Re: (RADIATOR) Nortel CVX and VSAs
Hello John - I have copied this mail to Mike as he worked with another of our customers to implement the CVX attributes and hopefully he can tell you more about them. regards Hugh On Wednesday 13 June 2001 16:29, John Coy wrote: > I'm wondering if anybody on the list has a Nortel CVX > and is using Radiator for authentication? I cannot seem > to get the vendor specific attributes to work properly > (I'm using the CVX attributes from the dictionary that ships > with the 2.18.2 Radiator). I even found that the > CVX-Ascend-Maximum-Channels attribute will cause the CVX > to dump core (at least it will make CVX OS v3.6p5 dump dore). > Very ugly. > > I'm not exactly sure how to start troubleshooting -- I am > curious if I post some radius logs from the CVX (it has a > VERY handy radius debugging tool) as well as logs from > Radiator if someone can take a look. > > I guess my overall question is: anybody out there have > a CVX, using Radiator, and also using some VSAs? If > so, any possibility of talking off-list? > > Hugh -- was also curious if you guys had a chance to test > the CVX VSAs? It's my understanding that these are a relatively > new feature (found in the 2.18 code?) > > Thanks in advance, > > John > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: passing avpair
Hello AbdusSami - On Wednesday 13 June 2001 16:35, Mohammed AbdusSami wrote: > Dear Hugh, > > Here is my partial configuration where I want to pass IP address to cisco. > Please let me know is it correct or not.. > > AddToReply PoolHint = login, \ > Service-Type = Framed-User, \ > Framed-Protocol = PPP, \ > Session-Timeout = 180, \ > Idle-Timeout = 180, \ > Framed-Compression = Van-Jacobson-TCP-IP > cisco-avpair = "ip:addr-pool=login" > Note the correction to continue the AddToReply lines. AddToReply PoolHint = login, \ Service-Type = Framed-User, \ Framed-Protocol = PPP, \ Session-Timeout = 180, \ Idle-Timeout = 180, \ Framed-Compression = Van-Jacobson-TCP-IP, \ cisco-avpair = "ip:addr-pool=login" As I don't have a Cisco here to test with, I have no way of knowing if the above will work. You will have to do some testing and experimentation. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RE: passing avpair
Dear Hugh, Here is my partial configuration where I want to pass IP address to cisco. Please let me know is it correct or not.. AddToReply PoolHint = login, \ Service-Type = Framed-User, \ Framed-Protocol = PPP, \ Session-Timeout = 180, \ Idle-Timeout = 180, \ Framed-Compression = Van-Jacobson-TCP-IP cisco-avpair = "ip:addr-pool=login" Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 13, 2001 2:53 AM To: Mohammed AbdusSami; [EMAIL PROTECTED] Subject: Re: passing avpair Hello AbdusSami - Here is an example: fred Password = fred Service-Type = Framed-User, Framed-Protocol = PPP, ... cisco-avpair=route="203.79.243.0 255.255.255.192" hth Hugh On Tuesday 12 June 2001 20:20, Mohammed AbdusSami wrote: > Dear All, > > Can anybody tell me how to pass the attribute of cisco avpair in radiator. > > Regards, > > AbdusSami -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Nortel CVX and VSAs
I'm wondering if anybody on the list has a Nortel CVX and is using Radiator for authentication? I cannot seem to get the vendor specific attributes to work properly (I'm using the CVX attributes from the dictionary that ships with the 2.18.2 Radiator). I even found that the CVX-Ascend-Maximum-Channels attribute will cause the CVX to dump core (at least it will make CVX OS v3.6p5 dump dore). Very ugly. I'm not exactly sure how to start troubleshooting -- I am curious if I post some radius logs from the CVX (it has a VERY handy radius debugging tool) as well as logs from Radiator if someone can take a look. I guess my overall question is: anybody out there have a CVX, using Radiator, and also using some VSAs? If so, any possibility of talking off-list? Hugh -- was also curious if you guys had a chance to test the CVX VSAs? It's my understanding that these are a relatively new feature (found in the 2.18 code?) Thanks in advance, John === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) per NAS trace option?
yes yes, those lists only get longer. But you guys are so damned excellent at supporting your software. Keep up the good work! At 11:26 AM 6/13/01 +1000, you wrote: >Hello John - > >On Wednesday 13 June 2001 08:17, John Coy wrote: > > Is there an easy way to have Radiator log at trace > > level 4 for only one specific NAS? > > > > I know I can run Radiator on a different port with > > the different trace level for that NAS and then change > > the NAS' authentication parameters to use that port, but > > it's a pain =) Was hoping there was an easy way > > in Radiator to just change the log level for one specific > > NAS. > > > >This is not supported by Radiator at this time. Advanced logging facilities >is on the list of things to do one day (ever notice how such lists only ever >seem to get longer?). > >cheers > >Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Maximum Session
Hello Mohammed -
There appear to be at least two problems.
