(RADIATOR) Sample site for using Radiator on NT platform
--- Forwarded mail from [EMAIL PROTECTED] Date: Thu, 15 Feb 2001 17:40:32 +1100 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Lam, Jacky SM" <[EMAIL PROTECTED]>] >From mikem Thu Feb 15 17:40:27 2001 Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA17915 for [EMAIL PROTECTED]; Thu, 15 Feb 2001 17:40:26 +1100 (EST) >Received: from hkgmss10.cwhkt.com ([202.84.162.92]) by perki.connect.com.au with SMTP id RAA05291 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 15 Feb 2001 17:27:08 +1100 (EST) Message-ID: <[EMAIL PROTECTED]> Received: from hkgmss10.cwhkt.com ([202.84.162.92]) by perki.connect.com.au with SMTP id RAA05291 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 15 Feb 2001 17:27:08 +1100 (EST) Received: by mail.pccw.com with Internet Mail Service (5.5.2650.21) id <1820X5QK>; Thu, 15 Feb 2001 14:31:15 +0800 From: "Lam, Jacky SM" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: Sample site for using Radiator on NT platform Date: Thu, 15 Feb 2001 14:25:35 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Dear Sir / Madam, We are planning to use Radiator on NT platform. However, we want to know is there any references or sample sites which are using Radiator on NT platform before making the decision. Thanks for your help! Best regards, Jacky Lam Networking & Technologies Pacific Century CyberWorks [EMAIL PROTECTED] ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Different static IP for different Clients
Hello Petri - > > >We have 2 NAS's for dial-in purposes and mostly IPs >are assigned from pool. Couple of users need static IPs. > >These users call single number and their calls are forwarded >to either of NAS's. Because of lack of proper routing >protocol we decided to give them two static IP:s depending >of which NAS they end up to. > >So we've made a users file for them that uses check-item >Client-Id to give them correct IP. Users file has >two occurances for the user, one for each NAS (see below). > >Problem is that when user comes from client1, radiator seems >to process the second user line also ending up with reject >(see log clip). If user comes from client2, Client-Id check >item is matched and user gets ip2. > >I can see the reason why it happens and also have postauthhook >to deal with situation, but postauthhook isn't as maintainable >as users file. > >I'm using Radiator 2.16 (don't touch if it works...) The latest version is 2.17.1 with a new release due out in the next couple of weeks. > >Any suggestions? > >Thanks in advance, > >Petri > >--- > >user Auth-Type = CheckSystem, Group = access, Client-Id = client1 > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Netmask = 255.255.255.255, > Framed-IP-Address = ip1 >user Auth-Type = CheckSystem, Group = access, Client-Id = client2 > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Netmask = 255.255.255.255, > Framed-IP-Address = ip2 > > You will need to change these two entries to DEFAULT, because the second entry is overwriting the first. DEFAULT User-Name = user, Auth-Type = CheckSystem, . .. DEFAULT User-Name = user, Auth-Type = CheckSystem, . hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Acct-Interim-Update for keepingSessionDatabase current
> > >> Hi people, >> >> We are having trouble with stale records in our SessionDatabase. >> >> The NAS is a Nortel Shasta that doesn't seem to have a reasonable means >> of being queried about a particular Acct-Session-Id or Username/Framed-IP- >> Address. >> >> We started using Ping, but it seems to be giving addresses on a FIFO >> basis, so they are almost immediatly re-used making this method useless. >> >> The people at Nortel say that they can configure it so it sends Acct- >> Interim-Update packets every minutes. >> >> What we could do is to catch every Acct-Interim-Update packet and make an >> update on the SessionDatabase record's Timestamp. >> >> Now, if we have a user trying to authenticate and according to our >> SessionDatabase it would exceed it's Simultaneous-Use value, we could >> check every record for this user and if the Timestamp is older than >> minutes + 10% (or something like that), we consider it invalid and allow >> the user in again. >> >> >> How would I do this? >> >> >> That is, as there is an AddQuery for an Acct-Start and a DeleteQuery for >> an Acct-Stop, I would need to use a kind of "UpdateQuery" for an Acct- >> Interim-Update. How can I do this? >> >> >> Where should I handle the Simultaneous-Use check? That is, now I simply >> set a NasType in the Shasta's entry. How can I use an arbitrary >> perl