Re: (RADIATOR) User name as parameter to URL in AddToReply?
Hello Frederic - On Thu, 21 Sep 2000, Frederic Faure wrote: > Hi, > > I gave up on using radacct.cgi since I understand it requires your to > create user accounts on the Radius server to match those in MySQL and > create ~/cgi-bin/.htaccess and .htpasswd simply so that a user can only see > his accounting infos. The whole point of outsourcing user accounts to a > DBMS is precisely to avoid having to customize the Radius server itself, > and keep all user infos in one place. > You do not have to create user accounts anywhere other than the Radiator database. If you are running Apache, you can configure it to use Radius authentication with the Pam Radius module to check usernames and passwords. You are quite correct in wishing to keep all user information in one place. Have a look at section 11.3 in the Radiator 2.16.3 reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) maximum user limited
Hello Hakim - On Thu, 21 Sep 2000, Hakim wrote: > hi!!! > > currently i have installed an erricsson tigris and increased my capacity. > Now more than 500 users can connect simulatenoulsy. > But when the figure reached the erricsson tigris began to show this message > "Maximum user limit reached" > It sounds like all the ports on the Tigris are busy. > Has radiator got anything to do with this? No. > Also i would like to know if the licensing of radiator is done on number of > users. > No. Radiator is licensed only on the number of hosts you run it on. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) username case
Hello Gordon - On Fri, 22 Sep 2000, Gordon L. Foster wrote: > > Well I seem to be having a problem with maxsessions again. I have implement > rewriteusername so that it is lower case. I am still having the same > problem. It appears that if they logon with a username in caps radiator sees > it as a different user than in lower case. Here is my running config. > Well, this is a somewhat thorny issue, due to two conflicting requirements. Radiator can be configured to enforce strict session limit checking by querying the NAS directly to verify the presence of user sessions. To be able to do this, the session database(s) store the original usernames as entered by the user, as that is what is stored by the NAS in its internal table. Probably the best way at present to deal with your problem is to use a SessionDatabase SQL and supply modified queries like this: # SessionDatabase SQL to use '%n' (rewritten username) # NOTE: the use of NasType in Client clauses is not supported # with this session database configuration DBSource DBUsername DBAuth AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \ ACCTSESSIONID, TIME_STAMP, FRAMEDADDRESS, PORTTYPE, \ SERVICETYPE) values ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', \ %{Timestamp}, '%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}') DeleteQuery delete from RADONLINE where USERNAME='%n' and \ NASIDENTIFIER='%N' and NASPORT=%{NAS-Port} CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE \ where USERNAME='%n' Note that the current manual incorrectly indicates that this is already the default. The code actually uses '%u', the original username, as described above. The manual will be fixed for the next release. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst and pgsql?
Hello Lisa - > > I've set up Radiator 2.16 with postgresql7 on a Freebsd(4.1stable) machine. > > I am able to create users using Radmin and can see them with psql in the > radusers table. I'm trying to test with radpwtst. Radpwtst uses the 'users' > file to authenticate users. How can I direct radwpwtst to the pgsql > database? If that's not possible, is there another tool for testing? > There are a couple of things to be mindful here. The first is that radpwtst sends and receives radius requests to a radius server (Radiator in this case), using the default port numbers 1645 and 1646 unless overridden with command line options. Second, it is Radiator that accesses the database to check usernames and passwords, so the place to look is the Radiator configuration file and a trace 4 debug log to see what is happening. If you need additional help, please send me a copy of the Radiator configuration file (no secrets) together with a trace 4 debug showing what is happening. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radpwtst and pgsql?
--- Forwarded mail from [EMAIL PROTECTED] Date: Fri, 22 Sep 2000 01:40:13 +1000 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Lisa Goulet <[EMAIL PROTECTED]>] >From mikem Fri Sep 22 01:40:09 2000 Received: by oscar.open.com.au (8.9.0/8.9.0) id BAA27402 for [EMAIL PROTECTED]; Fri, 22 Sep 2000 01:40:09 +1000 (EST) >Received: from ams_exch_dmz.versatel.nl (mail.versatel.nl [212.48.37.11]) by perki.connect.com.au with ESMTP id CAA19894 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Fri, 22 Sep 2000 02:28:19 +1100 (EST) Received: from ams_exch_dmz.versatel.nl (mail.versatel.nl [212.48.37.11]) by perki.connect.com.au with ESMTP id CAA19894 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Fri, 22 Sep 2000 02:28:19 +1100 (EST) Received: by AMS_EXCH_DMZ with Internet Mail Service (5.5.2650.21) id ; Thu, 21 Sep 2000 17:12:54 +0200 Message-ID: <77A588078DF6D3118C0A00508B8E036701F0B6DC@AMSHQB-EXCH02> From: Lisa Goulet <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: radpwtst and pgsql? Date: Thu, 21 Sep 2000 17:28:36 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain Hi, I've set up Radiator 2.16 with postgresql7 on a Freebsd(4.1stable) machine. I am able to create users using Radmin and can see them with psql in the radusers table. I'm trying to test with radpwtst. Radpwtst uses the 'users' file to authenticate users. How can I direct radwpwtst to the pgsql database? If that's not possible, is there another tool for testing? Thanks, Lisa ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) username case
Well I seem to be having a problem with maxsessions again. I have implement rewriteusername so that it is lower case. I am still having the same problem. It appears that if they logon with a username in caps radiator sees it as a different user than in lower case. Here is my running config. Foreground#LogStdout LogDir c:\radiator\logsLogFile %L/%m-%d-%Y-logfile.txtDbDir c:\radiatorDictionaryFile c:\radiator\dictionary.usrTrace 3 Secret x DupInterval 0 DefaultRealm otz.net RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ AcctLogFileName %L/%m-%d-%Y-detail.txt PasswordLogFileName %L/%m-%d-%Y-passlog.txt MaxSessions 1 AuthByPolicy ContinueUntilAccept # File Authorization for Static users Filename c:\radiator\stat_users # The LDAP host to connect to # If not set, defaults to localhost Host localhost # If not set, defaults to 389. Use 636 for SSL. # Can be a numeric port number or a service name # from /etc/services Port 389 # Specifies to use SSL to connect, and the name # of your certificate database. The database # must either be the cert5.db certificate database used # by Netscape Navigator 3.x or the ServerCert.db # certificate database used by # Netscape 2.x servers. # You will usually want Port 636 if you enable SSL # You can use special filename characters # Only available with Netscape SDK version of LDAPapi #UseSSL ./cert5.db # These specify how to connect to the directory # as a privelged user AuthDN cn=Directory Manager AuthPassword x # The base DN at which to start the search BaseDN o=otz.net # The LDAP attribute to match against User-Name UsernameAttr uid # The LDAP attribute that contains a plaintext password # or a password in the format {crypt}1xMKc0GIVUNbE # or {SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= PasswordAttr userPassword # Optional attribute that contains an # encrypted password to use instead of PasswordAttr # EncryptedPasswordAttr sn # Optional LDAP attribute that contains check # items for the user# CheckAttr cn # Optional LDAP attribute that contains reply # items for the user# ReplyAttr mail Gordon L. Foster System Administrator OTZ Telephone Cooperative, INC. Ph. 907-442-3114 Fax 907-442-2123
RE: (RADIATOR) maximum user limited
To me this sounds like a warning message from the Ericsson Tigris, meaning that any more users recieve a busy signal when they try to connect. Time to expand the Tigris with more HW :) The Radiator license is not based on number of users. /Ingvar -Original Message- From: Hakim [mailto:[EMAIL PROTECTED]] Sent: den 21 september 2000 10:55 To: [EMAIL PROTECTED] Subject: (RADIATOR) maximum user limited hi!!! currently i have installed an erricsson tigris and increased my capacity. Now more than 500 users can connect simulatenoulsy. But when the figure reached the erricsson tigris began to show this message "Maximum user limit reached" Has radiator got anything to do with this? Also i would like to know if the licensing of radiator is done on number of users. best regards Hakim Get Your Free E-Mail at www.q8online.com === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) User name as parameter to URL in AddToReply?
Hi, I gave up on using radacct.cgi since I understand it requires your to create user accounts on the Radius server to match those in MySQL and create ~/cgi-bin/.htaccess and .htpasswd simply so that a user can only see his accounting infos. The whole point of outsourcing user accounts to a DBMS is precisely to avoid having to customize the Radius server itself, and keep all user infos in one place. As an alternative, I'm writing a welcome PHP page, but I need to pass the user's name as argument to the URL that the WinPoet PPPoE gets when he connects (I'm a PHP newbie, so there could be a better way, eg. POST instead of GET, etc.): AddToReply RB-PPPOE-URL = http://www.acme.com/index.php3?username=%n - OR- AddToReply RB-PPPOE-URL = "http://www.acme.com/index.php3?username=%n" => Problem is, Radiator send %n verbatim, while it interprets it in AuthSelect instructions. Any idea how to do this? For those interested, here's the script: Thx FF. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) maximum user limited
hi!!! currently i have installed an erricsson tigris and increased my capacity. Now more than 500 users can connect simulatenoulsy. But when the figure reached the erricsson tigris began to show this message "Maximum user limit reached" Has radiator got anything to do with this? Also i would like to know if the licensing of radiator is done on number of users. best regards HakimGet Your Free E-Mail at www.q8online.com === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Handler for attribute present
What is the best way to write a Handler for requests containing a particular attribute, regardless of its value? Like Any suggestions? /Ingvar === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.