RE: (RADIATOR) beginners question
On Friday, May 07, 1999 3:08 PM, Mike McCauley [SMTP:[EMAIL PROTECTED]] wrote: > That should work, irrespective of whether they are in the dictionary or not. > Probably you have your DefaultReply spread over several lines in the config > file without using the line continuation character (ie the backslash \) ?. You > should put the entire DefaultReply on one line, else use line continuations: > > DefaultReply attr1=val1,\ > attr2=val2,\ > etc Yes that is what I was doing wrong. It works now - thanks. > > > > > > Another beginners question - > > A user has two phones at home and I want to check his caller-id is one or the > other. > > How do you logically or a string check item? > > In the users file: > > username Password=x,Calling-Station-Id=95980985 > reply item, > reply item, > > > (Of course this requires that your NAS is sending Calling-Station-Id in each > request) > Yes the NAS sends Calling-Station-Id but I don't understand your reply. Calling-Station-Id is a string attribute and not an integer and so I would have expected your users entry to have been usernamePassword=x,Calling-Station-Id="95980985" etc. If my users two phones are 9580985 and 1234567 then the Calling-Station-Id could be either of these and the check item needs to reflect this. I can guess from the example users file how to OR integers. There is no example of OR for string attributes however and despite trying many syntactical possibilities I haven't managed to get it right. Arnie application/ms-tnef
(RADIATOR) call blocking
I am correct in assuming that this would be how to set up call blocking for certain access numbers on a network. Here is the example below that I came up with. Auth By Realms. Allow Dialing into these numbers if they have an IP address from one of the blocks above. No Auth By Realms Deny All Other Access from these IP blocks if they are attempting to dial in from a different number on the network. Auth By Realms... allow access for all other users in. Is this correct? What is the impact on the speed of the authentication of a user. Will this significantly slow down authentication requests? Would I need to put a back slash in front of the periods like NAS-Ip-Address=/^206\.15\.| or is what I have above correct? Thanks Brandon === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) beginners question
Op vrijdag 7 mei 1999 10:56, heeft Arnie Roberts geschreven: > If my users two phones are 9580985 and 1234567 then the Calling-Station-Id could > be either of these and the check item needs to reflect this. I can guess from the > example users file how to OR integers. There is no example of OR for string >attributes > however and despite trying many syntactical possibilities I haven't managed to get it > right. > > Arnie Perl script can help you here also e.g. Calling-Station-Id=/(9580985|1234567)/ be sure to write down the complete phone numbers as provided by your telephone provider (see log file), regards, Dirk Jansen application/ms-tnef
Re: (RADIATOR) call blocking
Do Handler's allow regex's? I didn't think so. I tried to write the same type thing and couldn't get it to work. I had to write a separate Handler clause for each NAS I was trying to match... However, I may have had some problems before I put the Handler.pm patch in place (there were known problems) so maybe that was my issue. If this is different, I'd like to know. -- Aaron Holtz ComNet Inc. UNIX Systems Specialist Email: [EMAIL PROTECTED] "It's not broken, it just lacks duct tape." -- On Fri, 7 May 1999, Dialup USA Sales Dept wrote: >I am correct in assuming that this would be how to set up call blocking for >certain access numbers on a network. Here is the example below that I came >up with. > >NAS-Ip-Address=/^206.15.|^208.196.|^209.206./,Calling-Station-Id=/2020|8018| >806(3|4)/> > >Auth By Realms. Allow Dialing into these numbers if they have an IP >address from one of the blocks above. > > > > > >No Auth By Realms Deny All Other Access from these IP blocks if they are >attempting to dial in from a different number on the network. > > > > > >Auth By Realms... allow access for all other users in. > > > >Is this correct? What is the impact on the speed of the authentication of >a user. Will this significantly slow down authentication requests? > >Would I need to put a back slash in front of the periods like >NAS-Ip-Address=/^206\.15\.| >or is what I have above correct? > >Thanks >Brandon > > >=== >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. > === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator with SecurID
