Re: (RADIATOR) MaxSessions issue, still a problem
Hello Dmitry - Here is what I get with this configuration file (copied from your mail): Foreground Trace 4 Secret mysecret RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 Filename ./bbeyond.users AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log This is the debug: Fri Jul 13 17:00:42 2001: DEBUG: Reading users file ./bbeyond.users Fri Jul 13 17:00:42 2001: INFO: Server started: Radiator 2.18.2 on hugo Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Access-Request Identifier: 50 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>" Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:02:35 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE looks for match with uunoc Fri Jul 13 17:02:35 2001: DEBUG: Radius::AuthFILE ACCEPT: Fri Jul 13 17:02:35 2001: DEBUG: Access accepted for uunoc Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Access-Accept Identifier: 50 Authentic: 1234567890123456 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.254 Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Accounting-Request Identifier: 51 Authentic: TW<196>5g<15><204>x<217>Y@>?+<189>9 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Fri Jul 13 17:02:35 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:02:35 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:02:35 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:02:35 2001: DEBUG: Adding session for [EMAIL PROTECTED], 203.63.154.1, 1234 Fri Jul 13 17:02:35 2001: DEBUG: Handling with Radius::AuthFILE Fri Jul 13 17:02:35 2001: DEBUG: Accounting accepted Fri Jul 13 17:02:35 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Accounting-Response Identifier: 51 Authentic: TW<196>5g<15><204>x<217>Y@>?+<189>9 Attributes: Fri Jul 13 17:03:42 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1050 Code: Access-Request Identifier: 116 Authentic: 1234567890123456 Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User NAS-IP-Address = 213.116.1.14 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<141><238>,<217><175>\<4><246><188>8<9><160><216>}x<153>" Fri Jul 13 17:03:42 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be used to handle this request Fri Jul 13 17:03:42 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl' Fri Jul 13 17:03:42 2001: DEBUG: Rewrote user name to uunoc Fri Jul 13 17:03:42 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116.1.14, 1234 Fri Jul 13 17:03:42 2001: DEBUG: Checking if user is still online: unknown, [EMAIL PROTECTED], 203.63.154.1, 1234, 1234 Fri Jul 13 17:03:42 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Fri Jul 13 17:03:42 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1050 Code: Access-Reject Identifier: 116 Authentic: 1234567890123456 Attributes: Reply-Message = "Request Denied" I can only think that you have set up the Client clauses differently - perhaps with a Nas-Type Ignore, which will not check the session database at all. Have a look at section 6.5.5 in the Radiator 2.18.2 reference manual for a discussion of the various Nas-Type options. regards Hugh On Thursday 12 July 2001 19:16, Dmitry Kopylov wrote: > Hi, > > I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here > is part of config and trace 4 output: > > > RewriteUsername s/^([^@]+).*/$1/ > MaxSessions 1 > > > AcctLogFileName %L/bbeyond/details > PasswordLogFileName %L/bbeyond/uunet-passwords.log > > > > If I set MaxSessions 0, it works and rejects all sessions, but when I set > MaxSessions to 1 it allows the second connection with the same username. > > > MaxSessions 0: > > Thu Jul 12 11:30:06 2001: DEBUG: Reading user
(RADIATOR) variable question (realm)
Hello guys, Is there a variable that can be used, to log the realm, that the user went through, in an AuthLog SuccessFormat ? Thanks, -Andy -- *** DISCLAIMER *** This e-mail and any attachments thereto may contain information, which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) not working on HPUX 11i =/
Hello John, Hello Chris -
What platform are you running on? Note that some syslog systems need to be
run with the -r flag.
>From http://www.open.com.au/radiator/faq.html#66:
Recent versions of Linux syslogd do not by default listen to the UDP port
that the Perl Sys::Syslog module uses. In order to let Radiator and other
Perl sysloggers work, you need to restart syslogd with the -r flag.
Check the documentation for syslogd on your system.
hth
Hugh
On Friday 13 July 2001 07:59, Jon Nistor wrote:
> [nistor@outpost2] /opt/radiator/bin: ./radiusd -v
>
>
> This is Radiator 2.18 on outpost2
>
> Copyright Open System Consultants
>
> http://www.open.com.au/radiator
>
> On Thu, 12 Jul 2001, Chris M wrote:
> :::Is this 2.18.2? If so, I think I am having the same or similar issues.
