Re: (RADIATOR) Sendmail Radiator
I think your problem is that your 'system' does not know of your users existence. Having configured PAM is not enough, you need to make your unix 'system' aware of your users via Name Service. Example: If you are using LDAP, you can install the nss_ldap module from http://www.padl.com And then put something like this in /etc/nsswitch.conf (Solaris,Linux) passwd: files ldap shadow: files ldap group: files ldap Date: Sat, 07 Aug 1999 23:33:54 + From: Paul Black [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: (RADIATOR) Sendmail Radiator I've now got my POP server authenticating from Radiator and I thought I would be ready to go ahead and use authentication from a database. When I tried to send an email to a test user in the Radiator database I received an error message from sendmail. The message said that the test user did not exist, ie he was not in the password file. Has anyone come across this problem before and managed to solve it? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. Valentin Tumarkin Xpert Trusted Systems === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Client, NAS-Type and Handler
Hi Neale - On Sun, 08 Aug 1999, Neale Banks wrote: I looked in the docs, but this one's not mentioned either way. If I specify a Client: Client box.foo.bar NasType=vendor . DefaultRealm foo.bar /Client 1. Are there any side-effects of NAS-Type if I don't specify any Simultaneus-Use anywhere? No side-effects. You can use NAS-Type without Simultaneous-Use checking. 2. Can I then use NAS-Type as a check item in a Handler, like: Yes. Note however that both NAS-Type and Client-Id check items have only been introduced into Radiator Version 2.14.1. Handler NAS-Type=vendor, Realm=foo.bar # generic stuff for foo.bar # vendor-specific stuff /Handler Handler Realm=foo.bar # just generic stuff for foo.bar /Handler If that won't work, any reason why I couldn't get around it by constructing a handler like: Handler Realm=foo.bar, NAS-IP-Address=/a.b.(c.d|e.f)/ You can do either one, although I imagine that the former is more understandable and more generic across network changes. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Sendmail Radiator
This sounds interesting. Does the NSS/LDAP module support PAM, ie, can it be made to authenticate via Radiator? I'm trying to setup a system where the Radiator database is the source of customer authentication information. Thanks for your help. Regards. Paul Valentin Tumarkin wrote: I think your problem is that your 'system' does not know of your users existence. Having configured PAM is not enough, you need to make your unix 'system' aware of your users via Name Service. Example: If you are using LDAP, you can install the nss_ldap module from http://www.padl.com And then put something like this in /etc/nsswitch.conf (Solaris,Linux) passwd: files ldap shadow: files ldap group: files ldap Date: Sat, 07 Aug 1999 23:33:54 + From: Paul Black [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: (RADIATOR) Sendmail Radiator I've now got my POP server authenticating from Radiator and I thought I would be ready to go ahead and use authentication from a database. When I tried to send an email to a test user in the Radiator database I received an error message from sendmail. The message said that the test user did not exist, ie he was not in the password file. Has anyone come across this problem before and managed to solve it? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. Valentin Tumarkin Xpert Trusted Systems === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Sendmail Radiator
No. PAM is a library for authentication. PAM takes information from NSS, and not vice-versa. To make it simple: it's not enough to have your users in the radius database, you should also put them in /etc/passwd or NIS or LDAP database+nss_ldap modules. About NSS from Solaris 2.6 nsswitch.conf(4) man page: The operating system uses a number of "databases" of infor- mation about hosts, users (passwd/shadow), groups and so forth. Data for these can come from a variety of sources: host-names and host-addresses, for example, may be found in /etc/hosts, NIS, NIS+, or DNS. Zero or more sources may be used for each database; the sources and their lookup order are specified in the /etc/nsswitch.conf file. Example: NSS is responsible for translating usernames to numeric user-id's and back. PAM does not know anything about that. You should really go read the man pages and the documentation at http://www.padl.com On Sun, 8 Aug 1999, Paul Black wrote: Date: Sun, 08 Aug 1999 11:58:05 + From: Paul Black [EMAIL PROTECTED] To: Valentin Tumarkin [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) Sendmail Radiator This sounds interesting. Does the NSS/LDAP module support PAM, ie, can it be made to authenticate via Radiator? I'm trying to setup a system where the Radiator database is the source of customer authentication information. Thanks for your help. Regards. Paul Valentin Tumarkin wrote: I think your problem is that your 'system' does not know of your users existence. Having configured PAM is not enough, you need to make your unix 