Re: (RADIATOR) howto assigned DNS attributes to user
Hello Azahar - On Tuesday 09 January 2001 14:15, azahar mohamad wrote: > > Hello, > > Instead of NAS assigned the DNS IP address to the user, I try to configured > for our radiator to assigned the DNS. but it doesn't work I configure the > the VSA (USR primary dns server). I can see that in the logfile that the > attributes is been send to user but at the user side it didn't receive the > DNS IP address. > You will have to look at your NAS to see what it is doing with the VSA. You may have to set some configuration options for it to accept this type of radius attribute. BTW - what NAS and what firmware revision are you running? regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) howto assigned DNS attributes to user
Hello, Instead of NAS assigned the DNS IP address to the user, I try to configured for our radiator to assigned the DNS. but it doesn't work I configure the the VSA (USR primary dns server). I can see that in the logfile that the attributes is been send to user but at the user side it didn't receive the DNS IP address. Hope anybody can give me a clue. Tq Azahar mohamad Telekom Malaysia Berhad Here is the sample logfile: Code: Access-Accept Identifier: 70 Authentic: <219><134><179><185><9><184><231><170>7<235><27><155>f<29>O<140> Attributes: Framed-IP-Netmask = 255.255.255.255 Framed-IP-Address = 202.171.194.168 Framed-Protocol = PPP USR-Primary-DNS-Server = 203.106.83.174 Framed-Routing = None Framed-MTU = 1500 Port-Limit = 2 Framed-Compression = Van-Jacobson-TCP-IP === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accumulated login time
Hello Charles -
On Tuesday 09 January 2001 10:06, Charles Sprickman wrote:
> On Sat, 6 Jan 2001, Hugh Irvine wrote:
> > Yes, the session times are reported in the accounting stops, so that is
> > why it would be simple to add the new session time to the cumulative
> > total with the AcctSQLStatement.
> >
> > Something like this:
> >
> > AcctSQLStatement update IPASSACCT set \
> > TOTALTIME=TOTALTIME+0%{Acct-Session-Time}
>
> OK, I'm just about ready. I've been digging around the various .pm files
> trying to find what the "default" SQL statement is, but I've yet to find
> it. What am I missing? Or do I just set it up based on my
> "AcctColumnDef" fields, ie:
>
> AcctSQLStatement update NASPORT set NASPORT=%{NAS-Port} update \
> TIME_STAMP set TIME_STAMP=%{Timestamp} [etc...] where \
> USERNAME=%{User-Name}
>
> Is that correct? I assume I also ditch all the AcctColumnDef's at this
> point as well. Actually, that's not correct, is it? That's why I want to
> see the actual default statement...
>
There are two different things happening here. First, there is no "default"
query as it is generated from your AcctColumnDef's. Second, the
AcctSQLStatement(s) is/are executed *in addition to* the AcctColumnDef's.
Therefore, you leave your AcctColumnDef's as they are, and you add a simple
AcctSQLStatement (or even several) as I've shown.
Clear?
