 
 

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) IPASS modules for Radiator.

[Mike McCauley]

Hi Stephen,

sounds like the new kit you got is just the runtime kit, sice it does not
include the libraries. You will have top get a kit that includes the libraries.
the -lip is the main ipass library, and if thats not available, you are dead in
the water trying to compile IpassPerl. Ipass have been very happy to issue the
librraries in the past.

Hope that helps.

Cheers.


On Mar 17, 10:43am, Stephen Ollis wrote:
> Subject: (RADIATOR) IPASS modules for Radiator.
> Platform -Sparc Solaris 7
>   Radiator 2.13 with pm patches
>   ipass3_2-QSK for Solaris
>   IpassPerl-1_3
>
> Problem:
> Inbound IPASS authentication works fine (ie my customers at someplace
> else can authenticate). Outbound IPASS authentication is failing Whilst
> doing the perl Makefile.PL I get..
> Note (probably harmless): No library found for -lip
> Note (probably harmless): No library found for -lssl
> Note (probably harmless): No library found for -lcrypto
>
> The current IPASS kit does not have these libs, but the old kit does.
> Unfortunately, the libs are not for Solaris 7. However, being the brave
> soul I dragged them onto the Solaris 7, tried to make the ipassperl
> module.. attempted to authenticate and found a lovely core file in
> the radiator home directory.
>
> Is there another way for Radiator to interface into IPASS? Is
> there a way of getting those 3 libs compiled on Solaris 7?
>
> Steve O
> --
> Stephen Ollis <[EMAIL PROTECTED]>   Ph: +61 2 9911 1606(BH)
> Team Leader, Server Systems - Network Engineering  +61 2 9911 1555(FAX)
> AT&T EasyLink Services, Lvl 8, 15 Orion Rd, Lane Cove, NSW 2066
> Australia
> 'There is no traffic jam on the extra mile.' - Zig Ziegler
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Stephen Ollis



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) SQL help

[Lon R. Stockton, Jr.]

On Tue, 16 Mar 1999, Stephen Roderick wrote:

> On Tue, 16 Mar 1999, Mike McCauley wrote:
> 
> > 5. Lons observation about not bothering to save Starts in the accounting
> > database is correct. Theres nothing there thats not in the Stops.
> 
> That would be great if this was true, but it seems like most of the vendor
> stuff is only in the starts. Connect-Speed, etc.

Strangeall that stuff is in my stop records (USR HiperARC as client).
Maybe it's a config item somewhere in your nas?  If not, *ouch*; I'd
hate it if the start record's fields weren't a subset of the stop
records.

Okay, I'd be fine with it if I could convince the bloody
thing to stuff the initial connection speed in at the start record and
the final connection speed in the stopI hate the fact that I'm
getting initial connect speeds in my Connect-Speed attrib rather than
the final one. From watching my performance monitor, it looks like about
a third of the connects upshift to higher speeds and another third
downshifts to lower speeds, not to mention that all X2 calls initially
connect at 3 and then upshift.

I know my box has this info, but don't know how to get it to report
same. With the USR Total Control, I know that the *NMC* has attribs
to report both initial and final connect speedsmaybe I need to get
my ARC to send traps to the NMC on call termination and let the NMC
send the accounting? Anybody know?


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) check/reply items

[Lon R. Stockton, Jr.]

Beginning to work on getting my Radiator to do the authentication, and
would be interested in hearing how people handled things (if they have
a situation similar to the one I describe below).

Auth with be done by SQL. I'm going to have to give a for-example or
two

 * My NAS reports the ANI. I want to restrict some customers to only
   allowing logins if they're calling from an 'appropriate' number.
   Even better, if they're calling from one of a list of valid numbers.
   But the kicker is, if I don't specify any number, the login should
   be allowed from any number (as usual).

 * My NAS supports per-call filtering. Same kind of deal; if a customer
   has specific filters in the database, I'd like to use them, but
   use a standard filter if one's not listed.

 * Same kind of plan for Reject-Reason.

 * Can I specify a message to be sent upon successful auth? If so,
   same plan there.

