Re: (RADIATOR) No accounting replies

2000-01-07 Thread Hugh Irvine 


Hello Phil -

On Fri, 07 Jan 2000, Phil Freed wrote:
> We have just put up the latest Radiator code, and have 
> completely revamped our config to take advantage of the
> nifty new stuff.  But we're having problems with accounting
> packets.  Radiator gets the packets, but according to "snoop"
> it never replies to them. 
> 
>Note:  this means that the problem is _not_ with the NAS.
>It never gets any ACKs because Radiator isn't sending any.
>So the NAS (correctly) keeps resending the packets.
> 
> Here are the salient portions of our config.
> 
>   
> Secret  x
> IgnoreAcctSignature
> DupInterval 0
>   
> 
> The IgnoreAcctSignature and DupInterval lines are there 
> for debugging only; they should go away when everything's 
> working.
> 
>   # Handle All the Accounting requests
>   
> AcctLogFileName %L/%R%c-%Y%m%d
> AccountingHandled
>   
> 
> This is the first handler in the config file.
> According to the log, it is properly intercepting
> the accounting packets.
> 
> Finally, here is our PreClientHook:
> 
> sub{
>   ## lc() the username and remove junk characters.
>   ## If the user has entered a realm, normalize it.
> 
>   # We don't need to re-create this hash for every packet
>   if (!defined %main::loa_realm2class) {
> %main::loa_realm2class = (
> 'realm1'=>  'class1',
> 'realm2'=>  'class2',
> 'realm3'=>  'class2',
>  : : :   : : :
> );
>   }
> 
>   my $p = ${$_[0]};
>   my ($user, $realm);
>   ($user = lc $p->getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d;
>   ($user, $realm) = split ('@', $user);
> 
>   if ($realm) {
> $realm = ( $main::loa_realm2class{$realm}  or  $realm);
> $p->changeUserName("$user\@$realm");
>   }
> }
> 
> -
> 
> And here is a bit from the log file.  The daemon has 
> just been killed and restarted
> 
> Fri Jan  7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
> Fri Jan  7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
> Fri Jan  7 01:25:42 2000: INFO: Server started
> Fri Jan  7 01:25:43 2000: DEBUG: Packet dump:
> *** Received from 209.113.155.4 port 1651 
> Code:   Accounting-Request
> Identifier: 36
> Authentic:  <3><221>d<237><140><171><152><147>VKov<219>}<171><139>
> Attributes:
> Acct-Session-Id = "1C002EBF"
> User-Name = "[EMAIL PROTECTED]"
> Client-Id = 216.41.76.18
> NAS-Port = 4
> NAS-Port-Type = Async
> Acct-Status-Type = Stop
> Acct-Session-Time = 1553
> Acct-Authentic = RADIUS
> Connect_Info = 858862128
> Acct-Input-Octets = 20479
> Acct-Output-Octets = 274291
> Called-Station-Id = "9783364950"
> Calling-Station-Id = "9787775389"
> Class = "cybertours.com"
> Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
> Livingston = "User Request - PPP Term Req"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 216.41.76.164
> Acct-Delay-Time = 10699
> Proxy-State = 
>8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19><217><174>
> 
> Fri Jan  7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be 
>used to handle this request
> Fri Jan  7 01:25:43 2000: DEBUG: dump:Code:   Accounting-Request
> Identifier: 36
> Authentic:  <3><221>d<237><140><171><152><147>VKov<219>}<171><139>
> Attributes:
> Acct-Session-Id = "1C002EBF"
> User-Name = "[EMAIL PROTECTED]"
> Client-Id = 216.41.76.18

It looks to me like the regexp in your Handler is causing problems.

