Re: (RADIATOR) appending realm to the end of a user.
Hello Roger - What you show below will not work because the AuthBy RADIUS clause does not operate in the way you are expecting, and in any case the AuthByPolicy that you are using will not do the right thing. The reason for this is that the AuthBy RADIUS clause is asynchronous and returns immediately, therefore the AuthByPolicy will not work correctly. If you explain what you are trying to do, I will be happy to make some suggestions. Note that we also offer consulting and installation services if required. regards Hugh On Wednesday 25 July 2001 16:18, Roger Mangraviti wrote: > Hi Hugh, > > I have been playing with the config a bit and i'm trying to achieve the > following: > > account to one sql server, with the realm appended to the user. > proxy auth to 2 different radius auth servers. > > the problem being is that customers may not be appending a realm to the > username. > this is the main part of my config: > > > > > > #strip realm > RewriteUsername s/^([^@]+).*/$1/ > > AuthByPolicy ContinueUntilAccept > > > # Adjust DBSource, DBUsername, DBAuth to suit your DB > > DBSourcedbi:mysql:radius:localhost > DBUsername radius > DBAuth xx > > # You may want to tailor these for your ACCOUNTING table > # You can add your own columns to store whatever you like > AccountingTable ACCOUNTING > > AcctColumnDef USERNAME,UserName > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-Identifier > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > # You can arrange to log accounting to a file if the > # SQL insert fails with AcctFailedLogFileName > # That way you could recover from a broken SQL > # server > #AcctFailedLogFileName %D/missedaccounting > > > > > AuthenticateAccounting > > AddToReply Class = atu.com.au > > FailureBackoffTime 60 > > Synchronous > > Secret xx > RetryTimeout 1 > Retries 1 > > > AuthPort1812 > AcctPort1813 > > > AcctFailedLogFileName %D/missedaccounting > > > > > > AuthenticateAccounting > > AddToReply Class = viper.net.au > > FailureBackoffTime 60 > > Synchronous > > Secret xx > RetryTimeout 1 > Retries 1 > > > > AuthPort1812 > AcctPort1813 > > > AcctFailedLogFileName %D/missedaccounting > > > > > > > authentication seems to work (for a while till it freezes, which i need to > debug), but the sql logging is not > appending the realm to the username. > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Hugh Irvine > Sent: Friday, 20 July 2001 1:50 PM > To: Roger Mangraviti; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) appending realm to the end of a user. > > > > Hello Roger - > > On Friday 20 July 2001 13:09, Roger Mangraviti wrote: > > Hello, > > > > we have 2 radius servers and a radiator box. We are not appending the > > realm > > > to the username, as we have 2 realms > > dialing the same number on the same nas. > > > > We have authentication working using fall through AuthBy RADIUS, but we > > need to append the realm for accounting purposes. How can the realm be > > append to if we know which radius server the user was authenticated from? > > The simplest way to do this is with the Class attribute, which can be added > to the access accept. If you send me a copy of your configuration file (no > secrets) I will show you how to set this up. Typically you would use an > AddToReply: > > > . > AddToReply Class = some.realm > > > regards > > Hugh > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' wit
Re: (RADIATOR) Auth By Emerald Question
Hello Todd - On Wednesday 25 July 2001 01:34, Todd Dokey wrote: > I noticed the SQL query in the authenticator for Emerald looks at the > sa.login or the sa.shell fields in the SubAccounts table. > > Question: > > If I have a login say of "fred" in the sa.login field, would it be okay to > stuff the realm login into the Shell field? We don't issue shell accounts, > so it would be a fairly simple query (we use the ma.Referredby field to > determine various acquisitions we have done) -so parsing the realm this way > would be easy. > > So if sa.login = "fred" and sa.shell = "[EMAIL PROTECTED]" would this solve > realming without having to set up a handler for a realm? > No it won't. But what is the problem that you are trying to solve? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Dictionary files