The first is that you haven't specified the correct dictionary file. You
should really start with the standard Radiator dictionary file
("dictionary"), and add or remove things you need or don't need. Note that
the standard Radiator dictionary includes all Cisco definitions.
The second problem is that the extract from the configuration file below does
not match the debug output.
> Tue Jun 12 13:11:35 2001: ERR: do failed for 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, #NASPORTTYPE, SERVICETYPE, CALLEDSID) values ('ray',
> '203.63.154.1', 1234, '1234', 992340694, #'', '', 'Framed',
> '123456789')': [Microsoft][ODBC Microsoft Access 97 Driver] Syntax error in
> INSERT INTO statement. (SQL-37000)(DBD: st_prepare/SQLPrepare err=-1)
There is an incorrect reference here to "#NASPORTTYPE" at the very least.
hth
Hugh
On Wednesday 13 June 2001 01:51, Mohammed Adam wrote:
> Hell All
> Maximum session doesnt work with me, i think the problem is in RADONLINE
> inserinto but i couldnt find out why.
>
> CFG File:
>
>
>
> #Identifier OnlineUsers
> DBSourcedbi:ODBC:MDBTest
> DBUsername
> DBAuth
> AddQueryinsert into RADONLINE \
>
>
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, SERVICETYPE, CALLEDSID) \ values \
> ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
> '%{Port-Type}', '%{Service-Type}', '%{Called-Station-Id}')
>
>
>
>
>
> -
> Log File
>
>
> Tue Jun 12 13:11:07 2001: ERR: Could not open dictionary file
> 'd:\radiator-demo-2.18\dictionary.cisco': No such file or directory Tue Jun
> 12 13:11:26 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 4815
> Code: Access-Request
> Identifier: 20
> Authentic: 1234567890123456
> Attributes:
> User-Name = "ray"
> Service-Type = Framed
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = "<205><184>m<156><175>\<4><246><188>8<9><160><216>}x<153>"
>
> Tue Jun 12 13:11:29 2001: DEBUG: Handling request with Handler 'Realm='
> Tue Jun 12 13:11:29 2001: DEBUG: Deleting session for ray, 203.63.154.1,
> 1234 Tue Jun 12 13:11:30 2001: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='203.63.154.1' and NASPORT=01234
>
> Tue Jun 12 13:11:31 2001: ERR: Could not open dictionary file
> 'd:\radiator-demo-2.18\dictionary.cisco': No such file or directory Tue Jun
> 12 13:11:33 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='ray'
>
> Tue Jun 12 13:11:34 2001: DEBUG: Handling with Radius::AuthSQL
> Tue Jun 12 13:11:34 2001: DEBUG: Handling with Radius::AuthSQL
> Tue Jun 12 13:11:34 2001: DEBUG: Query is: select Password,BalanceTime from
> Authentication where USERNAME='ray' And ((BalanceTime > 0 And Type='H') or
> Type='P')
>
> Tue Jun 12 13:11:34 2001: DEBUG: Radius::AuthSQL looks for match with ray
> Tue Jun 12 13:11:34 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Tue Jun 12 13:11:34 2001: DEBUG: Access accepted for ray
> Tue Jun 12 13:11:34 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 4815
> Code: Access-Accept
> Identifier: 20
> Authentic: 1234567890123456
> Attributes:
> Service-Type = Framed
> Framed-Protocol = PPP
>
> Tue Jun 12 13:11:34 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 4815
> Code: Accounting-Request
> Identifier: 21
> Authentic: <246><200>*<172><149><4>\V<241>B)~<228>}<13><198>
> Attributes:
> User-Name = "ray"
> Service-Type = Framed
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "1234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
>
> Tue Jun 12 13:11:34 2001: DEBUG: Handling request with Handler 'Realm='
> Tue Jun 12 13:11:34 2001: DEBUG: Adding session for ray, 203.63.154.1,
> 1234 Tue Jun 12 13:11:34 2001: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='203.63.154.1' and NASPORT=01234
>
> Tue Jun 12 13:11:34 2001: DEBUG: do query is: insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, #NASPORTTYPE, SERVICETYPE, CALLEDSID) values ('ray',