> :::
> :::Chris
> :::
> :::> From: Jon Nistor <[EMAIL PROTECTED]>
> :::> Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
> :::> To: <[EMAIL PROTECTED]>
> :::> Subject: (RADIATOR) not working on HPUX 11i =/
> :::>
> :::> Hey all,
> :::>
> :::> I've checked through the mail archives, and tried everything listed,
> :::> but I still can't get syslog to work for the life of me =/
> :::>
> :::> This is whats in the config:
> :::>
> :::> FacilityINFO
> :::> Trace 4
> :::>
> :::>
> :::> I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a
> :::> syslog.ph file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
> :::>
> :::> Nothing comes through on syslog, when I test it out using Sys::Syslog,
> :::>
> :::>
> :::> #!/opt/perl5/bin/perl
> :::> use Sys::Syslog;
> :::> openlog($ident,$logopt,$facility);
> :::> syslog('info', 'this is another test');
> :::> syslog('mail', 'this is a better test: %d', time);
> :::> closelog();
> :::> syslog('debug', 'this is the last test');
> :::>
> :::>
> :::>
> :::> All that works fine .. Anyone have any insight? =/
> :::>
> :::>
> :::> --
> :::> ..+.+.=.+.*..-...\//...-..+..._+($)(_)#
> :::> ..%%@..[]@#.! Jon ([EMAIL PROTECTED]) Unix Systems
> :::> Administrator, Primus Canada. Tel. (416) 207-7612
> :::> emerg/afterhour: [EMAIL PROTECTED] cell. (416) 294-7780
> :::> Internet Services Group
> :::> ..EOF
> :::>
> :::> ===
> :::> Archive at http://www.open.com.au/archives/radiator/
> :::> Announcements on [EMAIL PROTECTED]
> :::> To unsubscribe, email '[EMAIL PROTECTED]' with
> :::> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Hello Alain -
As the error message in the log file says, you will need a Realm or Handler
clause to deal with the Disconnect-Request. You will also need software on
the NAS that understands Disconnect-Request.
Also note that when the NAS is configured to process Disconnect-Request it is
acting as a Radius server for this operation, and hence, your Radiator will
in fact need to be configured to proxy the Disconnect-Request to the NAS.
The first thing to do though is to check that your NAS supports
Disconnect-Request, second you will have to configure the NAS to process the
requests correctly, and third (optional) you can configure Radiator to
forward the requests correctly.
NOTE: you can also send the Disconnect-Request directly to the NAS from
radpwtst without going through Radiator at all (this may be easier in any
case).
hth
Hugh
On Friday 13 July 2001 02:44, Gonzalez Castillo, Alain wrote:
> > Hi, i need to disconnect an user.
> When i use radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=
>
> logfile tell me:
>
>
> Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be used
> to handle this request
> Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request
> is ignored
> No reply
>
> Muy conf file is this:
>
> # Radiator configuration file.
> # Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001
> #REMOTE_USER: , REMOTE_ADDR:
>
> AcctPort 1646
> AuthPort 1645
> DbDir .
> Foreground
> LogDir .
> LogStdout
>
>
> DBAuth
> DBSource dbi:mysql:
> DBUsername
> Identifier direccionesip
>
>
> DNSServer
> Range
> Subnetmask
>
>
>
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> DBAuth
> DBSource dbi:mysql:user_BLOSTE
> DBUsername root
> Identifier ID_0
>
>
>
>
> DBAuth
> DBSource dbi:mysql:
> DBUsername root
>
>
>
> DBAuth
> DBSource dbi:mysql:
> DBUsername
> LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t,
> '$p', '$s')
> Trace 3
>
>
>
> Filename logfile.radiator
> Identifier log radiator
> Trace 5
>
>
>
> AuthBy ID_0
> AuthByPolicy ContinueWhileIgnore
> RewriteUsername s/^([^@]+).*/$1/
> SessionDatabase Sesion SQL
>
> Allocator direccionesip
> MapAttribute yiaddr, Framed-IP-Address
> MapAttribute subnetmask, Framed-IP-Netmask
> PoolHint %{Reply:PoolHint}
> StripFromReply PoolHint
>
>
>
>
>
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE)
> values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp},
> '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where
> NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
> where USERNAME='%u'
> DBAuth
> DBSource dbi:mysql:
> DBUsername
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and
> NASPORT=0%{NAS-Port}
> Description Logs
> Identifier Sesion SQL
>
>
> Anyone can help me?
