(RADIATOR) Time of Day Access
Hi all, By now we implement Radiator and Radmin on Windows NT . So is it possible to set time of day access for some users (e.g. user A can login only on Saterday and Sunday , user B can login only on Monday - Friday from 7:00 AM to 6:00 PM) Furthermore , can you please make a suggestion how can I implement Radmin and Radiator with Mail server in order to send email to our customer automaticallly when their own timeleft are less than 5 hrs. Thanks Chairath
RE: (RADIATOR) Framed-Protocol on Ascend/3COM
Hello William - Have a look at the contents of the file goodies/hooks.txt. You will find therein a pair of hooks I wrote to do this sort of thing. You should be able to adapt them to do what you need to do. The hooks in question are a StartupHook and a PostAuthHook to deal with profiles. hth Hugh At 12:24 PM -0400 6/18/01, William Hernandez wrote: Hugh, I think dictionary.ascend2 has both MP and MPP. I don't recall why we used MP instead of MPP, but our problem is that either way the TotalControl returns an error. TotalControl apparently only accepts Framed-Protocol=PPP. Right now Framed-Protocol=XXX is setup in the users file. Is there a way to conditionally generate a Framed-Protocol=XXX based on a particular Client and particular User? Thanks in advance. William -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Monday, June 18, 2001 12:01 PM To: William Hernandez; Radiator Subject: Re: (RADIATOR) Framed-Protocol on Ascend/3COM Hello William - You will need to have a look at a trace 4 debug from Radiator to see what attributes are actually in the requests from the TotalControl. My reading of the standard Radiator dictionary shows the value as MPP. You will need to find out from your vendor what the correct reply attributes should be. hth Hugh At 11:26 AM -0400 6/18/01, William Hernandez wrote: Hello everyone, We are having problems with the Radius setup of multilink PPP connections. Generally we set them up with Framed-Protocol = MP which is an Ascend specific attribute. Those connections fail on the TotalControl. Monitoring Radius we get the following on those accounts: Framed-Protocol = UNKNOWN Would there be a way to define MPP connections on Radius that is compatible between Ascend and 3Com ? Thanks in advance, William === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session-timeout
Hello Alexey - Have you checked this? http://www.open.com.au/radiator/faq.html#59 regards Hugh At 12:13 PM +0600 6/19/01, rc5 wrote: Hello, I never think that it's will be problem. I don't guru in Cisco-systems, but all changes in config I make how it's was descript into PPP Per-User Timeouts (link from Radiator FAQ). When I make all changes (see cisco.config.txt) I don't get wanted result. I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I see that Cisco get it and then lost or hide it. All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. May be somebody have this problem? -- Best regards, Alexey Korchagin mailto:[EMAIL PROTECTED] Attachment converted: Macintosh HD:cisco.trace.txt (TEXT/ttxt) (0001B67E) Attachment converted: Macintosh HD:csico.config.txt (TEXT/ttxt) (0001B67F) Attachment converted: Macintosh HD:trace4.txt 1 (TEXT/ttxt) (0001B680) Attachment converted: Macintosh HD:rad.log.txt (TEXT/ttxt) (0001B681) -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) 128k isdn dialup