> '203.63.154.1', 1234, '1234', 992340694, #'', '', 'Framed',
> '123456789')
>
> Tue Jun 12 13:11:35 2001: ERR: do failed for 'insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, #NASPORTTYPE, SERVICETYPE, CALLEDSID) values ('ray',
> '203.63.154.1', 1234, '1234', 992340694, #'', '', 'Framed',
> '123456789')': [Microsoft][ODBC Microsoft Ac
(RADIATOR) Re: passing avpair
Hello AbdusSami - Here is an example: fred Password = fred Service-Type = Framed-User, Framed-Protocol = PPP, ... cisco-avpair=route="203.79.243.0 255.255.255.192" hth Hugh On Tuesday 12 June 2001 20:20, Mohammed AbdusSami wrote: > Dear All, > > Can anybody tell me how to pass the attribute of cisco avpair in radiator. > > Regards, > > AbdusSami -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Lost Stop Records
Hello Scott - On Wednesday 13 June 2001 02:13, Scott Robinson wrote: > Hi: > > We're currently experiencing a 30% to 50% loss of stop records. We have > 45 NAS's (Cisco 5300's and Cisco 5800's) with three different telco's. > We've determined that stop records are being lost on all 45 NAS's. We > end up with a lot of orphaned records in our RADONLINE table as a result > of the lost stop records. > > Our radius accounting server is on a separate machine with lots of > horsepower (running > 80% idle). I've checked our logs (Trace level 4) > and there are no errors in processing the stop records it does receive. > Anybody know of anything I can check before I try bugging the telcos > (Dealing with Canadian telco's makes the Middle East peace process look > like a walk in the park). I know I can place a snooper to see if the > packets are being received but we process +500,000 logins per day. If I > am forced to go to the telcos, is there something I can specifically ask > them to look for? > Well, there are at least three possibilities: First, the stop packets are getting to the Radiator machine, but are not being processed (unlikely, but this can sometimes happen with incorrect configuration files). Easiest to check with a sniffer and compare it with a trace from Radiator. Second, the stop packets are being lost somewhere in transit. Again unlikely, unless you are also losing similar numbers of logins and starts. The easiest way to check is by doing test logins to your own phone numbers and verifying that you get on first try and that the accounting is correct. Of course you need to do this during busy periods when you can expect to have problems. And note that saturated links are a very common cause of dropped packets, especially as Radius is a UDP protocol. Third, the stop packets are not being generated by the NAS equipement in the first place. Sadly, NAS bugs are not uncommon, but it would be surprising if all 3 of your providers had the same NAS bugs (but stranger things have happened). My suggestion would be to set up a test dialin programme to run every 15 minutes to a selected number of your telcos' POP's and produce sniffer output and Radiator trace data that you can then check to see where the problems are. Once you have some solid data, you can go to your providers with your grievances supported by good documentation. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy Radius error