Now that I write all this, it seems it'd revolve around how radiator
handles null values found in the various columns, and is probably
mentioned in the ref manual (if it is obvious in the manual, ignore
this message; I'll root it out when the time comes). Otherwise, it
seems that I'd need an ReplyItemSelect and/or a CheckItemSelect config
item (but Mike, don't go and write this tonight for me like I've seen
you do with others...I've already burned Radiator on my production CD;
your code is frozen here at 2.13).



===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) check/reply items

[Mike McCauley]

Hi Lon,

On Mar 16,  7:54pm, Lon R. Stockton, Jr. wrote:
> Subject: (RADIATOR) check/reply items
>
> Beginning to work on getting my Radiator to do the authentication, and
> would be interested in hearing how people handled things (if they have
> a situation similar to the one I describe below).
>
> Auth with be done by SQL. I'm going to have to give a for-example or
> two
>
>  * My NAS reports the ANI. I want to restrict some customers to only
>allowing logins if they're calling from an 'appropriate' number.
>Even better, if they're calling from one of a list of valid numbers.
>But the kicker is, if I don't specify any number, the login should
>be allowed from any number (as usual).
You should be able to handle this by adding appropriate chjeck items to the
customers you want to limit. Check items an be regular expressions, so you can
also match a list of permitted values.

>
>  * My NAS supports per-call filtering. Same kind of deal; if a customer
>has specific filters in the database, I'd like to use them, but
>use a standard filter if one's not listed.
I think you will have to deal with this with a clever AuthSelect statement.

>
>  * Same kind of plan for Reject-Reason.
Do you mean Reply-Message?

>
>  * Can I specify a message to be sent upon successful auth? If so,
>same plan there.
Yes, you can specify Reply-Message as a reply item. However, most PPP clients
wont show that message to the dialup customer.

>
> Now that I write all this, it seems it'd revolve around how radiator
> handles null values found in the various columns, and is probably
> mentioned in the ref manual (if it is obvious in the manual, ignore
> this message; I'll root it out when the time comes). Otherwise, it
> seems that I'd need an ReplyItemSelect and/or a CheckItemSelect config
> item (but Mike, don't go and write this tonight for me like I've seen
> you do with others...I've already burned Radiator on my production CD;
> your code is frozen here at 2.13).
OK, theres lots of useful features already available that will probably allow
you to do what you want.

Hope that helps.

Cheers.

>
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Lon R. Stockton, Jr.



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) SQL help

[Lon R. Stockton, Jr.]

On Tue, 16 Mar 1999, Mike McCauley wrote:

> 1. Most SQL databases of any consequence have no problem with hundreds of
> thousands or millions of rows. They really are very fast, provided they are
> hosted on a reasonable box (doenst have to be super fast, just 100-200MHz or so
> and a fastish disk), and the indexes are sensibly defined. So a very reasonable
> strategy would usually be to have one accounting table per month or

*nod* My comments were geared more towards the disk space consumed by
the database than the performance of the db system. Granted, disk space
is really cheap nowadays so my argument gets watered down as each day
passes. Just something in me hates arbitrarialy wasting space by storing
a lot of data that I don't need.

There's an aside to that that's probably more US-centric. I specifically
want to lose the customer-id --> ip address assigned/time-of-day mappings
as soon as possible to protect customer privacy. Courts cannot subpeona
records that don't exist. I figure for troubleshooting and being able to
catch users conducting real attacks, I only need it hanging around for
about a month. If somebody reports that one of my users is attacking
somebody else's network or doing other BadThings, I always get the
report within hours/days/weeks rather than months.


> 4. Lon might be able to use some or all of radacct.cgi for his web page showing
> customer usage.

Oh yeah, already saw that gem. It will definately help when I write my
stuff (CGI is s, like yucky man... I'm livin in the late 90's
and have me a nice apache server with mod_perl and mod_asp (which allows
perl *and* asp stuff to be embedded in the page). The OldTime sysadmin
in me will do anything to reduce process-creation overhead. But the
OldTime sysadmin in me also believes that a good way to enhance the
performance of a machine is to quit letting users run programs. Matter
of fact, if we could kick all the users off too.  *grin*).

Lon Stockton
MoonStar



===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.