Re: (RADIATOR) MaxSessions issue, still a problem
Hello Dmitry - Here is what I get with this configuration file (copied from your mail): Foreground Trace 4 Secret mysecret RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 Filename ./bbeyond.users AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log This is the debug: Fri Jul 13 17:00:42 2001: DEBUG: Reading users file ./bbeyond.users Fri Jul 13 17:00:42 2001: INFO: Server started: Radiator 2.18.2 on hugo Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Access-Request Identifier: 50 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>" Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:02:35 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE looks for match with uunoc Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE ACCEPT: Fri Jul 13 17:02:35 2001: DEBUG: Access accepted for uunoc Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Access-Accept Identifier: 50 Authentic: 1234567890123456 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.254 Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Accounting-Request Identifier: 51 Authentic: TW<196>5g<15><204>x<217>Y@>?+<189>9 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:02:35 2001: DEBUG: Adding session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE Fri Jul 13 17:02:35 2001: DEBUG: Accounting accepted Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Accounting-Response Identifier: 51 Authentic: TW<196>5g<15><204>x<217>Y@>?+<189>9 Attributes: Fri Jul 13 17:03:42 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Access-Request Identifier: 116 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 213.116.1.14 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>" Fri Jul 13 17:03:42 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:03:42 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:03:42 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:03:42 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116.1.14, 1234 Fri Jul 13 17:03:42 2001: DEBUG: Checking if user is still online: unknown, [EMAIL PROTECTED], 203.63.154.1, 1234, 1234 Fri Jul 13 17:03:42 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Fri Jul 13 17:03:42 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Access-Reject Identifier: 116 Authentic: 1234567890123456 Attributes: Reply-Message = "Request Denied" I can only think that you have set up the Client clauses differently - perhaps with a Nas-Type Ignore, which will not check the session database at all. Have a look at section 6.5.5 in the Radiator 2.18.2 reference manual for a discussion of the various Nas-Type options. regards Hugh On Thursday 12 July 2001 19:16, Dmitry Kopylov wrote: > Hi, > > I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here > is part of config and trace 4 output: > > > RewriteUsername s/^([^@]+).*/$1/ > MaxSessions 1 > > > AcctLogFileName %L/bbeyond/details > PasswordLogFileName %L/bbeyond/uunet-passwords.log > > > > If I set MaxSessions 0, it works and rejects all sessions, but when I set > MaxSessions to 1 it allows the second connection with the same username. > > > MaxSessions 0: > > Thu Jul 12 11:30:06 2001: DEBUG: Reading user
(RADIATOR) variable question (realm)
Hello guys, Is there a variable that can be used, to log the realm, that the user went through, in an AuthLog SuccessFormat ? Thanks, -Andy -- *** DISCLAIMER *** This e-mail and any attachments thereto may contain information, which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) not working on HPUX 11i =/
Hello John, Hello Chris - What platform are you running on? Note that some syslog systems need to be run with the -r flag. >From http://www.open.com.au/radiator/faq.html#66: Recent versions of Linux syslogd do not by default listen to the UDP port that the Perl Sys::Syslog module uses. In order to let Radiator and other Perl sysloggers work, you need to restart syslogd with the -r flag. Check the documentation for syslogd on your system. hth Hugh On Friday 13 July 2001 07:59, Jon Nistor wrote: > [nistor@outpost2] /opt/radiator/bin: ./radiusd -v > > > This is Radiator 2.18 on outpost2 > > Copyright Open System Consultants > > http://www.open.com.au/radiator > > On Thu, 12 Jul 2001, Chris M wrote: > :::Is this 2.18.2? If so, I think I am having the same or similar issues. > ::: > :::Chris > ::: > :::> From: Jon Nistor <[EMAIL PROTECTED]> > :::> Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT) > :::> To: <[EMAIL PROTECTED]> > :::> Subject: (RADIATOR) not working on HPUX 11i =/ > :::> > :::> Hey all, > :::> > :::> I've checked through the mail archives, and tried everything listed, > :::> but I still can't get syslog to work for the life of me =/ > :::> > :::> This is whats in the config: > :::> > :::> FacilityINFO > :::> Trace 4 > :::> > :::> > :::> I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a > :::> syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph. > :::> > :::> Nothing comes through on syslog, when I test it out using Sys::Syslog, > :::> > :::> > :::> #!