Re: (RADIATOR) New problem - External session database not working
Attached is the config and trace level 4 log. I do not specify MaxSessions but I do have Simultaneous-Use set as a check item in the AuthColumnDef. As I stated in my original message, the log file isn't reporting any errors which is why I couldn't figure it out. Any help is appreciated. ..Rich PS: Perhaps someone could also see the problem which is causing my SNMP errors? I am still getting error messages for SNMP, though it is no longer printing out the usage information for snmpget nor is it giving the bash error saying "sh: snmpcommunity: command not found" SNMP error which prints to the console: Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: I know for a fact from typing out the snmpget command manually, that is should say "This name doesnt exist: snmpcommunity". For some reason it is blank. Any ideas? PSS: Could these two problems be related? Is it possible that radiator is snmp querying the NAS, not able to connect and clearing all the entries from the session database? Would it log that? On Fri, 2 Jul 1999 09:40:04 -0500, Mike McCauley wrote: >Hi Richard, > >I cant immediately think of a reason for this. > >To investigate closer, we will need to see your configuration file (no >secrets), plus your log file at trace level 4, showing what happens during >accounting requests. > >Cheers. > > >On Jul 1, 3:21pm, Richard Hawley wrote: >> Subject: (RADIATOR) New problem - External session database not working >> During the week I was on vacation, the session database decided to stop >working. And I am having trouble troubleshooting it because of the following: >> >> 1) The database is a MySQL database. The database server is working >perfectly. The authentication and accounting work off of the same database and >they are both working. I >> can add, delete, and modify the session table manually with no problems. >> >> 2) Radiator is reporting NO errors in the log file (At trace level 5). It >seems like it is not even trying to add or check the session database. I do >see deleting session for user jondoe >> for the Stop records. >> >> 3) I have Hiper and TotalControl NAS's and I am using SNMP for sim-use >checking. I have been having alot of problems with that (previous emails today >will explain the problem), >> but I can't determine why the external session database is not being updated. >> >> ..Rich >> >> >-- >> Richard W. Hawley - Network Engineer CyberZone Internet >Services >> [EMAIL PROTECTED] 942 Main >Street >> http://www.cyberzone.net Hartford, CT. >06103 >> >> >> >> === >> Archive at http://www.thesite.com.au/~radiator/ >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >>-- End of excerpt from Richard Hawley > > > >-- >Mike McCauley [EMAIL PROTECTED] >Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW >24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au >Phone +61 3 9598-0985 Fax +61 3 9598-0955 > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, >NT, Rhapsody >=== >Archive at http://www.thesite.com.au/~radiator/ >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fwd: Re: (RADIATOR) New problem - External session database not working
Let's try this again, but this time we will actually attach the files. :) ==BEGIN FORWARDED MESSAGE== >From: "Richard Hawley" <[EMAIL PROTECTED]> >To: "Mike McCauley" <[EMAIL PROTECTED]>, > "[EMAIL PROTECTED] " <[EMAIL PROTECTED]> >Date: Fri, 02 Jul 1999 07:44:08 -0400 >Reply-To: "Richard Hawley" <[EMAIL PROTECTED]> >Priority: Normal >X-Mailer: PMMail 98 Standard (2.01.1600) For Windows 98 (4.10.1998) >MIME-Version: 1.0 >Content-Type: text/plain; charset="us-ascii" >Content-Transfer-Encoding: 7bit >Subject: Re: (RADIATOR) New problem - External session database not working > Attached is the config and trace level 4 log. I do not specify MaxSessions but I do have Simultaneous-Use set as a check item in the AuthColumnDef. As I stated in my original message, the log file isn't reporting any errors which is why I couldn't figure it out. Any help is appreciated. ..Rich PS: Perhaps someone could also see the problem which is causing my SNMP errors? I am still getting error messages for SNMP, though it is no longer printing out the usage information for snmpget nor is it giving the bash error saying "sh: snmpcommunity: command not found" SNMP error which prints to the console: Error in packet Reason: (noSuchName) There is no such variable name in this MIB. This name doesn't exist: I know for a fact from typing out the snmpget command manually, that is should say "This name doesnt exist: snmpcommunity". For some reason it is blank. Any ideas? PSS: Could these two problems be related? Is it possible that radiator is snmp querying the NAS, not able to connect and clearing all the entries from the session database? Would it log that? On Fri, 2 Jul 1999 09:40:04 -0500, Mike McCauley wrote: >Hi Richard, > >I cant immediately think of a reason for this. > >To investigate closer, we will need to see your configuration file (no >secrets), plus your log file at trace level 4, showing what happens during >accounting requests. > >Cheers. > > >On Jul 1, 3:21pm, Richard Hawley wrote: >> Subject: (RADIATOR) New problem - External session database not working >> During the week I was on vacation, the session database decided to stop >working. And I am having trouble troubleshooting it because of the following: >> >> 1) The database is a MySQL database. The database server is working >perfectly. The authentication and accounting work off of the same database and >they are both working. I >> can add, delete, and modify the session table manually with no problems. >> >> 2) Radiator is reporting NO errors in the log file (At trace level 5). It >seems like it is not even trying to add or check the session database. I do >see deleting session for user jondoe >> for the Stop records. >> >> 3) I have Hiper and TotalControl NAS's and I am using SNMP for sim-use >checking. I have been having alot of problems with that (previous emails today >will explain the problem), >> but I can't determine why the external session database is not being updated. >> >> ..Rich >> >> >-- >> Richard W. Hawley - Network Engineer CyberZone Internet >Services >> [EMAIL PROTECTED] 942 Main >Street >> http://www.cyberzone.net Hartford, CT. >06103 >> >> >> >> === >> Archive at http://www.thesite.com.au/~radiator/ >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >>-- End of excerpt from Richard Hawley > > > >-- >Mike McCauley [EMAIL PROTECTED] >Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW >24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au >Phone +61 3 9598-0985 Fax +61 3 9598-0955 > >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, >NT, Rhapsody >=== >Archive at http://www.thesite.com.au/~radiator/ >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 ===END FORWARDED MESSAGE=== -- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED]