> My NAS is an Cisco AS5300.
>
> Thanks.
> Alain.
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions issue, still a problem
Hello Vangelis - Actually, an internal session database is exactly that - a session database held entirely in memory. The username in each request is what is used, as follows: Access-Request - check current sessions and reject if limit exceeded, Accounting Start - add new record, Accounting Start - delete record. regards Hugh On Thursday 12 July 2001 22:33, Vangelis Kyriakakis wrote: > I think the problem when you use the Internal session database is that it > uses the username from the Accounting file to count the number of sessions. > When a new user logs in it checks the rewritten username against the > session database. So it checks with the name uunoc and not with the > [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same > problem with small and capital letters. >Maxsession 0 works always since it's no need to check the session > database... > >Vangelis > > Dmitry Kopylov wrote: > > Hi, > > > > I upgraded to the 18.2.2 but the problem with MaxSession still exists. > > Here is part of config and trace 4 output: > > > > > > RewriteUsername s/^([^@]+).*/$1/ > > MaxSessions 1 > > > > > > AcctLogFileName %L/bbeyond/details > > PasswordLogFileName %L/bbeyond/uunet-passwords.log > > > > > > If I set MaxSessions 0, it works and rejects all sessions, but when I set > > MaxSessions to 1 it allows the second connection with the same username. > > > > MaxSessions 0: > > > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on > > bbyrad1.bbeyond.nl > > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > > *** Received from 62.177.149.2 port 1645 > > Code: Access-Request > > Identifier: 102 > > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > > Attributes: > > User-Name = "[EMAIL PROTECTED]" > > User-Password = "_<178><219>A<0><201><238><192>3<130><183> > > <28>@q<228>" > > NAS-IP-Address = 213.116.1.14 > > NAS-Port = 70 > > NAS-Port-Type = Sync > > Service-Type = Framed-User > > Framed-Protocol = PPP > > State = "" > > Calling-Station-Id = "235652175" > > Called-Station-Id = "0107110035" > > Acct-Session-Id = "328619273" > > Ascend-Data-Rate = 64000 > > Ascend-Xmit-Rate = 64000 > > Proxy-State = > > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>; > > <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2> > ><7> <20> > > > > ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<25 > > >1>< > > > > 225> > > <236>&<13>XA<188>NY<153>O > > > > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should > > be use > > d to handle this request > > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler > > 'Realm=bbeyond.nl > > ' > > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc > > Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > > 213.116 > > .1.14, 70 > > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions > > exceeded > > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > > *** Sending to 62.177.149.2 port 1645 > > Code: Access-Reject > > Identifier: 102 > > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > > Attributes: > > Reply-Message = "Request Denied" > > > > MaxSessions 1: > > > > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping > > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > > /opt/radiator-2.18/raddb/users > > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on > > bbyrad1.bbeyond.nl > > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: > > *** Received from 62.177.149.1 port 1645 > > Code: Access-Request > > Identifier: 173 > > Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y > > Attributes: > > User-Name = "[EMAIL PROTECTED]" > > User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn" > > NAS-IP-Address = 213.116.1.30 > > NAS-Port = 2054 > > NAS-Port-Type = Sync > > Service-Type = Framed-User > > Framed-Protocol = PPP > > State = "" > > Calling-Station-Id = "235652175" > > Called-Station-Id = "0107110035" > > Acct-Session-Id = "347654980" > > Ascend-Data-Rate = 64000 > > Ascend-Xmit-Rate = 64000 > > Proxy-State = PX01<0><0><9><254><242><12> > > <252>)<203>T<230><252><143>P<2 > > 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6> > ><0> <2>< > > 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^< > >30> H<18
Re: (RADIATOR) not working on HPUX 11i =/
[nistor@outpost2] /opt/radiator/bin: ./radiusd -v
This is Radiator 2.18 on outpost2
Copyright Open System Consultants
http://www.open.com.au/radiator
On Thu, 12 Jul 2001, Chris M wrote:
:::Is this 2.18.2? If so, I think I am having the same or similar issues.