/opt/perl5/bin/perl > :::> use Sys::Syslog; > :::> openlog($ident,$logopt,$facility); > :::> syslog('info', 'this is another test'); > :::> syslog('mail', 'this is a better test: %d', time); > :::> closelog(); > :::> syslog('debug', 'this is the last test'); > :::> > :::> > :::> > :::> All that works fine .. Anyone have any insight? =/ > :::> > :::> > :::> -- > :::> ..+.+.=.+.*..-...\//...-..+..._+($)(_)# > :::> ..%%@..[]@#.! Jon ([EMAIL PROTECTED]) Unix Systems > :::> Administrator, Primus Canada. Tel. (416) 207-7612 > :::> emerg/afterhour: [EMAIL PROTECTED] cell. (416) 294-7780 > :::> Internet Services Group > :::> ..EOF > :::> > :::> === > :::> Archive at http://www.open.com.au/archives/radiator/ > :::> Announcements on [EMAIL PROTECTED] > :::> To unsubscribe, email '[EMAIL PROTECTED]' with > :::> 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Hello Alain - As the error message in the log file says, you will need a Realm or Handler clause to deal with the Disconnect-Request. You will also need software on the NAS that understands Disconnect-Request. Also note that when the NAS is configured to process Disconnect-Request it is acting as a Radius server for this operation, and hence, your Radiator will in fact need to be configured to proxy the Disconnect-Request to the NAS. The first thing to do though is to check that your NAS supports Disconnect-Request, second you will have to configure the NAS to process the requests correctly, and third (optional) you can configure Radiator to forward the requests correctly. NOTE: you can also send the Disconnect-Request directly to the NAS from radpwtst without going through Radiator at all (this may be easier in any case). hth Hugh On Friday 13 July 2001 02:44, Gonzalez Castillo, Alain wrote: > > Hi, i need to disconnect an user. > When i use radpwtst -noacct -noauth -code Disconnect-Request NAS-Port= > > logfile tell me: > > > Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be used > to handle this request > Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request > is ignored > No reply > > Muy conf file is this: > > # Radiator configuration file. > # Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001 > #REMOTE_USER: , REMOTE_ADDR: > > AcctPort 1646 > AuthPort 1645 > DbDir . > Foreground > LogDir . > LogStdout > > > DBAuth > DBSource dbi:mysql: > DBUsername > Identifier direccionesip > > > DNSServer > Range > Subnetmask > > > > > AccountingTable ACCOUNTING > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-Identifier > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > DBAuth > DBSource dbi:mysql:user_BLOSTE > DBUsername root > Identifier ID_0 > > > > > DBAuth > DBSource dbi:mysql: > DBUsername root > > > > DBAuth > DBSource dbi:mysql: > DBUsername > LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t, > '$p', '$s') > Trace 3 > > > > Filename logfile.radiator > Identifier log radiator > Trace 5 > > > > AuthBy ID_0 > AuthByPolicy ContinueWhileIgnore > RewriteUsername s/^([^@]+).*/$1/ > SessionDatabase Sesion SQL > > Allocator direccionesip > MapAttribute yiaddr, Framed-IP-Address > MapAttribute subnetmask, Framed-IP-Netmask > PoolHint %{Reply:PoolHint} > StripFromReply PoolHint > > > > > > AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, > ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) > values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, > '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}') > ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N' > CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where > NASIDENTIFIER='%N' > CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE > where USERNAME='%u' > DBAuth > DBSource dbi:mysql: > DBUsername > DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and > NASPORT=0%{NAS-Port} > Description Logs > Identifier Sesion SQL > > > Anyone can help me? > My NAS is an Cisco AS5300. > > Thanks. > Alain. Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions issue, still a problem
