Re: (RADIATOR) Multiple SessionDatabases per Handler?
Hello Janet - You can specify multiple database targets in a single SessionDatabase SQL. # define multiple databases SessionDatabase SQL Identifier DSL-SessionCheck DBSource .. DBSource .. .. /SessionDatabase hth Hugh At 15:24 +1000 01/7/6, Janet N del Mundo wrote: Hi, Is it possible to have more than one SessionDatabase (for SQL fallback purposes) within one Handler? If not, how do I go about handling my SessionDatabase SQL when the SQL cannot be reached? I tried to add a SessionDatabase NULL for a fallback from my SessionDatabase SQL, but I received error messages when I restarted Radiator. Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in radius_dsl.cfg line 394 Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in radius_dsl.cfg line 395 # Handle DSL users logging into the Shasta # Handler NAS-IP-Address = /xxx.xxx.xx.x|xxx.xxx.xx.x/ AuthBy GROUP AuthByPolicy ContinueWhileIgnore SessionDatabase DSL-SessionCheck SessionDatabase NULL /AuthBy AuthByPolicy ContinueWhileAccept AuthBy Check-DSL-Users AuthBy Check-SQL-DSLUSERS AuthBy DoAccounting /Handler Any suggestions or comments? Thanks, Janet -- _ Janet del Mundo Internet Administrator, Startec Global Communications 135 Chalan Santo Papa Agana, Guam 96910 Email: [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase
Hello Tom - At 12:17 -0400 01/7/5, Tom Daly wrote: Hello, We are currently using Radiator and MySQL for a SessionDB. As a wholesale provider, we have two ways for our wholesalers to access accounts. 1. Per Port - An ISP is assigned a unique DNIS to which all radius requested are directed at thier radius server by proxy. We do this by the following method. CalledStationId /..3400/ AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret VeryVerySecret AuthPort 1645 AcctPort 1646 Retries 5 RetryTimeout 15 /AuthBy This method seems to be slow, as we have to search through a few hundred DNISs for the same provider, if they have multiple DNISs. So I am looking for a way to use one statement that will search each providers list of DNISs. Also, when a customer dials in, thier username is just username. It there a way to make the session database show [EMAIL PROTECTED], but still pass username to the proxy radius server? If you are using the CalledStationId.pm file from the goodies section of the distribution, there is almost no overhead, as the number that is specified in the definition is used as a key to directly access that clause. This is by far the fastest way to process large numbers of phone numbers. For your second question, you can use RewriteUsername(s) and custom queries for the SessionDatabase to do what you require. 2. Per User - An ISP is assigned a Unique REALM via a Realm or Handler Realm= Clause. This gets very very complicated, so it there a way to simplify this? I don't understand the problem, sorry. Can you elaborate? Also, 1 ISP does not use a realm, so is there a way to make the session database show [EMAIL PROTECTED] and the radius server check for just username? See above - RewriteUsername(s) and custom queries. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) IPs allocated forever
Hi Jon - At 12:11 +0200 01/7/5, Jon Omagojeaskoa wrote: Thanks Hugh My config-file was like: ClientListSQL DBSource ... DBUsername ... DBAuth ... GetClientQueryselect NASIDENTIFIER,SECRET,NULL,NULL, \ DEFAULTREALM,NASTYPE,SNMPCOMMUNITY \ from RADCLIENTLIST /ClientListSQL I've added the DUPINTERVAL field to my RADCLIENTLIST table with value 4 for the problematic NAS and: GetClientQueryselect NASIDENTIFIER,SECRET,NULL,DUPINTERVAL, \ DEFAULTREALM,NASTYPE,SNMPCOMMUNITY \ from RADCLIENTLIST Problem solved !! Good. There are still lost IPs due to lost Stop-Packets, but I can clean them once a day with a crontab-script that sets STATE=0 to those IPs on RADPOOL that are not in RADONLINE.FRAMEDIPADDRESS. Is there a way to do the same cleaning within radiusd using ReclaimQuery DefaultLeasePeriod LeaseReclaimInterval I work with MySQL database an nested SELECT querys are not allowed :-( I think you will be better off doing your housekeeping outside Radiator. hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Strange accounting record Acct-Status-Type =Accounting-On