:::
:::Chris
:::
:::> From: Jon Nistor <[EMAIL PROTECTED]>
:::> Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
:::> To: <[EMAIL PROTECTED]>
:::> Subject: (RADIATOR) not working on HPUX 11i =/
:::>
:::> Hey all,
:::>
:::> I've checked through the mail archives, and tried everything listed, but I
:::> still can't get syslog to work for the life of me =/
:::>
:::> This is whats in the config:
:::>
:::> FacilityINFO
:::> Trace 4
:::>
:::>
:::> I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph
:::> file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
:::>
:::> Nothing comes through on syslog, when I test it out using Sys::Syslog,
:::>
:::>
:::> #!/opt/perl5/bin/perl
:::> use Sys::Syslog;
:::> openlog($ident,$logopt,$facility);
:::> syslog('info', 'this is another test');
:::> syslog('mail', 'this is a better test: %d', time);
:::> closelog();
:::> syslog('debug', 'this is the last test');
:::>
:::>
:::>
:::> All that works fine .. Anyone have any insight? =/
:::>
:::>
:::> --
:::> ..+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.!
:::> Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada.
:::> Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED]
:::> cell. (416) 294-7780 Internet Services Group
:::> ..EOF
:::>
:::> ===
:::> Archive at http://www.open.com.au/archives/radiator/
:::> Announcements on [EMAIL PROTECTED]
:::> To unsubscribe, email '[EMAIL PROTECTED]' with
:::> 'unsubscribe radiator' in the body of the message.
:::
:::
--
.+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.!
Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada.
Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED]
cell. (416) 294-7780 Internet Services Group
.EOF
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) not working on HPUX 11i =/
Is this 2.18.2? If so, I think I am having the same or similar issues.
Chris
> From: Jon Nistor <[EMAIL PROTECTED]>
> Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
> To: <[EMAIL PROTECTED]>
> Subject: (RADIATOR) not working on HPUX 11i =/
>
> Hey all,
>
> I've checked through the mail archives, and tried everything listed, but I
> still can't get syslog to work for the life of me =/
>
> This is whats in the config:
>
> FacilityINFO
> Trace 4
>
>
> I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph
> file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
>
> Nothing comes through on syslog, when I test it out using Sys::Syslog,
>
>
> #!/opt/perl5/bin/perl
> use Sys::Syslog;
> openlog($ident,$logopt,$facility);
> syslog('info', 'this is another test');
> syslog('mail', 'this is a better test: %d', time);
> closelog();
> syslog('debug', 'this is the last test');
>
>
>
> All that works fine .. Anyone have any insight? =/
>
>
> --
> ..+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.!
> Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada.
> Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED]
> cell. (416) 294-7780 Internet Services Group
> ..EOF
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) not working on HPUX 11i =/
Hey all,
I've checked through the mail archives, and tried everything listed, but I
still can't get syslog to work for the life of me =/
This is whats in the config:
FacilityINFO
Trace 4
I've tried DEBUG, LOG_DEBUG, LOG_INFO, etcetcetc. There is a syslog.ph
file, /opt/perl5/lib/site_perl/5.6.0/PA-RISC2.0/syslog.ph.
Nothing comes through on syslog, when I test it out using Sys::Syslog,
#!/opt/perl5/bin/perl
use Sys::Syslog;
openlog($ident,$logopt,$facility);
syslog('info', 'this is another test');
syslog('mail', 'this is a better test: %d', time);
closelog();
syslog('debug', 'this is the last test');
All that works fine .. Anyone have any insight? =/
--
.+.+.=.+.*..-...\//...-..+..._+($)(_)# ..%%@..[]@#.!
Jon ([EMAIL PROTECTED]) Unix Systems Administrator, Primus Canada.
Tel. (416) 207-7612 emerg/afterhour: [EMAIL PROTECTED]
cell. (416) 294-7780 Internet Services Group
.EOF
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Title: radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=xxx
Hi, i need to disconnect an user.
When i use radpwtst -noacct -noauth -code Disconnect-Request NAS-Port=
logfile tell me:
Thu Jul 12 20:35:30 2001: DEBUG: Check if Handler Realm= should be used to handle this request
Thu Jul 12 20:35:30 2001: WARNING: Could not find a handler for : request is ignored
No reply
Muy conf file is this:
# Radiator configuration file.
# Produced by /cgi-bin/radconfig.cgi Fri Jul 6 21:01:45 2001
#REMOTE_USER: , REMOTE_ADDR:
AcctPort 1646
AuthPort 1645
DbDir .