Hello Alvin - The parameter for an "AuthBy ..." is case sensitive. Your configuration file should look like this: . hth Hugh On Tuesday 12 June 2001 22:09, Alvin Anita wrote: > Hi all, > > I am getting the following error message when using AuthBy Radius: > Can't locate object method "new" via package "Radius::AuthRadius" at > Radius/Hand > ler.pm line 71, line 37. > ...caught at radiusd line 2. > > Does someone know what the problem is? > > I am using the evalution version of Radiator, Perl version 5.6.0 on Windows > 2000. > The configuration file: > > LogDir c:\Radiator\RadiusSS\log > LogFile %L\%Y%m%d-rdlog.log > DbDir c:\Radiator\RadiusSS > > Foreground > LogStdout > Trace 3 > > # Listen for authentication requests on port 1812 as per RFC > # 2138 > AuthPort 1812 > > # Listen for accounting requests on port 1813 as > # per RFC 2139 > AcctPort 1813 > > # The name of the file where the radius PID will be written > # after startup, so we don't conflict with another radiusd > PidFile c:\Radiator\RadiusSS\tmp\radiusd.pid > > # CLIENTS > > DupInterval 0 > IgnoreAcctSignature > #NasType unknown > Secret Secret > > > > > > Host NTSTEST > Secret secret > AuthPort 1812 > IgnoreAccountingResponse > > > > > Greetings, > > Alvin Anita > > SURFdiensten, omdat samenwerking ook voordelig is > > Alvin Anita > Postbus 110 Onderdoor 74 > 3990 DC Houten 3995 DX Houten > > Telefoon (direct): + 31 (0)30 - 298 30 14 > Email: [EMAIL PROTECTED] > Internet: http://www.surfdiensten.nl > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Errors using AuthBy LDAP in Radiator
Hello Alvin - I think you have installed the wrong module. AuthBy LDAP2 requires the following: the newer Net::LDAP module version in perl-ldap-0.09 or better (AuthBy LDAPSDK requires perLDAP.) Have a look at section 6.33 in the Radiator 2.18.2 reference manual. regards Hugh On Tuesday 12 June 2001 18:47, Alvin Anita wrote: > Hi All, > > I recently download and installed the evaluation RADIUS on Winwods 2000. I > going to authenticate users with LDAP. As required I installed the perLDAP > using ppm. But when I start Radiator using my configuration file I get the > following errors: > > -Mon Jun 11 16:26:00 2001: DEBUG: Reading users file c:\radiator\users > -Mon Jun 11 16:26:00 2001: DEBUG: Reading users file c:\radiator\users > -Mon Jun 11 16:26:00 2001: ERR: Could not load authentication module > Radius::Auth > -LDAP2: Can't locate Net/LDAP/Util.pm in @INC (@INC contains: . C:/Perl/lib > C:/Pe > -rl/site/lib .) at Radius/AuthLDAP2.pm line 14, line 63. > -BEGIN failed--compilation aborted at Radius/AuthLDAP2.pm line 14, > line 63 > -. > -Compilation failed in require at (eval 27) line 3, line 63. > - > -Mon Jun 11 16:26:00 2001: ERR: Unknown keyword 'Host' in > goodies/surftest.cfg li > -ne 65 > -Mon Jun 11 16:26:00 2001: ERR: Unknown keyword 'BaseDN' in > goodies/surftest.cfg > -line 72 > -This Radiator license will expire on 2001-09-01 > -This Radiator license will stop operating after 1000 requests > -To purchase an unlimited full source version of Radiator, see > -http://www.open.com.au/radiator/ordering.html > -To extend your evaluation period, contact [EMAIL PROTECTED] > > > The configuration file I am using: > -Foreground > -LogStdout > -LogDir . > -DbDir. > > > - > -DupInterval 0 > -IgnoreAcctSignature > -#NasType unknown > - Secret secret > - > - > - > -RewriteUsername s/^([^@]+).*/$1/ > - > -#Host > -Host localhost > - > -#Port: defaultport > -Port 636 > - > - BaseDN o=SURFDIensten, c=AU > - > -#UseSSL > -#UseSSL filenaam.db > - > -# Log in to LDAP as admin > -#AuthDn admin > - > -# log in to LDAP with password adminpassword > -#AuthPassword adminpassword > - > -# Use the uid attribute to match usernames > -#UsernameAttr uid > - > -# Plaintext passwords. Gasp > -#PasswordAttr passwd > - > -# Make timeout really short, 2 seconds > - #Timeout 2 > - > - > > > My question is: are there any more modules required for using LDAP with > RADIATOR, and where can I get them? > > Thanks in advance. > > Alvin Anita > > > SURFdiensten, omdat samenwerking ook voordelig is > > Alvin Anita > Postbus 110 Onderdoor 74 > 3990 DC Houten 3995 DX Houten > > Telefoon (direct): + 31 (0)30 - 298 30 14 > Email: [EMAIL PROTECTED] > Internet: http://www.surfdiensten.nl > > > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) per NAS trace option?