function for this? >> >> >> Thanx. >> -- >> Baby >> >> >> -- >> PS: If one of the Shasta users out there is handling lost Acct-Stop >> packets in some other way, I would very much like to know... as we are a >> third party and not the ISP itself, we don't have direct access to the >> Nortel people. >> >> > >I forgot... our current setup is a Netra T1 with 512Mb RAM running >Radiator 2.17.1 and MySQL 3.22.32 for the SessionDatabase. > >The accounting database we have just moved it out to another Netra T1 >running also MySQL because it appeared that making queries on the >accounting database slowed down the machine (though I ain't that sure >about this). > >The question is, do you think that adding all these Acct-Interim-Update >packets and espcially the update queries can degrade the performance of >the radius server? > >There are currently between 2000 and 3000 users on line simutaneously and >they are usually connected for long periods... I would risk something >like 4 hours average but made no real statistics on this. With the proper indexes on the database tables, you should be fine. (see my previous mail regarding your problem) regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Acct-Interim-Update for keeping SessionDatabasecurrent
Hello Mariano - I think you will need to use a hook in addition to your normal session database. There are some example hooks in the file "goodies/hooks.txt" in the Radiator 2.17.1 distribution. regards Hugh At 16:48 -0300 01/2/14, Mariano Absatz wrote: >Hi people, > >We are having trouble with stale records in our SessionDatabase. > >The NAS is a Nortel Shasta that doesn't seem to have a reasonable means >of being queried about a particular Acct-Session-Id or Username/Framed-IP- >Address. > >We started using Ping, but it seems to be giving addresses on a FIFO >basis, so they are almost immediatly re-used making this method useless. > >The people at Nortel say that they can configure it so it sends Acct- >Interim-Update packets every minutes. > >What we could do is to catch every Acct-Interim-Update packet and make an >update on the SessionDatabase record's Timestamp. > >Now, if we have a user trying to authenticate and according to our >SessionDatabase it would exceed it's Simultaneous-Use value, we could >check every record for this user and if the Timestamp is older than >minutes + 10% (or something like that), we consider it invalid and allow >the user in again. > >How would I do this? > >That is, as there is an AddQuery for an Acct-Start and a DeleteQuery for >an Acct-Stop, I would need to use a kind of "UpdateQuery" for an Acct- >Interim-Update. How can I do this? > >Where should I handle the Simultaneous-Use check? That is, now I simply >set a NasType in the Shasta's entry. How can I use an arbitrary >perl function for this? > >Thanx. >-- >Baby > >-- >PS: If one of the Shasta users out there is handling lost Acct-Stop >packets in some other way, I would very much like to know... as we are a >third party and not the ISP itself, we don't have direct access to the >Nortel people. > > > >=== >Archive at http://www.starport.net/~radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re:
Hello Mark - The next version of Radiator has lots more features to do this sort of thing. It should be out in the next couple of weeks. cheers Hugh At 9:49 +1300 01/2/15, Mark - Orcon Support wrote: >Just following up on this request -- I've been needing to do the same thing. >I couldn't find a way to get the Reject-Reason attribute from within a hook. >The ability to change this attribute would be great too. > >. > >Mark Mackay, >Orcon Internet. > >> From: Samantha Naleendra Senaratna <[EMAIL PROTECTED]> >> Date: Wed, 14 Feb 2001 12:39:09 +0600 (GMT) >> To: <[EMAIL PROTECTED]> >> >> >> I've been developing a MySQL based authentication system for our users. We >> are using Radiator version 2.14.1. I need to trap the reason for >> authentication >> REJECTs. (for e.g expiration >> date passed or session timeout ), and update the database to indicate a >> status for each user. I was hoping to do this using a PostAuthHook, >> calling a perl function. This passes a link to the request object to >> the PostAutHook. But I have been limited in this since I couldn't >> find any documentation of the attributes (and methods) of each user >> request object. Could you please help me on this. If anyone could tell >> me >> where to find such a documentation it would be very helpful to me. >> >> >> Samantha Naleendra Senaratna >> Systems Engineer >> Lanka Internet Services Ltd. Sri Lanka. >> >> Tel: +94 1 565071 >> Fax: +94 75 535637 >> >> >> >> === >> Archive at http://www.starport.net/~radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. > > >=== >Archive at http://www.starport.net/~radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) multiply field for check