Hello Stafanita - These are normal startup packets from a NAS after it reboots, but it looks like you are not responding to them correctly. I suspect you may not have a Client entry for this NAS in the Radiator configuration file. I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. thanks Hugh At 15:10 +0300 01/7/5, Stefanita Vilcu wrote: Hello, I have an Max TNT (sw ver. 8.0.3) and a Radiator (2.18.2) on a RedHat Linux 6.2. I receive some strage accounting packets very often, is there any way to stop/ignore them? Thank you, Stefanita Vilcu *** Received from x.x.x.x port 7011 Packet length = 61 04 2c 00 3d 1f 81 a7 c0 8f 3f 32 43 bd 1a 00 b3 b1 6e 94 6c 04 06 c1 e2 64 45 1a 0c 00 00 02 11 56 06 00 00 00 00 28 06 00 00 00 07 29 06 00 00 04 a2 2c 0b 37 32 30 30 31 30 36 30 32 Code: Accounting-Request Identifier: 44 Authentic: 31129167192143?2C189260179177n148l Attributes: NAS-IP-Address = x.x.x.x Ascend-Owner-IP-Addr = 0.0.0.0 Acct-Status-Type = Accounting-On Acct-Delay-Time = 1186 Acct-Session-Id = 720010602 14:19:21.797673 eth0 bucharest2 7011 xxx.radacct: udp 61 14:19:26.795443 eth0 bucharest2 7011 xxx.radacct: udp 61 14:19:31.795295 eth0 bucharest2 7011 xxx.radacct: udp 61 14:20:56.817318 eth0 bucharest2 7011 xxx.radacct: udp 61 14:21:01.798182 eth0 bucharest2 7011 xxx.radacct: udp 61 14:21:06.794379 eth0 bucharest2 7011 xxx.radacct: udp 61 14:25:13.787386 eth0 bucharest2 7011 xxx.radacct: udp 61 14:25:18.787312 eth0 bucharest2 7011 xxx.radacct: udp 61 14:25:23.787621 eth0 bucharest2 7011 xxx.radacct: udp 61 14:37:36.768373 eth0 bucharest2 7011 xxx.radacct: udp 61 14:37:41.770545 eth0 bucharest2 7011 xxx.radacct: udp 61 14:37:46.767644 eth0 bucharest2 7011 xxx.radacct: udp 61 -- Stefanita Valeriu Vilcu, [EMAIL PROTECTED] Dynamic Network Technologies, Romania Tel: +40-1-2106863 Fax: +40-1-3122745 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simultaneous Use Problems
I didn't know PM3's supported SNMP. You might want to find out whether SNMP
or Finger works with your equipment. If SNMP, you might want to specify an
SNMPCommunity entry for the Client.
Also, look in /var/log/radiator/radius.log and it will show you what
Radiator tries to do when it should be enforcing sim use. In the case of
SNMP, I know it will show you the whole Unix commanline that it runs, which
you can copy and paste onto your command line to test directly.
Also, if you're not sure what's in your SessionDatabase, you might want to
use a SessionDatabase DBM and then use the cgi to see who RADIATOR thinks is
online.
Dave
-Original Message-
From: Jonathon Lindbo [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 06, 2001 12:34 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Simultaneous Use Problems
Hi,
I have been trying for the past 4 days to get my Simultaneous Login
restrictions to work. I am currently working with PM3's and
have SNMP
enabled on them all. I'm not sure what I am doing wrong.
Below is the
config that I am using. Any ideas ? Where should I look for
debugging
information on this. I am not seeing much in the radius.log.
Thanks
Jon Lindbo
### BASE CONFIGURATION ###
Trace 5
PidFile /tmp/radiusd.pid
AuthPort1645
AcctPort1646
LogDir /var/log/radiator
DbDir /etc/radiator/raddb
LogFile %L/radius.log
SnmpgetProg /usr/local/bin/snmpget
FingerProg /usr/bin/finger
#LivingstonOffs 23
#LivingstonHole 1
LivingstonHole 0
### CLIENT CONFIGURATION ###
Client DEFAULT
Secret BBsecretKEY
DupInterval 2
NasType Livingston
/Client
### REALM CONFIGURATION ###
Realm DEFAULT
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName %L/%Ndetail
AcctLogFileFormat %{Timestamp} %{Acct-Session-Id}
%{User-Name}
PasswordLogFileName %L/password.log
MaxSessions 1
AuthBy UNIX
Identifier System
Filename /etc/shadow
Match ^([^:]*):([^:]*):?[^:]*:?([^:]*)
DefaultSimultaneousUse 1
AddToReply Service-Type = Framed-User,
Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 1500
/AuthBy
/Realm
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous Use Problems
Hello Jonathon -
I will need to see the trace debug from Radiator to see what is going on.
thanks
Hugh
At 9:34 -0700 01/7/6, Jonathon Lindbo wrote:
Hi,
I have been trying for the past 4 days to get my Simultaneous Login
restrictions to work. I am currently working with PM3's and have
SNMP enabled on them all. I'm not sure what I am doing wrong.