You might like to try this:





Note that the Request-Type support is in the Radiator 2.14.1 patches area:

http://www.open.com.au/radiator/downloads/patches-2.14.1/patches.README

6/9/99 Rolled the AddToReplyIfNotExist.patch into the base code. This code
was contributed by Vincent Gillet <[EMAIL PROTECTED]>, and implemnets
the AddToReplyIfNotExist parameter, which will append an attribute
to a reply if and only if it the attribute is not already present.
AlsoaAdded new check item Request-Type. This is mostly useful
in Handlers, to allow you to trigger on different types of 
 requests.
Download AuthGeneric.pm and AttrVal.pm from here.

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) No accounting replies

2000-01-07 Thread Phil Freed 

Whups - I spoke too soon.  It appears that this didn't solve anything 
after all.  Any other thoughts?

> 
> On Fri, 07 Jan 2000, Phil Freed wrote:
> > We have just put up the latest Radiator code, and have 
> > completely revamped our config to take advantage of the
> > nifty new stuff.  But we're having problems with accounting
> > packets.  Radiator gets the packets, but according to "snoop"
> > it never replies to them. 
> > 
> >Note:  this means that the problem is _not_ with the NAS.
> >It never gets any ACKs because Radiator isn't sending any.
> >So the NAS (correctly) keeps resending the packets.
> > 
> > Here are the salient portions of our config.
> > 
> >   
> > Secret  x
> > IgnoreAcctSignature
> > DupInterval 0
> >   
> > 
> > The IgnoreAcctSignature and DupInterval lines are there 
> > for debugging only; they should go away when everything's 
> > working.
> > 
> >   # Handle All the Accounting requests
> >   
> > AcctLogFileName %L/%R%c-%Y%m%d
> > AccountingHandled
> >   
> > 
> > This is the first handler in the config file.
> > According to the log, it is properly intercepting
> > the accounting packets.
> > 
> > Finally, here is our PreClientHook:
> > 
> > sub{
> >   ## lc() the username and remove junk characters.
> >   ## If the user has entered a realm, normalize it.
> > 
> >   # We don't need to re-create this hash for every packet
> >   if (!defined %main::loa_realm2class) {
> > %main::loa_realm2class = (
> > 'realm1'=>  'class1',
> > 'realm2'=>  'class2',
> > 'realm3'=>  'class2',
> >  : : :   : : :
> > );
> >   }
> > 
> >   my $p = ${$_[0]};
> >   my ($user, $realm);
> >   ($user = lc $p->getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d;
> >   ($user, $realm) = split ('@', $user);
> > 
> >   if ($realm) {
> > $realm = ( $main::loa_realm2class{$realm}  or  $realm);
> > $p->changeUserName("$user\@$realm");
> >   }
> > }
> > 
> > -
> > 
> > And here is a bit from the log file.  The daemon has 
> > just been killed and restarted
> > 
> > Fri Jan  7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
> > Fri Jan  7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn
> > Fri Jan  7 01:25:42 2000: INFO: Server started
> > Fri Jan  7 01:25:43 2000: DEBUG: Packet dump:
> > *** Received from 209.113.155.4 port 1651 
> > Code:   Accounting-Request
> > Identifier: 36
> > Authentic:  <3><221>d<237><140><171><152><147>VKov<219>}<171><139>
> > Attributes:
> > Acct-Session-Id = "1C002EBF"
> > User-Name = "[EMAIL PROTECTED]"
> > Client-Id = 216.41.76.18
> > NAS-Port = 4
> > NAS-Port-Type = Async
> > Acct-Status-Type = Stop
> > Acct-Session-Time = 1553
> > Acct-Authentic = RADIUS
> > Connect_Info = 858862128
> > Acct-Input-Octets = 20479
> > Acct-Output-Octets = 274291
> > Called-Station-Id = "9783364950"
> > Calling-Station-Id = "9787775389"
> > Class = "cybertours.com"
> > Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
> > Livingston = "User Request - PPP Term Req"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Address = 216.41.76.164
> > Acct-Delay-Time = 10699
> > Proxy-State = 
>8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19
><217><174>
> > 
> > Fri Jan  7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be 
>used to handl
e this request
> > Fri Jan  7 01:25:43 2000: DEBUG: dump:Code:   Accounting-Request
> > Identifier: 36
> > Authentic:  <3><221>d<237><140><171><152><147>VKov<219>}<171><139>
> > Attributes:
> > Acct-Session-Id = "1C002EBF"
> > User-Name = "[EMAIL PROTECTED]"
> > Client-Id = 216.41.76.18
> 
> It looks to me like the regexp in your Handler is causing problems.
> 
> You might like to try this:
> 
> 
>   
> 
> 
> Note that the Request-Type support is in the Radiator 2.14.1 patches area:
> 
> http://www.open.com.au/radiator/downloads/patches-2.14.1/patches.README
> 
> 6/9/99 Rolled the AddToReplyIfNotExist.patch into the base code. This code
> was contributed by Vincent Gillet <[EMAIL PROTECTED]>, and implemnets
> the AddToReplyIfNotExist parameter, which will append an attribute
> to a reply if and only if it the attribute is not already present.
> AlsoaAdded new check item Request-Type. This is mostly useful
> in Handlers, to allow you to trigger on different types of 
>  requests.
> Download AuthGeneric.pm and AttrVal.pm from here.
> 
> hth
> 
> Hugh
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external,