Hello Vangelis - Actually, an internal session database is exactly that - a session database held entirely in memory. The username in each request is what is used, as follows: Access-Request - check current sessions and reject if limit exceeded, Accounting Start - add new record, Accounting Start - delete record. regards Hugh On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote: > I think the problem when you use the Internal session database is that it > uses the username from the Accounting file to count the number of sessions. > When a new user logs in it checks the rewritten username against the > session database. So it checks with the name uunoc and not with the > [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same > problem with small and capital letters. >Maxsession 0 works always since it's no need to check the session > database... > >Vangelis > > Dmitry Kopylov wrote: > > Hi, > > > > I upgraded to the 18.2.2 but the problem with MaxSession still exists. > > Here is part of config and trace 4 output: > > > > > > RewriteUsername s/^([^@]+).*/$1/ > > MaxSessions 1 > > > > > > AcctLogFileName %L/bbeyond/details > > PasswordLogFileName %L/bbeyond/uunet-passwords.log > > > > > > If I set MaxSessions 0, it works and rejects all sessions, but when I set > > MaxSessions to 1 it allows the second connection with the same username. > > > > MaxSessions 0: > > > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on > > bbyrad1.bbeyond.nl > > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > > *** Received from 62.177.149.2 port 1645 > > Code: Access-Request > > Identifier: 102 > > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > > Attributes: > > User-Name = "[EMAIL PROTECTED]" > > User-Password = "_<178><219>A<0><201><238><192>3<130><183> > > <28>@q<228>" > > NAS-IP-Address = 213.116.1.14 > > NAS-Port = 70 > > NAS-Port-Type = Sync > > Service-Type = Framed-User > > Framed-Protocol = PPP > > State = "" > > Calling-Station-Id = "235652175" > > Called-Station-Id = "0107110035" > > Acct-Session-Id = "328619273" > > Ascend-Data-Rate = 64000 > > Ascend-Xmit-Rate = 64000 > > Proxy-State = > > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>; > > <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2> > ><7> <20> > > > > ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<25 > > >1>< > > > > 225> > > <236>&<13>XA<188>NY<153>O > > > > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should > > be use > > d to handle this request > > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler > > 'Realm=bbeyond.nl > > ' > > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc > > Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > > 213.116 > > .1.14, 70 > > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions > > exceeded > > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > > *** Sending to 62.177.149.2 port 1645 > > Code: Access-Reject > > Identifier: 102 > > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > > Attributes: > > Reply-Message = "Request Denied" > > > > MaxSessions 1: > > > > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping > > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on > > bbyrad1.bbeyond.nl > > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: > > *** Received from 62.177.149.1 port 1645 > > Code: Access-Request > > Identifier: 173 > > Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y > > Attributes: > > User-Name = "[EMAIL PROTECTED]" > > User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn" > > NAS-IP-Address = 213.116.1.30 > > NAS-Port = 2054 > > NAS-Port-Type = Sync > > Service-Type = Framed-User > > Framed-Protocol = PPP > > State = "" > > Calling-Station-Id = "235652175" > > Called-Station-Id = "0107110035" > > Acct-Session-Id = "347654980" > > Ascend-Data-Rate = 64000 > > Ascend-Xmit-Rate = 64000 > > Proxy-State = PX01<0><0><9><254><242><12> > > <252>)<203>T<230><252><143>P<2 > > 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6> > ><0> <2>< > > 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^< > >30> H<18
Re: (RADIATOR) not working on HPUX 11i =/
[nistor@outpost2] /opt/radiator/bin: ./radiusd -v This is Radiator 2.18 on outpost2 Copyright Open System Consultants http://www.open.com.au/radiator On Thu, 12 Jul 2001, Chris M wrote: :::Is this 2.18.2? If so, I think I am having the same or similar issues. ::: :::Chris ::: :::> From: Jon Nistor <[EMAIL PROTECTED]> :::> Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT) :::> To: <[EMAIL PROTECTED]> :::> Subject: (RADIATOR) not working on HPUX 11i =/ :::> :::> Hey all, :::> :::> I've checked through the mail archives, and tried everything listed, but I :::> still can't get syslog to work for the life of me =/ :::> :::> This is whats in the config: :::> :::> FacilityINFO :::> Trace 4 :::> :::> :::> I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph :::> file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph. :::> :::> Nothing comes through on syslog, when I test it out using Sys::Syslog, :::> :::> :::> #!/opt/perl5/bin/perl :::> use Sys::Syslog; :::> openlog($ident,$logopt,$facility); :::> syslog('info', 'this is another test'); :::> syslog('mail', 'this is a better test: %d', time); :::> closelog(); :::> syslog('debug', 'this is the last test'); :::> :::> :::> :::> All that works fine .. Anyone have any insight? =/ :::> :::> :::> -- :::> ..