Hello Todd - This is incorrect for two reasons. The first is that Client clauses are global clauses (they don't go in Handlers), and the second is that you can only specify a single global dictionary file. You should start with the file called "dictionary" in the Radiator distribution and add and/or subtract from it with your favourite text editor as required. hth Hugh On Wednesday 25 July 2001 07:29, Todd Dokey wrote: > Well to assign dictionary files in client or in handlers that have > clients.. > > > > %D/DictionaryFile dictionary.ascend > > > > settings... > > ># Same Modem type > > settings... > > > > > Next handler would be say dictionary.usr > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) random problems authenticating
Hello Andrew - The Access-Request and subsequent Access-Accept shown in the trace output below appears completely normal. I will need to see a trace 4 debug showing the actual problem, otherwise it is impossible for me to say what is wrong. regards Hugh On Wednesday 25 July 2001 05:47, Andrew Kaplan wrote: > We are using the Total Control chassis with Rodopi. Within the past few > weeks dailup users have been complaining of problems connecting/getting a > fast connection etc. If they try a couple of times they connect. I have > tested my equipment and spoken with the telephone company - everything > checks out. > > I turned off authentication on my Total Control Chassis and now it seems > everyone is able to connect. It seems difficult to imagine Rodopi having > random authenticating problems, but I have to purse every avenue. > > Below is my .cfg. any a snippet from my logs. Any comments would be > appreciated. We are using Radiator 2.18 on Debian. > > > > > Trace 4 > > AuthPort 1645 > AcctPort 1646 > LogDir/usr/local/radius/log > # The line below was remmed out 11/7/00 in efforts to turn logging ON! > #LogFile > DbDir /usr/local/radius/raddb > DictionaryFile/usr/local/radius/dictionary.ascend > PidFile /var/run/radiusd.pid > > # > # Community TeekieUptiC > # > > RewriteUsernametr/[A-Z]/[a-z]/ > > #the following will strip out the realms > RewriteUsernames/^([^@]+).*/$1/ > > #added by eddy for testing > > Secret test > > > > Secret X > NasType TotalControlSNMP > SNMPCommunity xxx > > > > > Secret X > NasType TotalControlSNMP > SNMPCommunity XXX > > > # added second HiPer ARC 2-20-01 > > Secret X > NasType TotalControlSNMP > SNMPCommunity XXX > > > > # added to run radpwtst 2-27-01 > > Secret X > NasType TotalControlSNMP > SNMPCommunity XXX > > > > > Secret X > NasType TotalControlSNMP > SNMPCommunity XXX > > > Secret > > #test for ntplex > > Secret X > > > Secret X > > > Secret X > > > Secret X > IgnoreAcctSignature > > > > #added 6/01/01 > > Secret X > > > #added 6/07/01 > > Secret X > > > > > > # MegaPop Radius Servers > > Secret X > > > Secret X > > > Secret X > > > Secret X > > > Secret X > > > Secret X > > > Secret X > > # End of MegaPop Servers > > Secret testing123 > > > > Secret testing123 > DupInterval 0 > > > > # AuthByPolicy ContinueUntilAccept > > AcctLogFileName %L/%Y/%m/%d-details > > DBSourcedbi:Sybase:server=AbacBill > DBUsername rodopi > DBAuth rodopi > > > > Filename /etc/acctmgr/users > > > > > > # AuthByPolicy ContinueUntilAccept > > AcctLogFileName %L/%Y/%m/%d-details > > DBSourcedbi:Sybase:server=AbacBill > DBUsername rodopi > DBAuth rodopi > > > > Filename /etc/acctmgr/users > > > > > > DBSource dbi:mysql:Radius > DBUsername Radius > DBAuth KnubbyDo > AddQuery \ > insert into Sessions (UserName, NASIdent, NASPort, \ > SessionID, TimeStamp, FramedIPAddress, NASPortType, \ > ServiceType) values ('%n', '%N', %{NAS-Port}, \ > '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-Address}', \ > '%{NAS-Port-Type}', '%{Service-Type}') > DeleteQuery \ > delete from Sessions where Username='%n' and \ > NASIdent='%N' and NASPort=%{NAS-Port} >ClearNasQuery \ > delete from Sessions where NASIdent='%N' > CountQuery \ > select NASIdent, NASPort, SessionID from Sessions \ > where Username='%n' > > > ++ > > > *** Received from 63.112.157.254 port 1646 > Code: Accounting-Request > Identifier: 179 > Authentic: X<189>q<137>r:(5<23>ln<179>[!<127><210> > Attributes: > User-Name = "brg" > NAS-Identifier = "63.112.157.254" > Acct-Status-Type = Stop > Acct-Session-Id = "68222995" > Acct-Delay-Time = 0 > Acct-Authentic = RADIUS > Service-Type = Framed-User > NAS-Port-Type = Async > NAS-Port = 1042 > Caller-Id = "8606675624" > Client-Port-DNIS = "8609411055" > Framed-Protocol = PPP > Framed-Address = 63.112.159.16 > Acct-Session-Time = 363 > Acct-Terminate-Cause = 2 > Acct-Input-Octets = 746 > Acct-Output-Octets = 822 > Acct-Input-Packets = 23 > Acct-Output-Packets = 19 > > Tue Jul 24 06:29:30 2001:
