RE: (RADIATOR) stand alone accounting server.
Sure, you just start you config file with AuthPort AcctPort 1813 and you have an accounting-only server. /Ingvar -Original Message- From: Blake Golliher [mailto:[EMAIL PROTECTED]] Sent: den 3 november 2000 03:21 To: '[EMAIL PROTECTED]' Subject: (RADIATOR) stand alone accounting server. Is there a way to configure radiator to only recive accouting packets from other radius servers? It won't auth anyone, just recive and log accounting data from other authenticating Radiator servers. Blake Golliher Network Engineer Flashcom, Inc. Tel. 877-352-7426 ex 2599 DID. 714-799-2599 Page 888-635-0153 Ever dance with a cherub in the broad daylight? === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Night access with 1 month limit
Hello ! The fact is that I need to make a realization of night access (from 00:00 till 09.00) with a month limitation. The problem is that, besides sich clients, I have many other methods of access (like full unlimited access during a month, limited hour access as well as simple access). As far as I know, I should have only one AuthSelect statement in my radius.cfg file (am I right ?) and there I should define all these methods of access. For example, full unlimited access during a month is created by setting a month timebank (in seconds) for a user, and this parameter is transferred to my NASs as the attribute Session-Timeout. The simplest way to make night access (forever) is to make Session-Timeout=unitl Time, but in this case of full month's night access I don't know, how to transfer "another" Session-Timeout attribute to limit these user's work during all the month's nights. In other words, my task is to combine Session-Timeout (in seconds for calculating timebank till the end of the month) with Session-Timeout with type "until Time" to limit their work at night. And besides I need that my authorization should work for other groups of users. Any thoughts ? -- With regards, Alexey A. Shavaldin [EMAIL PROTECTED] System Administrator of Kraft-S, JSC === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) stand alone accounting server.
Title: stand alone accounting server. Is there a way to configure radiator to only recive accouting packets from other radius servers? It won't auth anyone, just recive and log accounting data from other authenticating Radiator servers. Blake Golliher Network Engineer Flashcom, Inc. Tel. 877-352-7426 ex 2599 DID. 714-799-2599 Page 888-635-0153 Ever dance with a cherub in the broad daylight?
(RADIATOR) Allocating RASes to specific realms
Hello, We have about 200 RASes in our clients file. I would like to restrict certain realms to a group of RASes only. One solution I see is to use NAS-Address-Port-List in each of my handlers. This would be fine, but I'd have to duplicate the RASes in the clients list in the portlist file. I'd like to avoid that if possible. However the only way I can see is to have identifiers for the clients: Identifier realm1.com Identifier realm1.com And adding this check item. However, what if I need 5.6.7.8 to authenticate both realm1.com and realm2.com? Can a client have 2 identifiers? Maybe I'm just approaching this the wrong way. Regarding the portlist file format, is there a way to specify 'all ports'. Can I just leave the port range blank? One last thing, I noticed a few spelling errors in the Radiator docs under section 13.1.16, the words 'paramter' and 'IdentificalClients'. Not a big deal to me but thought I would let you guys know. Thanks for any help, Viraj === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) time stamp in accounting
Title: time stamp in accounting What the default timing for the accounting records? Is it GMT? Blake Golliher Network Engineer Flashcom, Inc. Tel. 877-352-7426 ex 2599 DID. 714-799-2599 Page 888-635-0153 Ever dance with a cherub in the broad daylight?