Foreground
LogDir .
LogStdout
DBAuth
DBSource dbi:mysql:
DBUsername
Identifier direccionesip
DNSServer
Range
Subnetmask
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
DBAuth
DBSource dbi:mysql:user_BLOSTE
DBUsername root
Identifier ID_0
DBAuth
DBSource dbi:mysql:
DBUsername root
DBAuth
DBSource dbi:mysql:
DBUsername
LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) values (%t, '$p', '$s')
Trace 3
Filename logfile.radiator
Identifier log radiator
Trace 5
AuthBy ID_0
AuthByPolicy ContinueWhileIgnore
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase Sesion SQL
Allocator direccionesip
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
PoolHint %{Reply:PoolHint}
StripFromReply PoolHint
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='%u'
DBAuth
DBSource dbi:mysql:
DBUsername
DeleteQuery delete from RADONLINE where NASIDENTIFIER='%N' and NASPORT=0%{NAS-Port}
Description Logs
Identifier Sesion SQL
Anyone can help me?
My NAS is an Cisco AS5300.
Thanks.
Alain.
Re: (RADIATOR) MaxSessions issue, still a problem
I think the problem when you use the Internal session database is that it uses the username from the Accounting file to count the number of sessions. When a new user logs in it checks the rewritten username against the session database. So it checks with the name uunoc and not with the [EMAIL PROTECTED] and sees that it hasn't logged in again. I had the same problem with small and capital letters. Maxsession 0 works always since it's no need to check the session database... Vangelis Dmitry Kopylov wrote: > Hi, > > I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here > is part of config and trace 4 output: > > > RewriteUsername s/^([^@]+).*/$1/ > MaxSessions 1 > > > AcctLogFileName %L/bbeyond/details > PasswordLogFileName %L/bbeyond/uunet-passwords.log > > > If I set MaxSessions 0, it works and rejects all sessions, but when I set > MaxSessions to 1 it allows the second connection with the same username. > > MaxSessions 0: > > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:30:06 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on > bbyrad1.bbeyond.nl > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > *** Received from 62.177.149.2 port 1645 > Code: Access-Request > Identifier: 102 > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "_<178><219>A<0><201><238><192>3<130><183> > <28>@q<228>" > NAS-IP-Address = 213.116.1.14 > NAS-Port = 70 > NAS-Port-Type = Sync > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "235652175" > Called-Station-Id = "0107110035" > Acct-Session-Id = "328619273" > Ascend-Data-Rate = 64000 > Ascend-Xmit-Rate = 64000 > Proxy-State = > PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>; > <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2><7> > <20> > ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<251>< > 225> > <236>&<13>XA<188>NY<153>O > > Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be > use > d to handle this request > Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler > 'Realm=bbeyond.nl > ' > Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc > Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 213.116 > .1.14, 70 > Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions > exceeded > Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: > *** Sending to 62.177.149.2 port 1645 > Code: Access-Reject > Identifier: 102 > Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: > Attributes: > Reply-Message = "Request Denied" > > MaxSessions 1: > > Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:31:28 2001: DEBUG: Reading users file > /opt/radiator-2.18/raddb/users > Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on > bbyrad1.bbeyond.nl > Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: > *** Received from 62.177.149.1 port 1645 > Code: Access-Request > Identifier: 173 > Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn" > NAS-IP-Address = 213.116.1.30 > NAS-Port = 2054 > NAS-Port-Type = Sync > Service-Type = Framed-User > Framed-Protocol = PPP > State = "" > Calling-Station-Id = "235652175" > Called-Station-Id = "0107110035" > Acct-Session-Id = "347654980" > Ascend-Data-Rate = 64000 > Ascend-Xmit-Rate = 64000 > Proxy-State = PX01<0><0><9><254><242><12> > <252>)<203>T<230><252><143>P<2 > 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0> > <2>< > 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30> > H<18 > 5><142><234><10>v\w<187><218>n > > Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be > use > d to handle this request > Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler > 'Realm=bbeyond.nl > ' > Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc > Thu Jul 12 11:31:37 2001: DEBUG: Deleting session for [EMAIL PROTECTED], > 213.116 > .1.30, 2054 > Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with uunoc > Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT: > Thu Jul 12 11:31:37 2001: DEBUG: Acc