Hello Ben-Nes Michael - At 15:24 +0200 01/2/14, Ben-Nes Michael wrote: >Can I do in the configuration multiply field (sql) for check >or i must put all the check attr in one field > > >field2 = Expiration = "Dec 10 2001" >field3 = Simultaneous-Use = 1 > >AuthColumnDef 1, GENERIC, check >AuthColumnDef 2, GENERIC, check > You can do it either way. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Different static IP for different Clients
--- Forwarded mail from [EMAIL PROTECTED] Date: Thu, 15 Feb 2001 03:40:23 +1100 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [[EMAIL PROTECTED]] >From mikem Thu Feb 15 03:40:19 2001 Received: by oscar.open.com.au (8.9.0/8.9.0) id DAA16347 for [EMAIL PROTECTED]; Thu, 15 Feb 2001 03:40:18 +1100 (EST) From: [EMAIL PROTECTED] >Received: from mail.verkkotieto.com (brown.verkkotieto.com [212.86.0.22]) by perki.connect.com.au with ESMTP id DAA25164 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 15 Feb 2001 03:33:49 +1100 (EST) Received: from mail.verkkotieto.com (brown.verkkotieto.com [212.86.0.22]) by perki.connect.com.au with ESMTP id DAA25164 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 15 Feb 2001 03:33:49 +1100 (EST) Received: from black.verkkotieto.com (black.verkkotieto.com [212.86.0.14]) by mail.verkkotieto.com (8.9.3+Sun/8.9.3) with ESMTP id SAA23495 for <[EMAIL PROTECTED]>; Wed, 14 Feb 2001 18:33:33 +0200 (EET) Date: Wed, 14 Feb 2001 18:33:32 +0200 (EET) X-X-Sender: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Different static IP for different Clients Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hi, We have 2 NAS's for dial-in purposes and mostly IPs are assigned from pool. Couple of users need static IPs. These users call single number and their calls are forwarded to either of NAS's. Because of lack of proper routing protocol we decided to give them two static IP:s depending of which NAS they end up to. So we've made a users file for them that uses check-item Client-Id to give them correct IP. Users file has two occurances for the user, one for each NAS (see below). Problem is that when user comes from client1, radiator seems to process the second user line also ending up with reject (see log clip). If user comes from client2, Client-Id check item is matched and user gets ip2. I can see the reason why it happens and also have postauthhook to deal with situation, but postauthhook isn't as maintainable as users file. I'm using Radiator 2.16 (don't touch if it works...) Any suggestions? Thanks in advance, Petri --- user Auth-Type = CheckSystem, Group = access, Client-Id = client1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-IP-Address = ip1 user Auth-Type = CheckSystem, Group = access, Client-Id = client2 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-IP-Address = ip2 Wed Feb 14 17:50:39 2001: DEBUG: Radius::AuthFILE REJECT: Client-Id does not match ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Acct-Interim-Update for keeping SessionDatabase current
--- Forwarded mail from [EMAIL PROTECTED] Date: Thu, 15 Feb 2001 08:10:22 +1100 (EST) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Mariano Absatz" <[EMAIL PROTECTED]>] >From mikem Thu Feb 15 08:10:16 2001 Received: by oscar.open.com.au (8.9.0/8.9.0) id IAA16627 for [EMAIL PROTECTED]; Thu, 15 Feb 2001 08:10:16 +1100 (EST) >Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id IAA05099 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 15 Feb 2001 08:00:19 +1100 (EST) Received: from dedos.pert.com.ar (dedos.pert.com.ar [200.49.76.34]) by perki.connect.com.au with ESMTP id IAA05099 (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 15 Feb 2001 08:00:19 +1100 (EST) Received: from cosa.intranet.pert.com.ar ([192.168.1.10]:15634 "EHLO cosa" whoson: "popbaby") by dedos.pert.com.ar with ESMTP id convert rfc822-to-8bit; Wed, 14 Feb 2001 18:00:02 -0300 From: "Mariano Absatz" <[EMAIL PROTECTED]> Organization: Pert Consultores To: Radiator List <[EMAIL PROTECTED]> Date: Wed, 14 Feb 2001 18:00:03 -0300 MIME-Version: 1.0 Content-transfer-encoding: 8BIT Subject: Re: Acct-Interim-Update for keeping SessionDatabase current Message-ID: <3A8AC7A3.16070.C0C7289@localhost> Priority: normal In-reply-to: <3A8AB71F.24254.BCBECFF@localhost> X-mailer: Pegasus Mail for Win32 (v3.12c) Content-Type: text/plain; charset=ISO-8859-1 See more below... El 14 Feb 2001, a las 