Re: (RADIATOR) random problems
Hello Nihal - I will need to see a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening when Radiator stops. I will also need the hardware/software platform that you are running on and any other relevant information that you deem useful. thanks Hugh On Wednesday 25 July 2001 14:59, Nihal Khalsa wrote: font size=3pre We've been having random login problems with radiator, after its been running for about a day, valid users will get the message quot;No such userquot;. The only fix we've been able to come up with is to restart the server which only lasts for a short while. Has anyone had similar problems? Any suggestions would be wonderful. Thanks, Nihal/pre/font pimg src=http://mail.ez2000.net:80/ez.anonymous?mod=imgkey=mailmsgid=dx7olre4 [EMAIL PROTECTED] width=0 height=0 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) service-type=call-check question.
Hello Griff - Can you explain to me what a Service-Type = Call-Check is? And in what circumstance your NAS generates it? My reading of the RFC tells me that this should correspond to a Pre-Authentication request that the NAS sends before answering the call, and in which the Calling-Station-Id is sent as the User-Name. An Access-Accept in reply should tell the NAS to answer the call. Is this what you are trying to do? thanks Hugh On Wednesday 25 July 2001 06:45, Griff Hamlin wrote: Hello, I'm trying to handle a situation where I need to perform an authorization for a service-type of 'call-check'. What I want to do is, look in a mysql table and if I find a row matching the combination of username, nas-ipaddress then I want the router to accept the call and perform a normal authentication. If I don't find the row then I want it to be rejected. I would have a handler like the following: Handler Service-Type=call-check AuthBySQL IgnoreAccounting # appropriate DBSource and DBAuth parameters AuthSelect select something that eludes me /AuthBy /Handler I'm afraid I don't have the slightest idea what to put in there. It's not clear to me if I need to add another field to my database that contains an Auth-Type of some sort, but I don't know what that should be in the event that I just want the NAS to accept the call and do a normal authentication, not just redirect to some AuthBy named by an identifier. I also don't know how to tell it to set the Auth-Type to reject in the event that no rows are returned. Any help is appreciated. Griff Hamlin, III === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) DBSource for AuthBy Platypus
Hello William - For mSQL you would do this: DBSource dbi:mSQL[:database[:hostname[:port]]] Have a look at section 23.2 in the manual. regards Hugh On Wednesday 25 July 2001 08:01, William Hernandez wrote: From the Reference Manual: 6.31.1 DBSource, DBUsername, DBAuth, Timeout, FailureBackoffTime These parameters specify how to connect to the database to use for logging. They need to be set in a similar way to AuthBy SQL. They specify the DBD driver, database and username to connect to, and how to handle SQL server failures. # Connect to mSQL with database named `radius' DBSourcedbi:mSQL:radius DBUSername DBAuth But how do I tell Radiator on which host the database is located? Thanks in advance, William === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) No such attribute Called-Station-ID
Hello William - The correct spelling is Called-Station-Id. hth Hugh On Wednesday 25 July 2001 07:50, William Hernandez wrote: Hello everyone, I'm tyring to do some testing of my radius.cfg where I have: Handler Called-Station-ID=/5050$/ /Handler I'm getting the above message No such attribute Called-Station-ID using: radpwtst -trace -s www.domain.com -user foo -password foo -auth_port 1812 -noacct -secret foo -dictionary /etc/raddb/dictionary Called-Station-ID=6415050 What am I doing wrong? Thanks in advance. William === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) random problems authenticating
Hello Andrew -
The Access-Request and subsequent Access-Accept shown in the trace output
below appears completely normal. I will need to see a trace 4 debug showing
the actual problem, otherwise it is impossible for me to say what is wrong.
regards
Hugh
On Wednesday 25 July 2001 05:47, Andrew Kaplan wrote:
We are using the Total Control chassis with Rodopi. Within the past few
weeks dailup users have been complaining of problems connecting/getting a
fast connection etc. If they try a couple of times they connect. I have
tested my equipment and spoken with the telephone company - everything
checks out.
I turned off authentication on my Total Control Chassis and now it seems
everyone is able to connect. It seems difficult to imagine Rodopi having
random authenticating problems, but I have to purse every avenue.
Below is my .cfg. any a snippet from my logs. Any comments would be
appreciated. We are using Radiator 2.18 on Debian.
