Re: (RADIATOR) finger problem
One quick solution would be to write your own finger client for Radiator to run. It could do things like: use a shorter timeout remember the state of the line from previous calls etc. On Fri, 11 Jun 1999, Stephen Roderick wrote: > On Fri, 11 Jun 1999, Mike McCauley wrote: > > > Hello Ferhat. > > > > What NasType are you using, and what does your finger say when it times out? > > Try running it by hand, to see. > > > > With that information, we might be able add a patch that will detect a timeout > > and not delete the user. > > The BIG problem isn't deleting the user, it is the HUGE delay that occurs > while Radiator is trying to verify the user. This stops all other > authentications, and when you are running a lot of ports it is disastrous. > > Steve > > --- > Steve Roderick ProAxis Communications, Inc. > [EMAIL PROTECTED] Internet Access Provider > (541) 757-0248 > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > Jim [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Probs with AccountingHandled
Hi, at my setup each customer group has his own Realm. I use 'RewriteUsername' to control this. Now, from time to time (no reboot or anything like this is done), my NAS (Livingston PM3) send the following Accounting Request out: Acct-Session-Id = "" NAS-IP-Address = Acct-Status-Type = Start Acct-Delay-Time = 6 Timestamp = 929071869 As you can see, no username is in this request, so my rewriting doesn't work and the request doesn't end up in one of my Realms. It is ignored by Radiator an die NAS keeps retransmitting. Therefor I created a "special Handler": AcctLogFileName %L/stupid.detail AccountingHandled But Radiator (version 2.13.1) still ignore the Request. Inserting a simple in the above Realm fixes the Problem. Is this normal? Is there a better solution for my problem? Regards, Bernd === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) finger problem
On Fri, 11 Jun 1999, Mike McCauley wrote: > Hello Ferhat. > > What NasType are you using, and what does your finger say when it times out? > Try running it by hand, to see. > > With that information, we might be able add a patch that will detect a timeout > and not delete the user. The BIG problem isn't deleting the user, it is the HUGE delay that occurs while Radiator is trying to verify the user. This stops all other authentications, and when you are running a lot of ports it is disastrous. Steve --- Steve Roderick ProAxis Communications, Inc. [EMAIL PROTECTED] Internet Access Provider (541) 757-0248 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) finger problem
On Fri, 11 Jun 1999, Ferhat Dilman wrote: > Radiator is in location Istanbul for example, and one of the POP's are in > other city e.g. Ankara. When the line goes down between Istanbul-Ankara, and > the user tries to logon in Istanbul, since the user information still on > RADONLINE, it tries to check it thru finger and since the line is down, > finger WAITS! a longtime thus Radiator does not respond other requests till > the finger request is finished (single process that is). > > Then eventually finger timeouts and the session is deleted from RADONLINE > and user is permitted. However this has two problems: > 1- User may be still online in Ankara (thus simultanous sessions) > 2- finger waits too long and no user auth is accepted till timeout of finger > > Any solutions to finger problem when the line is down? How can we > automatically cancel finger requests if the line is down between POP and > Radiator-Host location? This is a problem that I posted about a while ago. Unfortunately when Mike asks if this is a problem for anyone else, everyone is silent. The solution: Radiator needs to be able to fork at the time that it is going to verify a login. Steve --- Steve Roderick ProAxis Communications, Inc. [EMAIL PROTECTED] Internet Access Provider (541) 757-0248 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Digital Unix enhanced security on an DEC-alpha
Greetings, We installed Radiator on a standard installed Digital unix testsystem, and used usernames from the etc/passwd file. Everything worked well. Now I'm changed the system to use enhanced security. The etc/passwd file still holds the usernames, but passwords are in a special database file. I tried to use auth by UNIX, system and dbunix, but none of them worked. Does anybody have experience with it? I get the error that the encrypted password is wrong. == Peter Bungenstock, Systeemprogrammeur Datacommunicatie, ICA, Maastricht University E-mail: [EMAIL PROTECTED] MAASTRICHT The Netherlands === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) terminal screen& accounting
