Re: (RADIATOR) Cisco AS5300 Problem
Idle-timeouts only worked correctly on ISDN calls after 11.3(8.1)T or later. We have these working correctly by passing something like this: AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP, \ Framed-Routing = None, \ Framed-MTU = 1500, \ Framed-Compression = Van-Jacobson-TCP-IP, \ Idle-Timeout = 300, \ Session-Timeout = 600 This will set an idle-timeout of 300 seconds and a maximum session time of 600 seconds. See the Radiator FAQ at http://www.open.com.au/radiator/faq.html#59 and also Cisco's documentation at http://www.cisco.com/warp/public/131/8.html Regards, Matt At 06:49 PM 03/02/00 -0600, Steve Suehring wrote: >On Fri, 4 Feb 2000, Hugh Irvine wrote: > > What dictionary are you using? The standard Radiator dictionary > specifies this: > > > > ATTRIBUTE Idle-Timeout28 integer > > > >Ours is the same. > > > And what about Service-Type? Cisco's are very picky about requiring a > > Service-Type that matches the request in the Access-Accept. > >I'm curious as to why it works with everything _but_ single channel ISDN! > >*** Received from 169.207.x.x port 1645 >Code: Access-Request >Identifier: 91 >Authentic: <194>.<15><228><18><223><253><250><158><235>(Zv<221>$<145> >Attributes: > NAS-IP-Address = 169.207.x.x > NAS-Port = 20003 > NAS-Port-Type = ISDN > User-Name = "vanhalen" > Called-Station-Id = "6195551212" > Calling-Station-Id = "6195551212" > User-Password = "<226><230><165>jx<20>" > Service-Type = Framed-User > Framed-Protocol = PPP > >*** Sending to 169.207.x.x port 1645 >Code: Access-Accept >Identifier: 91 >Authentic: <194>.<15><228><18><223><253><250><158><235>(Zv<221>$<145> >Attributes: > Idle-Timeout = 900 > Framed-MTU = 1500 > Framed-IP-Netmask = 255.255.255.255 > Service-Type = Framed-User > Framed-Routing = None > > >=== >Archive at http://www.thesite.com.au/~radiator/ >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. --- Matthew Nichols - CCNA Network / Systems Engineer HunterLink Pty Ltd Newcastle NSW Australia Phone: +61 2 4969 0122 Fax: +61 2 4969 0133 Reply To: [EMAIL PROTECTED] PGP Public Key: http://moonah.hunterlink.net.au/~matt/pgp/pgpkey.html HunterLink Web Site: http://www.hunterlink.net.au === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco AS5300 Problem
On Fri, 4 Feb 2000, Hugh Irvine wrote: > What dictionary are you using? The standard Radiator dictionary specifies this: > > ATTRIBUTE Idle-Timeout28 integer > Ours is the same. > And what about Service-Type? Cisco's are very picky about requiring a > Service-Type that matches the request in the Access-Accept. I'm curious as to why it works with everything _but_ single channel ISDN! *** Received from 169.207.x.x port 1645 Code: Access-Request Identifier: 91 Authentic: <194>.<15><228><18><223><253><250><158><235>(Zv<221>$<145> Attributes: NAS-IP-Address = 169.207.x.x NAS-Port = 20003 NAS-Port-Type = ISDN User-Name = "vanhalen" Called-Station-Id = "6195551212" Calling-Station-Id = "6195551212" User-Password = "<226><230><165>jx<20>" Service-Type = Framed-User Framed-Protocol = PPP *** Sending to 169.207.x.x port 1645 Code: Access-Accept Identifier: 91 Authentic: <194>.<15><228><18><223><253><250><158><235>(Zv<221>$<145> Attributes: Idle-Timeout = 900 Framed-MTU = 1500 Framed-IP-Netmask = 255.255.255.255 Service-Type = Framed-User Framed-Routing = None === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) ascend disconnect causes