Hello John - On Wednesday 13 June 2001 08:17, John Coy wrote: > Is there an easy way to have Radiator log at trace > level 4 for only one specific NAS? > > I know I can run Radiator on a different port with > the different trace level for that NAS and then change > the NAS' authentication parameters to use that port, but > it's a pain =) Was hoping there was an easy way > in Radiator to just change the log level for one specific > NAS. > This is not supported by Radiator at this time. Advanced logging facilities is on the list of things to do one day (ever notice how such lists only ever seem to get longer?). cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ClientListSQL problem: fetchrow failed
Hello Edoardo - Do you have other clauses (AuthBy SQL) that connect successfully to the database? Have you correctly configured the nettuno.DBT_RADIUSCLIENT table? And have you correctly entered the Client definitions into the table? Could you send me an example table dump of a Client definition? thanks Hugh On Tuesday 12 June 2001 22:48, Edoardo Martelli wrote: > Hi > > I've just upgraded to 2.18.2 and all works fine with my old 2.13 > configuration file. > Now I would like to test the ClientListSQL feature and when the server > start it says: > > DBD::Oracle::st fetchrow failed: ORA-65285: Message 65285 not found; > product=RDBMS; facility=ORA (DBD ERROR: OCIStmtFetch) at > /usr/local/lib/perl5/site_perl/5.6.1/Radius/ClientListSQL.pm line 101, > line 33. > > and in the log: > > Tue Jun 12 14:14:43 2001: DEBUG: Adding Clients from SQL database > Tue Jun 12 14:14:43 2001: DEBUG: Query is: select CLIENT, SECRET, > NULL, DUPINTERVAL, DEFAULTREALM from nettuno.DBT_RADIUSCLIENT > Tue Jun 12 14:14:43 2001: INFO: Server started: Radiator 2.18.2 on > presto.nextra.it > > But the server doesn't run correctly. > > I've looked for the error ORA-65285 but I haven't found anything. > > Does anyone have ever seen something like that? > > Here the configuration lines I'm testing: > > > DBSourcedbi:Oracle:nextra > DBUsername user > DBAuth passwd > GetClientQuery select CLIENT, SECRET, NULL, DUPINTERVAL, \ > DEFAULTREALM \ > from nettuno.DBT_RADIUSCLIENT > > > regards > Edoardo -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Safe to to AcctLogFileName?
Hello Dave - On Wednesday 13 June 2001 06:08, Kitabjian, Dave wrote: > We want to add some "Accounting" records of our own to log, for example, > when and why users are rejected access. Because we already have a > sophisticated system in place for collecting accounting data, parsing it, > and making it available to our TSR's via VB, we want to use the same > channel to collecting this new data. > > Using and a custom FailureFormat including %r, %0 and %1, > this works very nicely :) The question is... > > Is it safe to write to the same file as AcctLogFileName? I guess another > way of asking is, is the AuthLog FILE write operation atomic? > You are really asking two different questions. In answer to the first question above, yes a single Radiator process opens, writes, and closes every file it uses for every operation. Hence it is safe to rename, move, write to from different clauses, etc. > The reason I'm concerned is because now, for the first time, I'll have two > processes accessing that file at once; and since our Authentication and > Accounting are handled by separate Radiators, and the AuthLog is used by > Authentication and the AcctLogFileName is used by Accounting, corruption > could occur. > In answer to this second question, no Radiator does no file locking, so having two processes writing to the same file could certainly cause problems. In answer to your implied question, you should either use different files, or you should use instead. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthLDAP2 realm problem
Hello Brian - You will need to use a RewriteUsername if your users log in with usernames of the form "[EMAIL PROTECTED]" and the user database only contains the "user" portion. RewriteUsername s/^([^@]+).*/$1/ regards Hugh On Wednesday 13 June 2001 07:33, Brian Idzik (907) 465-8964 wrote: > > I'm pretty close to completing the demo setup of Radiator to use a > Netscape LDAP server for shiva authentication, but am running into a > "realm" issue. > > It appears that an at "@" symbol appears after the userid regardless of > whether a realm is defined or not. I tried stripping out the realm > info, but the "@" sign remains. Is there a way I can eliminate the > realm and "@" altogether? Thanks in advance for any help. > > (Sample log output) > > Tue Jun 12 09:27:05 2001: DEBUG: Connecting to localhost, port 389 > Tue Jun 12 09:27:06 2001: DEBUG: No entries for jenny@ found in LDAP > database > Tue Jun 12 09:27:06 2001: DEBUG: Radius::AuthLDAP2 looks for match with > jenny@ Content-Type: text/x-vcard; charset="us-ascii"; name="brian_idzik.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Brian Idzik (907) 465-8964 -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) per NAS trace option?
