(RADIATOR) freezing
Hi, I've got some problems with Radiator v2.14.1. It just freezes (most of the time in the evening). I'm using Authby RADIUS and Authby LDAP2 with perl v5.00503 on a FreeBSD system. below you find my config file(s). Radiusproxy: AuthPort 1812 AcctPort 1813 LogDir /radius/log DbDir /etc/raddb LogFile %L/%d%m%Y-e-tel.log PidFile %L/e-tel.pid Trace 3 Realm DEFAULT AuthBy RADIUS Host10.1.0.11 Host10.1.0.10 AuthPort1812 AcctPort1813 Secret secretkey /AuthBy AcctLogFileName %L/details_e-tel-%d%m%Y AcctLogFileFormat %l %{Acct-Status-Type} \ %{User-Name} %{Framed-IP-Address} %{Calling-Station-Id} /Realm END Radius config: AuthPort 1812 AcctPort 1813 LogDir /radius/log DbDir /etc/raddb LogFile %L/%d%m%Y-e-tel.log DictionaryFile %D/dictionary.usr PidFile %L/e-tel.pid Trace 3 Realm DEFAULT AuthBy LDAP2 # Tell Radiator how to talk to the LDAP server Hostldap4.inside.servers AuthDN cn=radius,o=WISH, c=NL BaseDN o=WISH, c=NL AuthPasswordsecretpassword UsernameAttruid PasswordAttruserPassword AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-IP-Address = 255.255.255.254,\ Framed-MTU = 1500,\ Primary_DNS_Server= 212.123.129.68, \ Secondary_DNS_Server= 212.123.128.16 /AuthBy /Realm -END BTW, is it possible to include more dictionaries??! -- Regards, Robin Gruyters - SYS/B.O.F.H. - [EMAIL PROTECTED] - http://www.phear.nl RIPE nic-hdl: RG3771-RIPE http://www.ripe.net/cgi-bin/whois?AS9133 WISH Worldwide Websites B.V. PGP key ID DEB8C991 -- System Manager / Web Designer / B.O.F.H. --- "Where do you wanna frag today?" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) What the....
Hi Robin, This was caused by recent changes in the LDAP API. There is a fixed version of AuthLDAP2.pm available in the Radiator patches-2.14.1 directory. Hope that helps. Cheers. On Jan 6, 8:39pm, Robin Gruyters wrote: Subject: (RADIATOR) What the Hi, What's this?!?! Undefined subroutine Radius::AuthLDAP2::ldap_error_name called at /usr/local/lib/perl5/site_perl/5.005/Radius/AuthLDAP2.pm line 262. I've got radiator v2.14.1 with LDAP2 (so you can see). -- Regards, Robin Gruyters - SYS/B.O.F.H. - [EMAIL PROTECTED] - http://www.phear.nl RIPE nic-hdl: RG3771-RIPE http://www.ripe.net/cgi-bin/whois?AS9133 WISH Worldwide Websites B.V. PGP key ID DEB8C991 Tel: +31(0)413242500 - Fax: +31(0)413332281 - http://www.wish.net/ -- System Manager / Web Designer / B.O.F.H. --- "Where do you wanna frag today?" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Robin Gruyters -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SNMPwalk..