Re: (RADIATOR) radwho stopped working after changing IP addresses
As the RADONLINE databases is ever changing you can just whack it 'delete from RADONLINE;' and let it start over. Within an hour or two (Once everyone on before you reset it has logged off) you'll be back in sync. I had errors like that once when trying to import mysql update.log files from a primary to a secondary server. If there are entries in there, that are beleived to be gone already (Things got really out of whack somehow), the UPDATE statements can cause an error, duplicate key value or something like that. Deleting all records cures that. If not that, you should be able to see the exact errors in your mysql logfile 'tail -f /usr/local/mysql/data/logfile' and watch the exact query (After all radiators variables have been processed and mysql has been called) and hopefully see what the error is more specifically. That and running your server in trace level 4 and watching there, what queries radiator is sending to mysql 'tail -f /var/log/radius/log' - Original Message - From: "Andrew P. Kaplan" <[EMAIL PROTECTED]> To: "Radiator" <[EMAIL PROTECTED]> Sent: Thursday, November 02, 2000 9:07 AM Subject: (RADIATOR) radwho stopped working after changing IP addresses > I have a pressing issue. I turned off the Global Crossing "T" this past > Saturday. The IP block was 206.165.153.x. The main IP address on my Radiator > server was 206.165.153.185, however there were other working IP's. With my > NAS server pointed at the new IP address. Ever since then radwho stopped > working. I can still make a connection to the website > http://mozart.cshore.com/cgi-bin/radwho.cgi. But it doesn't display any > current data. I couldn't find anything in mysql that was referring to a > particular IP address. > > I did see an error message on the screen: > > "You have an error in your SQL syntax . . at > usr/local/lib/site_perl/Radius/SqlDb.pm line 228" > > I saw nothing strange on that line. > > I tried stopping mysql, touching the mysql.log file and restarting. Radwho > will then work, but for only one entry. It will only list a single new entry > and then stop displaying new logins. > > Do you have any ideas as to how I could fix it. > > Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA > CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com > > > "The ultimate measure of a man is not where he stands in moments of comfort, > but where he stands at times of challenge and controversy." > -Martin Luther King, Jr. > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Different PoolHint depending on NASes
Hello, I'm trying to assign different IP addresses for the same user, depending on the NAS he is logging in. I'm using and Users are in a SQL database , I use The other thing I'm trying to do is NOT to allow users to log on all NASes. Here is the complete picture. I have 5 NASes, let's call them N1a, N1b, N2a, N2b and M All of the users are allowed to log on M, wich has its own pool of IP addresses. Some users can connect to N1a and N1b (on top of M), but not on N2a nor N2b some can connect to N2a and N2b (on top of M), but not N1a nor N1b and finally some users (very few) can connect to all 5 NASes Here's an another requirement : Users logging on N2a ou N2b must get a static IP address Users logging on N1a and N1b are always getting a dynamic IP address and users logging on M can sometimes get a static IP address and sometimes not, depending on the user. to sum this up: N1a and N1b are always assigning dynamic IPs N2a and N2b are always assigning static IPs M can do both, depending on the user (but M has it's own addresses) I have 2 pools of addresses (one for M and one for N1a and N1b) and a bunch of static addresses (for N2a and N2b) Let's take an example, cause I'm not sure I'm very clear there can be 4 different types of user * users that can log into N1a, N1b and M (with a dynamic address on M) when they connects to N1a or N1b they should get an IP address from pool 1 when they connects to M they should get an IP address from pool 2 * users hat can log into N2a, N2b and M (with a dynamic address on M) when they connects to N1a or N1b they should get a static IP when they connects to M they should get an IP address from pool 2 * users that can log into N2a, N2b and M (with a static address on M) when they connects to N1a or N1b they should get a static IP address when they connects to M they should get an other static IP address * users that can log into N1a, N1b, N2a, N2b and M (with a static address on M) when they connects to N1a or N1b they should get a static IP address when they connects to M they should get an other static IP address How can I set up the users to have these different profiles? How can I set up the clients to get the working differently with the same users? Thank you for any help on this.. hoping I was clear enough to expose my problem. David Nguyen H.R.Net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) CHAP problem
Salut Gildas - On Thu, 02 Nov 2000, Gildas PERROT wrote: > Hi Hugues, > > The password of the use doesn't change. However, I am not sure where the > problem comes from : ppp client, NAS or Radius ? > For Cisco, if the authentication is done by radius (and that's the case), > the problem comes from ppp client or Radius. > > Any idea how I could find which is guilty ? > If you can send us a copy of the configuration file (with secrets!), trace 4 debugs of both a successful and an unsuccessful login, and a copy of the database record for that customer (including password), we will be able to tell you where the problem lies. Please send this information directly to me. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Locating VSA
How can I see if Radiator is passing VSAs correctly?? What log file and what debug would tell me this?? Thanks, Keith Olmstead Network Engineer/Analyst CenturyTel Internet Services 318.361.4900 === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator and IPIP tunneling