Is there an easy way to have Radiator log at trace level 4 for only one specific NAS? I know I can run Radiator on a different port with the different trace level for that NAS and then change the NAS' authentication parameters to use that port, but it's a pain =) Was hoping there was an easy way in Radiator to just change the log level for one specific NAS. John === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthLDAP2 realm problem
I'm pretty close to completing the demo setup of Radiator to use a Netscape LDAP server for shiva authentication, but am running into a "realm" issue. It appears that an at "@" symbol appears after the userid regardless of whether a realm is defined or not. I tried stripping out the realm info, but the "@" sign remains. Is there a way I can eliminate the realm and "@" altogether? Thanks in advance for any help. (Sample log output) Tue Jun 12 09:27:05 2001: DEBUG: Connecting to localhost, port 389 Tue Jun 12 09:27:06 2001: DEBUG: No entries for jenny@ found in LDAP database Tue Jun 12 09:27:06 2001: DEBUG: Radius::AuthLDAP2 looks for match with jenny@ begin:vcard n:Idzik;Brian tel;cell:(907) 321-1482 tel;fax:(907) 465-3124 tel;home:(907) 790-2919 tel;work:(907) 465-8964 x-mozilla-html:TRUE url:http://www.dot.state.ak.us org:State of Alaska;Department of Transportation & Public Facilities adr:;;3132 Channel Drive;Juneau;AK;99801;USA version:2.1 email;internet:[EMAIL PROTECTED] title:System Programmer III note;quoted-printable:https://jcal.state.ak.us/anoncal/Anoncals.pl";>=0D=0A =0D=0A =0D=0A =0D=0A =0D=0A x-mozilla-cpt:;-1280 fn:Brian J. Idzik end:vcard
(RADIATOR) Safe to to AcctLogFileName?
We want to add some "Accounting" records of our own to log, for example, when and why users are rejected access. Because we already have a sophisticated system in place for collecting accounting data, parsing it, and making it available to our TSR's via VB, we want to use the same channel to collecting this new data. Using and a custom FailureFormat including %r, %0 and %1, this works very nicely :) The question is... Is it safe to write to the same file as AcctLogFileName? I guess another way of asking is, is the AuthLog FILE write operation atomic? The reason I'm concerned is because now, for the first time, I'll have two processes accessing that file at once; and since our Authentication and Accounting are handled by separate Radiators, and the AuthLog is used by Authentication and the AcctLogFileName is used by Accounting, corruption could occur. Thanks in advance! Dave NetCarrier, Software Engineering === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Lost Stop Records
Hi: We're currently experiencing a 30% to 50% loss of stop records. We have 45 NAS's (Cisco 5300's and Cisco 5800's) with three different telco's. We've determined that stop records are being lost on all 45 NAS's. We end up with a lot of orphaned records in our RADONLINE table as a result of the lost stop records. Our radius accounting server is on a separate machine with lots of horsepower (running > 80% idle). I've checked our logs (Trace level 4) and there are no errors in processing the stop records it does receive. Anybody know of anything I can check before I try bugging the telcos (Dealing with Canadian telco's makes the Middle East peace process look like a walk in the park). I know I can place a snooper to see if the packets are being received but we process +500,000 logins per day. If I am forced to go to the telcos, is there something I can specifically ask them to look for? -- Scott Robinson System Administrator Cybersurf Corp. 300 West Tower 1144 - 29th Ave. N.E. Calgary, AB. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Maximum Session
Hell All
Maximum session doesnt work with me, i think the problem is in RADONLINE inserinto but
i couldnt find out why.
CFG File:
#Identifier OnlineUsers
DBSourcedbi:ODBC:MDBTest
DBUsername
DBAuth
AddQueryinsert into RADONLINE \
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
SERVICETYPE, CALLEDSID) \
values \
('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Port-Type}',
'%{Service-Type}', '%{Called-Station-Id}')
-
Log File
Tue Jun 12 13:11:07 2001: ERR: Could not open dictionary file