Is their any significance in the different disconnect causes we receive from our Ascends? We receive pppRcvTerminate and remoteEndhungup on a lot of sessions. if anyone knows of reference for these that would be helpful also! thanks Frank === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Cisco AS5300 Problem
Hello Steve - On Fri, 04 Feb 2000, Steve Suehring wrote: > Hello- > > I'm having the following problem with people dialing in single channel > ISDN into Cisco AS5300. The reason I'm posting this to the Radiator list > is that the problem only started after we switched from Merit to Radiator. > > For the past week I've been pursuing it from the Cisco end with no > luck. > > Here are details. > > When a user dials in with PPP for single-channel isdn, it will not > authenticate. The Cisco debug shows that it fails during the > Authorization stage. Specifically here is the debug from the cisco: > > 3w2d: %LINK-3-UPDOWN: Interface Async93, changed state to down > 3w2d: %LINK-3-UPDOWN: Interface Serial0:13, changed state to up > 3w2d: Se0:13 AAA/AUTHOR/FSM: (0): LCP succeeds trivially > 3w2d: Se0:13 AAA/AUTHOR/FSM: (0): LCP succeeds trivially > 3w2d: AAA: parse name=Serial0:13 idb type=12 tty=-1 > 3w2d: AAA: name=Serial0:13 flags=0x51 type=1 shelf=0 slot=0 adapter=0 > port=0 cha > nnel=13 > 3w2d: Se0:13 AAA/AUTHOR/LCP: Authorize LCP > 3w2d: AAA/AUTHOR/LCP Se0:13 (843752075): Port='Serial0:13' list='' > service=NET > 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) user='vanhalen' > 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) send AV service=ppp > 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) send AV protocol=lcp > 3w2d: AAA/AUTHOR/LCP (843752075) found list "default" > 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) Method=RADIUS > 3w2d: AAA/AUTHOR (843752075): Post authorization status = PASS_REPL > 3w2d: Se0:13 AAA/AUTHOR/LCP: Processing AV service=ppp > 3w2d: Se0:13 AAA/AUTHOR/LCP: Processing AV idletime=900 > 3w2d: Se0:13 AAA/AUTHOR/LCP: idletime failed > 3w2d: Se0:13 AAA/AUTHOR/LCP: Denied > 3w2d: Se0:13 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored > 3w2d: %ISDN-6-DISCONNECT: Interface Serial0:13 disconnected from > 7153415211 , c > all lasted 2 seconds > 3w2d: %LINK-3-UPDOWN: Interface Serial0:13, changed state to down > > > Okay, quite obviosly it didn't like the idletime value. The problem is > that this idle time value is the same for users dialing in with Multilink > as well as users dialing in with regular modems. That's where I'm greatly > confused. Why does it work for those others but not single channel ISDN? > > One angle I've thought of is to strip the idletime value from the reply > for ISDN service types, but that doesn't seem to be a _solution_ rather it > seems like a band-aid. > > Is anyone else having any problems like this? If _not_, then could you > let me know so we can compare notes on AS5300 & radiator config? > What dictionary are you using? The standard Radiator dictionary specifies this: ATTRIBUTE Idle-Timeout28 integer And what about Service-Type? Cisco's are very picky about requiring a Service-Type that matches the request in the Access-Accept. If you could send us a trace 4 debug it would help greatly. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco AS5300 Problem