(RADIATOR) Bug in NAS-Address-Port-List?

2000-01-07 Thread Phil Freed 

This may or may not be related my accounting record problem.
(I suspect not.)

I need a special handler for slot 6 on one of my NASs.  I have
the following sections in my radius.cfg:

  #
  
  

The first item is commented out because it kills radius 
with the message
 Can't call method "log" on unblessed reference at 
/usr/local/lib/perl5/site_perl/5.005/Radius/AuthGeneric.pm line 644.

The second one should do just what I want, but it doesn't work.
(See log entries below.)  The third item is just there for 
debugging - but it mystifies rather than enlightens.  Apparently,
it matches the wrong packets altogether.  Note that the handler
is *supposed* to match the client x.227, but the
log shows that it matches x.225 .

I'm afraid I'm stumped.  Am I missing something obvious
here?


### From radius.cfg:


## This kills radius:
#
#   PreAuthHook file:"/usr/local/etc/preauth.hook"
#AcctLogFileName %L/x%R-%c-%Y%m%d
#   PasswordLogFileName %L/$R:%Y%m.pass
#   
#   Filename%D/users.isdn
#   
#

# This is what I want:

PreAuthHook file:"/usr/local/etc/preauth.hook"
AcctLogFileName %L/x%R-%c-%Y%m%d
PasswordLogFileName %L/$R:%Y%m.pass

Filename%D/users.isdn




PreAuthHook file:"/usr/local/etc/preauth.hook"
AcctLogFileName %L/x%R-%c-%Y%m%d
PasswordLogFileName %L/$R:%Y%m.pass

Filename%D/users.isdn




### From the log:

*** Received from 208.130.42.53 port 45016 
Code:   Access-Request
Identifier: 242
Authentic:  1234567890123456
Attributes:
User-Name = "philtest"
Service-Type = Framed-User
Client-Id = 208.153.18.227
NAS-Port = 1234
NAS-Port-Type = Async
User-Password = "<173><21><220><249><141><11>g<133><130>Cl<216>u'<154><2
47>"
Chassis-Call-Slot = 6

Fri Jan  7 04:53:18 2000: DEBUG: Check if Handler Request-Type = Accounting-Request 
should be used 
to handle this request
Fri Jan  7 04:53:18 2000: DEBUG: Check if Handler 
Client-Id=208.153.18.227,Chassis-Call-Slot=6 shou
ld be used to handle this request
Fri Jan  7 04:53:18 2000: DEBUG: Check if Handler Client-Id=208.153.18.227 should be 
used to handle
 this request
Fri Jan  7 04:53:18 2000: DEBUG: Check if Handler Realm=psdu.net should be used to 
handle this requ
est
  etc...
--

