(RADIATOR) Minimum Handler + AuthBy to reject?
I suspect there is a simple answer to this... ;-) Currently I have: Handler Client-Identifer=foo [Blah] AuthBy LDAP2 [other blah] /AuthBy /Handler and it works just fine :-) However, there's a need to refuse ISDN Authentication attempts, So I figure a solution like this: Handler Client-Identifer=foo,Nas-Port-Type=Sync,Request-Type=Access-Request AuthBy [] /AuthBy /Handler Handler Client-Identifer=foo [Blah] AuthBy LDAP2 [other blah] /AuthBy /Handler I suppose I could use Handler Client-Identifer=foo,Nas-Port-Type=Sync,Request-Type=Access-Request AuthBy FILE FileName /foo/bar /AuthBy /Handler and either use an empty file (assuming it's permissible) or a single DEFAULT entry like say: DEFAULT Auth-Type = Reject: ISDN calls not allowed But is there anything simpler/more-elegant? Thanks, Neale. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Minimum Handler + AuthBy to reject?
Hello Neale - The answer probably depends on what else you are wanting to do in your configuration file and/or your LDAP database. I would suggest however, that a couple of DEFAULT entries in an AuthBy FILE might work for you. Something like this: # users file DEFAULT Client-Identifier=foo, NAS-Port-Type=Sync, Auth-Type=Reject DEFAULT Auth-Type=CheckLDAP and in the configuration file: # define AuthBy clauses AuthBy LDAP2 Identifier CheckLDAP .. /AuthBy AuthBy FILE Identifier CheckFILE . /AuthBy # define Handler(s) Handler AuthBy CheckFILE /Handler hth Hugh On Monday 21 May 2001 19:45, Neale Banks wrote: I suspect there is a simple answer to this... ;-) Currently I have: Handler Client-Identifer=foo [Blah] AuthBy LDAP2 [other blah] /AuthBy /Handler and it works just fine :-) However, there's a need to refuse ISDN Authentication attempts, So I figure a solution like this: Handler Client-Identifer=foo,Nas-Port-Type=Sync,Request-Type=Access-Request AuthBy [] /AuthBy /Handler Handler Client-Identifer=foo [Blah] AuthBy LDAP2 [other blah] /AuthBy /Handler I suppose I could use Handler Client-Identifer=foo,Nas-Port-Type=Sync,Request-Type=Access-Request AuthBy FILE FileName /foo/bar /AuthBy /Handler and either use an empty file (assuming it's permissible) or a single DEFAULT entry like say: DEFAULT Auth-Type = Reject: ISDN calls not allowed But is there anything simpler/more-elegant? Thanks, Neale. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) subhandlers?
Hello, I was wondering if it is possible to do something like the following in any way: Handler NAS-IP-Address = 1.2.3.4 Handler Called-Station-Id = 1234 ... /Handler Handler Called-Station-Id = 5678 ... /Handler /Handler That is, to provide a drill-down like configuration. Thanks, Viraj. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AcctSQLStatement problem
--- Forwarded mail from [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Mon, 21 May 2001 08:45:31 -0500 To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [adam [EMAIL PROTECTED]] From [EMAIL PROTECTED] Mon May 21 08:45:30 2001 Received: from kccg.com (kccg.com [216.235.110.136] (may be forged)) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f4LDjUD23154 for [EMAIL PROTECTED]; Mon, 21 May 2001 08:45:30 -0500 Received: from WEBDEV [168.187.26.236] by kccg.com (SMTPD32-6.04) id A78360D00052; Mon, 21 May 2001 11:42:59 -0400 Message-ID: 003901c0e20b$d84d0de0$[EMAIL