Re: (RADIATOR) Sendmail Radiator

[Valentin Tumarkin]

  I think your problem is that your 'system' does not know of your users 
existence. Having configured PAM is not enough, you need to make your
unix 'system' aware of your users via Name Service. 

Example: If you are using LDAP, you can install the nss_ldap module
from http://www.padl.com
And then put something like this in /etc/nsswitch.conf
(Solaris,Linux)

passwd: files   ldap
shadow: files   ldap
group:  files   ldap


 Date: Sat, 07 Aug 1999 23:33:54 +
 From: Paul Black [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Subject: (RADIATOR) Sendmail  Radiator
 
 I've now got my POP server authenticating from Radiator and I thought I would
 be ready to go ahead and use authentication from a database. When I tried to
 send an email to a test user in the Radiator database I received an error
 message from sendmail. The message said that the test user did not exist, ie
 he was not in the password file.
 
 Has anyone come across this problem before and managed to solve it?
 
 Regards.  Paul
 
 ===
 Archive at http://www.thesite.com.au/~radiator/
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
 



Valentin Tumarkin

Xpert Trusted Systems


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Client, NAS-Type and Handler

[Hugh Irvine]

Hi Neale -

On Sun, 08 Aug 1999, Neale Banks wrote:
 I looked in the docs, but this one's not mentioned either way.  If I 
 specify a Client:
 
 Client box.foo.bar
   NasType=vendor
   .
   DefaultRealm foo.bar
 /Client
 
 1. Are there any side-effects of NAS-Type if I don't specify any 
 Simultaneus-Use anywhere?
 

No side-effects. You can use NAS-Type without Simultaneous-Use checking.

 2. Can I then use NAS-Type as a check item in a Handler, like:
 

Yes. Note however that both NAS-Type and Client-Id check items have only been
introduced into Radiator Version 2.14.1.

  Handler NAS-Type=vendor, Realm=foo.bar
 # generic stuff for foo.bar
 # vendor-specific stuff
 /Handler
 
 Handler Realm=foo.bar
 # just generic stuff for foo.bar
 /Handler
 
 If that won't work, any reason why I couldn't get around it by 
 constructing a handler like:
 
 Handler Realm=foo.bar, NAS-IP-Address=/a.b.(c.d|e.f)/
 

You can do either one, although I imagine that the former is more
understandable and more generic across network changes.

hth

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Sendmail Radiator

[Paul Black]

This sounds interesting. Does the NSS/LDAP module support PAM, ie, can it be
made to authenticate via Radiator? I'm trying to setup a system where the
Radiator database is the source of customer authentication information. Thanks
for your help.

Regards.  Paul



Valentin Tumarkin wrote:
 
   I think your problem is that your 'system' does not know of your users
 existence. Having configured PAM is not enough, you need to make your
 unix 'system' aware of your users via Name Service.
 
 Example: If you are using LDAP, you can install the nss_ldap module
 from http://www.padl.com
 And then put something like this in /etc/nsswitch.conf
 (Solaris,Linux)
 
 passwd: files   ldap
 shadow: files   ldap
 group:  files   ldap
 
  Date: Sat, 07 Aug 1999 23:33:54 +
  From: Paul Black [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Subject: (RADIATOR) Sendmail  Radiator
 
  I've now got my POP server authenticating from Radiator and I thought I would
  be ready to go ahead and use authentication from a database. When I tried to
  send an email to a test user in the Radiator database I received an error
  message from sendmail. The message said that the test user did not exist, ie
  he was not in the password file.
 
  Has anyone come across this problem before and managed to solve it?
 
  Regards.  Paul
 
  ===
  Archive at http://www.thesite.com.au/~radiator/
  To unsubscribe, email '[EMAIL PROTECTED]' with
  'unsubscribe radiator' in the body of the message.
 
 
 Valentin Tumarkin
 
 Xpert Trusted Systems

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Sendmail Radiator

[Valentin Tumarkin]

No.

PAM is a library for authentication. PAM takes information from NSS,
and not vice-versa.

To make it simple: it's not enough to have your users in the radius
database, you should also put them in /etc/passwd or NIS or 
LDAP database+nss_ldap modules.


About NSS from Solaris 2.6 nsswitch.conf(4) man page:

 The operating system uses a number of "databases" of  infor-
 mation  about  hosts,  users  (passwd/shadow), groups and so
 forth.  Data for these can come from a variety  of  sources:
 host-names  and host-addresses, for example, may be found in
 /etc/hosts, NIS, NIS+, or DNS.  Zero or more sources may  be
 used  for  each database; the sources and their lookup order
 are specified in the /etc/nsswitch.conf file.


Example:
NSS is responsible for translating usernames to numeric user-id's
and back. PAM does not know anything about that.


You should really go read the man pages and the documentation at
http://www.padl.com


On Sun, 8 Aug 1999, Paul Black wrote:

 Date: Sun, 08 Aug 1999 11:58:05 +
 From: Paul Black [EMAIL PROTECTED]
 To: Valentin Tumarkin [EMAIL PROTECTED], [EMAIL PROTECTED]
 Subject: Re: (RADIATOR) Sendmail  Radiator
 
 This sounds interesting. Does the NSS/LDAP module support PAM, ie, can it be
 made to authenticate via Radiator? I'm trying to setup a system where the
 Radiator database is the source of customer authentication information. Thanks
 for your help.
 
 Regards.  Paul
 
 
 
 Valentin Tumarkin wrote:
  
I think your problem is that your 'system' does not know of your users
  existence. Having configured PAM is not enough, you need to make your
  unix 'system' aware of your users via Name Service.
  