Hello, Does anyone has experience with setting up a Radiator server with authentication done by a ACE/Server (SecurID) and doing i.e. CLI and accounting by the Radiator server? How can I configure this in my configuration file of the Radiator server. So, I guess, Radiator needs some ACE/Agent code in the server software of Radiator. Please, let me know. Dennis Feijen __ RADIX Connectivity & Security Specialisten Dennis Feijen Zekeringstraat 17 tel +31 (0)20 6 870 870 System Engineer 1014 BM Amsterdam fax +31 (0)20 6 870 842 [EMAIL PROTECTED] http://www.radix.nl email alg: [EMAIL PROTECTED] __ === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radiator with SecurID
Hi, SecurID works with Radiator well. You should however setup Proxy radius to SecurityDynamics AccessManager (Radius Server of theirs). Extra money but does not work otherwise. That is: Radiator =>> ACE Access Manager (Radius) =>> ACEProxy =>> ACEserver We are running this. Radiator in Solaris. Rest of three ACE software run on same NT server. Perfect. Some accounting problems but will be fixed. We are also testing SecuRemote VPN. Good Luck, Ferhat > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Dennis Feijen > Sent: Friday, May 07, 1999 3:37 PM > To: '[EMAIL PROTECTED]' > Subject: (RADIATOR) Radiator with SecurID > > > Hello, > > Does anyone has experience with setting up a Radiator server with > authentication done by a ACE/Server (SecurID) and doing i.e. CLI and > accounting by the Radiator server? > > How can I configure this in my configuration file of the > Radiator server. > So, I guess, Radiator needs some ACE/Agent code in the server > software of > Radiator. > > Please, let me know. > > Dennis Feijen > > __ > RADIX > Connectivity & Security Specialisten > > Dennis Feijen Zekeringstraat 17 tel +31 (0)20 6 870 870 > System Engineer 1014 BM Amsterdam fax +31 (0)20 6 870 842 > [EMAIL PROTECTED] http://www.radix.nl email alg: [EMAIL PROTECTED] > __ > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) beginners question
On Friday, May 07, 1999 11:35 AM, Dirk Jansen [SMTP:[EMAIL PROTECTED]] wrote: > >Perl script can help you here also e.g. >Calling-Station-Id=/(9580985|1234567)/ >be sure to write down the complete phone numbers as provided by your >telephone provider (see log file), >regards, Dirk Jansen Thanks Dirk That works fine Arnie application/ms-tnef
Re: (RADIATOR) call blocking
I belive you can do regex's in HANDLER's . Many of Mikes examples on this mailing list have shown this, does anyone know for sure whether this is possible? - Original Message - From: Aaron Holtz <[EMAIL PROTECTED]> To: Dialup USA Sales Dept <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, May 07, 1999 4:29 AM Subject: Re: (RADIATOR) call blocking > Do Handler's allow regex's? I didn't think so. I tried to write the same > type thing and couldn't get it to work. I had to write a separate Handler > clause for each NAS I was trying to match... However, I may have had some > problems before I put the Handler.pm patch in place (there were known > problems) so maybe that was my issue. If this is different, I'd like to > know. > > -- > Aaron Holtz > ComNet Inc. > UNIX Systems Specialist > Email: [EMAIL PROTECTED] > "It's not broken, it just lacks duct tape." > -- > > > On Fri, 7 May 1999, Dialup USA Sales Dept wrote: > > >I am correct in assuming that this would be how to set up call blocking for > >certain access numbers on a network. Here is the example below that I came > >up with. > > > > >NAS-Ip-Address=/^206.15.|^208.196.|^209.206./,Calling-Station-Id=/2020|8018 | > >806(3|4)/> > > > >Auth By Realms. Allow Dialing into these numbers if they have an IP > >address from one of the blocks above. > > > > > > > > > > > >No Auth By Realms Deny All Other Access from these IP blocks if they are > >attempting to dial in from a different number on the network. > > > > > > > > > > > >Auth By Realms... allow access for all other users in. > > > > > > > >Is this correct? What is the impact on the speed of the authentication of > >a user. Will this significantly slow down authentication requests? > > > >Would I need to put a back slash in front of the periods like > >NAS-Ip-Address=/^206\.15\.| > >or is what I have above correct? > > > >Thanks > >Brandon > > > > > >=== > >To unsubscribe, email '[EMAIL PROTECTED]' with > >'unsubscribe radiator' in the body of the message. > > > > === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Memory leak.