+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.! :::> Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada. :::> Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED] :::> cell. (416) 294-7780 Internet Services Group :::> ..EOF :::> :::> === :::> Archive at http://www.open.com.au/archives/radiator/ :::> Announcements on [EMAIL PROTECTED] :::> To unsubscribe, email '[EMAIL PROTECTED]' with :::> 'unsubscribe radiator' in the body of the message. ::: ::: -- .+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.! Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada. Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED] cell. (416) 294-7780 Internet Services Group .EOF === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) not working on HPUX 11i =/
Is this 2.18.2? If so, I think I am having the same or similar issues. Chris > From: Jon Nistor <[EMAIL PROTECTED]> > Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT) > To: <[EMAIL PROTECTED]> > Subject: (RADIATOR) not working on HPUX 11i =/ > > Hey all, > > I've checked through the mail archives, and tried everything listed, but I > still can't get syslog to work for the life of me =/ > > This is whats in the config: > > FacilityINFO > Trace 4 > > > I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph > file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph. > > Nothing comes through on syslog, when I test it out using Sys::Syslog, > > > #!/opt/perl5/bin/perl > use Sys::Syslog; > openlog($ident,$logopt,$facility); > syslog('info', 'this is another test'); > syslog('mail', 'this is a better test: %d', time); > closelog(); > syslog('debug', 'this is the last test'); > > > > All that works fine .. Anyone have any insight? =/ > > > -- > ..+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.! > Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada. > Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED] > cell. (416) 294-7780 Internet Services Group > ..EOF > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) not working on HPUX 11i =/
Hey all, I've checked through the mail archives, and tried everything listed, but I still can't get syslog to work for the life of me =/ This is whats in the config: FacilityINFO Trace 4 I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph. Nothing comes through on syslog, when I test it out using Sys::Syslog, #!/opt/perl5/bin/perl use Sys::Syslog; openlog($ident,$logopt,$facility); syslog('info', 'this is another test'); syslog('mail', 'this is a better test: %d', time); closelog(); syslog('debug', 'this is the last test'); All that works fine .. Anyone have any insight? =/ -- .+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.! Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada. Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED] cell. (416) 294-7780 Internet Services Group .EOF === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Title: radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx Hi, i need to disconnect an user. When i use radpwtst -noacct -noauth -code Disconnect-Request NAS-Port= logfile tell me: Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be used to handle this request Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request is ignored No reply Muy conf file is this: # Radiator configuration file. # Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001 #REMOTE_USER: , REMOTE_ADDR: AcctPort 1646 AuthPort 1645 DbDir . Foreground LogDir . LogStdout DBAuth DBSource dbi:mysql: DBUsername Identifier direccionesip DNSServer Range Subnetmask AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address DBAuth DBSource dbi:mysql:user_BLOSTE DBUsername root Identifier ID_0 DBAuth DBSource dbi:mysql: DBUsername root DBAuth DBSource dbi:mysql: DBUsername LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t, '$p', '$s') Trace 3 Filename logfile.radiator Identifier log radiator Trace 5 AuthBy ID_0 AuthByPolicy ContinueWhileIgnore RewriteUsername s/^([^@]+).*/$1/ SessionDatabase Sesion SQL Allocator direccionesip MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask PoolHint %{Reply:PoolHint} StripFromReply PoolHint AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}') ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N' CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where NASIDENTIFIER='%N' CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='%u' DBAuth DBSource dbi:mysql: DBUsername DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and NASPORT=0%{NAS-Port} Description Logs Identifier Sesion SQL Anyone can help me? My NAS is an Cisco AS5300. Thanks. Alain.