  Example: If you are using LDAP, you can install the nss_ldap module
  from http://www.padl.com
  And then put something like this in /etc/nsswitch.conf
  (Solaris,Linux)
  
  passwd: files   ldap
  shadow: files   ldap
  group:  files   ldap
  
   Date: Sat, 07 Aug 1999 23:33:54 +
   From: Paul Black [EMAIL PROTECTED]
   To: [EMAIL PROTECTED]
   Subject: (RADIATOR) Sendmail  Radiator
  
   I've now got my POP server authenticating from Radiator and I thought I would
   be ready to go ahead and use authentication from a database. When I tried to
   send an email to a test user in the Radiator database I received an error
   message from sendmail. The message said that the test user did not exist, ie
   he was not in the password file.
  
   Has anyone come across this problem before and managed to solve it?
  
   Regards.  Paul
  
   ===
   Archive at http://www.thesite.com.au/~radiator/
   To unsubscribe, email '[EMAIL PROTECTED]' with
   'unsubscribe radiator' in the body of the message.
  
  
  Valentin Tumarkin
  
  Xpert Trusted Systems
 


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Running as NT Service Success

[Michael Jaworski]

Thought I might share this as I was having a problem running
Radiator as an NT service using the current instructions. I
was finally able to make things work using the following
modified directions which I integrated from the Srvany
instructions. It basically breaks down the single command
line into several sections.

This starts right after you have installed Srvany.

1. You must now edit the Registry to tell SRVANY which
application to run. Run the Registry Editor
(Regedt32.exe)and locate the following subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\radiato
r

1. Create a new key in radiator called Parameters with
Edit-New-Key

2. Select the new Parameters sub-key, create a new string
value of type REG_SZ in Parameters with Edit-New-String
Value. Give it the name "Application"

3. Edit the new Application string value to be the full
command name required to run Radiator. Something like:
"C:\perl\5.00502\bin\perl.exe radiusd"  (without quotes)

4. Create another new string value of type REG_SZ in
Parameters with Edit-New-String Value. Give it the name
"AppParameters"

5. Edit the new AppParameters string value to everything you
would normally
Something like: "-config_file radius.cfg"  (without quotes)

6. Create another new string value of type REG_SZ in
Parameters with Edit-New-String Value. Give it the name
"AppDirectory"

7. Edit the new AppParameters string value to everything you
would normally
Something like: "C:\Radiator-2.11"  (without quotes)

8. Exit the Registry Editor.

9. You can now start the "radiator" service manually using
the Services application in the Control Panel. Check that
its working OK.

10. Restart your NT machine. Radiator should now start
automatically. It might take a minute or two before all NT
services get started at boot time.

For further information, see "HOWTO: Create a User-Defined
Service" at
http://support.microsoft.com/support/kb/articles/Q137/8/90.a
sp.

You also may want to read the "Srvany.wri" file that
accompanies the "Srvany.exe" in the NT Resource Kit as it
goes into detail about using a LocalSystem account versus an
admin type account.


Michael Jaworski
Puget Sound Network, Inc.
(206) 217-0400


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Blocking Time not working (v. 2.13)?

[Ricardo Freire]

Hi Mike and all,

Our production radiator server is still with 
2.13.
It always worked, but recently we set up some time 
restrictions, and it isn't working.
Users are still connected even when they're in Linux 
"business" group.
My USERS file has the following DEFAULTs:

DEFAULT Auth-Type = System, Group = users, Simultaneous-Use = 
1

DEFAULT Auth-Type = System, Group = business, Simultaneous-Use 
= 1 Time = 
"Sa0700-1200,Wk0700-1900"

DEFAULT Auth-Type = Reject, Group = bloqueado

When a user from group "bloqueado" tries to log in, access is 
correctly rejected.
The only problem is that the "Time" item is being ignored for 
group "business".

We auth against SHADOW file.
My realm:

Realm DEFAULT
 AuthByPolicy 
ContinueUntilAccept

 AuthBy 
FILE 
/AuthBy/Realm


What I'm doing worng?

Cheers,
Ricardo Freire, MCPAll Ways Provedor 
Internet

(RADIATOR) EncryptedPassword Problem.

[Cameron Andrews]

Hi guys,
Got a small problem,  below is my AuthSQL with my AuthSelect in it, but
for some reason the encrypted passwords dont appear to be working, people can
login supplying anything for their password, could someone please show me what
to do to fix this little problem, thanx..

AuthSelect select ENCRYPTEDPASSWORD, concat('Expiration = 
',FROM_UNIXTIME(TERM_DATE,'%%b %%d %%Y')), if(IPNUMBER,concat("Framed-IP-Address = ", 
IPNUMBER), concat("Framed-Group = ", IPGROUP)), CHECKATTR, REPLYATTR from SUBSCRIBERS 
where USERNAME='%n'
EncryptedPassword
AuthColumnDef 1, Expiration, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, GENERIC, check
AuthColumnDef 4, GENERIC, reply
AddToReply 
Service-Type=Framed-User,Framed-Protocol=PPP,Framed-Routing=Broadcast-Listen,Framed-MTU=552

Thanx for your help.

 --
Regards,
Cameron Andrews.

--
SysAdmin for: Soft-Tech Information Services / Brisnet Star Hub
  http://www.st.net.au / http://www.star.brisnet.org.au

 And: My personal project,  Darkrealm.net
  http://www.darkrealm.net

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.