(RADIATOR) Ascend-Data-Filter and Radiator
Hi, I've been trying to send the Ascend RADIUS attribute Ascend-Data-Filter in the Authorization phase, but I don't think the MaxTNT is getting it. I'm not entirely sure if its a server or a client problem. Here's the attributes I wanted sent (and how I've configured them in the %D/users file): Ascend-Data-Filter = "ip in drop dstip www.xxx.yyy.zzz", Ascend-Data-Filter = "ip in forward", Ascend-Data-Filter = "ip out forward" It just won't work properly. With the previous entries, the client of the NAS would not be able to access anything. I noticed in the Radiator dictionary, Ascend-Data-Filter had been changed from type string to type abinary. Would that affect anything? An output of radif debug on the MaxTNT gives the ff. snippet: RADIF: Authentication Ack RADIF: attribute 8, len 6, ff ff ff fe RADIF: attribute 6, len 6, 00 00 00 02 RADIF: attribute 7, len 6, 00 00 00 01 RADIF: attribute 9, len 6, ff ff ff ff RADIF: attribute 242, len 28, 01 00 01 00 RADIF: attribute 242, len 28, 01 01 01 00 RADIF: attribute 242, len 28, 01 01 00 00 Note the value for attrib 242. Anybody know what I'm doing wrong? L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) disconnect on demand
Hello, has anyone got a tool to disconnect an user's session on a CISCO or ASCEND box? i've read about radkill (ftp://ftp.nmo.net/pub/radkill/), but it's only supporting usrhiper, livingston and portslave. Any ideas? Ciao, Th. Voss NetCologne GmbH === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ascend-Data-Filter and Radiator
Hi, On Fri, 2 Jul 1999, Richi Plana wrote: |o| I noticed in the Radiator dictionary, Ascend-Data-Filter had been |o| changed from type string to type abinary. Would that affect |o| anything? Okay, okay. I just figured out that abinary stands for Ascend binary. It's some vendor-proprietary data type. I only figured it out from the Radiator source. Ascend needs to improve their documentation. Looks like Radiator is sending the right packets. Now it's either there's something wrong with my configs or the TNT (or just perhaps its TAOS 7.0.4) is busted. L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) disconnect on demand
Hi, Thomas. On Fri, 2 Jul 1999, Thomas Voss wrote: |o| has anyone got a tool to disconnect an user's session on a CISCO |o| or ASCEND box? If you've got SNMP configured on the NASes, you can use one of the SNMP utilities (or use an SNMP library with your favorite language to create your own program) to disconnect interfaces. For example, on a Cisco router, you could do: $ snmpset .iso.org.dod.internet.private.enterprises.cisco.local.lsystem.sysClearInt.0 i L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Ascend abinary documentation
Hi, (I hope I'm still on-topic) Would someone point me to documentation covering the format of the Ascend abinary attribute format? I've been reading the docs which come with our MaxTNT and it seems there are discrepancies with the way the attribute is supposed to be formatted (at least in text). Subnets are specified in Radiator using the piece of code: "dstip x.x.x.x/y", but according to the MaxTNT manual, it should be specified thus: "dstip x.x.x.x\y.y.y.y" (note the backslash and the netmask instead of the network no.). I'm thinking that the reason I've been having problems with Ascend-Data-Filter is that Radiator knows a different attribute format than what the TNT is expecting. (Even if it isn't, it'd be good to have that knowledge, anyway) Perhaps the subnet is specified as a number from 0 to 32 by Radiator but the MaxTNT expects it in the form 255.255.255.128 L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Run perl code to generate more accounting fields
I'd like to calculate two fields (login_time and logout_time) from the "Timestamp" and the "Acct-Session-Time" accounting STOP records for insert into an SQL database. I'd like to define: LOGIN_TIME = (Timestamp - Acct-Session-Time) LOGOUT_TIME = Timestamp Is there an easy way to have Radiator calculate the LOGIN_TIME field prior to insertion into the Radius database? If there was a way to add a fake accounting field by running arbitrary perl code, that would be helpful. I thought I read in the docs you can add arbitrary authentication replies to an auth record, but nothing that I read talked about the authentication record. Ideas would be appreciated. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Run perl code to generate more accounting fields
I typoed in this paragraph, it should have read: "I thought I read in the docs you can add arbitrary authentication replies to an auth record, but nothing that I read talked about the accounting record." ^^ >Is there an easy way to have Radiator calculate the LOGIN_TIME >field prior to insertion into the Radius database? If there >was a way to add a fake accounting field by running arbitrary >perl code, that would be helpful. I thought I read in the >docs you can add arbitrary authentication replies to an >auth record, but nothing that I read talked about the >authentication record. > >Ideas would be appreciated. > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
