(RADIATOR) Prepaid Internet solution
Hi all, We are looking for prepaid internet access solution? There is any solution for UNIX/NT platform? Thank you, Balgaa === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MaxSessions and Simultaneous-Use
username Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Simultaneous-Use = 2, Port-Limit = 2, Framed-MTU = 1500 With this user profile in Radiator and MaxSessions set to 1 in the Realm portion of the config I get these messages in the log at Trace 4 Sun Aug 13 00:19:53 2000: DEBUG: Checking if user is still online: Livingston, username, 207.174.103.7, 8, 46005EE2 199.165.157.1 Sun Aug 13 00:19:53 2000: DEBUG: Running command `/usr/bin/snmpget 207.174.103.7 username .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.2.5` I'm using NasType of Livingston on Radiator 2.16.1 This seems like I have it set up right, but the second ISDN channel does not want to come up and stay up. What might I have mistaken here Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Check Attribute in LDAP
I've tried this but my radius doesn't reconice this option (SearchFilter) On Fri, Aug 11, 2000 at 09:37:12AM -0400, Felicetti, Stephen A. wrote: This is basically the same thing that I'm doing, and have described in detail in a previous message to the list. The search filter would be something like this. Don't quote me, as there may be differences in the syntax used for seaching your LDAP directory. Check the previous messages for the link to the RFC. SearchFilter ((uid=%{User-Name})(accountstatus=1)) -Original Message- From: Robin Gruyters [mailto:[EMAIL PROTECTED]] Sent: Friday, August 11, 2000 6:16 AM To: Felicetti, Stephen A. Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Check Attribute in LDAP Ok, what I want todo is check a attribute that is in the LDAP server (accountstatus). If a user tries to dail-in then the radius server has to check his username, password and if the accountstatus = 1. If the attributed doesn't exists or is '0' this the user must be Rejected. On Thu, Aug 10, 2000 at 09:07:05AM -0400, Felicetti, Stephen A. wrote: Robin, I'm sorry, but I really don't understand what you are trying to do. I laid out a couple scenerios that use additional LDAP attributes (besides username/password) during the authentication process. If these choices are not right for your environment, then I guess I misunderstood your problem. If you can provide more detail, step by step, on what you want to happen, I'm sure there's a solution out there for you. -Steve -Original Message- From: Robin Gruyters [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 10, 2000 5:37 AM To: Felicetti, Stephen A. Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Check Attribute in LDAP Ok, what i want to do is aan Auth. on the LDAP on a different Attribute. Maybe this is possible with a PreAuthHook, but I don't know realy how todo this. Or isit possible to add a attribute to the Request? -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Zombie processes haunting the computer === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Typo in the code === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Jupiter is aligned with Mars. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions and Simultaneous-Use
Hello Chris - On Sun, 13 Aug 2000, Chris M wrote: username Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Simultaneous-Use = 2, Port-Limit = 2, Framed-MTU = 1500 With this user profile in Radiator and MaxSessions set to 1 in the Realm portion of the config I get these messages in the log at Trace 4 Sun Aug 13 00:19:53 2000: DEBUG: Checking if user is still online: Livingston, username, 207.174.103.7, 8, 46005EE2 199.165.157.1 Sun Aug 13 00:19:53 2000: DEBUG: Running command `/usr/bin/snmpget 207.174.103.7 username .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.2.5` I'm using NasType of Livingston on Radiator 2.16.1 This seems like I have it set up right, but the second ISDN channel does not want to come up and stay up. What might I have mistaken here There are a couple of things wrong with your configuration. First of all, MaxSessions will set a hard limit for the Realm, so you will need to remove it. If you want to support different Simultaneous-Use limits for different users you should use DefaultSimultaneousUse for the AuthBy clause. Second, your user definition must have Simultaneous-Use as a check item: username Simultaneous-Use = 2, Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Port-Limit = 2, Framed-MTU = 1500 hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Check Attribute in LDAP