PROTECTED] From: adam [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: AcctSQLStatement problem Date: Mon, 21 May 2001 18:36:42 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary==_NextPart_000_0036_01C0E224.FB44BD20 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 This is a multi-part message in MIME format. --=_NextPart_000_0036_01C0E224.FB44BD20 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi all I'm constructing a daily based dialup connection scheme where every user = can connect for different period of time on each day so i have in my authentication table seven fields each represent a day = and each field have the time he is allowed to connect. The authentication works fine but i'm facing problems in the updating of = the information. bellow is the : updating the table query AcctSQLStatement update Authentication set %Q =3D = {%Q}-0%{Acct-Session-Time}, Last =3D '%Q' where USERNAME =3D '%n' And = Type =3D 'H' the following is the error Mon May 21 18:16:30 2001: DEBUG: do query is: update Authentication set = Monday =3D {Monday}-01000, Last =3D 'Monday' where USERNAME =3D 'fred' = And Type =3D 'H' Mon May 21 18:16:30 2001: ERR: do failed for 'update Authentication set = Monday =3D {Monday}-01000, Last =3D 'Monday' where USERNAME =3D 'fred' = And Type =3D 'H'': [Microsoft][ODBC Microsoft Access Driver] Syntax = error in query expression 'Monday}-01000'. (SQL-37000)(DBD: = st_prepare/SQLPrepare err=3D-1) Mon May 21 18:16:31 2001: ERR: do failed for 'update Authentication set = Monday =3D {Monday}-01000, Last =3D 'Monday' where USERNAME =3D 'fred' = And Type =3D 'H'': [Microsoft][ODBC Microsoft Access Driver] Syntax = error in query expression 'Monday}-01000'. (SQL-37000)(DBD: = st_prepare/SQLPrepare err=3D-1) i think the problem is in %Q=3D{%Q}=20 can anybody help=20 Thanks all --=_NextPart_000_0036_01C0E224.FB44BD20 Content-Type: text/html; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META content=3Dtext/html; charset=3Diso-8859-1 = http-equiv=3DContent-Type META content=3DMSHTML 5.00.2920.0 name=3DGENERATOR STYLE/STYLE /HEAD BODY bgColor=3D#ff DIVFONT face=3DArial size=3D2Hi all/FONT/DIV DIVnbsp;/DIV DIVFONT face=3DArial size=3D2I'm constructing a daily based dialup = connection=20 scheme where every usernbsp;can connect for different period of time on = each=20 day/FONT/DIV DIVFONT face=3DArial size=3D2so i have in my authentication table = seven fields=20 each represent a day and each field have the time he is allowednbsp;to=20 connect./FONT/DIV DIVnbsp;/DIV DIVFONT face=3DArial size=3D2The authentication works fine but i'm = facing=20 problems in the updating of the information./FONT/DIV DIVFONT face=3DArial size=3D2bellow is the : updating the table=20 query/FONT/DIV DIVFONT face=3DArial size=3D2AcctSQLStatement update Authentication = set %Q =3D=20 {%Q}-0%{Acct-Session-Time}, Last =3D '%Q' where USERNAME =3D '%n' And = Type =3D=20 'H'/FONT/DIV DIVFONT face=3DArial size=3D2/FONTnbsp;/DIV DIVFONT face=3DArial size=3D2the following is the error/FONT/DIV DIVFONT face=3DArial size=3D2FONT size=3D2 PMon May 21 18:16:30 2001: DEBUG: do query is: update Authentication = set=20 Monday =3D {Monday}-01000, Last =3D 'Monday' where USERNAME =3D 'fred' = And Type =3D=20 'H'/P PMon May 21 18:16:30 2001: ERR: do failed for 'update Authentication = set=20 Monday =3D {Monday}-01000, Last =3D 'Monday' where USERNAME =3D 'fred' = And Type =3D=20 'H'': [Microsoft][ODBC Microsoft Access Driver] Syntax error in query = expression=20 'Monday}-01000'. (SQL-37000)(DBD: st_prepare/SQLPrepare err=3D-1)/P PMon May 21 18:16:31 2001: ERR: do failed for 'update Authentication = set=20 Monday =3D {Monday}-01000, Last =3D 'Monday' where USERNAME =3D 'fred' = And Type =3D=20 'H'': [Microsoft][ODBC Microsoft Access Driver] Syntax error in query = expression=20 'Monday}-01000'. (SQL-37000)(DBD: st_prepare/SQLPrepare err=3D-1)/P Pnbsp;/P Pi think the problem is in %Q=3D{%Q} /P Pcan anybody help /P PThanks all/P/FONT/DIV/FONT/BODY/HTML --=_NextPart_000_0036_01C0E224.FB44BD20-- ---End of forwarded mail from
(RADIATOR) OpenLDAP 2 says unknown LDAP request
--- Forwarded mail from [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Mon, 21 May 2001 15:50:06 -0500 To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Eric Kilfoil [EMAIL PROTECTED]] From [EMAIL PROTECTED] Mon May 21 15:50:05 2001 Received: from emory.viawest.net (mx2.viawest.net [216.87.64.4]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f4LKo5D24545 for [EMAIL PROTECTED]; Mon, 21 May 2001 15:50:05 -0500 Received: from mvec.viawest.net (mvec.viawest.net [216.87.64.3]) by emory.viawest.net (8.9.3/8.9.3/viawest-1.0) with ESMTP id QAA26596 for [EMAIL PROTECTED]; Mon, 21 May 2001 16:47:05 -0600 (MDT) Received: from localhost (edk@localhost) by mvec.viawest.net (8.9.3+Sun/8.9.3) with ESMTP id QAA00759 for [EMAIL PROTECTED]; Mon, 21 May 2001 16:47:01 -0600 (MDT) X-Authentication-Warning: mvec.viawest.net: edk owned process doing -bs Date: Mon, 21 May 2001 16:47:01 -0600 (MDT) From: Eric Kilfoil [EMAIL PROTECTED] X-X-Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: OpenLDAP 2 says unknown LDAP request Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Ok, here's my setup: Sparc / Solaris8 Perl 5.6.0 OpenLDAP 2.0.12 perl-ldap 0.23 For some reason... when I try to make Radiator query the LDAP directory for usernames, OpenLDAP responds with Unknown LDAP request. Has anyone had a similar problem? One thing that i have noticed is that some of the make test tests for perl-ldap-0.23 failed. Specifically, the filter test failed. Has anyone tried get perl-ldap-0.23 going on Solaris? I have successfully gotten this working in the past on Solaris7 and a much older version of perl-ldap. Anyway, here is my AuthBY clause for LDAP AuthBy LDAP2 Host auth1.viawest.net AuthDN cn=server,dc=ldapusers,dc=viawest,dc=net AuthPassword BaseDN ou=Customers,dc=viawest,dc=net Scope sub UsernameAttr uid PasswordAttr userPassword Debug 255 /AuthBy And here is the debug output i have. Here is a connection attempt from Radiator: --[ slapd debug output ]-- daemon: activity on 1 descriptors daemon: new connection on 15 daemon: conn=5 fd=15 connection from IP=216.87.64.20:35593 (IP=0.0.0.0:389) accepted. daemon: added 15r daemon: activity on: daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 15r daemon: read activity on 15 connection_get(15) connection_get(15): got connid=5 connection_read(15): checking for input on id=5 ber_get_next ldap_read: want=1, got=1 : 30 0 ldap_read: want=1, got=1 : 3d = ldap_read: want=61, got=61 : 02 01 01 40 38 02 01 02 04 28 63 6e 3d 73 65 72 [EMAIL PROTECTED](cn=ser 0010: 76 65 72 2c 64 63 3d 6c 64 61 70 75 73 65 72 73 ver,dc=ldapusers 0020: 