Re: (RADIATOR) MaxSessions issue, still a problem
I think the problem when you use the Internal session database is that it uses the username from the Accounting file to count the number of sessions. When a new user logs in it checks the rewritten username against the session database. So it checks with the name uunoc and not with the [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same problem with small and capital letters. Maxsession 0 works always since it's no need to check the session database... Vangelis Dmitry Kopylov wrote: > Hi, > > I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here > is part of config and trace 4 output: > > > RewriteUsername s/^([^@]+).*/$1/ > MaxSessions 1 > > > AcctLogFileName %L/bbeyond/details > PasswordLogFileName %L/bbeyond/uunet-passwords.log > > > If I set MaxSessions 0, it works and rejects all sessions, but when I set > MaxSessions to 1 it allows the second connection with the same username. > > MaxSessions 0: > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on > bbyrad1.bbeyond.nl > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > *** Received from 62.177.149.2 port 1645 > Code: Access-Request > Identifier: 102 > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "_<178><219>A<0><201><238><192>3<130><183> > <28>@q<228>" > NAS-IP-Address = 213.116.1.14 > NAS-Port = 70 > NAS-Port-Type = Sync > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "235652175" > Called-Station-Id = "0107110035" > Acct-Session-Id = "328619273" > Ascend-Data-Rate = 64000 > Ascend-Xmit-Rate = 64000 > Proxy-State = > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>; > <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2><7> > <20> > ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<251>< > 225> > <236>&<13>XA<188>NY<153>O > > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be > use > d to handle this request > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler > 'Realm=bbeyond.nl > ' > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc > Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 213.116 > .1.14, 70 > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions > exceeded > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > *** Sending to 62.177.149.2 port 1645 > Code: Access-Reject > Identifier: 102 > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > Attributes: > Reply-Message = "Request Denied" > > MaxSessions 1: > > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on > bbyrad1.bbeyond.nl > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: > *** Received from 62.177.149.1 port 1645 > Code: Access-Request > Identifier: 173 > Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn" > NAS-IP-Address = 213.116.1.30 > NAS-Port = 2054 > NAS-Port-Type = Sync > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "235652175" > Called-Station-Id = "0107110035" > Acct-Session-Id = "347654980" > Ascend-Data-Rate = 64000 > Ascend-Xmit-Rate = 64000 > Proxy-State = PX01<0><0><9><254><242><12> > <252>)<203>T<230><252><143>P<2 > 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0> > <2>< > 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30> > H<18 > 5><142><234><10>v\w<187><218>n > > Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be > use > d to handle this request > Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler > 'Realm=bbeyond.nl > ' > Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc > Thu Jul 12 11:31:37 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 213.116 > .1.30, 2054 > Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with uunoc > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT: > Thu Jul 12 11:31:37 2001: DEBUG: Acc
RE: (RADIATOR) AuthBy Radius, limiting Calling ID stations
--- Forwarded mail from [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Wed, 11 Jul 2001 19:36:25 -0500 To: [EMAIL PROTECTED] Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Harrison Ng <[EMAIL PROTECTED]>] >From [EMAIL PROTECTED] Wed Jul 11 19:36:25 2001 Received: from lsm01.hksmartone.com ([202.73.249.110]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f6C0aMD08704 for <[EMAIL PROTECTED]>; Wed, 11 Jul 2001 19:36:23 -0500 Received: from exweb01.hksmartone.com ([202.73.249.57]) by lsm01.hksmartone.com (8.9.3/8.9.3) with ESMTP id KAA29442; Thu, 12 Jul 2001 10:21:49 +0800 Received: by EXWEB01 with Internet Mail Service (5.5.2654.89) id <3X8M8DFX>; Thu, 12 Jul 2001 10:29:34 +0800 Message-ID: <22F54FFAA006DC4F92523E90AABC944A8A25E8@EX01> From: Harrison Ng <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Cc: Harrison Ng <[EMAIL PROTECTED]> Subject: RE: (RADIATOR) AuthBy Radius, limiting Calling ID stations Date: Thu, 12 Jul 2001 10:27:31 +0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2654.89) Content-Type: multipart/alternative; boundary="_=_NextPart_001_01C10A7A.33CBD9D0" This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. --_=_NextPart_001_01C10A7A.33CBD9D0 Content-Type: text/plain; charset="iso-8859-1" Lloyd, I guest you want radius proxy to screen out unwanted calling-station-id, before passing auth packet to remote radius server. Am I right? Here is my suggestion:- 1. Put all calling-station-id into a database table. My example is a mysql db. 2. Construct , the SELECT statement will search and compare the calling-station-id. 3. Put AuthByPolicy, and two AuthBy clause. 