Trace 4
AuthPort 1645
AcctPort 1646
LogDir/usr/local/radius/log
# The line below was remmed out 11/7/00 in efforts to turn logging ON!
#LogFile
DbDir /usr/local/radius/raddb
DictionaryFile/usr/local/radius/dictionary.ascend
PidFile /var/run/radiusd.pid
#SNMPAgent
# Community TeekieUptiC
#/SNMPAgent
RewriteUsernametr/[A-Z]/[a-z]/
#the following will strip out the realms
RewriteUsernames/^([^@]+).*/$1/
#added by eddy for testing
Client 63.115.88.53
Secret test
/Client
Client 63.112.159.252
Secret X
NasType TotalControlSNMP
SNMPCommunity xxx
/Client
Client 63.112.159.254
Secret X
NasType TotalControlSNMP
SNMPCommunity XXX
/Client
# added second HiPer ARC 2-20-01
Client 63.112.157.254
Secret X
NasType TotalControlSNMP
SNMPCommunity XXX
/Client
# added to run radpwtst 2-27-01
Client 63.237.136.8
Secret X
NasType TotalControlSNMP
SNMPCommunity XXX
/Client
Client 63.237.136.2
Secret X
NasType TotalControlSNMP
SNMPCommunity XXX
/Client
Client 209.206.60.133
Secret
/Client
#test for ntplex
Client 204.213.176.6
Secret X
/Client
Client 204.213.176.7
Secret X
/Client
Client 204.213.179.30
Secret X
/Client
Client 204.213.176.152
Secret X
IgnoreAcctSignature
/Client
#added 6/01/01
Client 216.126.128.9
Secret X
/Client
#added 6/07/01
Client 216.126.128.10
Secret X
/Client
# MegaPop Radius Servers
Client 204.178.185.222
Secret X
/Client
Client 204.178.185.3
Secret X
/Client
Client 204.178.185.221
Secret X
/Client
Client 204.178.185.220
Secret X
/Client
Client 204.178.185.218
Secret X
/Client
Client 204.178.185.219
Secret X
/Client
Client 216.126.128.8
Secret X
/Client
# End of MegaPop Servers
Client 63.237.136.100
Secret testing123
/Client
Client 127.0.0.1
Secret testing123
DupInterval 0
/Client
Realm DEFAULT
# AuthByPolicy ContinueUntilAccept
AcctLogFileName %L/%Y/%m/%d-details
AuthBy RODOPI
DBSourcedbi:Sybase:server=AbacBill
DBUsername rodopi
DBAuth rodopi
/AuthBy
AuthBy FILE
Filename /etc/acctmgr/users
/AuthBy
/Realm
Realm cshore.com
# AuthByPolicy ContinueUntilAccept
AcctLogFileName %L/%Y/%m/%d-details
AuthBy RODOPI
DBSourcedbi:Sybase:server=AbacBill
DBUsername rodopi
DBAuth rodopi
/AuthBy
AuthBy FILE
Filename /etc/acctmgr/users
/AuthBy
/Realm
SessionDatabase SQL
DBSource dbi:mysql:Radius
DBUsername Radius
DBAuth KnubbyDo
AddQuery \
insert into Sessions (UserName, NASIdent, NASPort, \
SessionID, TimeStamp, FramedIPAddress, NASPortType, \
ServiceType) values ('%n', '%N', %{NAS-Port}, \
'%{Acct-Session-Id}', %{Timestamp}, '%{Framed-Address}', \
'%{NAS-Port-Type}', '%{Service-Type}')
DeleteQuery \
delete from Sessions where Username='%n' and \
NASIdent='%N' and NASPort=%{NAS-Port}
ClearNasQuery \
delete from Sessions where NASIdent='%N'
CountQuery \
select NASIdent, NASPort, SessionID from Sessions \
where Username='%n'
/SessionDatabase
++
*** Received from 63.112.157.254 port 1646
Code: Accounting-Request
Identifier: 179
Authentic: X189q137r:(523ln179[!127210
Attributes:
User-Name = brg
NAS-Identifier =
Re: (RADIATOR) Dictionary files
Hello Todd - This is incorrect for two reasons. The first is that Client clauses are global clauses (they don't go in Handlers), and the second is that you can only specify a single global dictionary file. You should start with the file called dictionary in the Radiator distribution and add and/or subtract from it with your favourite text editor as required. hth Hugh On Wednesday 25 July 2001 07:29, Todd Dokey wrote: Well to assign dictionary files in client or in handlers that have clients.. Handler %D/DictionaryFile dictionary.ascend Client blah settings... /Client Client blah2 # Same Modem type settings... /Client /Handler Next handler would be say dictionary.usr === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) appending realm to the end of a user.