'd:\radiator-demo-2.18\dictionary.cisco': No such file or directory
Tue Jun 12 13:11:26 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 4815
Code: Access-Request
Identifier: 20
Authentic: 1234567890123456
Attributes:
User-Name = "ray"
Service-Type = Framed
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<205><184>m<156><175>\<4><246><188>8<9><160><216>}x<153>"
Tue Jun 12 13:11:29 2001: DEBUG: Handling request with Handler 'Realm='
Tue Jun 12 13:11:29 2001: DEBUG: Deleting session for ray, 203.63.154.1, 1234
Tue Jun 12 13:11:30 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Jun 12 13:11:31 2001: ERR: Could not open dictionary file
'd:\radiator-demo-2.18\dictionary.cisco': No such file or directory
Tue Jun 12 13:11:33 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='ray'
Tue Jun 12 13:11:34 2001: DEBUG: Handling with Radius::AuthSQL
Tue Jun 12 13:11:34 2001: DEBUG: Handling with Radius::AuthSQL
Tue Jun 12 13:11:34 2001: DEBUG: Query is: select Password,BalanceTime from
Authentication where USERNAME='ray' And ((BalanceTime > 0 And Type='H') or Type='P')
Tue Jun 12 13:11:34 2001: DEBUG: Radius::AuthSQL looks for match with ray
Tue Jun 12 13:11:34 2001: DEBUG: Radius::AuthSQL ACCEPT:
Tue Jun 12 13:11:34 2001: DEBUG: Access accepted for ray
Tue Jun 12 13:11:34 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 4815
Code: Access-Accept
Identifier: 20
Authentic: 1234567890123456
Attributes:
Service-Type = Framed
Framed-Protocol = PPP
Tue Jun 12 13:11:34 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 4815
Code: Accounting-Request
Identifier: 21
Authentic: <246><200>*<172><149><4>\V<241>B)~<228>}<13><198>
Attributes:
User-Name = "ray"
Service-Type = Framed
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "1234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Tue Jun 12 13:11:34 2001: DEBUG: Handling request with Handler 'Realm='
Tue Jun 12 13:11:34 2001: DEBUG: Adding session for ray, 203.63.154.1, 1234
Tue Jun 12 13:11:34 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.154.1' and NASPORT=01234
Tue Jun 12 13:11:34 2001: DEBUG: do query is: insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, #NASPORTTYPE,
SERVICETYPE, CALLEDSID) values ('ray', '203.63.154.1', 1234, '1234', 992340694,
#'', '', 'Framed', '123456789')
Tue Jun 12 13:11:35 2001: ERR: do failed for 'insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, #NASPORTTYPE,
SERVICETYPE, CALLEDSID) values ('ray', '203.63.154.1', 1234, '1234', 992340694,
#'', '', 'Framed', '123456789')': [Microsoft][ODBC Microsoft Access 97 Driver] Syntax
error in INSERT INTO statement. (SQL-37000)(DBD: st_prepare/SQLPrepare err=-1)
Tue Jun 12 13:11:38 2001: ERR: do failed for 'insert into RADONLINE (USERNAME,
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, #NASPORTTYPE,
SERVICETYPE, CALLEDSID) values ('ray', '203.63.154.1', 1234, '1234', 992340694,
#'', '', 'Framed', '123456789')': [Microsoft][ODBC Microsoft Access 97 Driver] Syntax
error in INSERT INTO statement. (SQL-37000)(DBD: st_prepare/SQLPrepare err=-1)
Tue Jun 12 13:11:38 2001: DEBUG: Handling with Radius::AuthSQL
Tue Jun 12 13:11:38 2001: DEBUG: Handling accounting with Radius::AuthSQL
Tue Jun 12 13:11:38 2001: DEBUG: Accounting accepted
Tue Jun 12 13:11:38 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 4815
Code: Accounting-Response
Identifier: 21
Authentic: <246><200>*<172><149><4>\V<241>B)~<228>}<13><198>
Attributes:
Tue Jun 12 13:11:38 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 4815
Code: Accounting-Request
Identifier: 22
Authentic: 8P<245>;<4>:i(<224><185><128><186>eP<187><250>
Attributes:
(RADIATOR) ClientListSQL problem: fetchrow failed
Hi I've just upgraded to 2.18.2 and all works fine with my old 2.13 configuration file. Now I would like to test the ClientListSQL feature and when the server start it says: DBD::Oracle::st fetchrow failed: ORA-65285: Message 65285 not found; product=RDBMS; facility=ORA (DBD ERROR: OCIStmtFetch) at /usr/local/lib/perl5/site_perl/5.6.1/Radius/ClientListSQL.pm line 101, line 33. and in the log: Tue Jun 12 14:14:43 2001: DEBUG: Adding Clients from SQL database Tue Jun 12 14:14:43 2001: DEBUG: Query is: select CLIENT, SECRET, NULL, DUPINTERVAL, DEFAULTREALM from nettuno.DBT_RADIUSCLIENT Tue Jun 12 14:14:43 2001: INFO: Server started: Radiator 2.18.2 on presto.nextra.it But the server doesn't run correctly. I've looked for the error ORA-65285 but I haven't found anything. Does anyone have ever seen something like that? Here the configuration lines I'm testing: DBSourcedbi:Oracle:nextra DBUsername user DBAuth passwd GetClientQuery select CLIENT, SECRET, NULL, DUPINTERVAL, \ DEFAULTREALM \ from nettuno.DBT_RADIUSCLIENT regards Edoardo -- [EMAIL PROTECTED] phone: +39 051 6139242 fax: +39 051 6114455 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy Radius error