Below is the config that I am using. Any ideas ? Where should I
look for debugging information on this. I am not seeing much in the
radius.log.
Thanks
Jon Lindbo
### BASE CONFIGURATION ###
Trace 5
PidFile /tmp/radiusd.pid
AuthPort1645
AcctPort1646
LogDir /var/log/radiator
DbDir /etc/radiator/raddb
LogFile %L/radius.log
SnmpgetProg /usr/local/bin/snmpget
FingerProg /usr/bin/finger
#LivingstonOffs 23
#LivingstonHole 1
LivingstonHole 0
### CLIENT CONFIGURATION ###
Client DEFAULT
Secret BBsecretKEY
DupInterval 2
NasType Livingston
/Client
### REALM CONFIGURATION ###
Realm DEFAULT
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName %L/%Ndetail
AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
PasswordLogFileName %L/password.log
MaxSessions 1
AuthBy UNIX
Identifier System
Filename /etc/shadow
Match ^([^:]*):([^:]*):?[^:]*:?([^:]*)
DefaultSimultaneousUse 1
AddToReply Service-Type = Framed-User,
Framed-Protocol = PPP, Session-Timeout = 14400, Idle-Timeout = 1500
/AuthBy
/Realm
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase
Hi, By default, what entry does Radiator to put into the Session Database? From what I can see, it seems that it copies the Username as entered by the user, before any rewrite username, or other functions are used. Tom - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tom Daly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 06, 2001 5:44 AM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase Hello Tom - At 12:17 -0400 01/7/5, Tom Daly wrote: Hello, We are currently using Radiator and MySQL for a SessionDB. As a wholesale provider, we have two ways for our wholesalers to access accounts. 1. Per Port - An ISP is assigned a unique DNIS to which all radius requested are directed at thier radius server by proxy. We do this by the following method. CalledStationId /..3400/ AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret VeryVerySecret AuthPort 1645 AcctPort 1646 Retries 5 RetryTimeout 15 /AuthBy This method seems to be slow, as we have to search through a few hundred DNISs for the same provider, if they have multiple DNISs. So I am looking for a way to use one statement that will search each providers list of DNISs. Also, when a customer dials in, thier username is just username. It there a way to make the session database show [EMAIL PROTECTED], but still pass username to the proxy radius server? If you are using the CalledStationId.pm file from the goodies section of the distribution, there is almost no overhead, as the number that is specified in the definition is used as a key to directly access that clause. This is by far the fastest way to process large numbers of phone numbers. For your second question, you can use RewriteUsername(s) and custom queries for the SessionDatabase to do what you require. 2. Per User - An ISP is assigned a Unique REALM via a Realm or Handler Realm= Clause. This gets very very complicated, so it there a way to simplify this? I don't understand the problem, sorry. Can you elaborate? Also, 1 ISP does not use a realm, so is there a way to make the session database show [EMAIL PROTECTED] and the radius server check for just username? See above - RewriteUsername(s) and custom queries. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase
Hi Tom - By default Radiator uses the username string as received from the NAS, as that is what it needs if it is to query the NAS directly to verify connections. regards Hugh At 12:29 -0400 01/7/6, Tom Daly wrote: Hi, By default, what entry does Radiator to put into the Session Database? From what I can see, it seems that it copies the Username as entered by the user, before any rewrite username, or other functions are used. Tom - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tom Daly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 06, 2001 5:44 AM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase Hello Tom - At 12:17 -0400 01/7/5, Tom Daly wrote: Hello, We are currently using Radiator and MySQL for a SessionDB. As a wholesale provider, we have two ways for our wholesalers to access accounts. 