4. Do some test under trace 4, watch radiator behaviour and fine tune radius.cfg to suit your needs. The advantage of using a db to store the calling-station-id:- 1. Redirect loading of proxy server to db server. (assume both server are in different boxes) 2. Make radius.cfg shorter and easier to read. Regards, Harrison P.S. Anybody has better suggestion, welcome your comment. Identifier proxyserver Host xxx.xxx.xxx.xxx Secret xxx AuthPort 1812 AcctPort 1813 Identifier callfromsomewhere DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername xxx DBAuth xxx AuthSelect select callerid from CALLTABLE where callerid = %{Calling-Station-Id} AuthColumnDef 0, Calling-Station-Id, check NoDefault AuthByPolicy ContinueWhileAccept AuthBy callfromsomewhere AuthBy proxyserver -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of lloyd Sent: Wednesday, July 11, 2001 2:56 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) AuthBy Radius, limiting Calling ID stations hi there, this is what we have right nowwe have this radius that does authentication...our radius also does proxying to other radius by AuthBy Radius clause...our problem right now is how do we limit the users say user01@realm1 from dialling at Calling-Station-Id, say 1234? the complication: if our radius finds out that the user has realm = realm1, it proxys it to another radius server but before our radius server proxys that particular user, we need to find out if that user is dialling the correct Calling-Station-Idso the question is how do we proxy to another radius together with limiting that particular user from dialling to a set of numbers.. does this work? or do you have any suggestions in mind? Host Secret *** AuthPort AcctPort p.s. follow-up: how do we bind to NO PORT...i mean how do we reject completely a usersay for exampleNOT BINDING TO AN AUTHPORT OR NOT BINDING TO AN ACCTPORT? that's all i guess thank you hope you can reply soon Lloyd Brian V. Dagoc Consulting Engineer InterDotNet Philipines Incorporated === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --_=_NextPart_001_01C10A7A.33CBD9D0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: (RADIATOR) AuthBy Radius, limiting Calling ID = stations Lloyd, I guest you want radius proxy to screen out unwanted = calling-station-id, before passing auth packet to remote radius server. = Am I right? Here is my suggestion:- 1. Put all calling-station-id into a database table. = My example is a mysql db. 2. Construct, the SELECT = statement will search and compare the calling-station-id. 3. Put AuthByPolicy, and two AuthBy clause. 4. Do some test under trace 4, watch radiator
(RADIATOR) MaxSessions issue, still a problem
Hi, I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here is part of config and trace 4 output: RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log If I set MaxSessions 0, it works and rejects all sessions, but when I set MaxSessions to 1 it allows the second connection with the same username. MaxSessions 0: Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Received from 62.177.149.2 port 1645 Code: Access-Request Identifier: 102 Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "_<178><219>A<0><201><238><192>3<130><183> <28>@q<228>" NAS-IP-Address = 213.116.1.14 NAS-Port = 70 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "328619273" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>; <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2><7> <20> ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<251>< 225> <236>&<13>XA<188>NY<153>O Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.14, 70 Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Sending to 62.177.149.2 port 1645 Code: Access-Reject Identifier: 102 Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: Attributes: Reply-Message = "Request Denied" MaxSessions 1: Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: *** Received from 62.177.149.1 port 1645 Code: Access-Request Identifier: 173 Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn" NAS-IP-Address = 213.116.1.30 NAS-Port = 2054 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "347654980" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX01<0><0><9><254><242><12> <252>)<203>T<230><252><143>P<2 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0> <2>< 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30> H<18 5><142><234><10>v\w<187><218>n Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:31:37 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.30, 2054 Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT: Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: *** Sending to 62.177.149.1 port 1645 Code: Access-Accept Identifier: 173 Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y Attributes: Proxy-State = PX01<0><0><9><254><242><12> <252>)<203>T<230><252><143>P<2 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0> <2>< 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30> H<18 5><142><234><10>v\w<187><218>n Service-Type = Framed-User Framed-Protocol = PPP Thu Jul 12 11:32:09 2001: DEBUG: Packet dump: *** Received from 62.177.149.3 port 1645 Code: Access-Request Identifier: 142 Authentic: <169>}<237><131><201><239><13>BCw<255><205><14><128><2