Fri Jan  7 04:59:43 2000: DEBUG: Packet dump:
*** Received from 208.153.18.225 port 1645 
Code:   Access-Request
Identifier: 48
Authentic:  <10><230>y<247><135><218><142><234>,SqA<203>$<153><172>
Attributes:
User-Name = "marier"
User-Password = "`<138>8<166>'a<170><252><166><247><4>M<147><226><245><13>"
Client-Id = 208.153.18.225
NAS-Port = 781
Acct-Session-Id = "51147957"
USR-Interface-Index = 2037
Service-Type = Framed-User
Framed-Protocol = PPP
Chassis-Call-Slot = 4
Chassis-Call-Span = 1
Chassis-Call-Channel = 13
Calling-Station-Id = ""
Called-Station-Id = "6428000"
NAS-Port-Type = Async

Fri Jan  7 04:59:43 2000: DEBUG: Check if Handler Request-Type = Accounting-Request 
should be used 
to handle this request
Fri Jan  7 04:59:43 2000: DEBUG: Check if Handler 
Client-Id=208.153.18.227,Chassis-Call-Slot=6 shou
ld be used to handle this request
Fri Jan  7 04:59:43 2000: DEBUG: Check if Handler Client-Id=208.153.18.227 should be 
used to handle
 this request
Fri Jan  7 04:59:43 2000: DEBUG: Handling request with Handler 
'Client-Id=208.153.18.227'
   etc
Phil Freed <[EMAIL PROTECTED]>

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Multiple session databases.

2000-01-07 Thread Vicente Ferrando 

Hello every body,

Someone knows if there is any way to have duplicated session databases,
one of them in DBM format and the other in MySQL?

Thanks in advance.
--
CTV-JET Uni2 [http://www.ctv.es]
Vicente Ferrando /  [EMAIL PROTECTED]
Dpto. Sistemas / Ingeniero de Sistemas / System Engineer
Tel: +34 96 584 52 91 - Fax: +34 96 584 48 96
---

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) freezing

2000-01-07 Thread Robin Gruyters 

Hi here is a trace (from the second config):

Fri Jan  7 14:13:44 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Jan  7 14:13:44 2000: DEBUG: Deleting session for
¦
^£#÷!M|ůÏãÀ·ÒQ¯Oeèÿ}²õ÷Pu;ÅY­B¤ÆÎY¶ÈN&k´Ó?4N¾($!yIð1>eÔ´úùQæ¼]àÑ¿ómÞÄvüÞ&ÚÄ<ñÅg?¯ùv
*·ì ­ñåÝfòÑZ:'
rü{&=Ô¹Ô¼û(x/ê,t2&Ðxs­Ý¦¢K[b¡3$£ë×6Öú¦&úß
0IMöj(Û?]"¯fGÌ`yzÉ
$=ßfò¹­ÑJ¾«dÊ/älÝ, 195.7.137.175, 18
Fri Jan  7 14:13:44 2000: DEBUG: Handling with Radius::AuthLDAP2
Fri Jan  7 14:13:44 2000: DEBUG: Connecting to ldap1.inside.servers, port 389

It only freezes on de normal radius server(s) not on the proxy one

On Fri, Jan 07, 2000 at 10:17:13AM +1100, Hugh Irvine wrote:
> 
> Hello Robin -
> 
> On Thu, 06 Jan 2000, Robin Gruyters wrote:
> > Hi,
> > 
> > I've got some problems with Radiator v2.14.1. It just freezes (most of the time
> > in the evening). I'm using Authby RADIUS and Authby LDAP2 with perl v5.00503 on
> > a FreeBSD system. below you find my config file(s).
> > 
> 
> Could you please send a trace 4 debug showing where Radiator is stopping? Also
> what LDAP server are you running? And which of the two copies of Radiator is
> the one that stops? If both stop is it because the LDAP request doesn't get
> answered?
> 
> > BTW, is it possible to include more dictionaries??!
> 
> It is only possible to specify a single dictionary at this time, however it is
> very easy to add definitions to it as the dictionary is only a text file.
> 
> hth
> 
> Hugh
> 
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
> 
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Regards,