Re: (RADIATOR) No such attribute Called-Station-ID
Hello William - The correct spelling is "Called-Station-Id". hth Hugh On Wednesday 25 July 2001 07:50, William Hernandez wrote: > Hello everyone, > > I'm tyring to do some testing of my radius.cfg where I have: > > > > > I'm getting the above message "No such attribute > Called-Station-ID" using: > > radpwtst -trace -s www.domain.com -user foo -password > foo -auth_port 1812 -noacct -secret foo -dictionary > /etc/raddb/dictionary Called-Station-ID=6415050 > > What am I doing wrong? > > Thanks in advance. > William > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DBSource for AuthBy Platypus
Hello William - For mSQL you would do this: DBSource dbi:mSQL[:database[:hostname[:port]]] Have a look at section 23.2 in the manual. regards Hugh On Wednesday 25 July 2001 08:01, William Hernandez wrote: > >From the Reference Manual: > > 6.31.1 DBSource, DBUsername, DBAuth, Timeout, FailureBackoffTime > These parameters specify how to connect to the database to use > for logging. They need to be set in a similar way to SQL>. They specify the DBD driver, database and username to > connect to, and how to handle SQL server failures. > > # Connect to mSQL with database named `radius' > DBSourcedbi:mSQL:radius > DBUSername > DBAuth > > But how do I tell Radiator on which host the database is located? > > Thanks in advance, > William > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) service-type=call-check question.
Hello Griff - Can you explain to me what a Service-Type = Call-Check is? And in what circumstance your NAS generates it? My reading of the RFC tells me that this should correspond to a "Pre-Authentication" request that the NAS sends before answering the call, and in which the Calling-Station-Id is sent as the User-Name. An Access-Accept in reply should tell the NAS to answer the call. Is this what you are trying to do? thanks Hugh On Wednesday 25 July 2001 06:45, Griff Hamlin wrote: > Hello, > > I'm trying to handle a situation where I need to perform an > authorization for a service-type of 'call-check'. What I want to do is, > look in a mysql table and if I find a row matching the combination of > username, nas-ipaddress then I want the router to accept the call and > perform a normal authentication. If I don't find the row then I want it > to be rejected. I would have a handler like the following: > > > > IgnoreAccounting > # appropriate DBSource and DBAuth parameters > AuthSelect select > > > > I'm afraid I don't have the slightest idea what to put in there. It's > not clear to me if I need to add another field to my database that > contains an Auth-Type of some sort, but I don't know what that should be > in the event that I just want the NAS to accept the call and do a normal > authentication, not just redirect to some AuthBy named by an identifier. > I also don't know how to tell it to set the Auth-Type to reject in the > event that no rows are returned. Any help is appreciated. > > Griff Hamlin, III > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) random problems
Hello Nihal - I will need to see a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening when Radiator stops. I will also need the hardware/software platform that you are running on and any other relevant information that you deem useful. thanks Hugh On Wednesday 25 July 2001 14:59, Nihal Khalsa wrote: > > We've been having random login problems with radiator, > after its been running for about a day, valid users will > get the message "No such user". The only fix we've been > able to come up with is to restart the server which > only lasts for a short while. > > Has anyone had similar problems? Any suggestions would > be wonderful. > > Thanks, > Nihal > > src="http://mail.ez2000.net:80/ez.anonymous?mod=img&key=mail&msgid=dx7olre4 >&[EMAIL PROTECTED]" width=0 height=0> > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) appending realm to the end of a user.