16:49, Mariano Absatz escribió: > Hi people, > > We are having trouble with stale records in our SessionDatabase. > > The NAS is a Nortel Shasta that doesn't seem to have a reasonable means > of being queried about a particular Acct-Session-Id or Username/Framed-IP- > Address. > > We started using Ping, but it seems to be giving addresses on a FIFO > basis, so they are almost immediatly re-used making this method useless. > > The people at Nortel say that they can configure it so it sends Acct- > Interim-Update packets every minutes. > > What we could do is to catch every Acct-Interim-Update packet and make an > update on the SessionDatabase record's Timestamp. > > Now, if we have a user trying to authenticate and according to our > SessionDatabase it would exceed it's Simultaneous-Use value, we could > check every record for this user and if the Timestamp is older than > minutes + 10% (or something like that), we consider it invalid and allow > the user in again. > > > How would I do this? > > > That is, as there is an AddQuery for an Acct-Start and a DeleteQuery for > an Acct-Stop, I would need to use a kind of "UpdateQuery" for an Acct- > Interim-Update. How can I do this? > > > Where should I handle the Simultaneous-Use check? That is, now I simply > set a NasType in the Shasta's entry. How can I use an arbitrary > perl function for this? > > > Thanx. > -- > Baby > > > -- > PS: If one of the Shasta users out there is handling lost Acct-Stop > packets in some other way, I would very much like to know... as we are a > third party and not the ISP itself, we don't have direct access to the > Nortel people. > > I forgot... our current setup is a Netra T1 with 512Mb RAM running Radiator 2.17.1 and MySQL 3.22.32 for the SessionDatabase. The accounting database we have just moved it out to another Netra T1 running also MySQL because it appeared that making queries on the accounting database slowed down the machine (though I ain't that sure about this). The question is, do you think that adding all these Acct-Interim-Update packets and espcially the update queries can degrade the performance of the radius server? There are currently between 2000 and 3000 users on line simutaneously and they are usually connected for long periods... I would risk something like 4 hours average but made no real statistics on this. -- Mariano Absatz mailto:[EMAIL PROTECTED] PGP KEYS: http://www.pert.com.ar/baby/pgpkeys.html PERT Consultores http://www.pert.com.ar ---End of forwarded mail from [EMAIL PROTECTED] -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re:
Just following up on this request -- I've been needing to do the same thing. I couldn't find a way to get the Reject-Reason attribute from within a hook. The ability to change this attribute would be great too. . Mark Mackay, Orcon Internet. > From: Samantha Naleendra Senaratna <[EMAIL PROTECTED]> > Date: Wed, 14 Feb 2001 12:39:09 +0600 (GMT) > To: <[EMAIL PROTECTED]> > > > I've been developing a MySQL based authentication system for our users. We > are using Radiator version 2.14.1. I need to trap the reason for > authentication > REJECTs. (for e.g expiration > date passed or session timeout ), and update the database to indicate a > status for each user. I was hoping to do this using a PostAuthHook, > calling a perl function. This passes a link to the request object to > the PostAutHook. But I have been limited in this since I couldn't > find any documentation of the attributes (and methods) of each user > request object. Could you please help me on this. If anyone could tell > me > where to find such a documentation it would be very helpful to me. > > > Samantha Naleendra Senaratna > Systems Engineer > Lanka Internet Services Ltd. Sri Lanka. > > Tel: +94 1 565071 > Fax: +94 75 535637 > > > > === > Archive at http://www.starport.net/~radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Acct-Interim-Update for keeping SessionDatabase current