'system' aware of your users via Name Service. Example: If you are using LDAP, you can install the nss_ldap module from http://www.padl.com And then put something like this in /etc/nsswitch.conf (Solaris,Linux) passwd: files ldap shadow: files ldap group: files ldap Date: Sat, 07 Aug 1999 23:33:54 + From: Paul Black [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: (RADIATOR) Sendmail Radiator I've now got my POP server authenticating from Radiator and I thought I would be ready to go ahead and use authentication from a database. When I tried to send an email to a test user in the Radiator database I received an error message from sendmail. The message said that the test user did not exist, ie he was not in the password file. Has anyone come across this problem before and managed to solve it? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. Valentin Tumarkin Xpert Trusted Systems === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Running as NT Service Success
Thought I might share this as I was having a problem running Radiator as an NT service using the current instructions. I was finally able to make things work using the following modified directions which I integrated from the Srvany instructions. It basically breaks down the single command line into several sections. This starts right after you have installed Srvany. 1. You must now edit the Registry to tell SRVANY which application to run. Run the Registry Editor (Regedt32.exe)and locate the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\radiato r 1. Create a new key in radiator called Parameters with Edit-New-Key 2. Select the new Parameters sub-key, create a new string value of type REG_SZ in Parameters with Edit-New-String Value. Give it the name "Application" 3. Edit the new Application string value to be the full command name required to run Radiator. Something like: "C:\perl\5.00502\bin\perl.exe radiusd" (without quotes) 4. Create another new string value of type REG_SZ in Parameters with Edit-New-String Value. Give it the name "AppParameters" 5. Edit the new AppParameters string value to everything you would normally Something like: "-config_file radius.cfg" (without quotes) 6. Create another new string value of type REG_SZ in Parameters with Edit-New-String Value. Give it the name "AppDirectory" 7. Edit the new AppParameters string value to everything you would normally Something like: "C:\Radiator-2.11" (without quotes) 8. Exit the Registry Editor. 9. You can now start the "radiator" service manually using the Services application in the Control Panel. Check that its working OK. 10. Restart your NT machine. Radiator should now start automatically. It might take a minute or two before all NT services get started at boot time. For further information, see "HOWTO: Create a User-Defined Service" at http://support.microsoft.com/support/kb/articles/Q137/8/90.a sp. You also may want to read the "Srvany.wri" file that accompanies the "Srvany.exe" in the NT Resource Kit as it goes into detail about using a LocalSystem account versus an admin type account. Michael Jaworski Puget Sound Network, Inc. (206) 217-0400 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Blocking Time not working (v. 2.13)?
Hi Mike and all, Our production radiator server is still with 2.13. It always worked, but recently we set up some time restrictions, and it isn't working. Users are still connected even when they're in Linux "business" group. My USERS file has the following DEFAULTs: DEFAULT Auth-Type = System, Group = users, Simultaneous-Use = 1 DEFAULT Auth-Type = System, Group = business, Simultaneous-Use = 1 Time = "Sa0700-1200,Wk0700-1900" DEFAULT Auth-Type = Reject, Group = bloqueado When a user from group "bloqueado" tries to log in, access is correctly rejected. The only problem is that the "Time" item is being ignored for group "business". We auth against SHADOW file. My realm: Realm DEFAULT AuthByPolicy ContinueUntilAccept AuthBy FILE /AuthBy/Realm What I'm doing worng? Cheers, Ricardo Freire, MCPAll Ways Provedor Internet
(RADIATOR) EncryptedPassword Problem.
Hi guys, Got a small problem, below is my AuthSQL with my AuthSelect in it, but for some reason the encrypted passwords dont appear to be working, people can login supplying anything for their password, could someone please show me what to do to fix this little problem, thanx.. AuthSelect select ENCRYPTEDPASSWORD, concat('Expiration = ',FROM_UNIXTIME(TERM_DATE,'%%b %%d %%Y')), if(IPNUMBER,concat("Framed-IP-Address = ", IPNUMBER), concat("Framed-Group = ", IPGROUP)), CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='%n' EncryptedPassword AuthColumnDef 1, Expiration, check AuthColumnDef 2, GENERIC, reply AuthColumnDef 3, GENERIC, check AuthColumnDef 4, GENERIC, reply AddToReply Service-Type=Framed-User,Framed-Protocol=PPP,Framed-Routing=Broadcast-Listen,Framed-MTU=552 Thanx for your help. -- Regards, Cameron Andrews. -- SysAdmin for: Soft-Tech Information Services / Brisnet Star Hub http://www.st.net.au / http://www.star.brisnet.org.au And: My personal project, Darkrealm.net http://www.darkrealm.net === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.