Hi all, I am getting the following error message when using AuthBy Radius: Can't locate object method "new" via package "Radius::AuthRadius" at Radius/Hand ler.pm line 71, line 37. ...caught at radiusd line 2. Does someone know what the problem is? I am using the evalution version of Radiator, Perl version 5.6.0 on Windows 2000. The configuration file: LogDir c:\Radiator\RadiusSS\log LogFile %L\%Y%m%d-rdlog.log DbDir c:\Radiator\RadiusSS Foreground LogStdout Trace 3 # Listen for authentication requests on port 1812 as per RFC # 2138 AuthPort 1812 # Listen for accounting requests on port 1813 as # per RFC 2139 AcctPort 1813 # The name of the file where the radius PID will be written # after startup, so we don't conflict with another radiusd PidFile c:\Radiator\RadiusSS\tmp\radiusd.pid # CLIENTS DupInterval 0 IgnoreAcctSignature #NasType unknown Secret Secret Host NTSTEST Secret secret AuthPort 1812 IgnoreAccountingResponse Greetings, Alvin Anita SURFdiensten, omdat samenwerking ook voordelig is Alvin Anita Postbus 110 Onderdoor 74 3990 DC Houten 3995 DX Houten Telefoon (direct): + 31 (0)30 - 298 30 14 Email: [EMAIL PROTECTED] Internet: http://www.surfdiensten.nl === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) passing avpair
Dear All, Can anybody tell me how to pass the attribute of cisco avpair in radiator. Regards, AbdusSami === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Errors using AuthBy LDAP in Radiator
Hi All, I recently download and installed the evaluation RADIUS on Winwods 2000. I going to authenticate users with LDAP. As required I installed the perLDAP using ppm. But when I start Radiator using my configuration file I get the following errors: -Mon Jun 11 16:26:00 2001: DEBUG: Reading users file c:\radiator\users -Mon Jun 11 16:26:00 2001: DEBUG: Reading users file c:\radiator\users -Mon Jun 11 16:26:00 2001: ERR: Could not load authentication module Radius::Auth -LDAP2: Can't locate Net/LDAP/Util.pm in @INC (@INC contains: . C:/Perl/lib C:/Pe -rl/site/lib .) at Radius/AuthLDAP2.pm line 14, line 63. -BEGIN failed--compilation aborted at Radius/AuthLDAP2.pm line 14, line 63 -. -Compilation failed in require at (eval 27) line 3, line 63. - -Mon Jun 11 16:26:00 2001: ERR: Unknown keyword 'Host' in goodies/surftest.cfg li -ne 65 -Mon Jun 11 16:26:00 2001: ERR: Unknown keyword 'BaseDN' in goodies/surftest.cfg -line 72 -This Radiator license will expire on 2001-09-01 -This Radiator license will stop operating after 1000 requests -To purchase an unlimited full source version of Radiator, see -http://www.open.com.au/radiator/ordering.html -To extend your evaluation period, contact [EMAIL PROTECTED] The configuration file I am using: -Foreground -LogStdout -LogDir . -DbDir . - -DupInterval 0 -IgnoreAcctSignature -#NasType unknown - Secret secret - - - -RewriteUsername s/^([^@]+).*/$1/ - -#Host -Host localhost - -#Port: defaultport -Port 636 - - BaseDN o=SURFDIensten, c=AU - -#UseSSL -#UseSSL filenaam.db - -# Log in to LDAP as admin -#AuthDn admin - -# log in to LDAP with password adminpassword -#AuthPassword adminpassword - -# Use the uid attribute to match usernames -#UsernameAttr uid - -# Plaintext passwords. Gasp -#PasswordAttr passwd - -# Make timeout really short, 2 seconds - #Timeout 2 - - My question is: are there any more modules required for using LDAP with RADIATOR, and where can I get them? Thanks in advance. Alvin Anita SURFdiensten, omdat samenwerking ook voordelig is Alvin Anita Postbus 110 Onderdoor 74 3990 DC Houten 3995 DX Houten Telefoon (direct): + 31 (0)30 - 298 30 14 Email: [EMAIL PROTECTED] Internet: http://www.surfdiensten.nl === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