Hello Robin - You will need the new version of the AuthLDAP* modules, which I will send in a seperate message. regards Hugh On Sun, 13 Aug 2000, Robin Gruyters wrote: I've tried this but my radius doesn't reconice this option (SearchFilter) On Fri, Aug 11, 2000 at 09:37:12AM -0400, Felicetti, Stephen A. wrote: This is basically the same thing that I'm doing, and have described in detail in a previous message to the list. The search filter would be something like this. Don't quote me, as there may be differences in the syntax used for seaching your LDAP directory. Check the previous messages for the link to the RFC. SearchFilter ((uid=%{User-Name})(accountstatus=1)) -Original Message- From: Robin Gruyters [mailto:[EMAIL PROTECTED]] Sent: Friday, August 11, 2000 6:16 AM To: Felicetti, Stephen A. Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Check Attribute in LDAP Ok, what I want todo is check a attribute that is in the LDAP server (accountstatus). If a user tries to dail-in then the radius server has to check his username, password and if the accountstatus = 1. If the attributed doesn't exists or is '0' this the user must be Rejected. On Thu, Aug 10, 2000 at 09:07:05AM -0400, Felicetti, Stephen A. wrote: Robin, I'm sorry, but I really don't understand what you are trying to do. I laid out a couple scenerios that use additional LDAP attributes (besides username/password) during the authentication process. If these choices are not right for your environment, then I guess I misunderstood your problem. If you can provide more detail, step by step, on what you want to happen, I'm sure there's a solution out there for you. -Steve -Original Message- From: Robin Gruyters [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 10, 2000 5:37 AM To: Felicetti, Stephen A. Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Check Attribute in LDAP Ok, what i want to do is aan Auth. on the LDAP on a different Attribute. Maybe this is possible with a PreAuthHook, but I don't know realy how todo this. Or isit possible to add a attribute to the Request? -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Zombie processes haunting the computer === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Typo in the code === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Regards, Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628 PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H. BOFH excuse: Jupiter is aligned with Mars. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Prepaid Internet solution
Hello Balgaa - On Mon, 14 Aug 2000, Balgansuren wrote: Hi all, We are looking for prepaid internet access solution? There is any solution for UNIX/NT platform? The combination of our Radiator product and our RAdmin product fully support pre-paid internet access. You can find the details on our web site: http://www.open.com.au/radiator http://www.open.com.au/radmin regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) looking for binary files
Hello Manoj - On Sun, 13 Aug 2000, mail_manoj wrote: Hello, I just want to check out whether binary files like radwho,radzap,raduse as in Cistron-radius exist in Radiator radius or not. When I untar Radiator tar file, I didn't get these binary files. The only radwho.cgi and radacct.cgi that I have seen. So, web is the only option to see the currently logged users using radwho.cgi. The binary files you mention above do not exist with Radiator. As you rightly point out, radwho.cgi and radacct.cgi are web-based tools. I am using Redhat 6.2 When I use last -f /var/log/radwtmp(output of Radiator radius) command, the output show irregular characters. But when I use the same command last -f /var/log/radwtmp(output of Cistron radius), the output show the perfect data. How can I overcome this problem? I will forward this to Mike to see if he can shed any light. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst - No such attribute class?