Hi Hugh, I have been playing with the config a bit and i'm trying to achieve the following: account to one sql server, with the realm appended to the user. proxy auth to 2 different radius auth servers. the problem being is that customers may not be appending a realm to the username. this is the main part of my config: #strip realm RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueUntilAccept # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:radius:localhost DBUsername radius DBAuth xx # You may want to tailor these for your ACCOUNTING table # You can add your own columns to store whatever you like AccountingTable ACCOUNTING AcctColumnDef USERNAME,UserName AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address # You can arrange to log accounting to a file if the # SQL insert fails with AcctFailedLogFileName # That way you could recover from a broken SQL # server #AcctFailedLogFileName %D/missedaccounting AuthenticateAccounting AddToReply Class = atu.com.au FailureBackoffTime 60 Synchronous Secret xx RetryTimeout 1 Retries 1 AuthPort1812 AcctPort1813 AcctFailedLogFileName %D/missedaccounting AuthenticateAccounting AddToReply Class = viper.net.au FailureBackoffTime 60 Synchronous Secret xx RetryTimeout 1 Retries 1 AuthPort1812 AcctPort1813 AcctFailedLogFileName %D/missedaccounting authentication seems to work (for a while till it freezes, which i need to debug), but the sql logging is not appending the realm to the username. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Friday, 20 July 2001 1:50 PM To: Roger Mangraviti; [EMAIL PROTECTED] Subject: Re: (RADIATOR) appending realm to the end of a user. Hello Roger - On Friday 20 July 2001 13:09, Roger Mangraviti wrote: > Hello, > > we have 2 radius servers and a radiator box. We are not appending the realm > to the username, as we have 2 realms > dialing the same number on the same nas. > > We have authentication working using fall through AuthBy RADIUS, but we > need to append the realm for accounting purposes. How can the realm be > append to if we know which radius server the user was authenticated from? > The simplest way to do this is with the Class attribute, which can be added to the access accept. If you send me a copy of your configuration file (no secrets) I will show you how to set this up. Typically you would use an AddToReply: . AddToReply Class = some.realm regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) random problems
We've been having random login problems with radiator, after its been running for about a day, valid users will get the message "No such user". The only fix we've been able to come up with is to restart the server which only lasts for a short while. Has anyone had similar problems? Any suggestions would be wonderful. Thanks, Nihal === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) DBSource for AuthBy Platypus
>From the Reference Manual: 6.31.1 DBSource, DBUsername, DBAuth, Timeout, FailureBackoffTime These parameters specify how to connect to the database to use for logging. They need to be set in a similar way to . They specify the DBD driver, database and username to connect to, and how to handle SQL server failures. # Connect to mSQL with database named `radius' DBSourcedbi:mSQL:radius DBUSername DBAuth But how do I tell Radiator on which host the database is located? Thanks in advance, William === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) No such attribute Called-Station-ID
Hello everyone, I'm tyring to do some testing of my radius.cfg where I have: ... I'm getting the above message "No such attribute Called-Station-ID" using: radpwtst -trace -s www.domain.com -user foo -password foo -auth_port 1812 -noacct -secret foo -dictionary /etc/raddb/dictionary Called-Station-ID=6415050 What am I doing wrong? Thanks in advance. William === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) service-type=call-check question.