Well all the PM3 is using is filters per instructions from Xstop filtering, all is correct in the PM3. The one reason that I posted my question on this list serve is this. I can manually go in and add a user and password on the PM3 and it will work fine but when I change it to authenticates off of Radiator it does not do the tunneling. I am just curious to where my error is, is it Radiator not assigning the groups and tunnelling correctly?? Is it my pm3, somewhere in the setup?? I appreciate your help though. --Keith At 04:46 PM 11/2/2000 +1100, Hugh Irvine wrote: >Hello Keith - > >On Thu, 02 Nov 2000, Keith Olmstead wrote: > > Hello, > > > > I am am needing some help and I hope that I can find some help here. > > What I am trying to accomplish is this. My company bought a filtering > > solution that using IPIP tunneling and I am having problems getting it to > > work with a Portmaster 3. What I am trying to do is eliminate the > > different parts in this solution. It is authorizing fine but there is no > > tunnel to the filter box and I am courious to find out if I radiator setup > > correctly. > > > >The place to start is with the documentation for both the Portmaster 3 and the >IPIP tunneling equipment. You will need to find out what radius reply >attributes are required to set up your tunnels. Once you have that information >you will have to add the relevant reply attributes to your user definitions, >and (probably) configure the Portmaster 3 to actually deal with the tunnel >attributes correctly. > >hth > >Hugh > > >-- >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. >Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radwho stopped working after changing IP addresses
I have a pressing issue. I turned off the Global Crossing "T" this past Saturday. The IP block was 206.165.153.x. The main IP address on my Radiator server was 206.165.153.185, however there were other working IP's. With my NAS server pointed at the new IP address. Ever since then radwho stopped working. I can still make a connection to the website http://mozart.cshore.com/cgi-bin/radwho.cgi. But it doesn't display any current data. I couldn't find anything in mysql that was referring to a particular IP address. I did see an error message on the screen: "You have an error in your SQL syntax . . at usr/local/lib/site_perl/Radius/SqlDb.pm line 228" I saw nothing strange on that line. I tried stopping mysql, touching the mysql.log file and restarting. Radwho will then work, but for only one entry. It will only list a single new entry and then stop displaying new logins. Do you have any ideas as to how I could fix it. Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com "The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy." -Martin Luther King, Jr. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) GPRS RAS problem
Hi! I have a problem here and would appreciate any enlightenment and example configuration file. I am currently testing a GPRS RAS. It can be configured to assign IP address dynamically with an IP pool. However, if it is configured to assign the IP address dynamically, it will not send accounting start and stop packet to the Radius server :-( But if we let Radius server assigns IP address dynamically using AuthBy DYNADDRESS and AddressAllocator SQL, then the GPRS RAS will be able to send accounting start and stop packets. Wierd but that is what the vendors told me how it should work for their RAS. However, in our testing with the above setup, we found that the IP address never get deallocated when the user disconnect. From the trace 4 debug, we found that the GPRS RAS does not send the Framed-IP-Address attribute in the accounting stop packet. Looking at the source code, we realise that Radiator needs the Framed-IP-Address attribute in the accounting stop packet in order to deallocate the used IP address. How can we configure radiator to work with the GPRS RAS in this case? In addition, We need to configure radiator to authenticate against an external SQL Oracle database. On top of that, the radius has to proxy the authentication request to at least two different Radius server for the realm "abc.com.sg" and "xyz.com.sg" How can we configure Radiator to handle all of the different types of authentication method as described above and at the same time allocate IP address dynamically for every authentication requests? Thanks for any help. Goh Sek Chye - Network Engineer SingNet Network Operations Centre === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) CHAP problem
Hi Hugues, The password of the use doesn't change. However, I am not sure where the problem comes from : ppp client, NAS or Radius ? For Cisco, if the authentication is done by radius (and that's the case), the problem comes from ppp client or Radius. Any idea how I could find which is guilty ? TIA.Gildas. -Message d'origine- De : Hugh Irvine [mailto:[EMAIL PROTECTED]] Envoyé : jeudi 2 novembre 2000 06:33 À : Gildas PERROT Objet : RE: (RADIATOR) CHAP problem Salut Gildas - On Thu, 02 Nov 2000, you wrote: > Salut Hugues, > > I didn't send the debug since it does not show anything about CHAP but here > it is : > > Mon Oct 30 13:25:07 2000: DEBUG: Packet dump: > *** Received from 193.149.123.98 port 1645 > Code: Access-Request > Identifier: 39 > Authentic: <237>k<153>e<222><232>8A<192>F<129><134><188><170>P<209> > Attributes: > NAS-IP-Address = 193.149.123.98 > NAS-Port = 32 > NAS-Port-Type = Async > User-Name = "Carrefour" > Called-Station-Id = "6641" > Calling-Station-Id = "672085196" > CHAP-Password = > "<2>P<24><6><2><156><163><151><255><219>p|<203><151> Service-Type = Framed-User > Framed-Protocol = PPP > What is the content of the password field in the database? If the content is always the same, but the same CHAP authentication request from the same NAS fails, then I would suspect a bug in the NAS. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Fwd: (RADIATOR) Authentication problem
Hello, Everything works fine now. Thanks for your support. Mike McCauley wrote: > > Hello Nacho, > > Thanks for the detailed description of this problem. > Basically the problem is this. > The default configuration for LDAP2 is to reject empty passwords, as protection > against a problem in the Perl LDAP module. This is causing CHAP access requests > to be incorrectly rejected. > > The fix is to downlaoded a new version of AuthLDAP2.pm from the 2.16.3 patches > area. > > We apologise for this problem. Thank you for reporting it to us. > > Cheers. > -- Ignacio Paredes | email: [EMAIL PROTECTED] Eurocomercial | Tfno: +34 91 4359687 Informatica y Comunicaciones | Fax: +34 91 4313240 === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.