Hello- I'm having the following problem with people dialing in single channel ISDN into Cisco AS5300. The reason I'm posting this to the Radiator list is that the problem only started after we switched from Merit to Radiator. For the past week I've been pursuing it from the Cisco end with no luck. Here are details. When a user dials in with PPP for single-channel isdn, it will not authenticate. The Cisco debug shows that it fails during the Authorization stage. Specifically here is the debug from the cisco: 3w2d: %LINK-3-UPDOWN: Interface Async93, changed state to down 3w2d: %LINK-3-UPDOWN: Interface Serial0:13, changed state to up 3w2d: Se0:13 AAA/AUTHOR/FSM: (0): LCP succeeds trivially 3w2d: Se0:13 AAA/AUTHOR/FSM: (0): LCP succeeds trivially 3w2d: AAA: parse name=Serial0:13 idb type=12 tty=-1 3w2d: AAA: name=Serial0:13 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 cha nnel=13 3w2d: Se0:13 AAA/AUTHOR/LCP: Authorize LCP 3w2d: AAA/AUTHOR/LCP Se0:13 (843752075): Port='Serial0:13' list='' service=NET 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) user='vanhalen' 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) send AV service=ppp 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) send AV protocol=lcp 3w2d: AAA/AUTHOR/LCP (843752075) found list "default" 3w2d: AAA/AUTHOR/LCP: Se0:13 (843752075) Method=RADIUS 3w2d: AAA/AUTHOR (843752075): Post authorization status = PASS_REPL 3w2d: Se0:13 AAA/AUTHOR/LCP: Processing AV service=ppp 3w2d: Se0:13 AAA/AUTHOR/LCP: Processing AV idletime=900 3w2d: Se0:13 AAA/AUTHOR/LCP: idletime failed 3w2d: Se0:13 AAA/AUTHOR/LCP: Denied 3w2d: Se0:13 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored 3w2d: %ISDN-6-DISCONNECT: Interface Serial0:13 disconnected from 7153415211 , c all lasted 2 seconds 3w2d: %LINK-3-UPDOWN: Interface Serial0:13, changed state to down Okay, quite obviosly it didn't like the idletime value. The problem is that this idle time value is the same for users dialing in with Multilink as well as users dialing in with regular modems. That's where I'm greatly confused. Why does it work for those others but not single channel ISDN? One angle I've thought of is to strip the idletime value from the reply for ISDN service types, but that doesn't seem to be a _solution_ rather it seems like a band-aid. Is anyone else having any problems like this? If _not_, then could you let me know so we can compare notes on AS5300 & radiator config? Steve === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Netscape Directory Server 4.1 LDAP configuration
I have a new installation of Netscape dir Server 4.1 and am installing Radiator on NT. I have the LDAP.CFG setup as shown below, and am trying to test the authentication. I receive the error shown, and the program aborts. I've looked at AuthLDAP2.pm and am unsure of exactly what its trying to do at line 148. I am also concerned that the debug shows the NAS having an IP address of 203.63.154.1. Where does this come from? Thank you Steve Smith * ldap.cfg* * Foreground LogStdout LogDir . DbDir . Trace 4 Secret 12345678 DupInterval 0 DefaultRealmotz.net Secret 12345678 DupInterval 0 DefaultRealmotz.net # Tell Radiator how to talk to the LDAP server Host209.165.173.3 AuthDN cn=Directory Manager BaseDN o=otz.net AuthPassword12345678 UsernameAttruid PasswordAttruserPassword # These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's reply AddToReply Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP # Log accounting to the detail file in LogDir AcctLogFileName ./detail # Netscape Dir Server expects only usernames this will re-write username RewriteUsername s/^([^@]+).