1. Per Port - An ISP is assigned a unique DNIS to which all radius requested are directed at thier radius server by proxy. We do this by the following method. CalledStationId /..3400/ AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret VeryVerySecret AuthPort 1645 AcctPort 1646 Retries 5 RetryTimeout 15 /AuthBy This method seems to be slow, as we have to search through a few hundred DNISs for the same provider, if they have multiple DNISs. So I am looking for a way to use one statement that will search each providers list of DNISs. Also, when a customer dials in, thier username is just username. It there a way to make the session database show [EMAIL PROTECTED], but still pass username to the proxy radius server? If you are using the CalledStationId.pm file from the goodies section of the distribution, there is almost no overhead, as the number that is specified in the definition is used as a key to directly access that clause. This is by far the fastest way to process large numbers of phone numbers. For your second question, you can use RewriteUsername(s) and custom queries for the SessionDatabase to do what you require. 2. Per User - An ISP is assigned a Unique REALM via a Realm or Handler Realm= Clause. This gets very very complicated, so it there a way to simplify this? I don't understand the problem, sorry. Can you elaborate? Also, 1 ISP does not use a realm, so is there a way to make the session database show [EMAIL PROTECTED] and the radius server check for just username? See above - RewriteUsername(s) and custom queries. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase
Hugh, I would say my problem then is this. I am using CalledStation.pm to send users to radius proxy which does not use a realm, so users will dialup with 'username'. Now, our ISP does not require users to have a realm name either, so they also dialup with 'username'. In the case of two identical usernames between ISPs, one user will not be authenticated. Is there a way I can add a realm name to the CalledStation.pm users for the sake of the session database, however, still send the proxy server just 'username'. I am guessing this will need to be done with some sort of hook. --Tom - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tom Daly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 06, 2001 12:21 PM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase Hi Tom - By default Radiator uses the username string as received from the NAS, as that is what it needs if it is to query the NAS directly to verify connections. regards Hugh At 12:29 -0400 01/7/6, Tom Daly wrote: Hi, By default, what entry does Radiator to put into the Session Database? From what I can see, it seems that it copies the Username as entered by the user, before any rewrite username, or other functions are used. Tom - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tom Daly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 06, 2001 5:44 AM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase Hello Tom - At 12:17 -0400 01/7/5, Tom Daly wrote: Hello, We are currently using Radiator and MySQL for a SessionDB. As a wholesale provider, we have two ways for our wholesalers to access accounts. 1. Per Port - An ISP is assigned a unique DNIS to which all radius requested are directed at thier radius server by proxy. We do this by the following method. CalledStationId /..3400/ AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret VeryVerySecret AuthPort 1645 AcctPort 1646 Retries 5 RetryTimeout 15 /AuthBy This method seems to be slow, as we have to search through a few hundred DNISs for the same provider, if they have multiple DNISs. So I am looking for a way to use one statement that will search each providers list of DNISs. Also, when a customer dials in, thier username is just username. It there a way to make the session database show [EMAIL PROTECTED], but still pass username to the proxy radius server? If you are using the CalledStationId.pm file from the goodies section of the distribution, there is almost no overhead, as the number that is specified in the definition is used as a key to directly access that clause. This is by far the fastest way to process large numbers of phone numbers. For your second question, you can use RewriteUsername(s) and custom queries for the SessionDatabase to do what you require. 2. Per User - An ISP is assigned a Unique REALM via a Realm or Handler Realm= Clause. This gets very very complicated, so it there a way to simplify this? I don't understand the problem, sorry. Can you elaborate? Also, 1 ISP does not use a realm, so is there a way to make the session database show [EMAIL PROTECTED] and the radius server check for just username? See above - RewriteUsername(s) and custom queries. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple SessionDatabases per Handler?