2c 64 63 3d 76 69 61 77 65 73 74 2c 64 63 3d 6e ,dc=viawest,dc=n 0030: 65 74 80 09 XX XX XX XX XX XX XX XX XXet..X ber_get_next: tag 0x30 len 61 contents: ber_dump: buf=0x0022e000 ptr=0x0022e000 end=0x0022e03d len=61 : 02 01 01 40 38 02 01 02 04 28 63 6e 3d 73 65 72 [EMAIL PROTECTED](cn=ser 0010: 76 65 72 2c 64 63 3d 6c 64 61 70 75 73 65 72 73 ver,dc=ldapusers 0020: 2c 64 63 3d 76 69 61 77 65 73 74 2c 64 63 3d 6e ,dc=viawest,dc=n 0030: 65 74 80 09 72 6f 74 6f 21 63 6c 69 70et..X ber_get_next ldap_read: want=1 error=Resource temporarily unavailable ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable) unknown LDAP request 0x40 send_ldap_disconnect 2:unknown LDAP request send_ldap_response: msgid=0 tag=120 err=2 ber_flush: 58 bytes to sd 15 : 30 38 02 01 00 78 33 0a 01 02 04 00 04 14 75 6e 08...x3...un 0010: 6b 6e 6f 77 6e 20 4c 44 41 50 20 72 65 71 75 65 known LDAP reque 0020: 73 74 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e st..1.3.6.1.4.1. 0030: 31 34 36 36 2e 32 30 30 33 36 1466.20036 ldap_write: want=58, written=58 : 30 38 02 01 00 78 33 0a 01 02 04 00 04 14 75 6e 08...x3...un 0010: 6b 6e 6f 77 6e 20 4c 44 41 50 20 72 65 71 75 65 known LDAP reque 0020: 73 74 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e st..1.3.6.1.4.1. 0030: 31 34 36 36 2e 32 30 30 33 36 1466.20036 conn=5 op=0 DISCONNECT err=120 tag=2 text=unknown LDAP request daemon: select: listen=7 active_threads=1 tvp=NULL It doesn't really look like it's able to bind to the server properly. I turned on a level 4 trace on radiator, and put debug 255 in the AuthBy LDAP2 clause. It provided this information [ radiator debug output ]- Mon May 21 16:33:08 2001: INFO: Server started: Radiator
Re: (RADIATOR) OpenLDAP 2 says unknown LDAP request
Hello Eric - This is the error I see in the LDAP log: ldap_read: want=1 error=Resource temporarily unavailable ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable) unknown LDAP request 0x40 send_ldap_disconnect 2:unknown LDAP request I would suggest checking the perl-ldap docs and the OpenLDAP docs for any known issues, and perhaps trying an earlier version of perl-ldap. I don't think there is any use in trying to make Radiator work if perl-ldap itself is not working. Have you also made sure that you can issue the same query directly to the LDAP server? hth Hugh Ok, here's my setup: Sparc / Solaris8 Perl 5.6.0 OpenLDAP 2.0.12 perl-ldap 0.23 For some reason... when I try to make Radiator query the LDAP directory for usernames, OpenLDAP responds with Unknown LDAP request. Has anyone had a similar problem? One thing that i have noticed is that some of the make test tests for perl-ldap-0.23 failed. Specifically, the filter test failed. Has anyone tried get perl-ldap-0.23 going on Solaris? I have successfully gotten this working in the past on Solaris7 and a much older version of perl-ldap. Anyway, here is my AuthBY clause for LDAP AuthBy LDAP2 Host auth1.viawest.net AuthDN cn=server,dc=ldapusers,dc=viawest,dc=net AuthPassword BaseDN ou=Customers,dc=viawest,dc=net Scope sub UsernameAttr uid PasswordAttr userPassword Debug 255 /AuthBy And here is the debug output i have. Here is a connection attempt from Radiator: --[ slapd debug output ]-- daemon: activity on 1 descriptors daemon: new connection on 15 daemon: conn=5 fd=15 connection from IP=216.87.64.20:35593 (IP=0.0.0.0:389) accepted. daemon: added 15r daemon: activity on: daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 15r daemon: read activity on 15 connection_get(15) connection_get(15): got connid=5 connection_read(15): checking for input on id=5 ber_get_next ldap_read: want=1, got=1 : 30 0 ldap_read: want=1, got=1 : 3d = ldap_read: want=61, got=61 : 02 01 01 40 38 02 01 02 04 28 63 6e 3d 73 65 72 [EMAIL PROTECTED](cn=ser 0010: 76 65 72 2c 64 63 3d 6c 64 61 70 75 73 65 72 73 ver,dc=ldapusers 0020: 2c 64 63 3d 76 69 61 77 65 73 74 2c 64 63 3d 6e ,dc=viawest,dc=n 0030: 65 74 80 09 XX XX XX XX XX XX XX XX XX et..X ber_get_next: tag 0x30 len 61 contents: ber_dump: buf=0x0022e000 ptr=0x0022e000 end=0x0022e03d len=61 : 02 01 01 40 38 02 01 02 04 28 63 6e 3d 73 65 72 [EMAIL PROTECTED](cn=ser 0010: 76 65 72 2c 64 63 3d 6c 64 61 70 75 73 65 72 73 ver,dc=ldapusers 0020: 2c 64 63 3d 76 69 61 77 65 73 74 2c 64 63 3d 6e ,dc=viawest,dc=n 0030: 65 74 80 09 72 6f 74 6f 21 63 6c 69 70 et..X ber_get_next ldap_read: want=1 error=Resource temporarily unavailable ber_get_next on fd 15 failed errno=11 (Resource temporarily unavailable) unknown LDAP request 0x40 send_ldap_disconnect 2:unknown LDAP request send_ldap_response: msgid=0 tag=120 err=2 ber_flush: 58 bytes to sd 15 : 30 38 02 01 00 78 33 0a 01 02 04 00 04 14 75 6e 08...x3...un 0010: 6b 6e 6f 77 6e 20 4c 44 41 50 20 72 65 71 75 65 known LDAP reque 0020: 73 74 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e st..1.3.6.1.4.1. 0030: 31 34 36 36 2e 32 30 30 33 36 1466.20036 ldap_write: want=58, written=58 : 30 38 02 01 00 78 33 0a 01 02 04 00 04 14 75 6e 08...x3...un 0010: 6b 6e 6f 77 6e 20 4c 44 41 50 20 72 65 71 75 65 known LDAP reque 0020: 73 74 8a 16 31 2e 33 2e 36 2e 31 2e 34 2e 31 2e st..1.3.6.1.4.1. 0030: 31 34 36 36 2e 32 30 30 33 36 1466.20036 conn=5 op=0 DISCONNECT err=120 tag=2 text=unknown LDAP request daemon: select: listen=7 active_threads=1 tvp=NULL It doesn't really look like it's able to bind to the server properly. I turned on a level 4 trace on radiator, and put debug 255 in the AuthBy LDAP2 clause. It provided this information [ radiator debug output ]- Mon May 21 16:33:08 2001: INFO: Server started: Radiator 2.18 on book.viawest.net Mon May 21 16:33:13 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 41436 Code: Access-Request Identifier: 133 Authentic: 1234567890123456 Attributes: User-Name = edk Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async Password = 15!30250819528246O156203dI3g Mon May 21 16:33:13 2001: DEBUG: Handling request with Handler
Re: (RADIATOR) Radiator AuthBY NT
CHAP will only work if you PWs are stored in clear text in your database. You can get CHAP to work with Windows 2000 AD but you have to enable Reversible Encryption Format but only MS knows the key to unlock those reversible encrypted passwords. So count CHAP outta the picture. You should be doing PAP. If PAP doesn't work then you have something messed up -Michael Audet [EMAIL PROTECTED] - Original Message - From: Alex Green [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 21, 2001 2:44 AM Subject: (RADIATOR) Radiator AuthBY NT Hi all, Why would my cisco access server no work with chap or pap but will work with clear text on vty does anyone have a copy of their running config **no secrets** for me to look at... Thanks, Alex === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.