(RADIATOR) Prepaid Internet solution
Hi all, We are looking for prepaid internet access solution? There is any solution for UNIX/NT platform? Thank you, Balgaa === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MaxSessions and Simultaneous-Use
username Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Simultaneous-Use = 2, Port-Limit = 2, Framed-MTU = 1500 With this user profile in Radiator and MaxSessions set to 1 in the Realm portion of the config I get these messages in the log at Trace 4 Sun Aug 13 00:19:53 2000: DEBUG: Checking if user is still online: Livingston, username, 207.174.103.7, 8, 46005EE2 199.165.157.1 Sun Aug 13 00:19:53 2000: DEBUG: Running command `/usr/bin/snmpget 207.174.103.7 username .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.2.5` I'm using NasType of Livingston on Radiator 2.16.1 This seems like I have it set up right, but the second ISDN channel does not want to come up and stay up. What might I have mistaken here Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Check Attribute in LDAP
I've tried this but my radius doesn't reconice this option (SearchFilter)
On Fri, Aug 11, 2000 at 09:37:12AM -0400, Felicetti, Stephen A. wrote:
This is basically the same thing that I'm doing, and have described in
detail in a previous message to the list.
The search filter would be something like this. Don't quote me, as there may
be differences in the syntax used for seaching your LDAP directory. Check
the previous messages for the link to the RFC.
SearchFilter ((uid=%{User-Name})(accountstatus=1))
-Original Message-
From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 6:16 AM
To: Felicetti, Stephen A.
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Check Attribute in LDAP
Ok, what I want todo is check a attribute that is in the LDAP server
(accountstatus). If a user tries to dail-in then the radius server has to
check
his username, password and if the accountstatus = 1. If the attributed
doesn't
exists or is '0' this the user must be Rejected.
On Thu, Aug 10, 2000 at 09:07:05AM -0400, Felicetti, Stephen A. wrote:
Robin,
I'm sorry, but I really don't understand what you are trying to do.
I laid out a couple scenerios that use additional LDAP attributes
(besides
username/password) during the authentication process. If these choices are
not right for your environment, then I guess I misunderstood your problem.
If you can provide more detail, step by step, on what you want to happen,
I'm sure there's a solution out there for you.
-Steve
-Original Message-
From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 5:37 AM
To: Felicetti, Stephen A.
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Check Attribute in LDAP
Ok,
what i want to do is aan Auth. on the LDAP on a different Attribute. Maybe
this
is possible with a PreAuthHook, but I don't know realy how todo this.
Or isit possible to add a attribute to the Request?
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Zombie processes haunting the computer
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Typo in the code
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Jupiter is aligned with Mars.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions and Simultaneous-Use
Hello Chris - On Sun, 13 Aug 2000, Chris M wrote: username Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Simultaneous-Use = 2, Port-Limit = 2, Framed-MTU = 1500 With this user profile in Radiator and MaxSessions set to 1 in the Realm portion of the config I get these messages in the log at Trace 4 Sun Aug 13 00:19:53 2000: DEBUG: Checking if user is still online: Livingston, username, 207.174.103.7, 8, 46005EE2 199.165.157.1 Sun Aug 13 00:19:53 2000: DEBUG: Running command `/usr/bin/snmpget 207.174.103.7 username .iso.org.dod.internet.private.enterprises.307.3.2.1.1.1.2.5` I'm using NasType of Livingston on Radiator 2.16.1 This seems like I have it set up right, but the second ISDN channel does not want to come up and stay up. What might I have mistaken here There are a couple of things wrong with your configuration. First of all, MaxSessions will set a hard limit for the Realm, so you will need to remove it. If you want to support different Simultaneous-Use limits for different users you should use DefaultSimultaneousUse for the AuthBy clause. Second, your user definition must have Simultaneous-Use as a check item: username Simultaneous-Use = 2, Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Port-Limit = 2, Framed-MTU = 1500 hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Check Attribute in LDAP
Hello Robin -
You will need the new version of the AuthLDAP* modules, which I will send in a
seperate message.
regards
Hugh
On Sun, 13 Aug 2000, Robin Gruyters wrote:
I've tried this but my radius doesn't reconice this option (SearchFilter)
On Fri, Aug 11, 2000 at 09:37:12AM -0400, Felicetti, Stephen A. wrote:
This is basically the same thing that I'm doing, and have described in
detail in a previous message to the list.