Hello Roger - What you show below will not work because the AuthBy RADIUS clause does not operate in the way you are expecting, and in any case the AuthByPolicy that you are using will not do the right thing. The reason for this is that the AuthBy RADIUS clause is asynchronous and returns immediately, therefore the AuthByPolicy will not work correctly. If you explain what you are trying to do, I will be happy to make some suggestions. Note that we also offer consulting and installation services if required. regards Hugh On Wednesday 25 July 2001 16:18, Roger Mangraviti wrote: Hi Hugh, I have been playing with the config a bit and i'm trying to achieve the following: account to one sql server, with the realm appended to the user. proxy auth to 2 different radius auth servers. the problem being is that customers may not be appending a realm to the username. this is the main part of my config: Realm DEFAULT #strip realm RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueUntilAccept AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:radius:localhost DBUsername radius DBAuth xx # You may want to tailor these for your ACCOUNTING table # You can add your own columns to store whatever you like AccountingTable ACCOUNTING AcctColumnDef USERNAME,UserName AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address # You can arrange to log accounting to a file if the # SQL insert fails with AcctFailedLogFileName # That way you could recover from a broken SQL # server #AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy RADIUS AuthenticateAccounting AddToReply Class = atu.com.au FailureBackoffTime 60 Synchronous Secret xx RetryTimeout 1 Retries 1 Host 203.202.66.13 AuthPort1812 AcctPort1813 /Host AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy RADIUS AuthenticateAccounting AddToReply Class = viper.net.au FailureBackoffTime 60 Synchronous Secret xx RetryTimeout 1 Retries 1 Host 203.31.238.1 AuthPort1812 AcctPort1813 /Host AcctFailedLogFileName %D/missedaccounting /AuthBy /Realm authentication seems to work (for a while till it freezes, which i need to debug), but the sql logging is not appending the realm to the username. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Friday, 20 July 2001 1:50 PM To: Roger Mangraviti; [EMAIL PROTECTED] Subject: Re: (RADIATOR) appending realm to the end of a user. Hello Roger - On Friday 20 July 2001 13:09, Roger Mangraviti wrote: Hello, we have 2 radius servers and a radiator box. We are not appending the realm to the username, as we have 2 realms dialing the same number on the same nas. We have authentication working using fall through AuthBy RADIUS, but we need to append the realm for accounting purposes. How can the realm be append to if we know which radius server the user was authenticated from? The simplest way to do this is with the Class attribute, which can be added to the access accept. If you send me a copy of your configuration file (no secrets) I will show you how to set this up. Typically you would use an AddToReply: AuthBy RADIUS . AddToReply Class = some.realm /AuthBy regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator'
(RADIATOR) Date Format in AuthBy SQL
I've tried many different combinations but I can't get the date into the
database in the following
AuthBy SQL
.
FailureQuery insert into auth(date,user) values('%Y-%m-%d %H:%M:%S',
'%U')
/
I need the date to be in the format -MM-DD HH:MM:SS
I tried entering the date into a char() field and nothing was entered.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Date Format in AuthBy SQL
Hello Jason -
On Wednesday 25 July 2001 18:20, Separovic, Jason wrote:
I've tried many different combinations but I can't get the date into the
database in the following
AuthBy SQL
..
FailureQuery insert into auth(date,user) values('%Y-%m-%d %H:%M:%S',
'%U')
/
I need the date to be in the format -MM-DD HH:MM:SS
I tried entering the date into a char() field and nothing was entered.
I suspect you mean
AuthLog SQL
?
If so, please send me a copy of the configuration file (no secrets), together
with a trace 4 debug from Radiator showing what is happening.
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and LDAP
Dear, I am using Radiator-2.18-2 and openLDAP on Linux. I installed Net::LDAP and want to use AuthBy LDAP2 to do authentication. Actually i would like touse the Called-Station-ID received from the NAS(AS5300) for authentication. I see in the manually that I can do in following format #AuthAttrDef ldapattributename, radiusattributename, type AuthAttrDef calledstationid,Called-Station-ID,check I want to know what setup I need to make in the LDAP server. Isit new to create a special schema? Thanks Kan _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) HOW TO RESTRICT A ISDN LINE´S CONNECTIONS WHIT RADIUS??