Hi all. We evaluate Radiator-2.13 on RedHat 5.2 box with 2.0.36 kernel and Perl 5.005_02. For some reason we use Authby EXTERNAL and obtain memory leak (about 4k for each 2-3 requests). Does anyone have same problem? tia for any advice, -- Vadim Gashibayazov (VG3-RIPE) === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Dual part question
Okay, First part: is it possible to auth from a UNIX passwd/shadow file but have a user database so we can hand out IP addresses to specific users (and hopefully choke off anyone who is in the passwd file but we haven't explicitly allowed access to)? This is what I have in the radius.cfg: AuthPort 1812 AcctPort 1813 LogDir /var/log/radius DbDir /usr/local/etc/raddb # 4.30.99 -seg- Trace 4 BindAddress 207.121.72.227 #NasType Cisco #SNMPCommunity public # end -seg- Identifier SEGRADIUS1 FileName %D/online Facility local7 Trace 3 RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ MaxSessions 1 AcctLogFileName %L/details WtmpFileName %L/wtmp PasswordLogFileName %L/password.log # # Identifier System # Filename /etc/shadow # GroupFilename /etc/group # DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP # # AuthBy FILE added 5.7.1999 by ram for testing Filename /usr/local/etc/users Secret ** Secret *** NasType RedCreek:NAS Users file looks like: DEFAULT Service-Type = Login-User, Auth-Type = System Idle-Timeout = 2000 user1 Service-Type = Framed-User, Auth-Type = System Red-Creek-Tunneled-IP-Addr = x.x.x.x Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x Red-Creek-Tunneled-Netmask = 255.255.255.224 Idle-Timeout = 2000 NasType = RedCreek:NAS Framed-Protocol = PPP kilroy Service-Type = Framed-User, Auth-Type = System Red-Creek-Tunneled-IP-Addr = x.x.x.x Red-Creek-Tunneled-DNS-Server = x.x.x.x, x.x.x.x Red-Creek-Tunneled-Netmask = 255.255.255.224 Idle-Timeout = 2000 NasType = RedCreek:NAS Framed-Protocol = PPP Secondly, we have a vendor that needs some entries in the dictionary file. They have specified the following: RedCreek.attr RedCreek.value 1958RedCreek RedCreek.attr RedCreek-Tunneled-IP-Addr 5 ipaddr (*,0) . . . That didn't work so I changed it to look like the following: VENDORATTR RedCreek-Tunneled-IP-Addr 5 ipaddr (*,0) VENDORATTR RedCreek-Tunneled-IP-Network6 ipaddr (*,0) VENDORATTR RedCreek-Tunneled-Gateway 7 ipaddr (1,0) VENDORATTR RedCreek-Tunneled-DNS-Server8 string (1,0) VENDORATTR RedCreek-Tunneled-WINS-Server1 9 string (1,0) VENDORATTR RedCreek-Tunneled-WINS-Server2 10 string (1,0) VENDORATTR RedCreek-Tunneled-HostName 11 string (1,0) VENDORATTR RedCreek-Tunneled-DomainName12 string (1,0) VENDORATTR RedCreek-Tunneled-Search-List 13 string (1,0) Still getting errors Fri May 7 15:39:01 1999: ERR: Bad format in dictionary '/usr/local/etc/raddb/dictionary' at line 1275 Fri May 7 15:39:01 1999: ERR: Bad format in dictionary '/usr/local/etc/raddb/dictionary' at line 1276 Any help, as always, is appreciated. Ric === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Still have Ipass problem
Hi EveryOne, Thanks everybody for your response of my previous letter. I still have a problem compiling Ipass module for radiator. I think I have fixed the cpp problem but still cannot compile successfully. I am running solaris 2.6x86. The error I got during compilation is below. gcc -c -I/usr/ipass/include -I/usr/local/include -DVERSION=\"1.3\" -DXS_VE RSION=\"1.3\" -fPIC -I/usr/local/lib/perl5/5.00502/i86pc-solaris/CORE Ipass.c unknown flag -lang-c unknown flag -Asystem(unix) unknown flag -Asystem(svr4) unknown flag -Acpu(i386) unknown flag -Amachine(i386) "/usr/ipass/include/ipassgen.h", line 42: Can't find include file sys/cdefs.h *** Error code 1 make: Fatal error: Command failed for target `Ipass.o' My thinking is that the compiler does not know these flags so how do I get these flag in the compiler or can I compile Ipass module without these flags. === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