Hello Janet - Your configuration file looks fine, but when you run "radpwtst" you will need to spell "Class" with an upper-case "C". regards Hugh On Sun, 13 Aug 2000, Janet Del Mundo wrote: I'm trying to separate the accounting for prepaid users from the rest of the users. However, when I use Class attribute to do this, the Accounting-Request doesn't respond with the Class attribute from Access-Accept. So the accounting falls back to wrong accounting procedure. Am I doing something wrong here? Does radpwtst recognize the Class attribute? -- ./radpwtst -secret -user mikesanlite -password -auth_port 11900 -acct_port 1901 sending Access-Request... OK sending Accounting-Request Start... OK sending Accounting-Request Stop... OK ./radpwtst -secret -user mikesanlite -password -auth_port 11900 -acct_port 1901 class="GCCSQL" No such attribute class sending Access-Request... OK No such attribute class sending Accounting-Request Start... OK No such attribute class sending Accounting-Request Stop... OK -- -- *** Sending to 127.0.0.1 port 1829 Code: Access-Accept Identifier: 151 Authentic: 1234567890123456 Attributes: Class = "GCCSQL" Idle-Timeout = 100 Session-Timeout = 36000 Framed-IP-Address = 255.255.255.254 Sun Aug 13 03:15:46 2000: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1829 Code: Accounting-Request Identifier: 152 Authentic: .l209130154U228255w221248yk177J20 Attributes: User-Name = "mikesanlite" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start -- AuthBy SQL Identifier SQL . . . /AuthBy AuthBy SQL Identifier GCCSQL . . . AcctSQLStatement update USERS set SESSIONTIME = (SESSIONTIME - 0%{Acct-Session-Time}) where IDENTIFIER = '%n' /AuthBy Handler Request-Type = Accounting-Request, Class = GCCSQL AuthByPolicy ContinueAlways AuthBy GCCSQL /Handler Handler Request-Type = Accounting-Request AuthByPolicy ContinueAlways AuthBy SQL /Handler Any suggestions? Thanks, Janet === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst - No such attribute class?
Thank you Hugh! That did the trick. Hugh Irvine wrote: Hello Janet - Your configuration file looks fine, but when you run "radpwtst" you will need to spell "Class" with an upper-case "C". regards Hugh On Sun, 13 Aug 2000, Janet Del Mundo wrote: I'm trying to separate the accounting for prepaid users from the rest of the users. However, when I use Class attribute to do this, the Accounting-Request doesn't respond with the Class attribute from Access-Accept. So the accounting falls back to wrong accounting procedure. Am I doing something wrong here? Does radpwtst recognize the Class attribute? -- ./radpwtst -secret -user mikesanlite -password -auth_port 11900 -acct_port 1901 sending Access-Request... OK sending Accounting-Request Start... OK sending Accounting-Request Stop... OK ./radpwtst -secret -user mikesanlite -password -auth_port 11900 -acct_port 1901 class="GCCSQL" No such attribute class sending Access-Request... OK No such attribute class sending Accounting-Request Start... OK No such attribute class sending Accounting-Request Stop... OK -- -- *** Sending to 127.0.0.1 port 1829 Code: Access-Accept Identifier: 151 Authentic: 1234567890123456 Attributes: Class = "GCCSQL" Idle-Timeout = 100 Session-Timeout = 36000 Framed-IP-Address = 255.255.255.254 Sun Aug 13 03:15:46 2000: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1829 Code: Accounting-Request Identifier: 152 Authentic: .l209130154U228255w221248yk177J20 Attributes: User-Name = "mikesanlite" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start -- AuthBy SQL Identifier SQL . . . /AuthBy AuthBy SQL Identifier GCCSQL . . . AcctSQLStatement update USERS set SESSIONTIME = (SESSIONTIME - 0%{Acct-Session-Time}) where IDENTIFIER = '%n' /AuthBy Handler Request-Type = Accounting-Request, Class = GCCSQL AuthByPolicy ContinueAlways AuthBy GCCSQL /Handler Handler Request-Type = Accounting-Request AuthByPolicy ContinueAlways AuthBy SQL /Handler Any suggestions? Thanks, Janet === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) feature enhancement with Realms
I had a problem where a user tried "[EMAIL PROTECTED] " instead of "[EMAIL PROTECTED]" (a trailing space). What happens in this case is that Radiator looks for a "someplace.com " realm and in fact won't even enter the default Realm clause because it wants to find that realm with a trailing space on it. So they don't get in. What are other people doing to get around this problem? Is it necessary to first intercept everything before the Realm processing begins and trim spaces on the realm name? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.