Hi people, We are having trouble with stale records in our SessionDatabase. The NAS is a Nortel Shasta that doesn't seem to have a reasonable means of being queried about a particular Acct-Session-Id or Username/Framed-IP- Address. We started using Ping, but it seems to be giving addresses on a FIFO basis, so they are almost immediatly re-used making this method useless. The people at Nortel say that they can configure it so it sends Acct- Interim-Update packets every minutes. What we could do is to catch every Acct-Interim-Update packet and make an update on the SessionDatabase record's Timestamp. Now, if we have a user trying to authenticate and according to our SessionDatabase it would exceed it's Simultaneous-Use value, we could check every record for this user and if the Timestamp is older than minutes + 10% (or something like that), we consider it invalid and allow the user in again. How would I do this? That is, as there is an AddQuery for an Acct-Start and a DeleteQuery for an Acct-Stop, I would need to use a kind of "UpdateQuery" for an Acct- Interim-Update. How can I do this? Where should I handle the Simultaneous-Use check? That is, now I simply set a NasType in the Shasta's entry. How can I use an arbitrary perl function for this? Thanx. -- Baby -- PS: If one of the Shasta users out there is handling lost Acct-Stop packets in some other way, I would very much like to know... as we are a third party and not the ISP itself, we don't have direct access to the Nortel people. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Cisco AS5300 VoIP / Radiator
> ...One interesting thing to
> note is that the AS5300 seems to be sending a null User-Name
> ("") when they use account/PIN.
That seems odd to me. After the initial "pre-authentication", as the
documents suggest, ours prompts for an Account Number and PIN, and the
Gateway plugs them into the RADIUS Username and Password attributes,
respectively.
However, you can probably get this behavior to be anything you want based on
what IVR script you select in the Gateway...
Dave
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) multiply field for check
Can I do in the configuration multiply field (sql) for check or i must put all the check attr in one field field2 = Expiration = "Dec 10 2001" field3 = Simultaneous-Use = 1 AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, check -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-4-6925757 Fax: 972-4-6925858 http://www.canaan.co.il -- === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Re: (RADIATOR) Incorrect online users
Title: Re: Re: (RADIATOR) Incorrect online users Hello Mustafa - After going through the documentation on Radiator, i found that the Radiator by default, clears all sessions on the online (session) table if the NAS is rebooted. This is OK under normal circumstances. The problem we have is that, when radius (radiator) is restarted OR when a large query is being executed (on the Authentication table - not the online session table), the sessions for a particular NAS are cleared. When Radiator is restarted, it does not touch an existing SQL session database, and I do not understand why the sessions for a particular NAS would be cleared if a NAS is not rebooted. Is there some parameter/s (eg. a Timeout parameter) that can be changed or inserted into the config file that would ensure that a certain time has elapsed before the session table is cleared?? No, but you can change the queries however you wish in the SessionDatabase SQL clause. The queries you can change are the AddQuery, DeleteQuery, ClearNasQuery and CountQuery. Have a look at section 6.7 in the Radiator 2.17.1 reference manual. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
(RADIATOR) Re:
Hello Samantha - At 12:39 +0600 01/2/14, Samantha Naleendra Senaratna wrote: >I've been developing a MySQL based authentication system for our users. We >are using Radiator version 2.14.1. I need to trap the reason for >authentication > REJECTs. (for e.g expiration >date passed or session timeout ), and update the database to indicate a >status for each user. I was hoping to do this using a PostAuthHook, >calling a perl function. This passes a link to the request object to >the PostAutHook. But I have been limited in this since I couldn't >find any documentation of the attributes (and methods) of each user >request object. Could you please help me on this. If anyone could tell >me >where to find such a documentation it would be very helpful to me. > I'm not exactly sure what you mean by "documentation of the attributes (and methods) of each user request object"? The best way to find out what Radiator is doing is to read the source code (radiusd itself and the modules in the Radius subdirectory in the distribution). Aside from that there is some information in the reference manual in section 17, and there are several example hooks that demonstrate many advanced techniques in the file "goodies/hooks.txt" in the distribution. Note that the latest version of Radiator is 2.17.1. hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radwho.cgi