Hi, The original company name is Argonet/Argo interactive/VTI limites/Vertical Twist Interactive. It should be one of those but unfortunatley I cant lay my hands on the radiator licence atm so I cant be more definate about which one it is. Cheers, Chris Rockett, Systems Engineer. Freedom 2 Limited, http://www.freedom2.com On Tue, 19 Jun 2001, Hugh Irvine wrote: Hello Chris - As I can't find you in our customer database, could you please send me the name of the registered company that purchased this copy of Radiator? Please reply to me directly. regards Hugh At 11:38 AM + 6/19/01, Chris Rockett wrote: Hi, Im a bit of a newbie at radiator configuration. I have radiator running and authenticating correctly for 64k isdn but cant seem to get a bonded channel for 128k isdn. Using win2k the dialup works and auths but only works at 64k still, any ideas of where to look for information or what the possible cause could be? Many Thanks. Chris Rockett. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re[2]: (RADIATOR) Session-timeout
Hello Hugh, HI Hello Alexey - HI Have you checked this? HI http://www.open.com.au/radiator/faq.html#59 Of couse. I make my config like config from example. I _understand_ how it's work. But I really can't understand - why attributes lost... It would be clear, if attributes not sending, or not reciving in general. But it's look like bad joke or fantastic action :((( Or I so stupid that don't see something apparent. HI At 12:13 PM +0600 6/19/01, rc5 wrote: Hello, I never think that it's will be problem. I don't guru in Cisco-systems, but all changes in config I make how it's was descript into PPP Per-User Timeouts (link from Radiator FAQ). When I make all changes (see cisco.config.txt) I don't get wanted result. I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I see that Cisco get it and then lost or hide it. All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. May be somebody have this problem? -- Best regards, Alexey Korchagin mailto:[EMAIL PROTECTED] Attachment converted: Macintosh HD:cisco.trace.txt (TEXT/ttxt) (0001B67E) Attachment converted: Macintosh HD:csico.config.txt (TEXT/ttxt) (0001B67F) Attachment converted: Macintosh HD:trace4.txt 1 (TEXT/ttxt) (0001B680) Attachment converted: Macintosh HD:rad.log.txt (TEXT/ttxt) (0001B681) -- Best regards, Alexeymailto:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) 128k isdn dialup
Hi, Here are the things that u asked for, many thanks for the quick response and sorry about the state of the config file :) * radius.cfg *** # radius.cfg # # Configuration file for radius server # LogStdout makes all log file output appear on stdout as well # You must be running in Foreground mode for this to work LogStdout #normally use trace 3 Trace 4 PidFile /var/run/radiusd.pid AuthPort1645 AcctPort1646 BindAddress tweedledum #DictionaryFile %D/dictionary DictionaryFile %D/dictionary.acc # There are a number of other optional configuration items # for optional NAS communications. See the reference manual. # you only need these if you specify Simultaneous-Use and # a specific NasType in a Client statement # FingerProg defaults to an internal client. If you specify # a program name for FingerProg, it wil luse that program instead # of the internal client. #FingerProg /bin/finger #SnmpgetProg/usr/bin/snmpget #PmwhoProg /usr/local/sbin/pmwho #LivingstonMIB .iso.org.dod.internet.private.enterprises.307 #LivingstonOffs 29 #LivingstonHole 2 SnmpgetProg /usr/local/bin/snmpget Client **nas-ip-removed** Secret **removed** NasType Tigris /Client Client **hostmachine-ip-removed** Secret **removed** /Client #UUNet radius proxies #danproxy200.dan.uu.net Client 195.129.12.2 #danproxy201.dan.uu.net toll210.dan.uu.net danproxy201.dan.uu.net IdenticalClients 195.129.12.34 195.129.12.42 195.129.12.50 Secret **removed** DupInterval 60 DefaultRealm argonet /Client # 0820 number Handler Realm=education.navaho.net,Time=Wk0800-1800,Called-Station-Id=0820842 RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/passwordlog AcctLogFileName %L/accounting AuthBy LDAP HoldServerConnection # auth should have another user AuthDN cn=admin,dc=navaho,dc=net AuthPasswordlnflashd BaseDN dc=education,dc=navaho,dc=net UsernameAttruid PasswordAttruserpassword AuthAttrDef iphostnumber,Framed-IP-Address,reply AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Session-Timeout=until 1800 /AuthBy /Handler # not 0820 number Handler Realm=education.navaho.net,Called-Station-Id=179700 RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/passwordlog AcctLogFileName %L/accounting AuthBy LDAP HoldServerConnection # auth should have another user AuthDN cn=admin,dc=navaho,dc=net AuthPasswordlnflashd BaseDN dc=education,dc=navaho,dc=net UsernameAttruid PasswordAttruserpassword AuthAttrDef iphostnumber,Framed-IP-Address,reply AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500,\ # Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 300,\ # Port-Limit = 1 Simultaneous-Use = 2 # Session-Timeout=until 0800 /AuthBy /Handler # UUNet ISP backup Handler Realm=argonet RewriteUsername tr/A-Z/a-z/ RewriteUsername s/^ukarg\/(.*)@.*$/$1/ PasswordLogFileName %L/argonet-passwordlog AuthBy FILE Filename %D/argonet-users Dynamic USR-IP-Input-Filter UseAddressHint AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = None,\ Reply-Message=Protocol: /AuthBy /handler Handler PasswordLogFileName %L/dev-passwordlog AuthBy FILE Filename %D/users AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500 /AuthBy /handler Log Excert showing the two dialed up channels Tue Jun 19 10:47:45 2001 User-Name = testuser NAS-Port = 5 NAS-Port-Type = ISDN-Synchronous Acc-Request-Type = User-Accounting Service-Type = Framed Framed-Protocol = PPP Called-Station-Id = 179700 Calling-Station-Id = 1243776030 NAS-Identifier = 08:00:03:04:06:BC Acct-Status-Type = Stop Acct-Delay-Time =
RE: (RADIATOR) Multiple ldap servers in config: failover
On Mon, 18 Jun 2001, Ingvar Berg (EIP) wrote: Hi Claude, The Timeout and FailureBackoffTime attributes, and the use of ContinueWhileIgnore, control the failover behaviour. Here a snipset of my config: # # HANDLERS # # ADSL handler Handler Client-Identifier=ldap-dsl AcctLogFileName %L/adsl/%c/%f-%g-%i AuthBy GROUP AuthByPolicyContinueWhileIgnore AuthBy LDAP2 Timeout 5 FailureBackoffTime 600 Hostnnn.nnn.nnn.100 Port389 [...] /AuthBy AuthBy LDAP2 Timeout 5 FailureBackoffTime 600 Hostnnn.nnn.nnn.101 Port389 [...] /AuthBy AuthBy LDAP2 Timeout 5 FailureBackoffTime 600 Hostnnn.nnn.nnn.102 Port389 [...] /AuthBy /AuthBy /Handler Handler Client-Identifier=ldap-dialup [... similar stuff ...] /Handler I've (re-)started radiusd, it loads the config correctly. It binds to the first ldap server (nnn.nnn.nnn.100) and correctly authenticates users. If I then firewall the ldap server from the radius server, radiusd waits forever the ldap server to come back. I would like radiusd to use the next ldap server. Any suggestion? -- Claude /Ingvar === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Multiple ldap servers in config: failover
Claude Iyi Dogan writes: If I then firewall the ldap server from the radius server, radiusd waits forever the ldap server to come back. There'a feature in some older Linux libcs with the effect that the timeout does not work. I don't recall the exactl details, t's something to do with signals being ignored. One solution is to install a current IO::Socket. Robert === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Multiple ldap servers in config: failover
On Tue, 19 Jun 2001, Robert Kiessling wrote: Claude Iyi Dogan writes: If I then firewall the ldap server from the radius server, radiusd waits forever the ldap server to come back. Hi Robert There'a feature in some older Linux libcs with the effect that the timeout does not work. I don't recall the exactl details, t's something to do with signals being ignored. One solution is to install a current IO::Socket. hem it's a FreeBSD box. Anyway I've installed the last IO package and have now IO::Socket v 1.25 I does not solve anything. Does anybody have a working failover? Robert === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CVX VSAs (again, sorry)