This may seem like a dumb question, but where in the world can I get snmpwalk and snmpget? I can find a manual for these programs on just about any website, but searches for these files have proved fruitless.. am I missing something obvious? I'm running on Solaris 2.6 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem with Merit to Radiator proxying
Hello- (I can't get into the List Archive website or I would've checked there first). We're having a problem with authentications from a Merit server to a Radiator server. The path is as follows: NAS Merit Radiator (Do authentication) then (If Auth Successful) Radiator(Access Accept) Merit NAS What I'm seeing on the Merit server is this: Thu Jan 6 17:10:13 2000: Received-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 Thu Jan 6 17:10:13 2000: Sending-AUTHENTICATE-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 to 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: Response-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 from 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: rad_reply: Problem parsing user for request from as2.realm.net Thu Jan 6 17:10:13 2000: AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 "x.realm.net" PPP/255.255.255.254 - FAILED -- total 0, holding 0 But then it doesn't accounting and the user gets online! Obviously the problem is with Merit parsing the user for the request. Unfortunately I cannot do any debugging on the merit server beyond the logfile. I've changed the reply attributes to include User-Name with no luck. (And yes, I know that the session-timeout is being set twice). :) Trace 4 reply sent to the merit server: Attributes: Framed-Protocol = PPP Framed-Routing = None Session-Timeout = 14400 Framed-Compression = Van-Jacobson-TCP-IP Session-Timeout = 604800 NAS-Identifier = "xxx.xxx.xxx.xxx" NAS-Port = 1040 User-Name = "[EMAIL PROTECTED]" Any help anyone can give is appreciated. I'll also poke around on the archive website when I can get there. Steve === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMPwalk..
On Thu, 6 Jan 2000, Richard Barnes -Listserv wrote: This may seem like a dumb question, but where in the world can I get snmpwalk and snmpget? I can find a manual for these programs on just about any website, but searches for these files have proved fruitless.. am I missing something obvious? http://ucd-snmp.ucdavis.edu/ shows these tools. Hope this helps. (Coincidence: I just added this link today to my http://bsd.reedmedia.net/Software/Networking/ webpage.) Jeremy C. Reed [EMAIL PROTECTED] UNIX Admin Fax: 425-290-1751 IWBC ISP Services http://www.iwbc.net === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL database schema
Hello Josh - On Fri, 07 Jan 2000, Arnold, Josh A. wrote: Does anyone have a list of tables, columns, and data types that Radiator users when SQL is the auth method? Thanks. Radiator has a set of default tables that are specified in the manual and in the example radius.cfg file and the goodies/sql.cfg file. There is also an example sql create script (various flavours) in the goodies directory. However, you can easily implement whatever schema you require and you can override the default queries with the AuthSelect, AcctSQLStatement, and different AuthColumnDef's and AcctColumnDef's. Check section 6.24 in the Radiator 2.14.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) freezing
Hello Robin - On Thu, 06 Jan 2000, Robin Gruyters wrote: Hi, I've got some problems with Radiator v2.14.1. It just freezes (most of the time in the evening). I'm using Authby RADIUS and Authby LDAP2 with perl v5.00503 on a FreeBSD system. below you find my config file(s). Could you please send a trace 4 debug showing where Radiator is stopping? Also what LDAP server are you running? And which of the two copies of Radiator is the one that stops? If both stop is it because the LDAP request doesn't get answered? BTW, is it possible to include more dictionaries??! It is only possible to specify a single dictionary at this time, however it is very easy to add definitions to it as the dictionary is only a text file. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SNMPwalk..