 Robin Gruyters - SYS/B.O.F.H. - [EMAIL PROTECTED] - http://www.phear.nl
 RIPE nic-hdl: RG3771-RIPE   http://www.ripe.net/cgi-bin/whois?AS9133
 WISH Worldwide Websites B.V. PGP key ID DEB8C991
  Tel: +31(0)413242500 - Fax: +31(0)413332281 - http://www.wish.net/
  -- System Manager / Web Designer / B.O.F.H. ---
 "Where do you wanna frag today?"

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) AuthBy NT and Global Group ?

2000-01-07 Thread talist 

Hello,

Is is possible to authenticate NT passwords with Global Groups (instead of
Local Group)
I would like to divide several groups of users according to their global
Group affiliation.


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) SQL database schema

2000-01-07 Thread Matt Chambers 


Basically, you can customize it however.  This is what I use.  I admit I
didn't
put a whole lot of time into customization, but this works pretty well.  I
added
the STATUS field so I can easily expire accounts.  It was basically designed
for MegaPOP customers.

 
AuthSelect select PASSWORD,SERVICETYPE,PROTOCOL,IPADDRESS,IPNETMASK
from
 SUBSCRIBERS where USERNAME='%n' and STATUS="A"

DBSourcedbi:mysql:database_name
DBUsername  uid
DBAuth  pwd
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Service-Type, reply
AuthColumnDef 2, Framed-Protocol, reply
AuthColumnDef 3, Framed-IP-Address, reply
AuthColumnDef 4, Framed-IP-Netmask, reply
AcctColumnDef   USERNAME,User-Name
AcctColumnDef   IPADDRESS,Framed-IP-Address
AcctColumnDef   TIME_STAMP,Timestamp,integer
AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef   ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef   NASPORT,NAS-Port,integer




At 02:12 PM 1/6/00 -0600, you wrote:
>Does anyone have a list of tables, columns, and data types that Radiator
>users when SQL is the auth method?  Thanks.
>
>--
>Josh Arnold
>


Matt Chambers
Internet Visionary
The PressRoom
http://www.pressroom.com
703-631-5755 x3001



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) SNMP or PMWHO

2000-01-07 Thread Andrew Kaplan 

How do I verify wether radiator is using SNMP or PHWHO

Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA
CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com

Imagination is a quality given a man to compensate him for what he is not,
and a sense of humor was provided to console him for who he is.Oscar
Wilde






 __o
   _-\<,_
..(_)/ (_)
``




===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) foreground.

2000-01-07 Thread Matt Chambers 


Why should I run Radiator in the foreground?


Matt Chambers
Internet Visionary
The PressRoom
http://www.pressroom.com
703-631-5755 x3001



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) No accounting replies

2000-01-07 Thread Paul van der Zwan 

In message <0001071824290B.00604@hugo>, Hugh Irvine wrote:
>
>It looks to me like the regexp in your Handler is causing problems.
>
>You might like to try this:
>
>
>   
>
>
>

This week I had a similar problem with an accounting-only server. I had to
put an empty  clause in the handler.
It looked like a handler without any AuthBy clauses does not send and 
accounting replies.

Paul

-- 
Paul van der Zwan   paulz @ trantor.xs4all.nl
"I think I'll move to theory, everything works in theory..."



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) AuthBy NT and Global Group ?

2000-01-07 Thread Mike McCauley 

Hello,


On Jan 7, 10:30am, [EMAIL PROTECTED] wrote:
> Subject: (RADIATOR) AuthBy NT and Global Group ?
> Hello,
>
> Is is possible to authenticate NT passwords with Global Groups (instead of
> Local Group)
> I would like to divide several groups of users according to their global
> Group affiliation.

Sorry, only Local groups are supported.

Cheers.