Hello, I'm trying to handle a situation where I need to perform an authorization for a service-type of 'call-check'. What I want to do is, look in a mysql table and if I find a row matching the combination of username, nas-ipaddress then I want the router to accept the call and perform a normal authentication. If I don't find the row then I want it to be rejected. I would have a handler like the following: IgnoreAccounting # appropriate DBSource and DBAuth parameters AuthSelect select I'm afraid I don't have the slightest idea what to put in there. It's not clear to me if I need to add another field to my database that contains an Auth-Type of some sort, but I don't know what that should be in the event that I just want the NAS to accept the call and do a normal authentication, not just redirect to some AuthBy named by an identifier. I also don't know how to tell it to set the Auth-Type to reject in the event that no rows are returned. Any help is appreciated. Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Dictionary files
Well to assign dictionary files in client or in handlers that have clients.. %D/DictionaryFile dictionary.ascend settings... # Same Modem type settings... Next handler would be say dictionary.usr === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Dictionary files
Is it "legal" to assign dictionary files within client statements? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) random problems authenticating
We are using the Total Control chassis with Rodopi. Within the past few weeks dailup users have been complaining of problems connecting/getting a fast connection etc. If they try a couple of times they connect. I have tested my equipment and spoken with the telephone company - everything checks out. I turned off authentication on my Total Control Chassis and now it seems everyone is able to connect. It seems difficult to imagine Rodopi having random authenticating problems, but I have to purse every avenue. Below is my .cfg. any a snippet from my logs. Any comments would be appreciated. We are using Radiator 2.18 on Debian. Trace 4 AuthPort1645 AcctPort1646 LogDir /usr/local/radius/log # The line below was remmed out 11/7/00 in efforts to turn logging ON! #LogFile DbDir /usr/local/radius/raddb DictionaryFile /usr/local/radius/dictionary.ascend PidFile /var/run/radiusd.pid # # Community TeekieUptiC # RewriteUsernametr/[A-Z]/[a-z]/ #the following will strip out the realms RewriteUsernames/^([^@]+).*/$1/ #added by eddy for testing Secret test Secret X NasType TotalControlSNMP SNMPCommunity xxx Secret X NasType TotalControlSNMP SNMPCommunity XXX # added second HiPer ARC 2-20-01 Secret X NasType TotalControlSNMP SNMPCommunity XXX # added to run radpwtst 2-27-01 Secret X NasType TotalControlSNMP SNMPCommunity XXX Secret X NasType TotalControlSNMP SNMPCommunity XXX Secret #test for ntplex Secret X Secret X Secret X Secret X IgnoreAcctSignature #added 6/01/01 Secret X #added 6/07/01 Secret X # MegaPop Radius Servers Secret X Secret X Secret X Secret X Secret X Secret X Secret X # End of MegaPop Servers Secret testing123 Secret testing123 DupInterval 0 # AuthByPolicy ContinueUntilAccept AcctLogFileName %L/%Y/%m/%d-details DBSourcedbi:Sybase:server=AbacBill DBUsername rodopi DBAuth rodopi Filename /etc/acctmgr/users # AuthByPolicy ContinueUntilAccept AcctLogFileName %L/%Y/%m/%d-details DBSourcedbi:Sybase:server=AbacBill DBUsername rodopi DBAuth rodopi Filename /etc/acctmgr/users DBSource dbi:mysql:Radius DBUsername Radius DBAuth KnubbyDo AddQuery \ insert into Sessions (UserName, NASIdent, NASPort, \ SessionID, TimeStamp, FramedIPAddress, NASPortType, \ ServiceType) values ('%n', '%N', %{NAS-Port}, \ '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-Address}', \ '%{NAS-Port-Type}', '%{Service-Type}') DeleteQuery \ delete from Sessions where Username='%n' and \ NASIdent='%N' and NASPort=%{NAS-Port} ClearNasQuery \ delete from Sessions where NASIdent='%N' CountQuery \ select NASIdent, NASPort, SessionID from Sessions \ where Username='%n' ++ *** Received from 63.112.157.254 port 1646 Code: Accounting-Request Identifier: 179 Authentic: X<189>q<137>r:(5<23>ln<179>[!