*/$1/ *** debug** *** C:\Radiator-2.14.1>perl radiusd -config_file goodies/ldap.cfg Thu Feb 3 07:34:31 2000: INFO: Server started Thu Feb 3 07:34:34 2000: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1689 Code: Access-Request Identifier: 154 Authentic: 1234567890123456 Attributes: User-Name = "ssmith" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<200><185>l<173><175>\<4><246><188>8<9><160><216>}x<153>" Thu Feb 3 07:34:34 2000: DEBUG: Handling request with Handler 'Realm=otz.net' Thu Feb 3 07:34:34 2000: DEBUG: Rewrote user name to ssmith Thu Feb 3 07:34:34 2000: DEBUG: Deleting session for ssmith, 203.63.154.1, 1234 Thu Feb 3 07:34:34 2000: DEBUG: Handling with Radius::AuthLDAP2 Thu Feb 3 07:34:34 2000: DEBUG: Connecting to 209.165.173.3, port 389 Can't locate object method "new" via package "Net::LDAP" at Radius/AuthLDAP2.pm line 148. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) USR Radius Problems
On Thu, 3 Feb 2000, Steve Suehring wrote: > Have you tried IgnoreAcctSignature in your portion? That fixed it! Now I feel silly, because although I checked the faq and the manual, I didn't see that. Thanks, Andy Andy Dills 301-682-9972 Network Administrator Fax 301-695-4060 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) USR Radius Problems
On Thu, 3 Feb 2000, Andy Dills wrote: > However, I get the weirdest Accounting packets from it. A user will > connect, and then disconnect, but for days after, I still get Start-Stop > and Accounting-On packets for the session! The packet trace shows "Bad Authenticator". So Radiator isn't going to ACK the packet, which means that the TCH will continue to try to resend it until it gets an ACK. Until you get upgraded (as mentioned earlier, and the proper fix for this), you can put "IgnoreAcctSignature" in your Radiator config for this clientthat will cause it to ignore the authenticator and accept the packet. Lon Stockton === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) USR Radius Problems
Have you tried IgnoreAcctSignature in your portion? Second: [EMAIL PROTECTED] On Thu, 3 Feb 2000, Andy Dills wrote: > > I apologize for this not being 100% on topic, but I have a feeling some > people on this list might have the answer I'm looking for. > > I have Total Control rack that I inherited from another ISP we acquired. > I've set it up, I can dial in, everything is fine. > > However, I get the weirdest Accounting packets from it. A user will > connect, and then disconnect, but for days after, I still get Start-Stop > and Accounting-On packets for the session! > > I doubt my config is affecting this, but nonetheless, here is my config > regarding this nas: > > > Secret > DupInterval 2 > > > Here is an excerpt, with Trace 4, of the bad packets: > > Thu Feb 3 12:23:15 2000: WARNING: Bad authenticator in request from > 216.200.88.132 (216.200.88.132) > Thu Feb 3 12:24:15 2000: DEBUG: Packet dump: > *** Received from 216.200.88.132 port 1645 > Code: Accounting-Request > Identifier: 0 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > Acct-Session-Id = "0" > Client-Id = 216.200.88.132 > Acct-Status-Type = Accounting-On > Acct-Delay-Time = 71199 > > Thu Feb 3 12:24:15 2000: WARNING: Bad authenticator in request from > 216.200.88.132 (216.200.88.132) > Thu Feb 3 12:25:16 2000: DEBUG: Packet dump: > *** Received from 216.200.88.132 port 1645 > Code: Accounting-Request > Identifier: 4 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > Acct-Session-Id = "01bb" > User-Name = "bye" > Client-Id = 216.200.88.132 > NAS-Port = 17 > Acct-Status-Type = Start > Acct-Authentic = RADIUS > Called-Station-Id = "7039175720" > Connect-Speed = 28800_BPS > Modulation-Type = v32Terbo > Simplified-MNP-Levels = v42Etc2 > Simplified-V42bis-Usage = none > Chassis-Call-Slot = 0 > Chassis-Call-Span = 0 > Chassis-Call-Channel = 1 > Unauthenticated-Time = 18 > NAS-Identifier = "" > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 216.127.130.129 > Acct-Delay-Time = 9939 > > Thu Feb 3 12:25:16 2000: WARNING: Bad authenticator in request from > 216.200.88.132 (216.200.88.132) > Thu Feb 3 12:25:16 2000: DEBUG: Packet dump: > *** Received from 216.200.88.132 port 1645 > Code: Accounting-Request > Identifier: 5 > Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> > Attributes: > Acct-Session-Id = "01bb" > User-Name = "bye" > Client-Id = 216.200.88.132 > NAS-Port = 17 > Acct-Status-Type = Stop > Acct-Session-Time = 136 > Acct-Terminate-Cause = ACCT_TERM_LOST_CARRIER > Acct-Authentic = RADIUS > Called-Station-Id = "7039175720" > Connect-Speed = 28800_BPS > Modulation-Type = v32Terbo > Simplified-MNP-Levels = v42Etc2 > Simplified-V42bis-Usage = none > Chassis-Call-Slot = 0 > Chassis-Call-Span = 0 > Chassis-Call-Channel = 1 > Unauthenticated-Time = 18 > NAS-Identifier = "" > Acct-Input-Octets = 2027 > Acct-Output-Octets = 240 > Acct-Input-Packets = 55 > Tunnel-Security = 6 > NAS-Port-Type = Async > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 216.127.130.129 > Acct-Delay-Time = 9802 > > > To show the repitivity: > > /users/andy>grep 01bb logfile | wc -l > 168 > > (This is over a ~4 hour span) > > > So, my question is twofold. Number one, does anybody know how to fix this > straight-out in the USR? Number two, is there a way to correct this in my > radiator config? > > Lastly, does anybody know of a mailing list for USR Total Control > products? > > Thanks in advance, > Andy > > > Andy Dills 301-682-9972 > Network Administrator Fax 301-695-4060 > Xecunet, LLCwww.xecu.net > > Dialup * Webhosting * E-Commerce * High-Speed Access > > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) USR Radius Problems
> > So, now I have to annoy tech support untl they give me 3.8 :> they should, since its a bug, but if not, let me know, and I can get it. > > > > Lastly, does anybody know of a mailing list for USR Total Control > > > products? > > > > [EMAIL PROTECTED], the definitive list for usr tc discussion. > > Aha, muchas gracias. > > Once again, Brian from Shreve.net saves the day :> :) > > Andy > > > Andy Dills 301-682-9972 > Network Administrator Fax 301-695-4060 > Xecunet, LLCwww.xecu.net > > Dialup * Webhosting * E-Commerce * High-Speed Access > - Brian Feeny (BF304) [EMAIL PROTECTED] 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) USR Radius Problems
On Thu, 3 Feb 2000, Brian wrote: > What version of code do you run on the Total Control rack? Is this > netserver or hiperarc based? Netserver, and version 3.7.24. And, (should have done this earlier), now that I look at the release notes for 3.8 it mentions: d-2837 Fixed bug that would cause improper RADIUS authenticator to be generated for accounting packets. If server was checking authenticators and did not reply to the packet then the NETServer would retry with a packet with the correct authenticator. So, now I have to annoy tech support untl they give me 3.8 :> > > Lastly, does anybody know of a mailing list for USR Total Control > > products? > > [EMAIL PROTECTED], the definitive list for usr tc discussion. Aha, muchas gracias. Once again, Brian from Shreve.net saves the day :> Andy Andy Dills 301-682-9972 Network Administrator Fax 301-695-4060 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authenticate from Postgres/Account to MSSQL?