I assume that specifying multiple databases means that both would be written/updated at the appropriate times, and that you wouldn't have to figure out how to replicate them in any way Chris From: Hugh Irvine [EMAIL PROTECTED] Date: Fri, 6 Jul 2001 19:34:20 +1000 To: Janet N del Mundo [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) Multiple SessionDatabases per Handler? Hello Janet - You can specify multiple database targets in a single SessionDatabase SQL. # define multiple databases SessionDatabase SQL Identifier DSL-SessionCheck DBSource .. DBSource .. .. /SessionDatabase hth Hugh At 15:24 +1000 01/7/6, Janet N del Mundo wrote: Hi, Is it possible to have more than one SessionDatabase (for SQL fallback purposes) within one Handler? If not, how do I go about handling my SessionDatabase SQL when the SQL cannot be reached? I tried to add a SessionDatabase NULL for a fallback from my SessionDatabase SQL, but I received error messages when I restarted Radiator. Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in radius_dsl.cfg line 394 Fri Jul 6 14:44:22 2001: ERR: Unknown keyword 'SessionDatabase' in radius_dsl.cfg line 395 # Handle DSL users logging into the Shasta # Handler NAS-IP-Address = /xxx.xxx.xx.x|xxx.xxx.xx.x/ AuthBy GROUP AuthByPolicy ContinueWhileIgnore SessionDatabase DSL-SessionCheck SessionDatabase NULL /AuthBy AuthByPolicy ContinueWhileAccept AuthBy Check-DSL-Users AuthBy Check-SQL-DSLUSERS AuthBy DoAccounting /Handler Any suggestions or comments? Thanks, Janet -- _ Janet del Mundo Internet Administrator, Startec Global Communications 135 Chalan Santo Papa Agana, Guam 96910 Email: [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Conditionals?
Hello, Is it possible to do a different select statement in an AuthBy SQL clause based on the value of a global variable set previously in the config file? If so, how is it done? Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) restartWrapper
Can anyone tell me how restartWrapper determines whether or not to restart radius? Is it only of the radiusd process stops or does it restart it if it crashes (for example if it cannot access the mysql database anymore?). Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Conditionals?
Hello Griff - The answer to this depends on your exact requirements, however it may be as simple as using special characters, or it may involve writing a Hook, or it may be possible to do something clever in the configurtain file. If you send me a more detailed description of what you want to do I'll try to make some sensible suggestions. regards Hugh At 11:57 -0700 01/7/6, Griff Hamlin wrote: Hello, Is it possible to do a different select statement in an AuthBy SQL clause based on the value of a global variable set previously in the config file? If so, how is it done? Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using Radiator for Wholesale DialupandSessionDatabase
Hello Tom - How are you going to know which customer is which? regards Hugh At 12:51 -0400 01/7/6, Tom Daly wrote: Hugh, I would say my problem then is this. I am using CalledStation.pm to send users to radius proxy which does not use a realm, so users will dialup with 'username'. Now, our ISP does not require users to have a realm name either, so they also dialup with 'username'. In the case of two identical usernames between ISPs, one user will not be authenticated. Is there a way I can add a realm name to the CalledStation.pm users for the sake of the session database, however, still send the proxy server just 'username'. I am guessing this will need to be done with some sort of hook. --Tom - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tom Daly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 06, 2001 12:21 PM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup andSessionDatabase Hi Tom - By default Radiator uses the username string as received from the NAS, as that is what it needs if it is to query the NAS directly to verify connections. regards Hugh At 12:29 -0400 01/7/6, Tom Daly wrote: Hi, By default, what entry does Radiator to put into the Session Database? From what I can see, it seems that it copies the Username as entered by the user, before any rewrite username, or other functions are used. Tom - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Tom Daly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Friday, July 06, 2001 5:44 AM Subject: Re: (RADIATOR) Using Radiator for Wholesale Dialup and SessionDatabase Hello Tom - At 12:17 -0400 01/7/5, Tom Daly wrote: Hello, We are currently using Radiator and MySQL for a SessionDB. As a wholesale provider, we have two ways for our wholesalers to access accounts. 1. Per Port - An ISP is assigned a unique DNIS to which all radius requested are directed at thier radius server by proxy. We do this by the following method. CalledStationId /..3400/ AuthBy RADIUS Host xxx.xxx.xxx.xxx Secret VeryVerySecret AuthPort 1645 AcctPort 1646 Retries 5 RetryTimeout 15 /AuthBy This method seems to be slow, as we have to search through a few hundred DNISs for the same provider, if they have multiple DNISs. So I am looking for a way to use one statement that will search each providers list of DNISs. Also, when a customer dials in, thier username is just username. It there a way to make the session database show [EMAIL PROTECTED], but still pass username to the proxy radius server? If you are using the CalledStationId.pm file from the goodies section of the distribution, there is almost no overhead, as the number that is specified in the definition is used as a key to directly access that clause. This is by far the fastest way to process large numbers of phone numbers. For your second question, you can use RewriteUsername(s) and custom queries for the SessionDatabase to do what you require. 2. Per User - An ISP is assigned a Unique REALM via a Realm or Handler Realm= Clause. This gets very very complicated, so it there a way to simplify this? I don't understand the problem, sorry. Can you elaborate? Also, 1 ISP does not use a realm, so is there a way to make the session database show [EMAIL PROTECTED] and the radius server check for just username? See above - RewriteUsername(s) and custom queries. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM,