>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from [EMAIL PROTECTED]



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) No accounting replies

2000-01-07 Thread Phil Freed 

Brilliant, simple, and (after the fact) obvious.

Thanks very much; that did the trick.

> This week I had a similar problem with an accounting-only server. I had to
> put an empty  clause in the handler.
> It looked like a handler without any AuthBy clauses does not send and 
> accounting replies.

Phil Freed <[EMAIL PROTECTED]>

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) freezing

2000-01-07 Thread tom minchin 

On Fri, Jan 07, 2000 at 02:19:24PM +0100, Robin Gruyters wrote:
> Hi here is a trace (from the second config):
> 
> Fri Jan  7 14:13:44 2000: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Fri Jan  7 14:13:44 2000: DEBUG: Deleting session for
> ¦
> ^£#÷!M|ůÏãÀ·ÒQ¯Oeèÿ}²õ÷Pu;ÅY­B¤ÆÎY¶ÈN&k´Ó?4N¾($!yIð1>eÔ´úùQæ¼]àÑ¿ómÞÄvüÞ&ÚÄ<ñÅg?¯ùv
> *·ì ­ñåÝfòÑZ:'
> rü{&=Ô¹Ô¼û(x/ê,t2&Ðxs­Ý¦¢K[b¡3$£ë×6Öú¦&úß
> 0IMöj(Û?]"¯fGÌ`yzÉ
> $=ßfò¹­ÑJ¾«dÊ/älÝ, 195.7.137.175, 18
> Fri Jan  7 14:13:44 2000: DEBUG: Handling with Radius::AuthLDAP2
> Fri Jan  7 14:13:44 2000: DEBUG: Connecting to ldap1.inside.servers, port 389
> 
> It only freezes on de normal radius server(s) not on the proxy one
> 

You probably don't want to be sending garbage to LDAP servers. If they
are like the ones I have to interface with, they are delicate flowers
and the slightest harsh word causes them to fail.

[EMAIL PROTECTED]

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Simultaneous-Use Broken?

2000-01-07 Thread admin 

I'm having a problem with the new version of radiator
such that it is rejecting more than one usage of the same
username in a handler even though there are no limits
on how many of this particular username can login.  I have
had this configuration working for over a year now, but
the new version of radiator seems to have broken my
configuration allowing this username to login more than
one time.  Below is the trace4 output as well as a snipping
of my config file that deals with this handler.  I may have
missed a new option that I need to put in, but it sure feels
like a bug.

Thanks,
John Kicklighter
Internet 2xtreme
http://www.2xtreme.net/


*** Received from 127.0.0.1 port 1452    
Code:   Access-Request
Identifier: 30
Authentic:  1234567890123456
Attributes:
User-Name = "test"
User-Service = Framed-User
Client-Id = 203.63.154.1  
NAS-Port = 1234
NAS-Port-Type = Async
User-Password = 
"c<19><223><15>.<210><180><128><178><26>,<214><133><234><170><157>"

Fri Jan  7 18:03:00 2000: DEBUG: Rewrote user name to test
Fri Jan  7 18:03:00 2000: DEBUG: Rewrote user name to test
Fri Jan  7 18:03:00 2000: DEBUG: Check if Handler Realm=interx.net should be used to 
handle this request
Fri Jan  7 18:03:00 2000: DEBUG: Check if Handler User-Name=test should be used to 
handle this request  
Fri Jan  7 18:03:00 2000: DEBUG: Handling request with Handler 'User-Name=test'
Fri Jan  7 18:03:00 2000: DEBUG:  Deleting session for test, 203.63.154.1, 1234
Fri Jan  7 18:03:00 2000: DEBUG: do query is: delete from RADONLINE where 
NASIDENTIFIER='203.63.154.1' and NASPORT=1234