>Is it possible to authenticate off one datasource but account to another? >We would like to authenticate off of a Postgres database, which we do now, >but send the Accounting information to an MSSQL server.does >Radiator allow for this? > >Brian Brian, I asked that same exact question, only worded a little different, a few months back. Here is the relevant parts of the response I got. Hope this helps. --- > I now need some input on configuration. I would like to, if possible, use > the MySQL database for authentication, yet have the accounting info > available to Rodopi. How would one go about this? Is it possible to point > Radiator to the MySQL database for security and point it to the Rodopi > database for accounting? > It is quite simple to do what you wish with cascaded AuthBy's, something like this would be close: # configure two AuthBy clauses # the first does accounting only (note empty AuthSelect) # the second does authentication only (empty AccountingTable) # and multiple AuthColumnDef's for reply items AuthByPolicy ContinueAlways AuthSelect DBSource DBAuth DBUsername AccountingTable DBSource DBAuth DBUsername AuthSelect select AuthColumnDef . AuthColumnDef Have a look at section 6.24 in the Radiator 2.14.1 reference manual for further details. There are also examples in the Radiator distribution in the files radius.cfg and goodies/sql.cfg. hth Hugh === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) USR Radius Problems
On Thu, 3 Feb 2000, Andy Dills wrote: > > I apologize for this not being 100% on topic, but I have a feeling some > people on this list might have the answer I'm looking for. > > I have Total Control rack that I inherited from another ISP we acquired. > I've set it up, I can dial in, everything is fine. > > However, I get the weirdest Accounting packets from it. A user will > connect, and then disconnect, but for days after, I still get Start-Stop > and Accounting-On packets for the session! What version of code do you run on the Total Control rack? Is this netserver or hiperarc based? > Lastly, does anybody know of a mailing list for USR Total Control > products? [EMAIL PROTECTED], the definitive list for usr tc discussion. Brian > > Thanks in advance, > Andy > > > Andy Dills 301-682-9972 > Network Administrator Fax 301-695-4060 > Xecunet, LLCwww.xecu.net > > Dialup * Webhosting * E-Commerce * High-Speed Access > > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > - Brian Feeny (BF304) [EMAIL PROTECTED] 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) USR Radius Problems
I apologize for this not being 100% on topic, but I have a feeling some people on this list might have the answer I'm looking for. I have Total Control rack that I inherited from another ISP we acquired. I've set it up, I can dial in, everything is fine. However, I get the weirdest Accounting packets from it. A user will connect, and then disconnect, but for days after, I still get Start-Stop and Accounting-On packets for the session! I doubt my config is affecting this, but nonetheless, here is my config regarding this nas: Secret DupInterval 2 Here is an excerpt, with Trace 4, of the bad packets: Thu Feb 3 12:23:15 2000: WARNING: Bad authenticator in request from 216.200.88.132 (216.200.88.132) Thu Feb 3 12:24:15 2000: DEBUG: Packet dump: *** Received from 216.200.88.132 port 1645 Code: Accounting-Request Identifier: 0 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: Acct-Session-Id = "0" Client-Id = 216.200.88.132 Acct-Status-Type = Accounting-On Acct-Delay-Time = 71199 Thu Feb 3 12:24:15 2000: WARNING: Bad authenticator in request from 216.200.88.132 (216.200.88.132) Thu Feb 3 12:25:16 2000: DEBUG: Packet dump: *** Received from 216.200.88.132 port 1645 Code: Accounting-Request Identifier: 4 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: Acct-Session-Id = "01bb" User-Name = "bye" Client-Id = 216.200.88.132 NAS-Port = 17 Acct-Status-Type = Start Acct-Authentic = RADIUS Called-Station-Id = "7039175720" Connect-Speed = 28800_BPS Modulation-Type = v32Terbo Simplified-MNP-Levels = v42Etc2 Simplified-V42bis-Usage = none Chassis-Call-Slot = 0 Chassis-Call-Span = 0 Chassis-Call-Channel = 1 Unauthenticated-Time = 18 NAS-Identifier = "" NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.127.130.129 Acct-Delay-Time = 9939 Thu Feb 3 12:25:16 2000: WARNING: Bad authenticator in request from 216.200.88.132 (216.200.88.132) Thu Feb 3 12:25:16 