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Acct Logging
Hello Lachlan - On Tuesday 09 January 2001 11:05, Lachlan Fletcher wrote: > Ok, thanks for that. > > What about if I want to do it the other way around, as in I want to auth > from a file, but log to both a file and to an SQL database. This is only a > temporary setup for a few weeks for some realms until we can get all the > users details into the SQL database (but we still need the acct info in the > database). > You would define two AuthBy clauses and use an AuthByPolicy ContinueAlways. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Help with config for multi ISP's
Hello Wes - On Tuesday 09 January 2001 09:00, Wes wrote: > Hello, > > The company I work for has two separate ISPs. My problem is that any user > from either ISP can dial into any NAS that either ISP has. This works > well except for the customers who share a common username with someone on > the other ISP. All of our Authentication/Accounting/SessionDatabase is > going to be done on a single radius/mysql server. Up until now, we have > just been adding a "Simultaneous-Use=2" to the check items on the > duplicate users, and not really been worrying too much about the > accounting mess it creates. The only difference between ISP1's users and > ISP2's users is the password. Currently I just have "ContinueUntilAccept" > in my clause and this authenticates the user just fine, but it > stores all the accounting and sessiondatabase information in the first > AuthBy clause no matter what. Is there any way to get the information to > go into different tables depending on which user table they get > authenticated to? By the way, I am running Radiator 2.17.1 on RedHat > Linux, with MySql tables for Authentication/Accounting/SessionDatabase (2 > sets of each, one for each ISP). > In each AuthBy clause you should use an AddToReply, like this: # AuthBy for ISP1 Identifier ISP1 DBSource DBUsername DBAuth . AddToReply Class = ISP1 # AuthBy for ISP2 Identifier ISP2 DBSource DBUsername DBAuth . AddToReply Class = ISP2 # configure Handlers for accounting AuthBy ISP1 AuthBy ISP2 # configure Handler for authentication AuthByPolicy ContinueUntilAccept AuthBy ISP1 AuthBy ISP2 hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Acct Logging
Ok, thanks for that. What about if I want to do it the other way around, as in I want to auth from a file, but log to both a file and to an SQL database. This is only a temporary setup for a few weeks for some realms until we can get all the users details into the SQL database (but we still need the acct info in the database). Thanks, Lachlan. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Hugh Irvine > Sent: Monday, 8 January 2001 4:52 > To: Lachlan Fletcher; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) Acct Logging > > > > Hello Lachlan - > > On Monday 08 January 2001 17:03, Lachlan Fletcher wrote: > > Hi, > > > > I'm sure this has been answered before, but I can't seem to find it. > > > > We are using "AuthBy SQL", but would like to log to a text file > also, using > > the "AcctLogFileName" option to customise the name and location of the > > file, and we would like to do it differently for each realm. That is, we > > may want to use a different database and file name for each realm. > > > > Also, in the future, we may want to use a text based users file > as a backup > > if the SQL database fails. > > > > Any ideas/suggestions or pointers to specific docs or examples would be > > great. > > > > > > You just need to use one or more AcctLogFileName parameters in > your Realm(s) > or Handler(s) (have a look at the special characters, section 6.2 in the > Radiator reference manual): > > # log to different flat files in addition to SQL > > > > .. > > AcctLogFileName %D/detail-%R... > AcctLogFileName %D/detail-.. > .. > > > If you want to check a local users file, just add a second AuthBy > clause with > an AuthByPolicy: > > # configure AuthBy clauses with Identifiers > > > Identifier CheckSQL > .. > > > > Identifier CheckFILE > . > > > > AuthByPolicy ContinueUntilAccept > AuthBy CheckSQL > AuthBy CheckFILE > . > > > > hth > > Hugh > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) add user specific info
Hello Andrew - On Tuesday 09 January 2001 03:43, Andrew P. Kaplan wrote: > How would I add the following to a specific users: > > > cisco-avpair = "ip:addr-pool=cshore" > Depends on what user database you are using. If its a simple file, it would look like this: someuser Password = x, .. ..., cisco-avpair = "ip:addr-pool=cshore" hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Dictionary problems...
Hello Eric - On Tuesday 09 January 2001 05:53, Eric Elliston wrote: > Can anyone tell me how to fix this... > > Mon Jan 8 13:52:16 2001: ERR: Attribute number 121 (vendor ) is not > defined in > your dictionary > > I get these over and over. We use Platypus (ODBC) to connect to the > User Database > What dictionary are you using? This definition is from the standard Radiator dictionary (which you can just cut and paste into whatever dictionary you are using). ATTRIBUTE Ascend-Modem-SlotNo 121 integer hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Accumulated login time
On Sat, 6 Jan 2001, Hugh Irvine wrote:
> Yes, the session times are reported in the accounting stops, so that is why
> it would be simple to add the new session time to the cumulative total with
> the AcctSQLStatement.