Re: (RADIATOR) Problems with Bay 8000 RAC
Hello Sergio - I have no direct experience with Bay hardware, but it sounds like either a software version or a software configuration issue on the NAS itself. You can see what attributes the NAS is sending by turning hexidecimal packet dumps on in Radiator with a trace 5 debug. regards Hugh At 18:51 -0500 01/7/6, Sergio Gonzalez wrote: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi there. I got some problems trying to make a bay 8000 RAC to receive and send the appropriate data from/to the radius radiator server. First problem, when a ppp session starts for a particular user in radiator (that has a static IP address, sent via Frame-IP-Address), the bay 8000 RAC doesn't care about it, and just puts an IP address from its own dynamic pool. I got the same radiator listening and serving to other 2 RASes without problems when using that specific user. The other problem I've is when the session stops, the bay 8000 RAC doesn't send the speed used by the user ( the receive speed used by the user). Instead of that info, the bay RAC doesn't send anything (I got just nulls). Somebody has an example of the particular attributes I've to use in order to make the Bay 8000 RAC to take care about the Framed-IP-Address and send back to radiator - in accounting stop packets - the speed used?. PD: Sombody here in this list has a good example of a config.annex file?. If someone, please send me a copy to my email address. I really appreciate if someone can give a hand with that file. Thanks. Sergio Alejandro Gonzalez Director Operativo SkyNet de Colombia. Bogota, Colombia, South America. 57 (+1) 6 422 020 57 (+3) 7 285 094 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator Profiles
Hello Kyle - You will need to add the following to your configuration file: # specify an AuthByPolicy to control multiple AuthBy clauses Realm AuthByPolicy ContinueWhileAccept . /Realm hth Hugh At 12:42 -0400 01/7/6, Kyle wrote: Hi guys, I'm trying to make profiles work from a mySql table. I've followed the example provided in the goodies directory, dealing with doing from file authentication. I'm adding a reply field of Profile in my first AuthBy SQL clause, added a second AuthBy SQL clause immediatly following it, and my AuthBy DYNADDRESS clause is last. I've added a StripFromReply at the end of the second AuthBy to take out the Profile field. It does not appear to be using the second AuthBy when authenticating an user. I see the Profile field in the reply packet. I've included my realms.cfg file. file for examination. -- Kyle Content-Type: application/x-ns-proxy-autoconfig; name=realms.cfg Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename=realms.cfg Attachment converted: Macintosh HD:realms.cfg (/) (0001FEEF) -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) restartWrapper
Hello Griff - The restartWrapper program runs radiusd as a child process and waits for it to exit. If the child process exits for any reason, restartWrapper will restart it. hth Hugh At 12:54 -0700 01/7/6, Griff Hamlin wrote: Can anyone tell me how restartWrapper determines whether or not to restart radius? Is it only of the radiusd process stops or does it restart it if it crashes (for example if it cannot access the mysql database anymore?). Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Auth by Text Questions
Hello Todd - At 13:49 -0700 01/7/6, Todd Dokey wrote: I just had Radiator dropped into my lap this last week amidst other things. I must be missing a REAL OBVIOUS issue, but I can't get my Radiator to auth off of a file. This is on a Linux box with the rpm file for the install. The file is traditional in that it points the logfiles and gets the users file from the normal spots. The files are there. In radius.cfg is where I have the case of the DUHs going on. The only Authby Text clause I have is at the bottom (the standard DEFAULT) and have added above it Client lists of the modems sending the requests. Those I sorted by location and type, so they swap out dictionaries as needed. You can only specify a single dictionary file for Radiator, and you should start off with the standard dictionary file and add any additional entries to it with your favourite text editor. That is about all I did. Radiator starts okay, but won't authenticate off localhost (yes, built that entry.. once as in the example localhost and redone as 127.0.0.1. I looked over the logs, it seems to start, but then doesn't complete. I will need to see a copy of the configuration file (no secrets), together with a trace 4 debug from Radiator showing what is happening at startup. thanks Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