Hello Richard - On Fri, 07 Jan 2000, Richard Barnes -Listserv wrote: This may seem like a dumb question, but where in the world can I get snmpwalk and snmpget? I can find a manual for these programs on just about any website, but searches for these files have proved fruitless.. am I missing something obvious? Here's the URL (from the Radiator FAQ): http://ucd-snmp.ucdavis.edu/ cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem with Merit to Radiator proxying
Hello Steve - On Fri, 07 Jan 2000, Steve Suehring wrote: We're having a problem with authentications from a Merit server to a Radiator server. The path is as follows: NAS Merit Radiator (Do authentication) then (If Auth Successful) Radiator(Access Accept) Merit NAS What I'm seeing on the Merit server is this: Thu Jan 6 17:10:13 2000: Received-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 Thu Jan 6 17:10:13 2000: Sending-AUTHENTICATE-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 to 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: Response-AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 PPP/255.255.255.254 from 153.42.42.42[153.42.42.42]:1645 Thu Jan 6 17:10:13 2000: rad_reply: Problem parsing user for request from as2.realm.net Thu Jan 6 17:10:13 2000: AUTHENTICATE: 15/2658 '[EMAIL PROTECTED]' via as2.realm.net from as2.realm.net port 19 "x.realm.net" PPP/255.255.255.254 - FAILED -- total 0, holding 0 But then it doesn't accounting and the user gets online! Obviously the problem is with Merit parsing the user for the request. Unfortunately I cannot do any debugging on the merit server beyond the logfile. I've changed the reply attributes to include User-Name with no luck. (And yes, I know that the session-timeout is being set twice). :) Trace 4 reply sent to the merit server: Attributes: Framed-Protocol = PPP Framed-Routing = None Session-Timeout = 14400 Framed-Compression = Van-Jacobson-TCP-IP Session-Timeout = 604800 NAS-Identifier = "xxx.xxx.xxx.xxx" NAS-Port = 1040 User-Name = "[EMAIL PROTECTED]" I must confess to being perplexed as to how the user is getting online, if the Merit server is rejecting the request. It sounds more like the Access-Accept from the Radiator host is being returned to the NAS by the Merit host, but that the accounting packets are not being handled correctly. What exactly are your requirements? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) No accounting replies
We have just put up the latest Radiator code, and have completely revamped our config to take advantage of the nifty new stuff. But we're having problems with accounting packets. Radiator gets the packets, but according to "snoop" it never replies to them. Note: this means that the problem is _not_ with the NAS. It never gets any ACKs because Radiator isn't sending any. So the NAS (correctly) keeps resending the packets. Here are the salient portions of our config. Client x Secret x IgnoreAcctSignature DupInterval 0 /Client The IgnoreAcctSignature and DupInterval lines are there for debugging only; they should go away when everything's working. # Handle All the Accounting requests Handler Acct-Status-Type=/.+/ AcctLogFileName %L/%R%c-%Y%m%d AccountingHandled /Handler This is the first handler in the config file. According to the log, it is properly intercepting the accounting packets. Finally, here is our PreClientHook: sub{ ## lc() the username and remove junk characters. ## If the user has entered a realm, normalize it. # We don't need to re-create this hash for every packet if (!defined %main::loa_realm2class) { %main::loa_realm2class = ( 'realm1'= 'class1', 'realm2'= 'class2', 'realm3'= 'class2', : : : : : : ); } my $p = ${$_[0]}; my ($user, $realm); ($user = lc $p-getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d; ($user, $realm) = split ('@', $user); if ($realm) { $realm = ( $main::loa_realm2class{$realm} or $realm); $p-changeUserName("$user\@$realm"); } } - And here is a bit from the log file. The daemon has just been killed and restarted Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn Fri Jan 7 01:25:42 2000: INFO: Server started Fri Jan 7 01:25:43 2000: DEBUG: Packet dump: *** Received from 209.113.155.4 port 1651 Code: Accounting-Request Identifier: 36 Authentic: 3221d237140171152147VKov219}171139 Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1553 Acct-Authentic = RADIUS Connect_Info = 858862128 Acct-Input-Octets = 20479 Acct-Output-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u13528216)L184$f0I\22117431P204141165}\21919217174 Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used to handle this request Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request Identifier: 36 Authentic: 3221d237140171152147VKov219}171139 Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1553 Acct-Authentic = RADIUS Connect_Info = 858862128 Acct-Input-Octets = 20479 Acct-Output-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u13528216)L184$f0I\22117431P204141165}\21919217174 Fri Jan 7 01:25:43 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:43 2000: DEBUG: Deleting session for [EMAIL PROTECTED], 216.41.76.18, 4 Fri Jan 7 01:25:43 2000: DEBUG: Packet dump: *** Received from 209.113.155.4 port 1651 Code: Accounting-Request Identifier: 36 Authentic: 3221d237140171152147VKov219}171139 Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1553 Acct-Authentic = RADIUS Connect_Info = 858862128 Acct-Input-Octets = 20479 Acct-Output-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause