Re: (RADIATOR) UDP buffers overflow?
Hello Antonio - On Thu, 12 Oct 2000, Antonio José Antón wrote: > Hello, > > I'm experiencing Proxy-Radius to Radius (Radiator) UDP packets > retransmisions. Radiator is running on a powerful machine. How can I > check that there are no UDP buffer overflows at Radiator or at O.S. > level? > Radiator is running on Sun E3.5K (Solaris 2.6). > I would first of all check a trace 4 debug from Radiator to see exactly what is going on. Then, I would have a look at the system statistics on your machine (top, vmstat, netstat, etc.). And finally I would use a packet sniffer to see exactly what packets are on the wire as compared to what is shown in the Radiator trace 4. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Several queries
Hello Ginés - On Thu, 12 Oct 2000, Ginés Gómez wrote: > Hi everybody, > first of all my name is gines and this is my first email to this > mailing list. The question I've got is as follows: > > When processing an Accounting Start or Stop request you can make > several queries to a database by adding clauses. NO > worries. The problem appears when I want to make several queries when > processing an Auth record. If I specificy several clauses > radiator always expects to get some results. Some queries I want to do > in the authorization stage are UPDATES so I have no results to map to > PASSWORD or any other Radius Attributes. I want to do an update to the > RADPOOL table to change the state of the new YIADDR to 2 instead of > 1.¿Why? > This has been discussed on the list several times, so I suggest you have a look at the archive site: http://www.starport.net/~radiator > It has happenned in our production environment that the NAS server sends > hundreds of Auth records not followed by any Start or Stop records, > since the IP gets locked in the Auth stage we get many IP addresses > locked with no further Stop record to unlock them. We've thougt we could > set the state of the YIADDR to 2 instead of 1 and then change it back to > 1 in the Start Accounting process. Meanwhile a cronted script would > update the YIADDR with 2 state to 0 if the TimeStamp is less than 1 > minute ago (Auth and Start shouldn't be more than 2 or 3 seconds away > one from each other). This way we can unlock IP's locked because of an > Auth record without Start and Stop. > One word of caution in doing this - if you miss a Start record, you will free a used address and possibly re-allocate it, thereby causing lots of routing problems. In any case, probably the best way to do this is with a stored procedure if your database supports stored procedures. Otherwise, you can use a PostAuthHook to call additional AuthBy SQL clauses. There are some example hooks in the file "goodies/hooks.txt" in the distribution. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radonline missing entries?
Hello Charles - On Thu, 12 Oct 2000, Charles Sprickman wrote: > Hi, > > I'm seeing some people, seemingly randomly, missing from my radonline > db. These same folks are in my accounting records. Both log to the same > mysql db: > > (accounting) > user ip nasiptypetime > seward | 216.223.195.81 | 216.223.195.11 | Start | 2000-10-11 13:17:55 | > > (radonline) > mysql> select * from RADONLINE where username='seward'; > Empty set (0.01 sec) > > It seems I'm consistenly losing about 5% of all users based on a count of > RADONLINE vs. what I see on the NAS. > > Where can I start with this? My inserts are unchanged in my > radius.cfg. At trace 3, I see no oddities associated with this > username. Any ideas how to track this down?? > Yes - use trace 4 and watch what happens. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Current Users
Hello Delmar - On Thu, 12 Oct 2000, Delmar Thome wrote: > Hi, > > I'm looking how to know who is logged in the radiator. Is there a way to do > that? > Yes. Set up a session database and use the included radwho.cgi script. Have a look at section 12.0 in the Radiator 2.16.3 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) what's the best way to stress-test radiator?
Hello Herbert - On Thu, 12 Oct 2000, Herbert Kornfeld wrote: > I'd like to test radiator (2.16.3 on hp-ux 11, perl5.6. authbyldap2) > under heavy load scenarios, to help plan for servers. What I'd like to > do is have some data that allows me to plot average response time vs the > number of simultaneous requests. (Say with the latter ranging through > 2,5,10,50,100,1000,1,5 or until radiator breaks ;)) > > I've looked at radpwtst, but whilst -iterations and -time are useful, > they serialise the requests, whereas I want to simulate NASes all > sending requests at the same time. > > What is the best way to do this? > > I could write a driver script that started copies of radpwtst in > the background, each one sending x iterations and timing the > results, but this leads to other issues (like, processes competing > amongst each other for resource. Maybe the sticky bit would help, like > in the old days?) > Just set up Radiator on one or two additional machines and run multiple copies of radpwtst on each one against the Radiator host. Thats what we do here for our own stress testing. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) rewriting User-Name
Hello Mindaugas - > > I'm trying to implement different reply items depending on > the system you're loggin to. Radius compiles hook file but > rewriting seems not to work. > And I'd like to avoid sections because of too > much config duplication. Or there is some more elegant solution > by moving duplicating content to common section? > The best way to avoid duplication is by using Identifiers in your AuthBy clauses, and referring to them by Identifier in your Handlers (this also makes your configuration files *much* easier to understand): # configure common AuthBy clause(s) Identifier CheckSQL DBSource ... DBUsername DBAuth . .. AuthBy CheckSQL ... hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) rewriting User-Name
--- Forwarded mail from [EMAIL PROTECTED] Date: Wed, 11 Oct 2000 21:10:14 +1000 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Mindaugas Riauba" <[EMAIL PROTECTED]>] >From mikem Wed Oct 11 21:10:10 2000 Received: by oscar.open.com.au (8.9.0/8.9.0) id VAA19283 for [EMAIL PROTECTED]; Wed, 11 Oct 2000 21:10:09 +1000 (EST) >Received: from axis.tdd.lt (axis.tdd.lt [193.219.211.5]) by perki.connect.com.au with ESMTP id VAA09757 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Wed, 11 Oct 2000 21:54:39 +1100 (EST) Received: from axis.tdd.lt (axis.tdd.lt [193.219.211.5]) by perki.connect.com.au with ESMTP id VAA09757 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Wed, 11 Oct 2000 21:54:39 +1100 (EST) Received: from minde (office.tdd.lt [193.219.211.65]) by axis.tdd.lt (8.11.1/8.11.1) with SMTP id e9BAsb410521 for <[EMAIL PROTECTED]>; Wed, 11 Oct 2000 12:54:37 +0200 (CEST) Message-ID: <059f01c03371$af198460$0a00a8c0@minde> From: "Mindaugas Riauba" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: rewriting User-Name Date: Wed, 11 Oct 2000 12:54:52 +0200 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Content-Type: text/plain; charset="windows-1257" I'm trying to implement different reply items depending on the system you're loggin to. Radius compiles hook file but rewriting seems not to work. And I'd like to avoid sections because of too much config duplication. Or there is some more elegant solution by moving duplicating content to common section? Mindaugas Radius config: PreAuthHook file:"%D/preauth.pl" . and preauth.pl file: sub { if ( ${$_[0]}->get_attr ('Called-Station-Id') == "484999" and ${$_[0]}->get_attr ('User-Name') == "user" ) { ${$_[0]}->change_attr ('User-Name', 'user2'); } } ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radonline missing entries?
Hi, I'm seeing some people, seemingly randomly, missing from my radonline db. These same folks are in my accounting records. Both log to the same mysql db: (accounting) user ip nasiptypetime seward | 216.223.195.81 | 216.223.195.11 | Start | 2000-10-11 13:17:55 | (radonline) mysql> select * from RADONLINE where username='seward'; Empty set (0.01 sec) It seems I'm consistenly losing about 5% of all users based on a count of RADONLINE vs. what I see on the NAS. Where can I start with this? My inserts are unchanged in my radius.cfg. At trace 3, I see no oddities associated with this username. Any ideas how to track this down?? Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team| (212)243-5200 | [EMAIL PROTECTED] | [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) what's the best way to stress-test radiator?
I'd like to test radiator (2.16.3 on hp-ux 11, perl5.6. authbyldap2) under heavy load scenarios, to help plan for servers. What I'd like to do is have some data that allows me to plot average response time vs the number of simultaneous requests. (Say with the latter ranging through 2,5,10,50,100,1000,1,5 or until radiator breaks ;)) I've looked at radpwtst, but whilst -iterations and -time are useful, they serialise the requests, whereas I want to simulate NASes all sending requests at the same time. What is the best way to do this? I could write a driver script that started copies of radpwtst in the background, each one sending x iterations and timing the results, but this leads to other issues (like, processes competing amongst each other for resource. Maybe the sticky bit would help, like in the old days?) Help gratefully received, --herb _ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Several queries
Hi everybody, first of all my name is gines and this is my first email to this mailing list. The question I've got is as follows: When processing an Accounting Start or Stop request you can make several queries to a database by adding clauses. NO worries. The problem appears when I want to make several queries when processing an Auth record. If I specificy several clauses radiator always expects to get some results. Some queries I want to do in the authorization stage are UPDATES so I have no results to map to PASSWORD or any other Radius Attributes. I want to do an update to the RADPOOL table to change the state of the new YIADDR to 2 instead of 1.¿Why? It has happenned in our production environment that the NAS server sends hundreds of Auth records not followed by any Start or Stop records, since the IP gets locked in the Auth stage we get many IP addresses locked with no further Stop record to unlock them. We've thougt we could set the state of the YIADDR to 2 instead of 1 and then change it back to 1 in the Start Accounting process. Meanwhile a cronted script would update the YIADDR with 2 state to 0 if the TimeStamp is less than 1 minute ago (Auth and Start shouldn't be more than 2 or 3 seconds away one from each other). This way we can unlock IP's locked because of an Auth record without Start and Stop. Any ideas, suggerences, whatever will be sincerely welcome. Thanks!! === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) UDP buffers overflow?
Hello, I'm experiencing Proxy-Radius to Radius (Radiator) UDP packets retransmisions. Radiator is running on a powerful machine. How can I check that there are no UDP buffer overflows at Radiator or at O.S. level? Radiator is running on Sun E3.5K (Solaris 2.6). Thanks -- -- Antonio José Antón - [EMAIL PROTECTED] Wanadoo España. Departamento de Sistemas Tel: +34 96 5040050 - Fax: +34 96 5040047 http://www.wanadoo.es -- === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Current Users
Hi, I'm looking how to know who is logged in the radiator. Is there a way to do that? Thanks === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple logins
Hello Firas - On Wed, 11 Oct 2000, Firas Emsaytif wrote: > Hello, > > Thanks, it worked fine. But still if I use "inetd" or "init" or "restartwrapper", it >always > rejects access, I checked pathnames and permissions and I cant find any thing wrong. >Could > it be something has to do with the version (2.16.3) or may be because it is a demo >version. > Appreciating your help. > Why do you want to run the demo version from init or inetd or restartWrapper? What does a trace 4 log show? And what message does restartWrapper report? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Calling Line Identification
Hello Erwin - On Wed, 11 Oct 2000, Erwin Wortel wrote: > Hi, > > At this moment I'm using callback for security reasons. But some of > the users (for several reasons) cannot manage a callback session to the NAS. > Now I'm looking if I can implement Calling Line Identification in Radiator, > but I cannot find such a check-item. Can someone give any help. > The attribute you want is "Calling-Station-Id". All of the attributes used by Radiator are defined in the file "dictionary" in the main distribution directory. If you want to know the exact definition of the attributes, have a look at the RFC's in the "doc" directory. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: (User-Name without realm)
Salut vit - On Wed, 11 Oct 2000, vit wrote: > Salut Hugh, > > I'm testing the redirection of people that doesn't put an '@domain' > behind their name: so I use without giving a domain and it > works! > Is it really implemented? And I hope that it will still works in the > next release. > Yes this is what is designed for, and it will always be in Radiator. BTW - you can also use the DefaultRealm parameter in your Client clauses (it may not be necessary in your case). a bientot Hugues -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Modify Attributes and Pass it to the accounting logs...etc
hi, 2 questions concerning hooks: 1) I need to modify attributes and pass these attributes to the accounting logs. But it all seems unfruitful. Here's the scenario: My NAS gave me a NAS_PORT value instead of Calling-Station-Id. My billing department require the need to have this attribute. So i have to convert the value to binary and then split them up to be converted back to decimal. Anyway, i tried to ${$_[0]}->add_attr('Calling-Station-Id',$cid) at PostAuthHook, but the accounting file still dont show me any attributes of the type 'Calling-Station-Id'. What could be the right way to force the accounting to add this attribute in? 2) In writing hooks, how can i reject a user? Is it on the reply reference? ${$_[1]}->change_attr('Reply-Message',"Reject") Something like that? Can't seem to work for me. Benny [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple logins
Hello, Thanks, it worked fine. But still if I use "inetd" or "init" or "restartwrapper", it always rejects access, I checked pathnames and permissions and I cant find any thing wrong. Could it be something has to do with the version (2.16.3) or may be because it is a demo version. Appreciating your help. Regards Hugh Irvine wrote: > Hello Firas - > > On Tue, 10 Oct 2000, Firas Emsaytif wrote: > > Hello, > > > > Following is my config. and the DEBUG output, the user I am authenticating is in > > "/etc/shadow" and not in the "users.shadow", I authenticated the first time using > > > > #perl radiuspwtst -nostop -user firas -password > > > > and the second time > > > > #perl radiuspwtst -nostop -nas_ip_address 203.63.154.2 -user firas >-password > > > > > > and in both times access was accepted. The same happens when I authenticate a user >in > > "/etc/shadow" and "users.shadow". > > > > Thanks for reporting this, there does appear to be a problem with > DefaultSimultaneousUse and DEFAULT entries in users files. > > There are a couple of things you will need to do. > > First in your configuration file: > > # configure AuthBy FILE with Identifier for later use > # note NoDefaultIfFound (to stop DEFAULT check) > > Identifier check_shadow_sim_use > DefaultSimultaneousUse 1 > Filename /etc/users.shadow > NoDefaultIfFound > > > Secondly in your users.shadow file: > > # file %D/users.shadow > # only users with sim-use != 1 are defined here > # note Simultaneous-Use = 1 for DEFAULT > > DEFAULT Simultaneous-Use = 1, Auth-Type = check_shadow > > someuser Simultaneous-Use = 2, Auth-Type = check_shadow > > anotheruser Simultaneous-Use = 3, Auth-Type = check_shadow > > .. > > We will fix the problem for the next release. > > thanks and regards > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- Regards Firas Emsaytif System Administrator Global One Communications (Jordan) Ltd. Tel (962) 6 5624777 Fax (962) 6 5697111 Get A Life Online With Baladna http://www.baladna.com.jo === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Calling Line Identification
Hi, At this moment I'm using callback for security reasons. But some of the users (for several reasons) cannot manage a callback session to the NAS. Now I'm looking if I can implement Calling Line Identification in Radiator, but I cannot find such a check-item. Can someone give any help. T.i.a. Erwin Wortel. -- Erwin Wortel, Academic Medical Center - Amsterdam E-Mail: [EMAIL PROTECTED], Telefoon +31 20 56 66788 $*%@*!&(%72HaLLo#%@*&^$Doeei)#_+~toeteLeToet_%^@#$9+ Why is the word abbreviation so long? === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and SNMP on Solaris
Hi all, I have a question about Radiator 2.16.1 running on Solaris 7, how can I integrate the Radiator SNMP agent as subagent into the Solaris SNMP master agent. How could this be done ? According to http://docs.sun.com/ab2/coll.47.8/SEAUG/@Ab2TocView?Ab2Lang=C&Ab2Enc=iso-8859-1&DwebQuery=subagent&oqt=subagent there are two ways, how a subagent could be integrated into the Solaris masteragent, either static (by using at least 2 files, a .rsrc and a .reg file), or dynamic where the subagent itself registers into the masteragent. The whole Radiator Doc does not cover this topic, integrating the Radiator SNMP as subagent in a working SNMP environment with a master. Could this kind of integration be provided with the Radiator SNMP agent, and when yes, how could this be done. Has anybody successful implemented this setup and can provide me with the needed infos ? Thanx a lot in advance S/MIME Cryptographic Signature
(RADIATOR) (User-Name without realm)
Salut Hugh, I'm testing the redirection of people that doesn't put an '@domain' behind their name: so I use without giving a domain and it works! Is it really implemented? And I hope that it will still works in the next release. A+ (that means "see you soon") Vi-Thang. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authenticate with a primary and secondary LDAP server
Hello Erwin - On Wed, 11 Oct 2000, Erwin Wortel wrote: > > Hi, > > We are using Radiator (2.16.1) for a short time now. For user authentication we > are > making use of an LDAP server. For backup reasons we have a secondary (backup) > ldap server. I've implemented this in Radiator as described below. > > Now I am experiencing the following problem : > > When a user not exists in de LDAP DB or a wrong password has been sent then > Radiator tries the secondary LDAP server (as I told him to do so [AuthByPolicy > ContinueUntilAccept] :-) And ofcourse, this doesn't give an 'access accept' > either. > > But, I'd like the secondary LDAP server only be contacted if the primary LDAP > server doesn't give any response at all. > > My question is as follows : > > Am I making a mistake in the implementation, and if so, what is the right one > :-) > or is it not possible to do it 'my way'. > It is not clear how you are using the AuthBy LDAP clauses (I asume they are being called from the AuthBy FILE's?). Perhaps if you gave me a bit more detail on exactly what you want to do, I'll be able to give you some suggestions. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authenticate with a primary and secondary LDAP server
Hi, We are using Radiator (2.16.1) for a short time now. For user authentication we are making use of an LDAP server. For backup reasons we have a secondary (backup) ldap server. I've implemented this in Radiator as described below. Now I am experiencing the following problem : When a user not exists in de LDAP DB or a wrong password has been sent then Radiator tries the secondary LDAP server (as I told him to do so [AuthByPolicy ContinueUntilAccept] :-) And ofcourse, this doesn't give an 'access accept' either. But, I'd like the secondary LDAP server only be contacted if the primary LDAP server doesn't give any response at all. My question is as follows : Am I making a mistake in the implementation, and if so, what is the right one :-) or is it not possible to do it 'my way'. T.i.a Erwin Wortel Academic Medical Center Amsterdam, The Netherlands 8< stuff deleted -- # radius.cfg Identifier LDAPquery1 # Tell Radiator how to talk to the primary LDAP server Host ldap1.amc.uva.nl BaseDN o=AMC HoldServerConnection UsernameAttr uid PasswordAttr userpassword Identifier LDAPquery2 # Tell Radiator how to talk to the secondary LDAP server Host ldap2.amc.uva.nl BaseDN o=AMC HoldServerConnection UsernameAttr uid PasswordAttr userpassword RewriteUsername tr/A-Z/a-z/ RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueUntilAccept Filename %D/file1 AddToReply Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Idle-Timeout = 900,\ Framed-Compression = Van-Jacobson-TCP-IP Filename %D/file2 AddToReply Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Idle-Timeout = 900,\ Framed-Compression = Van-Jacobson-TCP-IP AcctLogFileName %L/accounting.log MaxSessions 1 8< stuff deleted -- -- Erwin Wortel, Academic Medical Center - Amsterdam E-Mail: [EMAIL PROTECTED], Telefoon +31 20 56 66788 $*%@*!&(%72HaLLo#%@*&^$Doeei)#_+~toeteLeToet_%^@#$9+ Why is the word abbreviation so long?