Hugh, I'm running the latest version 2.18.2 -- is there a newer version available? John At 06:23 PM 6/19/01 +1000, Hugh Irvine wrote: Hello John - The story is that the latest version of Radiator supports both types of CVX attributes (1 octet and 4 octet) and tries to do the right thing (although its a bit tough with no official attribute definitions). What version of Radaitor are you running? regards Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re[2]: (RADIATOR) Session-timeout
Title: Re[2]: (RADIATOR) Session-timeout Hello Alexey - Well the only other thing I can think of is the IOS version. The attributes are getting to the Cisco: Jun 13 11:21:10.582: RADIUS: Received from id 157 213.242.54.xxx:1645, Access-Accept, len 50 Jun 13 11:21:10.582: Attribute 6 6 0002 Jun 13 11:21:10.582: Attribute 7 6 0001 Jun 13 11:21:10.582: Attribute 9 6 FFFE Jun 13 11:21:10.582: Attribute 27 6 7FD1AF4F Jun 13 11:21:10.582: Attribute 28 6 04B0 Attribute 27 is session timeout and 28 is idle timeout, but why the Cisco is ignoring them I don't know. regards Hugh At 5:44 PM +0600 6/19/01, Alexey Korchagin wrote: Hello Hugh, HI Hello Alexey - HI Have you checked this? HI http://www.open.com.au/radiator/faq.html#59 Of couse. I make my config like config from example. I _understand_ how it's work. But I really can't understand - why attributes lost... It would be clear, if attributes not sending, or not reciving in general. But it's look like bad joke or fantastic action :((( Or I so stupid that don't see something apparent. HI At 12:13 PM +0600 6/19/01, rc5 wrote: Hello, I never think that it's will be problem. I don't guru in Cisco-systems, but all changes in config I make how it's was descript into PPP Per-User Timeouts (link from Radiator FAQ). When I make all changes (see cisco.config.txt) I don't get wanted result. I see that Radiator send Session-Timeout and Idle-Timeout to Cisco. I see that Cisco get it and then lost or hide it. All traces and debugs - Cisco (cisco.trace.txt), Radiator(trace4.txt), Radstock(rad.log.txt) show that attributes exist, but NAS never apply it. May be somebody have this problem? -- Best regards, Alexey Korchagin mailto:[EMAIL PROTECTED] Attachment converted: Macintosh HD:cisco.trace.txt (TEXT/ttxt) (0001B67E) Attachment converted: Macintosh HD:csico.config.txt (TEXT/ttxt) (0001B67F) Attachment converted: Macintosh HD:trace4.txt 1 (TEXT/ttxt) (0001B680) Attachment converted: Macintosh HD:rad.log.txt (TEXT/ttxt) (0001B681) -- Best regards, Alexey mailto:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
Re: (RADIATOR) 128k isdn dialup
Hello Chris - Thanks for the files, unfortunately you have sent me an extract from the accounting detail file, not the debug trace from the logfile. As mentioned previously, I will need to see a trace 4 debug showing the access requests for both channels. thanks Hugh At 1:24 PM + 6/19/01, Chris Rockett wrote: Hi, Here are the things that u asked for, many thanks for the quick response and sorry about the state of the config file :) * radius.cfg *** # radius.cfg # # Configuration file for radius server # LogStdout makes all log file output appear on stdout as well # You must be running in Foreground mode for this to work LogStdout #normally use trace 3 Trace 4 PidFile /var/run/radiusd.pid AuthPort1645 AcctPort1646 BindAddress tweedledum #DictionaryFile %D/dictionary DictionaryFile %D/dictionary.acc # There are a number of other optional configuration items # for optional NAS communications. See the reference manual. # you only need these if you specify Simultaneous-Use and # a specific NasType in a Client statement # FingerProg defaults to an internal client. If you specify # a program name for FingerProg, it wil luse that program instead # of the internal client. #FingerProg /bin/finger #SnmpgetProg/usr/bin/snmpget #PmwhoProg /usr/local/sbin/pmwho #LivingstonMIB .iso.org.dod.internet.private.enterprises.307 #LivingstonOffs 29 #LivingstonHole 2 SnmpgetProg /usr/local/bin/snmpget Client **nas-ip-removed** Secret **removed** NasType Tigris /Client Client **hostmachine-ip-removed** Secret **removed** /Client #UUNet radius proxies #danproxy200.dan.uu.net Client 195.129.12.2 #danproxy201.dan.uu.net toll210.dan.uu.net danproxy201.dan.uu.net IdenticalClients 195.129.12.34 195.129.12.42 195.129.12.50 Secret **removed** DupInterval 60 DefaultRealm argonet /Client # 0820 number Handler Realm=education.navaho.net,Time=Wk0800-1800,Called-Station-Id=0820842 RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/passwordlog AcctLogFileName %L/accounting AuthBy LDAP HoldServerConnection # auth should have another user AuthDN cn=admin,dc=navaho,dc=net AuthPasswordlnflashd BaseDN dc=education,dc=navaho,dc=net UsernameAttruid PasswordAttruserpassword AuthAttrDef iphostnumber,Framed-IP-Address,reply AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Session-Timeout=until 1800 /AuthBy /Handler # not 0820 number Handler Realm=education.navaho.net,Called-Station-Id=179700 RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/passwordlog AcctLogFileName %L/accounting AuthBy LDAP HoldServerConnection # auth should have another user AuthDN cn=admin,dc=navaho,dc=net AuthPasswordlnflashd BaseDN dc=education,dc=navaho,dc=net UsernameAttruid PasswordAttruserpassword AuthAttrDef iphostnumber,Framed-IP-Address,reply AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500,\ # Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 300,\ # Port-Limit = 1 Simultaneous-Use = 2 # Session-Timeout=until 0800 /AuthBy /Handler # UUNet ISP backup Handler Realm=argonet RewriteUsername tr/A-Z/a-z/ RewriteUsername s/^ukarg\/(.*)@.*$/$1/ PasswordLogFileName %L/argonet-passwordlog AuthBy FILE Filename %D/argonet-users Dynamic USR-IP-Input-Filter UseAddressHint AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = None,\ Reply-Message=Protocol: /AuthBy /handler Handler PasswordLogFileName %L/dev-passwordlog AuthBy FILE Filename %D/users AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500 /AuthBy /handler Log Excert showing the two dialed up channels Tue Jun
Re: (RADIATOR) 128k isdn dialup
Hello Chris - BTW - I notice in your configuration file that you have specified dictionary.acc. You should start with the standard file called dictionary (which is a compendium of the others), and add or remove entries from it as required. hth Hugh At 1:24 PM + 6/19/01, Chris Rockett wrote: Hi, Here are the things that u asked for, many thanks for the quick response and sorry about the state of the config file :) * radius.cfg *** # radius.cfg # # Configuration file for radius server # LogStdout makes all log file output appear on stdout as well # You must be running in Foreground mode for this to work LogStdout #normally use trace 3 Trace 4 PidFile /var/run/radiusd.pid AuthPort1645 AcctPort1646 BindAddress tweedledum #DictionaryFile %D/dictionary DictionaryFile %D/dictionary.acc # There are a number of other optional configuration items # for optional NAS communications. See the reference manual. # you only need these if you specify Simultaneous-Use and # a specific NasType in a Client statement # FingerProg defaults to an internal client. If you specify # a program name for FingerProg, it wil luse that program instead # of the internal client. #FingerProg /bin/finger #SnmpgetProg/usr/bin/snmpget #PmwhoProg /usr/local/sbin/pmwho #LivingstonMIB .iso.org.dod.internet.private.enterprises.307 #LivingstonOffs 29 #LivingstonHole 2 SnmpgetProg /usr/local/bin/snmpget Client **nas-ip-removed** Secret **removed** NasType Tigris /Client Client **hostmachine-ip-removed** Secret **removed** /Client #UUNet radius proxies #danproxy200.dan.uu.net Client 195.129.12.2 #danproxy201.dan.uu.net toll210.dan.uu.net danproxy201.dan.uu.net IdenticalClients 195.129.12.34 195.129.12.42 195.129.12.50 Secret **removed** DupInterval 60 DefaultRealm argonet /Client # 0820 number Handler