>
> Something like this:
>
> AcctSQLStatement update IPASSACCT set \
> TOTALTIME=TOTALTIME+0%{Acct-Session-Time}
OK, I'm just about ready. I've been digging around the various .pm files
trying to find what the "default" SQL statement is, but I've yet to find
it. What am I missing? Or do I just set it up based on my
"AcctColumnDef" fields, ie:
AcctSQLStatement update NASPORT set NASPORT=%{NAS-Port} update \
TIME_STAMP set TIME_STAMP=%{Timestamp} [etc...] where \
USERNAME=%{User-Name}
Is that correct? I assume I also ditch all the AcctColumnDef's at this
point as well. Actually, that's not correct, is it? That's why I want to
see the actual default statement...
Thanks,
Charles
> > > and an AuthBy PORTLIMITCHECK to handle the possible abuse (more than
> > > "x" minutes, actually seconds would be easier to deal with).
> >
> > It almost looks like I could use PORTLIMITCHECK to do this. If I set
> > "LimitQuery" to be something like "select username, sum(ACCTSESSIONTIME)
> > from IPASSACCT where username=%{username} group by username;" and set max
> > sessions to the number of seconds my top limit is... Ugly, but perhaps it
> > would work.
> >
>
> The LimitQuery will only have to check the TOTALTIME against the preset limit.
>
> You will also have to have a cron job (or similar) to reset the TOTALTIME
> counters at the start of each month.
>
> > > If you have any further questions just ask.
> >
> > Of course! Radiator is like having an auto shop full of tools. So far
> > I'm just changing the oil on my Honda...
> >
>
> We offer only the finest tools - in fact Mike and I also have a joint venture
> company called "Network Engineering Tools (NETS)" which handles - you guessed
> it "Nets".
>
> In fact, you should really have a look at Nets
>
> :-)
>
> regards
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Help with config for multi ISP's
Hello, The company I work for has two separate ISPs. My problem is that any user from either ISP can dial into any NAS that either ISP has. This works well except for the customers who share a common username with someone on the other ISP. All of our Authentication/Accounting/SessionDatabase is going to be done on a single radius/mysql server. Up until now, we have just been adding a "Simultaneous-Use=2" to the check items on the duplicate users, and not really been worrying too much about the accounting mess it creates. The only difference between ISP1's users and ISP2's users is the password. Currently I just have "ContinueUntilAccept" in my clause and this authenticates the user just fine, but it stores all the accounting and sessiondatabase information in the first AuthBy clause no matter what. Is there any way to get the information to go into different tables depending on which user table they get authenticated to? By the way, I am running Radiator 2.17.1 on RedHat Linux, with MySql tables for Authentication/Accounting/SessionDatabase (2 sets of each, one for each ISP). Thanks in Advance, Wes Lifford === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Dictionary problems...
Can anyone tell me how to fix this... Mon Jan 8 13:52:16 2001: ERR: Attribute number 121 (vendor ) is not defined in your dictionary I get these over and over. We use Platypus (ODBC) to connect to the User Database Thank you, Eric Elliston Network Administrator --Neosmart.com 941-332-4900 [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) add user specific info
How would I add the following to a specific users: cisco-avpair = "ip:addr-pool=cshore" Andrew P. Kaplan, CNE, MCSE+Internet, MCT, CCNA, CCDA CyberShore, Inc. -- Premium Internet Services -- http://www.cshore.com "The ultimate measure of a man is not where he stands in moments of comfort, but where he stands at times of challenge and controversy." -Martin Luther King, Jr. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) travel plans (aka Big Silver Bird...again)
Hello Everyone - Mike and I are planning a trip to London next week. We are booked to fly out of here on Friday afternoon, arriving in London on Saturday morning the 13th of January. We will be working on site during the week, and I will be going to Paris for the 18th and 19th, and Mike will join me there for the weekend. As usual, if anyone in either London or Paris would like to get together, please let us know, or contact Joanne ([EMAIL PROTECTED]) to coordinate. Also, if anyone would like any work done by either Mike or myself, please contact Joanne to book the time, etc. best regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