2000: DEBUG: Packet dump: *** Received from 216.200.88.132 port 1645 Code: Accounting-Request Identifier: 5 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: Acct-Session-Id = "01bb" User-Name = "bye" Client-Id = 216.200.88.132 NAS-Port = 17 Acct-Status-Type = Stop Acct-Session-Time = 136 Acct-Terminate-Cause = ACCT_TERM_LOST_CARRIER Acct-Authentic = RADIUS Called-Station-Id = "7039175720" Connect-Speed = 28800_BPS Modulation-Type = v32Terbo Simplified-MNP-Levels = v42Etc2 Simplified-V42bis-Usage = none Chassis-Call-Slot = 0 Chassis-Call-Span = 0 Chassis-Call-Channel = 1 Unauthenticated-Time = 18 NAS-Identifier = "" Acct-Input-Octets = 2027 Acct-Output-Octets = 240 Acct-Input-Packets = 55 Tunnel-Security = 6 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.127.130.129 Acct-Delay-Time = 9802 To show the repitivity: /users/andy>grep 01bb logfile | wc -l 168 (This is over a ~4 hour span) So, my question is twofold. Number one, does anybody know how to fix this straight-out in the USR? Number two, is there a way to correct this in my radiator config? Lastly, does anybody know of a mailing list for USR Total Control products? Thanks in advance, Andy Andy Dills 301-682-9972 Network Administrator Fax 301-695-4060 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authenticating from Postgres/Accounting to MSSQL
I posted earlier, and hacked up a Realm entry and was wondering if something like this is doable: #AcctLogFileName %L/%C/detail PasswordLogFileName %L/password.log AuthByPolicyContinueWhileAccept # RewriteUsername s/^([^@]+).*/lc($1)/e DefaultReply Service-Type = "Framed-User",Framed-Protocol = "PPP",\ Framed-IP-Address = "255.255.255.254",Framed-Netmask ="255.255.255.255",\ Framed-MTU = "1500",Port-Limit = "1",Framed-Routing = "None",\ Framed-Compression = "Van-Jacobson-TCP-IP" DBSource dbi:Pg:dbname=shrevenet_users;host=.shreve.net DBUsername xxx DBAuth xxx AuthSelect select ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR from passwd where USERNAME='%n' EncryptedPassword AccountingTable "" DBSourcedbi:Sybase:PLAT DBUsername DBAuth AuthSelect "" AccountingTable "radiusdat" AcctColumnDefusername,User-Name What I am trying to accomplish: 1. Authenicate from postgres (Working). 2. Account only to MSSQL, do not authenticate against it I was not sure if leaving AuthSelect empty is the valid way to avoid authentication. Or do I have to put a bogus AuthSelect like "SELECT username from TABLE", where it just does an operation that is always true. Brian - Brian Feeny (BF304) [EMAIL PROTECTED] 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authenticate from Postgres/Account to MSSQL?
Is it possible to authenticate off one datasource but account to another? We would like to authenticate off of a Postgres database, which we do now, but send the Accounting information to an MSSQL server.does Radiator allow for this? Brian - Brian Feeny (BF304) [EMAIL PROTECTED] 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Check item (Time) question for checkattribute
Title: Check item (Time) question for checkattribute Hi there, Is it possible to make the Time = "..." item containing an exception of Time period. On simple configurations the current method is usefull but I have a confusing configuration fo my users. And the length of the field reaches to a bi amoount of data. If I could add an 'except this period of time) it will be great. Any clue?? PS: I am using the Radiator-2.14.1 patched with 2.14.1 on Jan 25... Tuncay Margilic Siemens Business Services System Administrator
Re: (RADIATOR) multiple sessions
yes -- Original Message -- From: "Danny Whitesel" <[EMAIL PROTECTED]> Date: Wed, 2 Feb 2000 17:43:27 -0500 >Are you referring to multi-link? > > >-Original Message- >From: Flint Support <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >Date: Wednesday, February 02, 2000 5:31 PM >Subject: (RADIATOR) multiple sessions > > >>we have just recently purchased radiator and was wondering if anyone can >provide an explanation/example on how to do multiple logins on a user basis >in a common realm, where users may be allowed to have 1 or 2 logins. Or >should we create a new realm for multiple login users? >> >> >>Thanks in advance >>Frank >> >>=== >>Archive at http://www.thesite.com.au/~radiator/ >>To unsubscribe, email '[EMAIL PROTECTED]' with >>'unsubscribe radiator' in the body of the message. >> > > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