RE: (RADIATOR) AuthBy Radius, limiting Calling ID stations
--- Forwarded mail from [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: Wed, 11 Jul 2001 19:36:25 -0500
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Harrison
Ng <[EMAIL PROTECTED]>]
>From [EMAIL PROTECTED] Wed Jul 11 19:36:25 2001
Received: from lsm01.hksmartone.com ([202.73.249.110])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f6C0aMD08704
for <[EMAIL PROTECTED]>; Wed, 11 Jul 2001 19:36:23 -0500
Received: from exweb01.hksmartone.com ([202.73.249.57])
by lsm01.hksmartone.com (8.9.3/8.9.3) with ESMTP id KAA29442;
Thu, 12 Jul 2001 10:21:49 +0800
Received: by EXWEB01 with Internet Mail Service (5.5.2654.89)
id <3X8M8DFX>; Thu, 12 Jul 2001 10:29:34 +0800
Message-ID: <22F54FFAA006DC4F92523E90AABC944A8A25E8@EX01>
From: Harrison Ng <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Cc: Harrison Ng <[EMAIL PROTECTED]>
Subject: RE: (RADIATOR) AuthBy Radius, limiting Calling ID stations
Date: Thu, 12 Jul 2001 10:27:31 +0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.89)
Content-Type: multipart/alternative;
boundary="_=_NextPart_001_01C10A7A.33CBD9D0"
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
--_=_NextPart_001_01C10A7A.33CBD9D0
Content-Type: text/plain;
charset="iso-8859-1"
Lloyd,
I guest you want radius proxy to screen out unwanted calling-station-id,
before passing auth packet to remote radius server. Am I right?
Here is my suggestion:-
1. Put all calling-station-id into a database table. My example is a mysql
db.
2. Construct , the SELECT statement will search and compare the
calling-station-id.
3. Put AuthByPolicy, and two AuthBy clause.
4. Do some test under trace 4, watch radiator behaviour and fine tune
radius.cfg to suit your needs.
The advantage of using a db to store the calling-station-id:-
1. Redirect loading of proxy server to db server. (assume both server are in
different boxes)
2. Make radius.cfg shorter and easier to read.
Regards,
Harrison
P.S. Anybody has better suggestion, welcome your comment.
Identifier proxyserver
Host xxx.xxx.xxx.xxx
Secret xxx
AuthPort 1812
AcctPort 1813
Identifier callfromsomewhere
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername xxx
DBAuth xxx
AuthSelect select callerid from CALLTABLE where callerid =
%{Calling-Station-Id}
AuthColumnDef 0, Calling-Station-Id, check
NoDefault
AuthByPolicy ContinueWhileAccept
AuthBy callfromsomewhere
AuthBy proxyserver
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of lloyd
Sent: Wednesday, July 11, 2001 2:56 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) AuthBy Radius, limiting Calling ID stations
hi there,
this is what we have right nowwe have this radius that does
authentication...our radius also does proxying to other radius by AuthBy
Radius clause...our problem right now is how do we limit the users say
user01@realm1 from dialling at Calling-Station-Id, say 1234?
the complication: if our radius finds out that the user has realm =
realm1, it proxys it to another radius server but before our radius
server proxys that particular user, we need to find out if that user is
dialling the correct Calling-Station-Idso the question is how do we
proxy to another radius together with limiting that particular user from
dialling to a set of numbers..
does this work? or do you have any suggestions in mind?
Host
Secret ***
AuthPort
AcctPort
p.s.
follow-up: how do we bind to NO PORT...i mean how do we reject
completely a usersay for
exampleNOT BINDING TO AN AUTHPORT OR NOT BINDING TO AN ACCTPORT?
that's all i guess
thank you
hope you can reply soon
Lloyd Brian V. Dagoc
Consulting Engineer
InterDotNet Philipines Incorporated
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--_=_NextPart_001_01C10A7A.33CBD9D0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
RE: (RADIATOR) AuthBy Radius, limiting Calling ID =
stations
Lloyd,
I guest you want radius proxy to screen out unwanted =
calling-station-id, before passing auth packet to remote radius server. =
Am I right?
Here is my suggestion:-
1. Put all calling-station-id into a database table. =
My example is a mysql db.
2. Construct , the SELECT =
statement will search and compare the calling-station-id.