Fri Jan  7 18:03:00 2000: DEBUG: Handling with Radius::AuthEMERALD
Fri Jan  7 18:03:00 2000: DEBUG: Handling with Radius::AuthEMERALD
Fri Jan  7 18:03:00 2000: DEBUG: Query is: select DateAdd(Day, ma.extension, 
maExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit  
from masteraccounts ma, subaccounts sa 
where (sa.login = 'test' or sa.shell = 'test')
and ma.customerid = sa.customerid 
and sa.active <> 0 and ma.active <> 0

Fri Jan  7 18:03:00 2000: DEBUG: Select results: Dec 31 2030 12:00:00:000AM, Jan  1 
2037 12:00:00:000AM, 5784, PPP, dilbert, test,  , ,
Fri Jan  7 18:03:00 2000: DEBUG: Query is: select ra.RadAttributeID, Data, Value, Type 
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID and rc.AccountID=5784

Fri Jan  7 18:03:00 2000: DEBUG: Query is: select ra.RadAttributeID, Data, Value, Type
from RadATConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and rc.AccountType='PPP'

Fri Jan  7 18:03:00 2000: DEBUG: Radius::AuthEMERALD looks for match with test
Fri Jan  7 18:03:00 2000: DEBUG: Expiration date converted to: 1924934400
Fri Jan  7 18:03:00 2000: DEBUG: Expiration date converted to: 2114409600
Fri Jan  7 18:03:00 2000: DEBUG: Query is: select NASIDENTIFIER, NASPORT, 
ACCTSESSIONID from RADONLINE where USERNAME='test'

Fri Jan  7 18:03:00 2000: DEBUG: Checking if user is still online: unknown, test, 
209.63.222.36, 8, 01030646
Fri Jan  7 18:03:00 2000: DEBUG: Radius::AuthEMERALD REJECT: Simultaneous-Use of 1 
exceeded
Fri Jan  7 18:03:00 2000: DEBUG: Query is: select DateAdd(Day, ma.extension, 
maExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit  
from masteraccounts ma, subaccounts sa 
where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
and ma.customerid = sa.customerid 
and sa.active <> 0 and ma.active <> 0

Fri Jan  7 18:03:00 2000: INFO: Access rejected for test: Simultaneous-Use of 1 
exceeded
Fri Jan  7 18:03:00 2000: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1452 
Code:   Access-Reject
Identifier: 30
Authentic:  1234567890123456
Attributes:
Port-Message = "Request Denied"


==

# Allow Multiple Logins for the Test account

PasswordLogFileName /var/log/radiusd/logins/%m%d%Y-password.log


DBSourcedbi:Sybase:dbaseiface
DBUsername  dblogin
DBAuth  dbpassword

AccountingTable Calls
AcctColumnDef   UserName,User-Name
AcctColumnDef   CallDate,Timestamp,integer-date
AcctColumnDef   AcctStatusType,Acct-Status-Type,integer
AcctColumnDef   AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef   AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef   AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef   AcctSessionId,Acct-Session-Id
AcctColumnDef   AcctSessionTime,Acct-Session-Time,integer  
AcctColumnDef   NASIdentifier,Client-Id
AcctColumnDef   NASPort,NAS-Port,integer
AcctColumnDef   FramedAddress

Re: (RADIATOR) AuthBy NT and Global Group ?

2000-01-07 Thread talist 

While reading the "AuthBy NT" source code, I noticed the use of
Win32::NetAdmin::GroupIsMember instead of
Win32::NetAdmin::LocalGroupIsMember
That lead me to believe that Radiator is checking in the Global Groups of
the DomainControler
I checked this theory on an NT box and it seems to be authenticating against
Global Domain Groups.

Well since this was what I needed, I feel quite happy with this behavior so
I will not make any further tests (i.e. check if it applies to Local Groups
...)

A Big thank you to the Radiator team for this great product.

> >
> > Is is possible to authenticate NT passwords with Global Groups (instead
of
> > Local Group)
> > I would like to divide several groups of users according to their global
> > Group affiliation.
>
> Sorry, only Local groups are supported.
>
> Cheers.



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.