(RADIATOR) freezing
Hi,
I've got some problems with Radiator v2.14.1. It just freezes (most of the time
in the evening). I'm using Authby RADIUS and Authby LDAP2 with perl v5.00503 on
a FreeBSD system. below you find my config file(s).
Radiusproxy:
AuthPort 1812
AcctPort 1813
LogDir /radius/log
DbDir /etc/raddb
LogFile %L/%d%m%Y-e-tel.log
PidFile %L/e-tel.pid
Trace 3
Realm DEFAULT
AuthBy RADIUS
Host10.1.0.11
Host10.1.0.10
AuthPort1812
AcctPort1813
Secret secretkey
/AuthBy
AcctLogFileName %L/details_e-tel-%d%m%Y
AcctLogFileFormat %l %{Acct-Status-Type} \
%{User-Name} %{Framed-IP-Address} %{Calling-Station-Id}
/Realm
END
Radius config:
AuthPort 1812
AcctPort 1813
LogDir /radius/log
DbDir /etc/raddb
LogFile %L/%d%m%Y-e-tel.log
DictionaryFile %D/dictionary.usr
PidFile %L/e-tel.pid
Trace 3
Realm DEFAULT
AuthBy LDAP2
# Tell Radiator how to talk to the LDAP server
Hostldap4.inside.servers
AuthDN cn=radius,o=WISH, c=NL
BaseDN o=WISH, c=NL
AuthPasswordsecretpassword
UsernameAttruid
PasswordAttruserPassword
AddToReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Address = 255.255.255.254,\
Framed-MTU = 1500,\
Primary_DNS_Server= 212.123.129.68, \
Secondary_DNS_Server= 212.123.128.16
/AuthBy
/Realm
-END
BTW, is it possible to include more dictionaries??!
--
Regards,
Robin Gruyters - SYS/B.O.F.H. - [EMAIL PROTECTED] - http://www.phear.nl
RIPE nic-hdl: RG3771-RIPE http://www.ripe.net/cgi-bin/whois?AS9133
WISH Worldwide Websites B.V. PGP key ID DEB8C991
-- System Manager / Web Designer / B.O.F.H. ---
"Where do you wanna frag today?"
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) What the....
Hi Robin, This was caused by recent changes in the LDAP API. There is a fixed version of AuthLDAP2.pm available in the Radiator patches-2.14.1 directory. Hope that helps. Cheers. On Jan 6, 8:39pm, Robin Gruyters wrote: Subject: (RADIATOR) What the Hi, What's this?!?! Undefined subroutine Radius::AuthLDAP2::ldap_error_name called at /usr/local/lib/perl5/site_perl/5.005/Radius/AuthLDAP2.pm line 262. I've got radiator v2.14.1 with LDAP2 (so you can see). -- Regards, Robin Gruyters - SYS/B.O.F.H. - [EMAIL PROTECTED] - http://www.phear.nl RIPE nic-hdl: RG3771-RIPE http://www.ripe.net/cgi-bin/whois?AS9133 WISH Worldwide Websites B.V. PGP key ID DEB8C991 Tel: +31(0)413242500 - Fax: +31(0)413332281 - http://www.wish.net/ -- System Manager / Web Designer / B.O.F.H. --- "Where do you wanna frag today?" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Robin Gruyters -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SNMPwalk..
This may seem like a dumb question, but where in the world can I get snmpwalk and snmpget? I can find a manual for these programs on just about any website, but searches for these files have proved fruitless.. am I missing something obvious? I'm running on Solaris 2.6 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem with Merit to Radiator proxying
Hello- (I can't get into the List Archive website or I would've checked there first). We're having a problem with authentications from a Merit server to a Radiator server. The path is as follows: NAS Merit Radiator (Do authentication) then (If Auth Successful) Radiator(Access Accept) Merit NAS What I'm seeing on the Merit server is this: Thu Jan 6 17:10:13 2000: Received-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 Thu Jan 6 17:10:13 2000: Sending-AUTHENTICATE-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 to 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: Response-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 from 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: rad_reply: Problem parsing user for request from as2.realm.net Thu Jan 6 17:10:13 2000: AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 "x.realm.net" PPP/255.255.255.254 - FAILED -- total 0, holding 0 But then it doesn't accounting and the user gets online! Obviously the problem is with Merit parsing the user for the request. Unfortunately I cannot do any debugging on the merit server beyond the logfile. I've changed the reply attributes to include User-Name with no luck. (And yes, I know that the session-timeout is being set twice). :) Trace 4 reply sent to the merit server: Attributes: Framed-Protocol = PPP Framed-Routing = None Session-Timeout = 14400 Framed-Compression = Van-Jacobson-TCP-IP Session-Timeout = 604800 NAS-Identifier = "xxx.xxx.xxx.xxx" NAS-Port = 1040 User-Name = "[EMAIL PROTECTED]" Any help anyone can give is appreciated. I'll also poke around on the archive website when I can get there. Steve === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMPwalk..