3. Put AuthByPolicy, and two AuthBy clause.
4. Do some test under trace 4, watch radiator
(RADIATOR) MaxSessions issue, still a problem
Hi, I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here is part of config and trace 4 output: RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AcctLogFileName %L/bbeyond/details PasswordLogFileName %L/bbeyond/uunet-passwords.log If I set MaxSessions 0, it works and rejects all sessions, but when I set MaxSessions to 1 it allows the second connection with the same username. MaxSessions 0: Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:30:06 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Received from 62.177.149.2 port 1645 Code: Access-Request Identifier: 102 Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "_<178><219>A<0><201><238><192>3<130><183> <28>@q<228>" NAS-IP-Address = 213.116.1.14 NAS-Port = 70 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "328619273" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX01<0><0><*z<211><178><22><170><220><204><200><219>w6<5>; <11>>:<0><2><6><149><213>t<1><14><0><0><0><0><0><0><0><0><0><0><0>F<0><2><7> <20> ><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0><224><199><221>h<251>< 225> <236>&<13>XA<188>NY<153>O Thu Jul 12 11:30:25 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:30:25 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:30:25 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:30:25 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.14, 70 Thu Jul 12 11:30:25 2001: INFO: Access rejected for uunoc: MaxSessions exceeded Thu Jul 12 11:30:25 2001: DEBUG: Packet dump: *** Sending to 62.177.149.2 port 1645 Code: Access-Reject Identifier: 102 Authentic: z<211><178><22><170><220><204><200><219>w6<5>;<11>>: Attributes: Reply-Message = "Request Denied" MaxSessions 1: Thu Jul 12 11:31:26 2001: NOTICE: SIGTERM received: stopping Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:28 2001: DEBUG: Reading users file /opt/radiator-2.18/raddb/users Thu Jul 12 11:31:29 2001: INFO: Server started: Radiator 2.18.2 on bbyrad1.bbeyond.nl Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: *** Received from 62.177.149.1 port 1645 Code: Access-Request Identifier: 173 Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y Attributes: User-Name = "[EMAIL PROTECTED]" User-Password = "e<218><137><3>\<17><241><230>gi<150>q <208>cn" NAS-IP-Address = 213.116.1.30 NAS-Port = 2054 NAS-Port-Type = Sync Service-Type = Framed-User Framed-Protocol = PPP State = "" Calling-Station-Id = "235652175" Called-Station-Id = "0107110035" Acct-Session-Id = "347654980" Ascend-Data-Rate = 64000 Ascend-Xmit-Rate = 64000 Proxy-State = PX01<0><0><9><254><242><12> <252>)<203>T<230><252><143>P<2 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0> <2>< 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30> H<18 5><142><234><10>v\w<187><218>n Thu Jul 12 11:31:37 2001: DEBUG: Check if Handler Realm=bbeyond.nl should be use d to handle this request Thu Jul 12 11:31:37 2001: DEBUG: Handling request with Handler 'Realm=bbeyond.nl ' Thu Jul 12 11:31:37 2001: DEBUG: Rewrote user name to uunoc Thu Jul 12 11:31:37 2001: DEBUG: Deleting session for [EMAIL PROTECTED], 213.116 .1.30, 2054 Thu Jul 12 11:31:37 2001: DEBUG: Handling with Radius::AuthFILE Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE looks for match with uunoc Thu Jul 12 11:31:37 2001: DEBUG: Radius::AuthFILE ACCEPT: Thu Jul 12 11:31:37 2001: DEBUG: Access accepted for uunoc Thu Jul 12 11:31:37 2001: DEBUG: Packet dump: *** Sending to 62.177.149.1 port 1645 Code: Access-Accept Identifier: 173 Authentic: <242><12> <252>)<203>T<230><252><143>P<201><22>}9Y Attributes: Proxy-State = PX01<0><0><9><254><242><12> <252>)<203>T<230><252><143>P<2 01><22>}9Y<0><2><6><140><213>t<1><30><0><0><0><0><0><0><0><0><0><0><8><6><0> <2>< 7><20>><177><144><3><0><0><0><0><0><0><0><0><0><0><5><22><0>u<151><253>^<30> H<18 5><142><234><10>v\w<187><218>n Service-Type = Framed-User Framed-Protocol = PPP Thu Jul 12 11:32:09 2001: DEBUG: Packet dump: *** Received from 62.177.149.3 port 1645 Code: Access-Request Identifier: 142 Authentic: <169>}<237><131><201><239><13>BCw<255><205><14><128><2