<127><210> Attributes: User-Name = "brg" NAS-Identifier = "63.112.157.254" Acct-Status-Type = Stop Acct-Session-Id = "68222995" Acct-Delay-Time = 0 Acct-Authentic = RADIUS Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 1042 Caller-Id = "8606675624" Client-Port-DNIS = "8609411055" Framed-Protocol = PPP Framed-Address = 63.112.159.16 Acct-Session-Time = 363 Acct-Terminate-Cause = 2 Acct-Input-Octets = 746 Acct-Output-Octets = 822 Acct-Input-Packets = 23 Acct-Output-Packets = 19 Tue Jul 24 06:29:30 2001: DEBUG: Rewrote user name to brg Tue Jul 24 06:29:30 2001: DEBUG: Rewrote user name to brg Tue Jul 24 06:29:30 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Jul 24 06:29:30 2001: DEBUG: Deleting session for brg, 63.112.157.254, 1042 Tue Jul 24 06:29:30 2001: DEBUG: do query is: delete from Sessions where Username='brg' and NASIdent='63.112.157.254' and NASPort=1042 Tue Jul 24 06:29:30 2001: DEBUG: do query is: exec Interface_VircomDetails '68222995', 'Jul 24, 2001 06:29', 'brg', '63.112.157.254', 1042, 'Framed-User', 'PPP', '63.112.159.16', '8606675624', '63.
(RADIATOR) Auth By Emerald Question
I noticed the SQL query in the authenticator for Emerald looks at the sa.login or the sa.shell fields in the SubAccounts table. Question: If I have a login say of "fred" in the sa.login field, would it be okay to stuff the realm login into the Shell field? We don't issue shell accounts, so it would be a fairly simple query (we use the ma.Referredby field to determine various acquisitions we have done) -so parsing the realm this way would be easy. So if sa.login = "fred" and sa.shell = "[EMAIL PROTECTED]" would this solve realming without having to set up a handler for a realm? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) importing users file into a sql db
Hello Roger and all. RM> are there any scripts available to push a users file into a sql db? When you tell 'file' - you mean plain-text file as 'passwd', 'shadow' and etc. ? Or something else? I don't think that somebody have off-the shelf solution becouse different people use different names of fields in databeses. You just need man who can formed SQL query -= lol =- -- Best regards, Alexey Korchagin mailto:[EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) importing users file into a sql db
Hello Roger - On Tuesday 24 July 2001 18:02, Roger Mangraviti wrote: > Hi all, > > are there any scripts available to push a users file into a sql db? > We supply a utility called "buildsql" with Radiator. Have a look at section 10 in the Radiator 2.18.2 reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) hello
Hello Mohan - On Tuesday 24 July 2001 18:24, MARKOSE,MOHAN (HP-Singapore,ex4) wrote: > Hello > > I intend to set up a Radiator Radius server for AAA services, on the Win NT > platform. I would appreciate replies to the following queries - > I will be happy to answer any questions. > 1. Is Radiator supported on Win 2k - if so what version of the OS - Server > ? Advanced server ? On Win NT, do I need to apply any service packs > Radiator will run on any version of Windows (98/NT/2k). You will need to install ActivePerl from ActiveState prior to installing Radiator. http://www.activestate.com > 2. I intend to use NT user domains to store the authentication information, > and hence I am not using any datbase. Can I enable accouting and log > information in a flat file or log file - In other words, do I necessarily > require a database to perform accounting ? > You can write your accounting data to any number of flat files and/or SQL databases. Flat files on their own are fine - you do not need SQL. If you have any other questions, please ask. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) hello
Hello I intend to set up a Radiator Radius server for AAA services, on the Win NT platform. I would appreciate replies to the following queries - 1. Is Radiator supported on Win 2k - if so what version of the OS - Server ? Advanced server ? On Win NT, do I need to apply any service packs 2. I intend to use NT user domains to store the authentication information, and hence I am not using any datbase. Can I enable accouting and log information in a flat file or log file - In other words, do I necessarily require a database to perform accounting ? Many thanks Mohan === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) importing users file into a sql db
Hi all, are there any scripts available to push a users file into a sql db? TIA Roger === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.