On Thu, 6 Jan 2000, Richard Barnes -Listserv wrote: This may seem like a dumb question, but where in the world can I get snmpwalk and snmpget? I can find a manual for these programs on just about any website, but searches for these files have proved fruitless.. am I missing something obvious? http://ucd-snmp.ucdavis.edu/ shows these tools. Hope this helps. (Coincidence: I just added this link today to my http://bsd.reedmedia.net/Software/Networking/ webpage.) Jeremy C. Reed [EMAIL PROTECTED] UNIX Admin Fax: 425-290-1751 IWBC ISP Services http://www.iwbc.net === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL database schema
Hello Josh - On Fri, 07 Jan 2000, Arnold, Josh A. wrote: Does anyone have a list of tables, columns, and data types that Radiator users when SQL is the auth method? Thanks. Radiator has a set of default tables that are specified in the manual and in the example radius.cfg file and the goodies/sql.cfg file. There is also an example sql create script (various flavours) in the goodies directory. However, you can easily implement whatever schema you require and you can override the default queries with the AuthSelect, AcctSQLStatement, and different AuthColumnDef's and AcctColumnDef's. Check section 6.24 in the Radiator 2.14.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) freezing
Hello Robin - On Thu, 06 Jan 2000, Robin Gruyters wrote: Hi, I've got some problems with Radiator v2.14.1. It just freezes (most of the time in the evening). I'm using Authby RADIUS and Authby LDAP2 with perl v5.00503 on a FreeBSD system. below you find my config file(s). Could you please send a trace 4 debug showing where Radiator is stopping? Also what LDAP server are you running? And which of the two copies of Radiator is the one that stops? If both stop is it because the LDAP request doesn't get answered? BTW, is it possible to include more dictionaries??! It is only possible to specify a single dictionary at this time, however it is very easy to add definitions to it as the dictionary is only a text file. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMPwalk..
Hello Richard - On Fri, 07 Jan 2000, Richard Barnes -Listserv wrote: This may seem like a dumb question, but where in the world can I get snmpwalk and snmpget? I can find a manual for these programs on just about any website, but searches for these files have proved fruitless.. am I missing something obvious? Here's the URL (from the Radiator FAQ): http://ucd-snmp.ucdavis.edu/ cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem with Merit to Radiator proxying
Hello Steve - On Fri, 07 Jan 2000, Steve Suehring wrote: We're having a problem with authentications from a Merit server to a Radiator server. The path is as follows: NAS Merit Radiator (Do authentication) then (If Auth Successful) Radiator(Access Accept) Merit NAS What I'm seeing on the Merit server is this: Thu Jan 6 17:10:13 2000: Received-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 Thu Jan 6 17:10:13 2000: Sending-AUTHENTICATE-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 to 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: Response-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 from 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: rad_reply: Problem parsing user for request from as2.realm.net Thu Jan 6 17:10:13 2000: AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 "x.realm.net" PPP/255.255.255.254 - FAILED -- total 0, holding 0 But then it doesn't accounting and the user gets online! Obviously the problem is with Merit parsing the user for the request. Unfortunately I cannot do any debugging on the merit server beyond the logfile. I've changed the reply attributes to include User-Name with no luck. (And yes, I know that the session-timeout is being set twice). :) Trace 4 reply sent to the merit server: Attributes: Framed-Protocol = PPP Framed-Routing = None Session-Timeout = 14400 Framed-Compression = Van-Jacobson-TCP-IP Session-Timeout = 604800 NAS-Identifier = "xxx.xxx.xxx.xxx" NAS-Port = 1040 User-Name = "[EMAIL PROTECTED]" I must confess to being perplexed as to how the user is getting online, if the Merit server is rejecting the request. It sounds more like the Access-Accept from the Radiator host is being returned to the NAS by the Merit host, but that the accounting packets are not being handled correctly. What exactly are your requirements? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) No accounting replies
We have just put up the latest Radiator code, and have
completely revamped our config to take advantage of the
nifty new stuff. But we're having problems with accounting
packets. Radiator gets the packets, but according to "snoop"
it never replies to them.