Hi, I need to restrict the users that connect using ISDN Bri Lines. I have a Cisco AS5300 and I´m using ISDN Pri Lines. Someone can help me??? Thanks, Camilo C. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authentication failing..........please help !!!
Hi everone, I am new to the field of Radiator. We are in a process of testing it for our needs. I am running into some problems and any help to it would be greatly appreciated. I am sending my radius.cfg file which is stored under /usr/local/etc directory. I am also sending a copy of my users file, which contains the default user mikem as well as a newly created user by the name moin. I have stored this file at both /etc/radiator and /usr/local/etc directories. I did not change anything else from the initial config. Please note that i have removed the IP address of our client from the file and replaced it with a.b.c.d The radpwtst command works properly and its output is sending Access-Request... OK sending Accounting-Request Start... OK sending Accounting-Request Stop... OK As far as the hardware config is concerned, Its a Linux box with Redhat on it, 933 Mhz P III processor, 256 MB RAM, 35 GB hard disk, etc. Please take time to view the config and suggest anything i need to change. Is there something that i am overlooking. U can also reach me at 303 735 4809. Thanks. Imran. __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ # radius.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # a simple system. You can then add and change features. # We suggest you start simple, prove to yourself that it # works and then develop a more complicated configuration. # # This example will authenticate from a standard users file in # the current directory and log accounting to a file in the current # directory. # It will accept requests from any client and try to handle request # for any realm. # And it will print out what its doing in great detail. # # You should consider this file to be a starting point only # $Id: linux-radius.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp mikem $ #Foreground #LogStdout LogDir /var/log/radius DbDir /etc/radiator # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 3 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with # THIS IS THE 5500 CLIENT- ATTEMPTING A NON-NAMESERVED ENTRY Client a.b.c.d Secret imran /Client Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy FILE Filename %D/users /AuthBy # Log accounting to a detail file AcctLogFileName %L/detail /Realm Realm backbone AuthBy FILE Filename %D/users /AuthBy # Log accounting to a detail file AcctLogFileName %L/detail /Realm # users # This is an example of how to set up simple user for # AuthBy FILE. # The example user mikem has a password of fred, and will # receive reply attributes suitable for most NASs. # You can do many more interesting things. See the reference # manual at /usr/share/doc/Radiator-2.18.1/ref.html # # You can test this user with the command # radpwtst mikem Password=fred Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP moinPassword=pete Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP
(RADIATOR) Radiator using SQL
I am reconfiguring Radiator to use an SQL database. Connection is to be made via ODBC. 1.How do I define the data structure in the database to accomodate all Radius attributes ? 2.How do I setup Radiator to query the database and return relevant attributes associated with the record. eg. Simultaneous-use, filter-id, etc. 'Tunde Ogedengbe - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Roger Mangraviti [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, July 25, 2001 8:47 AM Subject: Re: (RADIATOR) appending realm to the end of a user. Hello Roger - What you show below will not work because the AuthBy RADIUS clause does not operate in the way you are expecting, and in any case the AuthByPolicy that you are using will not do the right thing. The reason for this is that the AuthBy RADIUS clause is asynchronous and returns immediately, therefore the AuthByPolicy will not work correctly. If you explain what you are trying to do, I will be happy to make some suggestions. Note that we also offer consulting and installation services if required. regards Hugh On Wednesday 25 July 2001 16:18, Roger Mangraviti wrote: Hi Hugh, I have been playing with the config a bit and i'm trying to achieve the following: account to one sql server, with the realm appended to the user. proxy auth to 2 different radius auth servers. the problem being is that customers may not be appending a realm to the username. this is the main part of my config: Realm DEFAULT #strip realm RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueUntilAccept AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSourcedbi:mysql:radius:localhost