> -Original Message- > From: Mike McCauley [SMTP:[EMAIL PROTECTED]] > Sent: 11 Haziran 1999 Cuma 05:54 > To: Murat Kirmaci; Mike McCauley; [EMAIL PROTECTED] > Cc: Proje Grubu; Fahrettin Gurkan > Subject: Re: (RADIATOR) terminal screen& accounting > > On Jun 10, 12:14pm, Murat Kirmaci wrote: > > Subject: RE: (RADIATOR) terminal screen& accounting > > > > Hello, > > As you remember we have two problems > > 1. For " bring up the terminal after the connection" problem I have > > attached the logfile and the detail file. > > <> <> > Thanks for those. > > I presume its the example login for burhanu that shows the problem? In > that > one, the NAS is trying to do CHAP authentication, whcih is impossible > with the > NT user database. I suggest you change your NAS configuration so it > prefers to > use PAP instead of CHAP. [Murat Kirmaci] No, burnanu was not showing the problem, I was working on a different NT server and the user burhanu was not configured in the Radiator's NT. Our test username was "free", at first access request from the username "free" was accepted ( because I chose the option "bring up the terminal after the connection" at dial up networking then at the black screen I entered the username "free" and it's password). If you please look at the second access request from the user "free" you see that it was rejected(it was rejected because the terminal after the connection did not come on to screen and I used the username and password section of the dial up networking.) > > 2. for the accounting problem when I started the radacct.cgi on the > web > > server I got the following error. What do you think? > > > > < CGI Timeout > > > > The specified CGI application exceeded the allowed time for > processing. > > The server has deleted > > the process.> > > Was the detail file it was processing very large? How big? Which web > server was > it? On which operating system? [Murat Kirmaci] the detail file is the same as one I mailed. The operating system is NT4.0 and IIS3.0 is working on it. > > > > Murat KIRMACI > > Project Engineer > > > > TURCom Communications > > +902122576238 > > > > > > > -Original Message- > > > From: Mike McCauley [SMTP:[EMAIL PROTECTED]] > > > Sent: 04 Haziran 1999 Cuma 16:08 > > > To: Murat Kirmaci; [EMAIL PROTECTED] > > > Subject: Re: (RADIATOR) terminal screen& accounting > > > > > > Hello Murat, > > > > > > On Jun 3, 3:49pm, Murat Kirmaci wrote: > > > > Subject: (RADIATOR) terminal screen& accounting > > > > > > > > [ Attachment (text/plain): 1596 bytes > > > > Character set: ISO-8859-9 > > > > plain text > > > > Encoded with "quoted-printable" ] > > > >-- End of excerpt from Murat Kirmaci > > > > > > > Hello Everybody, > > > > I have got 2 problems to be solved on the radiator and I will be > > > > pleased to get your experiences and solutions. > > > > > > > > 1. I have installed the radiator on Nt Server and achieved to > > > > authenticate the users of our customer (Our customer is an > ISP).But > > > > they were using another Radius program for their users and when > the > > > > users try to establish a connection to the access server of the > ISP > > > > there is a setting at the options of the dialup networking which > is > > > > "bring up the terminal after the connection". this option was > not > > > > chosen and they were using the username and password of the > windows > > > > screen of dialup networking. After my installation and the > > > achivement > > > > of the authentication of my test users, I have noticed that the > > > users > > > > of our customer cannot access into the access server cause of > not > > > > choosing the" bring up the terminal after the connection". All > my > > > > tests were containing this option and I had not seen any > problem. > > > What > > > > can we do to solve that problem without changing any settings at > the > > > > users?(Because there are lots of users) > > > > > > I think you will have to send us your configuration file (no > secrets) > > > and > > > radiator log file at trace level 4 showing what happens > > > 1. when users use the "bring up the terminal after the connection" > > > 2. When they dont use it. > > > > > > > > > > > 2. After the authentication, I want to use the accounting of a > > > > specific user on the NT Server using the radacct.cgi file . I'm > > > using > > > > Nt server's IIS and what are the ymportatnt points for an > accounting > > > > of a specific user? > > > When you install radacct.cgi in your web server, you will be able > to > > > drill down > > > to see summaries of usage for each user. > > > > > > Hope that helps. > > > > > > Cheers. > > > > > > > > > > > Thanks. > > > > > > > > > > > > Murat KIRMACI > > > > Project Engineer > > > > > > -- > > > Mike McCauley [EMAIL PROTECTED] > > > Open System Consultants Pty. LtdUnix, Perl, Motif, > C++, > > > WWW > > > 24 Bateman St Hampton,
Re: (RADIATOR) Simultaneous use
Since the NAS reply items are different for each NAS, I'd have to setup 3 full sets of check/reply items for each user. That sounds like too much work. How would I do it by chaining the File authentications? Since I'm using SQL Auth, Would this work? Set DefaultSimultaneousUse to 1 Create a new sql table containing 2 fields: username check item And use a LEFT OUTER JOIN to reference this table in the Auth SQL stmt. This way the check item would be null for everyone except for users that have an row in this table. The row for these users would have thier 'check item' column set to 'Simultaneous-Use = 2' On Fri, 11 Jun 1999, Mike McCauley wrote: > Hi James. > > For complicated reasons, that wont work the way you expect, even if you use the > DefaultSimultaneousUse parameter I mentioned recently. I think you will have to > set up a full set of check and reply items for each special user. There are > other ways to tackle this, involving chaining FILE authentication. Do you want > to talk about that? > > > Cheers. > > > On Jun 10, 10:38pm, James H. Thompson wrote: > > Subject: (RADIATOR) Simultaneous use > > I have only a handful of users that are allowed to do 2 simultaneous > > logins. I want to restrict them to two logins, and everyone else to one. > > > > > > Will this work? > > > > In the realm: > > MaxSessions 1 > > > > In the users file: > > > > #users with dual login priv > > user1 Simultaneous-Use = 2 > > Fall-Through = yes > > > > user2 Simultaneous-Use = 2 > > Fall-Through = yes > > > > # Shiva > > DEFAULT NAS-Identifier = "LRD56_82BE00", Auth-Type = ljnet_sql > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-Compression = Van-Jacobson-TCP-IP > > Idle-Timeout = 400 > > > > # Nortel > > DEFAULT NAS-Identifier = "las-nortel", Auth-Type = ljnet_sql > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-Compression = Van-Jacobson-TCP-IP > > Idle-Timeout = 200 > > > > > > # TCR > > DEFAULT Auth-Type = ljnet_sql > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Idle-Timeout = 900 > > > > > > > > > > > > Jim > > [EMAIL PROTECTED] > > > > > > === > > Archive at http://www.thesite.com.au/~radiator/ > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > >-- End of excerpt from James H. Thompson > > > > -- > Mike McCauley [EMAIL PROTECTED] > Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > > Jim [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) finger problem
Hi, NasType Ascend and the log: Wed Jun 9 01:13:20 1999: ERR: The internal finger client failed with: Can't con nect to 195.x.x.x: Connection timed out Wed Jun 9 01:13:20 1999: NOTICE: Session for xx at 195.x.x.x:90 has gone away (I have deleted user information and NAS identifier IP address) Thanks, Ferhat > -Original Message- > From: Mike McCauley [mailto:[EMAIL PROTECTED]] > Sent: Saturday, June 12, 1999 1:51 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Cc: 'Tuncay Margilic'; 'Lutfi Yunusoglu' > Subject: Re: (RADIATOR) finger problem > > > Hello Ferhat. > > What NasType are you using, and what does your finger say > when it times out? > Try running it by hand, to see. > > With that information, we might be able add a patch that will > detect a timeout > and not delete the user. > > Cheers. > > > On Jun 11, 10:30am, Ferhat Dilman wrote: > > Subject: (RADIATOR) finger problem > > Hi, > > > > We are using Radiator 2.13.1 on Solaris with Oracle v8. > > > > There are several POP's and we use finger for ghost > sessions. We use Ascend > > TNTs. > > > > Radiator is in location Istanbul for example, and one of > the POP's are in > > other city e.g. Ankara. When the line goes down between > Istanbul-Ankara, and > > the user tries to logon in Istanbul, since the user > information still on > > RADONLINE, it tries to check it thru finger and since the > line is down, > > finger WAITS! a longtime thus Radiator does not respond > other requests till > > the finger request is finished (single process that is). > > > > Then eventually finger timeouts and the session is deleted > from RADONLINE > > and user is permitted. However this has two problems: > > 1- User may be still online in Ankara (thus simultanous sessions) > > 2- finger waits too long and no user auth is accepted till > timeout of finger > > > > Any solutions to finger problem when the line is down? How can we > > automatically cancel finger requests if the line is down > between POP and > > Radiator-Host location? > > > > Thanks very much, > > > > Ferhat > > > > > > === > > Archive at http://www.thesite.com.au/~radiator/ > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > >-- End of excerpt from Ferhat Dilman > > > > -- > Mike McCauley [EMAIL PROTECTED] > Open System Consultants Pty. LtdUnix, Perl, > Motif, C++, WWW > 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au > Phone +61 3 9598-0985 Fax +61 3 9598-0955 > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) finger problem
Hello Ferhat. What NasType are you using, and what does your finger say when it times out? Try running it by hand, to see. With that information, we might be able add a patch that will detect a timeout and not delete the user. Cheers. On Jun 11, 10:30am, Ferhat Dilman wrote: > Subject: (RADIATOR) finger problem > Hi, > > We are using Radiator 2.13.1 on Solaris with Oracle v8. > > There are several POP's and we use finger for ghost sessions. We use Ascend > TNTs. > > Radiator is in location Istanbul for example, and one of the POP's are in > other city e.g. Ankara. When the line goes down between Istanbul-Ankara, and > the user tries to logon in Istanbul, since the user information still on > RADONLINE, it tries to check it thru finger and since the line is down, > finger WAITS! a longtime thus Radiator does not respond other requests till > the finger request is finished (single process that is). > > Then eventually finger timeouts and the session is deleted from RADONLINE > and user is permitted. However this has two problems: > 1- User may be still online in Ankara (thus simultanous sessions) > 2- finger waits too long and no user auth is accepted till timeout of finger > > Any solutions to finger problem when the line is down? How can we > automatically cancel finger requests if the line is down between POP and > Radiator-Host location? > > Thanks very much, > > Ferhat > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Ferhat Dilman -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