Note: this means that the problem is _not_ with the NAS.
It never gets any ACKs because Radiator isn't sending any.
So the NAS (correctly) keeps resending the packets.
Here are the salient portions of our config.
Client x
Secret x
IgnoreAcctSignature
DupInterval 0
/Client
The IgnoreAcctSignature and DupInterval lines are there
for debugging only; they should go away when everything's
working.
# Handle All the Accounting requests
Handler Acct-Status-Type=/.+/
AcctLogFileName %L/%R%c-%Y%m%d
AccountingHandled
/Handler
This is the first handler in the config file.
According to the log, it is properly intercepting
the accounting packets.
Finally, here is our PreClientHook:
sub{
## lc() the username and remove junk characters.
## If the user has entered a realm, normalize it.
# We don't need to re-create this hash for every packet
if (!defined %main::loa_realm2class) {
%main::loa_realm2class = (
'realm1'= 'class1',
'realm2'= 'class2',
'realm3'= 'class2',
: : : : : :
);
}
my $p = ${$_[0]};
my ($user, $realm);
($user = lc $p-getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d;
($user, $realm) = split ('@', $user);
if ($realm) {
$realm = ( $main::loa_realm2class{$realm} or $realm);
$p-changeUserName("$user\@$realm");
}
}
-
And here is a bit from the log file. The daemon has
just been killed and restarted
Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
Fri Jan 7 01:25:42 2000: INFO: Server started
Fri Jan 7 01:25:43 2000: DEBUG: Packet dump:
*** Received from 209.113.155.4 port 1651
Code: Accounting-Request
Identifier: 36
Authentic: 3221d237140171152147VKov219}171139
Attributes:
Acct-Session-Id = "1C002EBF"
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
NAS-Port = 4
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 1553
Acct-Authentic = RADIUS
Connect_Info = 858862128
Acct-Input-Octets = 20479
Acct-Output-Octets = 274291
Called-Station-Id = "9783364950"
Calling-Station-Id = "9787775389"
Class = "cybertours.com"
Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
Livingston = "User Request - PPP Term Req"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 216.41.76.164
Acct-Delay-Time = 10699
Proxy-State =
8u13528216)L184$f0I\22117431P204141165}\21919217174
Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used
to handle this request
Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request
Identifier: 36
Authentic: 3221d237140171152147VKov219}171139
Attributes:
Acct-Session-Id = "1C002EBF"
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
NAS-Port = 4
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 1553
Acct-Authentic = RADIUS
Connect_Info = 858862128
Acct-Input-Octets = 20479
Acct-Output-Octets = 274291
Called-Station-Id = "9783364950"
Calling-Station-Id = "9787775389"
Class = "cybertours.com"
Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
Livingston = "User Request - PPP Term Req"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 216.41.76.164
Acct-Delay-Time = 10699
Proxy-State =
8u13528216)L184$f0I\22117431P204141165}\21919217174
Fri Jan 7 01:25:43 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/'
Fri Jan 7 01:25:43 2000: DEBUG: Deleting session for [EMAIL PROTECTED],
216.41.76.18, 4
Fri Jan 7 01:25:43 2000: DEBUG: Packet dump:
*** Received from 209.113.155.4 port 1651
Code: Accounting-Request
Identifier: 36
Authentic: 3221d237140171152147VKov219}171139
Attributes:
Acct-Session-Id = "1C002EBF"
User-Name = "[EMAIL PROTECTED]"
Client-Id = 216.41.76.18
NAS-Port = 4
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 1553
Acct-Authentic = RADIUS
Connect_Info = 858862128
Acct-Input-Octets = 20479
Acct-Output-Octets = 274291
Called-Station-Id = "9783364950"
Calling-Station-Id = "9787775389"
Class = "cybertours.com"
Acct-Terminate-Cause