Realm=education.navaho.net,Time=Wk0800-1800,Called-Station-Id=0820842 RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/passwordlog AcctLogFileName %L/accounting AuthBy LDAP HoldServerConnection # auth should have another user AuthDN cn=admin,dc=navaho,dc=net AuthPasswordlnflashd BaseDN dc=education,dc=navaho,dc=net UsernameAttruid PasswordAttruserpassword AuthAttrDef iphostnumber,Framed-IP-Address,reply AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Session-Timeout=until 1800 /AuthBy /Handler # not 0820 number Handler Realm=education.navaho.net,Called-Station-Id=179700 RewriteUsername s/^([^@]+).*/$1/ PasswordLogFileName %L/passwordlog AcctLogFileName %L/accounting AuthBy LDAP HoldServerConnection # auth should have another user AuthDN cn=admin,dc=navaho,dc=net AuthPasswordlnflashd BaseDN dc=education,dc=navaho,dc=net UsernameAttruid PasswordAttruserpassword AuthAttrDef iphostnumber,Framed-IP-Address,reply AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500,\ # Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 300,\ # Port-Limit = 1 Simultaneous-Use = 2 # Session-Timeout=until 0800 /AuthBy /Handler # UUNet ISP backup Handler Realm=argonet RewriteUsername tr/A-Z/a-z/ RewriteUsername s/^ukarg\/(.*)@.*$/$1/ PasswordLogFileName %L/argonet-passwordlog AuthBy FILE Filename %D/argonet-users Dynamic USR-IP-Input-Filter UseAddressHint AddToReply Service-Type = Framed-User,\ Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = None,\ Reply-Message=Protocol: /AuthBy /handler Handler PasswordLogFileName %L/dev-passwordlog AuthBy FILE Filename %D/users AddToReply Service-Type = Framed,\ Framed-Protocol = PPP,\ Framed-MTU = 1500 /AuthBy /handler Log Excert showing the two dialed up channels Tue Jun 19 10:47:45 2001
RE: (RADIATOR) Multiple ldap servers in config: failover
Hello Claude - What version of Radiator are you using? What version of Perl? What version of perl-ldap? Can you also send me a trace 4 debug from startup, including the startup messages and some example queries and showing what happens when connectivity goes away? I have also copied Mike on this mail for his thoughts. thanks Hugh At 3:16 PM +0200 6/19/01, Claude Iyi Dogan wrote: On Mon, 18 Jun 2001, Ingvar Berg (EIP) wrote: Hi Claude, The Timeout and FailureBackoffTime attributes, and the use of ContinueWhileIgnore, control the failover behaviour. Here a snipset of my config: # # HANDLERS # # ADSL handler Handler Client-Identifier=ldap-dsl AcctLogFileName %L/adsl/%c/%f-%g-%i AuthBy GROUP AuthByPolicyContinueWhileIgnore AuthBy LDAP2 Timeout 5 FailureBackoffTime 600 Hostnnn.nnn.nnn.100 Port389 [...] /AuthBy AuthBy LDAP2 Timeout 5 FailureBackoffTime 600 Hostnnn.nnn.nnn.101 Port389 [...] /AuthBy AuthBy LDAP2 Timeout 5 FailureBackoffTime 600 Hostnnn.nnn.nnn.102 Port389 [...] /AuthBy /AuthBy /Handler Handler Client-Identifier=ldap-dialup [... similar stuff ...] /Handler I've (re-)started radiusd, it loads the config correctly. It binds to the first ldap server (nnn.nnn.nnn.100) and correctly authenticates users. If I then firewall the ldap server from the radius server, radiusd waits forever the ldap server to come back. I would like radiusd to use the next ldap server. Any suggestion? -- Claude /Ingvar === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) CVX VSAs (again, sorry)
Hello John - Radiator 2.18.2 is the latest version, so if you have problems with the CVX I can only guess it has to do with the software version it is running. regards Hugh At 11:36 AM -0500 6/19/01, John Coy wrote: Hugh, I'm running the latest version 2.18.2 -- is there a newer version available? John At 06:23 PM 6/19/01 +1000, Hugh Irvine wrote: Hello John - The story is that the latest version of Radiator supports both types of CVX attributes (1 octet and 4 octet) and tries to do the right thing (although its a bit tough with no official attribute definitions). What version of Radaitor are you running? regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator 2.18.x AutoRODOPI Fails