The search filter would be something like this. Don't quote me, as there may
be differences in the syntax used for seaching your LDAP directory. Check
the previous messages for the link to the RFC.
SearchFilter ((uid=%{User-Name})(accountstatus=1))
-Original Message-
From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 11, 2000 6:16 AM
To: Felicetti, Stephen A.
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Check Attribute in LDAP
Ok, what I want todo is check a attribute that is in the LDAP server
(accountstatus). If a user tries to dail-in then the radius server has to
check
his username, password and if the accountstatus = 1. If the attributed
doesn't
exists or is '0' this the user must be Rejected.
On Thu, Aug 10, 2000 at 09:07:05AM -0400, Felicetti, Stephen A. wrote:
Robin,
I'm sorry, but I really don't understand what you are trying to do.
I laid out a couple scenerios that use additional LDAP attributes
(besides
username/password) during the authentication process. If these choices are
not right for your environment, then I guess I misunderstood your problem.
If you can provide more detail, step by step, on what you want to happen,
I'm sure there's a solution out there for you.
-Steve
-Original Message-
From: Robin Gruyters [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 10, 2000 5:37 AM
To: Felicetti, Stephen A.
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Check Attribute in LDAP
Ok,
what i want to do is aan Auth. on the LDAP on a different Attribute. Maybe
this
is possible with a PreAuthHook, but I don't know realy how todo this.
Or isit possible to add a attribute to the Request?
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Zombie processes haunting the computer
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Typo in the code
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.net - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Jupiter is aligned with Mars.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Prepaid Internet solution
Hello Balgaa - On Mon, 14 Aug 2000, Balgansuren wrote: Hi all, We are looking for prepaid internet access solution? There is any solution for UNIX/NT platform? The combination of our Radiator product and our RAdmin product fully support pre-paid internet access. You can find the details on our web site: http://www.open.com.au/radiator http://www.open.com.au/radmin regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) looking for binary files
Hello Manoj - On Sun, 13 Aug 2000, mail_manoj wrote: Hello, I just want to check out whether binary files like radwho,radzap,raduse as in Cistron-radius exist in Radiator radius or not. When I untar Radiator tar file, I didn't get these binary files. The only radwho.cgi and radacct.cgi that I have seen. So, web is the only option to see the currently logged users using radwho.cgi. The binary files you mention above do not exist with Radiator. As you rightly point out, radwho.cgi and radacct.cgi are web-based tools. I am using Redhat 6.2 When I use last -f /var/log/radwtmp(output of Radiator radius) command, the output show irregular characters. But when I use the same command last -f /var/log/radwtmp(output of Cistron radius), the output show the perfect data. How can I overcome this problem? I will forward this to Mike to see if he can shed any light. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst - No such attribute class?
Hello Janet -
Your configuration file looks fine, but when you run "radpwtst" you will need
to spell "Class" with an upper-case "C".
regards
Hugh
On Sun, 13 Aug 2000, Janet Del Mundo wrote:
I'm trying to separate the accounting for prepaid users from the rest of
the users. However, when I use Class attribute to do this, the
Accounting-Request doesn't respond with the Class attribute from
Access-Accept. So the accounting falls back to wrong accounting
procedure. Am I doing something wrong here? Does radpwtst recognize the
Class attribute?
--
./radpwtst -secret -user mikesanlite -password -auth_port
11900 -acct_port 1901
sending Access-Request...
OK
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
./radpwtst -secret -user mikesanlite -password -auth_port
11900 -acct_port 1901 class="GCCSQL"
No such attribute class
sending Access-Request...
OK
No such attribute class
sending Accounting-Request Start...
OK
No such attribute class
sending Accounting-Request Stop...
OK
--
--
*** Sending to 127.0.0.1 port 1829
Code: Access-Accept
Identifier: 151
Authentic: 1234567890123456
Attributes:
Class = "GCCSQL"
Idle-Timeout = 100
Session-Timeout = 36000
Framed-IP-Address = 255.255.255.254
Sun Aug 13 03:15:46 2000: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1829
Code: Accounting-Request
Identifier: 152
Authentic: .l209130154U228255w221248yk177J20
Attributes:
User-Name = "mikesanlite"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "1234"
Acct-Status-Type = Start
--
AuthBy SQL
Identifier SQL
.
.
.
/AuthBy
AuthBy SQL
Identifier GCCSQL
.
.
.
AcctSQLStatement update USERS set SESSIONTIME = (SESSIONTIME -
0%{Acct-Session-Time}) where IDENTIFIER = '%n'
/AuthBy
Handler Request-Type = Accounting-Request, Class = GCCSQL
AuthByPolicy ContinueAlways
AuthBy GCCSQL
/Handler
Handler Request-Type = Accounting-Request
AuthByPolicy ContinueAlways
AuthBy SQL
/Handler
Any suggestions?
Thanks,
Janet
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst - No such attribute class?
Thank you Hugh! That did the trick.
Hugh Irvine wrote:
Hello Janet -
Your configuration file looks fine, but when you run "radpwtst" you will need
to spell "Class" with an upper-case "C".
regards
Hugh
On Sun, 13 Aug 2000, Janet Del Mundo wrote:
I'm trying to separate the accounting for prepaid users from the rest of
the users. However, when I use Class attribute to do this, the
Accounting-Request doesn't respond with the Class attribute from
Access-Accept. So the accounting falls back to wrong accounting
procedure. Am I doing something wrong here? Does radpwtst recognize the
Class attribute?
--
./radpwtst -secret -user mikesanlite -password -auth_port
11900 -acct_port 1901
sending Access-Request...
OK
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
./radpwtst -secret -user mikesanlite -password -auth_port
11900 -acct_port 1901 class="GCCSQL"
No such attribute class
sending Access-Request...
OK
No such attribute class
sending Accounting-Request Start...
OK
No such attribute class
sending Accounting-Request Stop...
OK
--
--
*** Sending to 127.0.0.1 port 1829
Code: Access-Accept
Identifier: 151
Authentic: 1234567890123456
Attributes:
Class = "GCCSQL"
Idle-Timeout = 100
Session-Timeout = 36000
Framed-IP-Address = 255.255.255.254
Sun Aug 13 03:15:46 2000: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1829
Code: Accounting-Request
Identifier: 152
Authentic: .l209130154U228255w221248yk177J20
Attributes:
User-Name = "mikesanlite"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "1234"
Acct-Status-Type = Start
--
AuthBy SQL
Identifier SQL
.
.
.
/AuthBy
AuthBy SQL
Identifier GCCSQL
.
.
.
AcctSQLStatement update USERS set SESSIONTIME = (SESSIONTIME -
0%{Acct-Session-Time}) where IDENTIFIER = '%n'
/AuthBy
Handler Request-Type = Accounting-Request, Class = GCCSQL
AuthByPolicy ContinueAlways
AuthBy GCCSQL
/Handler
Handler Request-Type = Accounting-Request
AuthByPolicy ContinueAlways
AuthBy SQL
/Handler
Any suggestions?
Thanks,
Janet
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) feature enhancement with Realms
I had a problem where a user tried "[EMAIL PROTECTED] " instead of "[EMAIL PROTECTED]" (a trailing space). What happens in this case is that Radiator looks for a "someplace.com " realm and in fact won't even enter the default Realm clause because it wants to find that realm with a trailing space on it. So they don't get in. What are other people doing to get around this problem? Is it necessary to first intercept everything before the Realm processing begins and trim spaces on the realm name? Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