Hello Daniel - At 18:35 +0900 01/2/14, daniel wrote: >Hi, > >No I meant radwho.cgi. I am trying to check users connection in >real-time. If you have multiple radius servers, how would you implement >it ? I will be using DBM format file. The only way you can handle multiple radius servers is to use a single SessionDatabase SQL that is accessed by all copies of Radiator. You cannot use a DBM file in a shared environment because there is no locking support. hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radwho.cgi
Hi, No I meant radwho.cgi. I am trying to check users connection in real-time. If you have multiple radius servers, how would you implement it ? I will be using DBM format file. Daniel On Wed, 14 Feb 2001, Hugh Irvine wrote: > > Hello Daniel - > > At 15:46 +0900 01/2/14, daniel wrote: > >hi, > > > >Just wondering if it is possible to use radwho.cgi with multiple > >accounting servers. I am thinking about using DBM instead of SQL. > > > > Do you mean radacct.cgi? radwho.cgi is used in conjunction with the > session database. > > hth > > Hugh > > -- > > NB: I am travelling this week, so there may be delays in our correspondence. > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Re: (RADIATOR) Incorrect online users
Title: Re: Re: (RADIATOR) Incorrect online users Hi Hugh, After going through the documentation on Radiator, i found that the Radiator by default, clears all sessions on the online (session) table if the NAS is rebooted. This is OK under normal circumstances. The problem we have is that, when radius (radiator) is restarted OR when a large query is being executed (on the Authentication table - not the online session table), the sessions for a particular NAS are cleared. Is there some parameter/s (eg. a Timeout parameter) that can be changed or inserted into the config file that would ensure that a certain time has elapsed before the session table is cleared?? Thanks and regards Mustafa - Original Message - From: Hugh Irvine To: Mustafa Mal Sent: Tuesday, 13 February 2001 02:50 PM Subject: Re: Re: (RADIATOR) Incorrect online users Hello Mustafa - We have checked the network usage using a sniffer and the usage is not more than 20% of capacity at peak. We did run radius in trace 4 debug mode for a while but were not able to tell much from the file as to why the online users are incorrect in the RADONLINE. The trace 4 will show everything that is happening. BTW - I am travelling this week, and I could not download a 4mb trace file. We did notice that each time a a user attempts to connect, his records is first deleted from the RADONLINE and inserted again. Please confirm if this is the way the radius functions or is it an error. Yes, Radiator tries to be self-healing in the face of lost stop packets, so it always does a pre-emptive delete of the session database record for the NAS-IP-Address and NAS-Port that is present in the request. I would like to mention that the users in the RADONLINE drop when the authentication database is locked for a long time. This happens when a query is executed for checking the status of the users. This query takes about 30 seconds to execute and when its done, the RADONLINE entries from the Tigris drops down drastically. Please advise. It may very well be that you are getting a timeout on your SQL connection, which results in Radaitor not trying the connection again for 10 minutes. I could well imagine that not updating the session database for that long would cause serious problems. An SQL query that takes 30 seconds will cause major problems and should be fixed. There is one other problem that we are facing at the moment. If a user is online and another attempt is made to log on using the same username password, the second attempt is not rejected outright, instead, the user gets a pop up window requesting the username and password again. The user is prompted for a valid username and password up to 20 times before the session is dropped. I was trying to look up how to limit this to three but was unable to find help in the documentation and on the web site. I am told that the NAS does not drop the call because of incorrect radius attributes. Please confirm. I have no idea why this would be happening. If an access is rejected, an Access-Reject is returned to the NAS, there are no attributes involved. hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS serveranywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Re: (RADIATOR) radwho.cgi
Hello Daniel - At 15:46 +0900 01/2/14, daniel wrote: >hi, > >Just wondering if it is possible to use radwho.cgi with multiple >accounting servers. I am thinking about using DBM instead of SQL. > Do you mean radacct.cgi? radwho.cgi is used in conjunction with the session database. hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