Hello ... I have upgraded to Radiator 2.18.2 from 2.17.x ... AuthRODOPI no longer works now ... If I replace AuthRODOPI.pm from 2.17 it works fine ... this is RODOPI 4.04 here is my config ... I made a very simple config for this Realm DEFAULT AuthByPolicy ContinueWhileReject RewriteUsername s/^(.*)\\(.*)/$2\@$1/ RewriteUsername s/^(.*)\/(.*)/$2\@$1/ RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ RewriteUsername s/\s+//g AuthBy RODOPI DBSource dbi:Sybase:rodopi DBUsernameRodopi DBAuthx /AuthBy /Realm here is my log file ... Tue Jun 19 15:00:12 2001: DEBUG: Packet dump: *** Received from 206.47.98.13 port 1646 Code: Accounting-Request Identifier: 173 Authentic: 233B245H=234~206T254xlL183201195 Attributes: User-Name = goodbj NAS-IP-Address = 206.47.98.13 NAS-Identifier = 206.47.98.13 Acct-Status-Type = Start Acct-Session-Id = 16842802 Acct-Delay-Time = 0 Acct-Authentic = RADIUS Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 258 USR-Modem-Training-Time = 16 USR-Interface-Index = 1514 USR-Chassis-Call-Slot = 2 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 2 USR-Unauthenticated-Time = 4 Calling-Station-Id = Called-Station-Id = 4638 USR-VPN-Id = 0 USR-Modulation-Type = v90Digital USR-Simplified-MNP-Levels = ccittV42 USR-Simplified-V42bis-Usage = ccittV42bis USR-Connect-Speed = 50666_BPS Framed-Protocol = PPP Framed-IP-Address = 216.208.158.7 VTS-Session-Key = 17410191|$246=16213920913k^139204223 Call-Arrived-time = 172526682 Tue Jun 19 15:00:12 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Jun 19 15:00:12 2001: DEBUG: Rewrote user name to goodbj Tue Jun 19 15:00:12 2001: DEBUG: Rewrote user name to goodbj Tue Jun 19 15:00:12 2001: DEBUG: Rewrote user name to goodbj Tue Jun 19 15:00:12 2001: DEBUG: Rewrote user name to goodbj Tue Jun 19 15:00:12 2001: DEBUG: Rewrote user name to goodbj Tue Jun 19 15:00:12 2001: DEBUG: Adding session for goodbj, 206.47.98.13, 258 Tue Jun 19 15:00:12 2001: DEBUG: do query is: exec Interface_VircomDetails '16842802', 'Jun 19, 2001 15:00', 'goodbj', '206.47.98.13', 258, 'Framed-User', 'PPP', '216.208.158.7', '', '206.47.98.13', 'Start', 0, NULL, NULL, NULL, NULL, NULL, NULL, 'Async', NULL, '4638', Tue Jun 19 15:00:12 2001: ERR: do failed for 'exec Interface_VircomDetails '16842802', 'Jun 19, 2001 15:00', 'goodbj', '206.47.98.13', 258, 'Framed-User', 'PPP', '216.208.158.7', '', '206.47.98.13', 'Start', 0, NULL, NULL, NULL, NULL, NULL, NULL, 'Async', NULL, '4638', ': Server message number=170 severity=15 state=1 line=4 server=RODOPI text=Line 4: Incorrect syntax near ','. Tue Jun 19 15:00:12 2001: ERR: do failed for 'exec Interface_VircomDetails '16842802', 'Jun 19, 2001 15:00', 'goodbj', '206.47.98.13', 258, 'Framed-User', 'PPP', '216.208.158.7', '', '206.47.98.13', 'Start', 0, NULL, NULL, NULL, NULL, NULL, NULL, 'Async', NULL, '4638', ': Server message number=170 severity=15 state=1 line=4 server=RODOPI text=Line 4: Incorrect syntax near ','. Tue Jun 19 15:00:12 2001: DEBUG: Accounting accepted Tue Jun 19 15:00:12 2001: DEBUG: Packet dump: *** Sending to 206.47.98.13 port 1646 Code: Accounting-Response Identifier: 173 Authentic: 233B245H=234~206T254xlL183201195 Attributes: === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Fwd: Re: (RADIATOR) mysql with linux passwords
Hello Mickey, On Jun 19, 6:46pm, Hugh Irvine wrote: Subject: Fwd: Re: (RADIATOR) mysql with linux passwords Received: (from majordomo@localhost) by server1.open.com.au (8.11.0/8.11.0) id f5IFvIp12122 for radiatorzz-list; Mon, 18 Jun 2001 10:57:18 -0500 X-Authentication-Warning: server1.open.com.au: majordomo set sender to [EMAIL PROTECTED] using -f X-Sender: [EMAIL PROTECTED] Date: Mon, 18 Jun 2001 19:52:04 +0200 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: Re: (RADIATOR) mysql with linux passwords X-OriginalArrivalTime: 18 Jun 2001 17:52:09.0890 (UTC) FILETIME=[659DF820:01C0F81F] Sender: [EMAIL PROTECTED] Hi, I am using PAP authentication. What exactly does encrypted passwords mean in this context? Anything other than plaintext. I can get the short unix crypt passwords to work, but not something longer like MD5 - either raw or as in the gnu/linux /etc/shadow file. If the check item you are using is 'Password' or 'User-Password', then the password in your database can be in any of these forms: typeexample plaintext fred unix crypt {crypt}1xMKc0GIVUNbE SHA {SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= MD5 $1$cTpht$Obu9PLSMst1TDou.mN5bk0 MD5 (mime) {MD5}VwqQv7+MfqtdxdTiaDLVsQ== If the check item is 'Encrypted-Password', you can use: unix crypt {crypt}1xMKc0GIVUNbE unix crypt 1xMKc0GIVUNbE SHA {SHA}0DPiKuNIrrVmD8IUCuw1hQxNqZc= MD5 $1$cTpht$Obu9PLSMst1TDou.mN5bk0 MD5 (mime) {MD5}VwqQv7+MfqtdxdTiaDLVsQ== You can probably conclude from this that the only difference between User-Password and Encrypted-Password is how a bare unintroduced sequence of characters is to be interpreted, either as plainext or as unix crypt. Hope that helps. Cheers. Thanks for any hints! Mickey At 18:38 18-06-01, Hugh Irvine wrote: -Start of Original Message- Hello Mickey - You can only use encrypted passwords in the database if you are using PAP authentication. Conversely, you can only use CHAP authentication with plain-text passwords in the database. hth Hugh At 10:01 PM +0200 6/16/01, [EMAIL PROTECTED] wrote: Hi, Can I use linux password format ($1$13011b20$YckqUo2rgcod2yvyLOHI) with mysql? I've tried, and it does not seem to work, but perhaps I'm just doing something wrong. Clear text passwords in the mysql database work fine. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- End of excerpt from Hugh Irvine -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Converting Linux Epoch Date in VB Script / ASP
Hi Michael, Thanks very much for that. I have added it to the goodies directory with credit to you. Cheers. On Jun 19, 6:36pm, Hugh Irvine wrote: Subject: Re: (RADIATOR) Converting Linux Epoch Date in VB Script / ASP Many thanks Michael - I have copied this to Mike so he can include it in the goodies. cheers Hugh At 3:13 PM -0400 6/18/01, Michael Audet wrote: Not sure if I posted this... but I'll post it again. You guys can thank me later :) -- Problem: You are running Radiator and you want to display your SQL database of accounting logs via the web using ASP / VB script. Easy to do.. but you came across this strange thing of Radius storing the login date/time in Unix Epoch time (Time in seconds since Jan 1, 1970). So you want to find some code in VB to convert these seconds into Normal human time but for some reason you can't find the code on the net. Search no more... Solution: Block copy this into your .asp page and amaze your friends. Dim VBDate VBDate = DateAdd(s, PUT YOUR RADIATOR UNIX TIME HERE , 1/1/1970) VBDate = DateAdd(h, -5, VBDate) ' convert to your time zone: use -5 for Eastern, -8 pacific etc. 'Now that we have the time.. we have to check daylight savings time Dim StartDaylight Dim EndDaylight ' get the last day of March by subtracting one day from 4/1 StartDaylight = DateAdd(d, -1, DateSerial(Year(VBDate), 4, 1)) ' now skip to the next Sunday StartDaylight = DateAdd(d, 5 - WeekDay(StartDaylight), StartDaylight) StartDaylight = DateAdd(h, 2, StartDaylight) EndDaylight = DateSerial(Year(VBDate), 11, 1) ' back up to the previous Sunday EndDaylight = DateAdd(d, -5 + WeekDay(EndDaylight), EndDaylight) EndDaylight = DateAdd(h, 1, EndDaylight) If (VBDate = StartDaylight And VBDate EndDaylight) Then VBDate = DateAdd(h, 1, VBDate) End If 'Display your time response.write(VBDate) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- End of excerpt from Hugh Irvine -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.