DBUsername radius DBAuth xx # You may want to tailor these for your ACCOUNTING table # You can add your own columns to store whatever you like AccountingTable ACCOUNTING AcctColumnDef USERNAME,UserName AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address # You can arrange to log accounting to a file if the # SQL insert fails with AcctFailedLogFileName # That way you could recover from a broken SQL # server #AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy RADIUS AuthenticateAccounting AddToReply Class = atu.com.au FailureBackoffTime 60 Synchronous Secret xx RetryTimeout 1 Retries 1 Host 203.202.66.13 AuthPort1812 AcctPort1813 /Host AcctFailedLogFileName %D/missedaccounting /AuthBy AuthBy RADIUS AuthenticateAccounting AddToReply Class = viper.net.au FailureBackoffTime 60 Synchronous Secret xx RetryTimeout 1 Retries 1 Host 203.31.238.1 AuthPort1812 AcctPort1813 /Host AcctFailedLogFileName %D/missedaccounting /AuthBy /Realm authentication seems to work (for a while till it freezes, which i need to debug), but the sql logging is not appending the realm to the username. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Friday, 20 July 2001 1:50 PM To: Roger Mangraviti; [EMAIL PROTECTED] Subject: Re: (RADIATOR) appending realm to the end of a user. Hello Roger - On Friday 20 July 2001 13:09, Roger Mangraviti wrote: Hello, we have 2 radius servers and a radiator box. We are not appending the realm to the username, as we have 2 realms dialing the same number on the same nas. We have authentication working using fall through AuthBy RADIUS, but we need to append the realm for accounting purposes. How can the realm be append to if we know which radius server the user was authenticated from? The simplest way to do this is with the Class attribute, which can be added to the
(RADIATOR) Here is the log file ..........still cant authenticate
Hi all, here is my logfile. I am still not able to get the users authenticated on the cisco 5500 switch. i had sent the radius.cfg and users file earlier. I am sending them again. Let me know if you can figure out what the problem is. Thanks a lot in advance. Imran. Tue Jul 24 11:36:36 2001: INFO: Server started: Radiator 2.18.2 on radii (DEMO) Tue Jul 24 14:03:21 2001: NOTICE: SIGTERM received: stopping Tue Jul 24 14:07:01 2001: INFO: Server started: Radiator 2.18.2 on radii (DEMO) Tue Jul 24 17:12:36 2001: NOTICE: SIGTERM received: stopping Tue Jul 24 17:12:41 2001: INFO: Server started: Radiator 2.18.2 on radii (DEMO) Tue Jul 24 17:29:10 2001: INFO: Access rejected for mikem: Bad Password Tue Jul 24 17:29:27 2001: INFO: Access rejected for mikem@backbone: No such user Tue Jul 24 17:29:40 2001: INFO: Access rejected for moin@backbone: No such user Tue Jul 24 17:30:44 2001: INFO: Access rejected for mikem: Bad Password Tue Jul 24 17:30:58 2001: INFO: Access rejected for moin@backbone: No such user Tue Jul 24 17:31:07 2001: INFO: Access rejected for moin: No such user Tue Jul 24 17:31:16 2001: INFO: Access rejected for mikem: Bad Password Wed Jul 25 17:29:12 2001: INFO: Access rejected for moin: Bad Password Wed Jul 25 17:29:23 2001: INFO: Access rejected for mikem: Bad Password Wed Jul 25 17:29:34 2001: INFO: Access rejected for moin@backbone: No such user Wed Jul 25 17:29:57 2001: INFO: Access rejected for moin@: No such user __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ # radius.cfg # # Example Radiator configuration file. # This very simple file will allow you to get started with # a simple system. You can then add and change features. # We suggest you start simple, prove to yourself that it # works and then develop a more complicated configuration. # # This example will authenticate from a standard users file in # the current directory and log accounting to a file in the current # directory. # It will accept requests from any client and try to handle request # for any realm. # And it will print out what its doing in great detail. # # You should consider this file to be a starting point only # $Id: linux-radius.cfg,v 1.1 2001/05/17 05:33:34 mikem Exp mikem $ #Foreground #LogStdout LogDir /var/log/radius DbDir /etc/radiator # Use a low trace level in production systems. Increase # it to 4 or 5 for debugging, or use the -trace flag to radiusd Trace 3 # You will probably want to add other Clients to suit your site, # one for each NAS you want to work with # THIS IS THE 5500 CLIENT- ATTEMPTING A NON-NAMESERVED ENTRY Client a.b.c.d Secret imran /Client Client DEFAULT Secret mysecret DupInterval 0 /Client Realm DEFAULT AuthBy FILE Filename %D/users /AuthBy # Log accounting to a detail file AcctLogFileName %L/detail /Realm Realm backbone AuthBy FILE Filename %D/users /AuthBy # Log accounting to a detail file AcctLogFileName %L/detail /Realm # users # This is an example of how to set up simple user for # AuthBy FILE. # The example user mikem has a password of fred, and will # receive reply attributes suitable for most NASs. # You can do many more interesting things. See the reference # manual at /usr/share/doc/Radiator-2.18.1/ref.html # # You can test this user with the command # radpwtst mikem Password=fred Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP moinPassword=pete Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP
Re: (RADIATOR) Radiator and LDAP
Hello Yu Ting - First of all, can you please tell me the name of the registered company that has purchased this copy of Radiator? Please reply to me directly. thanks Hugh On Thursday 26 July 2001 02:03, Kan Yu Ting wrote: Dear, I am using Radiator-2.18-2 and openLDAP on Linux. I installed Net::LDAP and want to use AuthBy LDAP2 to do authentication. Actually i would like touse the Called-Station-ID received from the NAS(AS5300) for authentication. I see in the manually that I can do in following format #AuthAttrDef ldapattributename, radiusattributename, type AuthAttrDef calledstationid,Called-Station-ID,check I want to know what setup I need to make in the LDAP server. Isit new to create a special schema? Thanks Kan _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Radiator using SQL
Hello 'Tunde - On Thursday 26 July 2001 05:53, 'Tunde Ogedengbe wrote: I am reconfiguring Radiator to use an SQL database. Connection is to be made via ODBC. 1.How do I define the data structure in the database to accomodate all Radius attributes ? 2.How do I setup Radiator to query the database and return relevant attributes associated with the record. eg. Simultaneous-use, filter-id, etc. There is an example SQL configuration file in goodies/sql.cfg and there is an example SQL database definition in the file goodies/sybaseCreate.sql. Also have a look at section 6.26 in the Radiator reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: HOW TO RESTRICT A ISDN LINE´S CONNECTIONS WHIT RADIUS??
Hello Camilo - Could you please explain in more detail what you are trying to do? What do you need to restrict? thanks Hugh On Thursday 26 July 2001 02:40, Camilo Fernando Corena G wrote: Hi, I need to restrict the users that connect using ISDN Bri Lines. I have a Cisco AS5300 and I´m using ISDN Pri Lines. Someone can help me??? Thanks, Camilo C. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Global RADMIN accounting for abuse tracking
On Sat, Jul 21, 2001 at 11:14:26AM +1000, Hugh Irvine wrote: On Friday 20 July 2001 19:53, Miguel A.L. Paraz wrote: Hi, I tried AcctLogFilename and it works inside Realm. It does nothing when placed outside. Is this the correct behavior? I want one file to log to regardless of realm. This is the correct behaviour. You have to specify the AcctLogFilename in each Realm or Handler (you can use the same file however). Thanks, here's more detail on what I want. I find that a plain text AcctLogFilename generates too much detail. I only need the username, Framed-IP-Address, Calling-Station-ID and time stamp - enough to identify security/abuse violations. For speed of lookups, I would like it to be in a SQL database. I need an interface where complaints can be looked up by our security team, and will also take SpamCop mail as input. My RADMIN and others are already using MySQL. From my reading archives I find that AuthBy SQL will do the logging. But, don't want to auth since my incoming RADIUS requests are either local via RADMIN, or proxied. What is the invocation to do SQL accounting only? Can I use AuthBy RADMIN, and the AccountingTable, even for proxied requests? If so, I think the way to do it for proxies is: AuthBy RADIUS Host ... /AuthBy AuthBy RADMIN AccountingTable RADUSAGEPROXIED AcctColumnDef ... /AuthBy How do I make the AuthBy RADMIN be called only for accounting? Thanks, and I think this should be useful for everyone who proxies to servers not under their control but have to be responsible to the community for spam complaints and security incidents. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Global RADMIN accounting for abuse tracking
Hello Miguel - On Thursday 26 July 2001 14:33, Miguel A.L. Paraz wrote: On Sat, Jul 21, 2001 at 11:14:26AM +1000, Hugh Irvine wrote: On Friday 20 July 2001 19:53, Miguel A.L. Paraz wrote: Hi, I tried AcctLogFilename and it works inside Realm. It does nothing when placed outside. Is this the correct behavior? I want one file to log to regardless of realm. This is the correct behaviour. You have to specify the AcctLogFilename in each Realm or Handler (you can use the same file however). Thanks, here's more detail on what I want. I find that a plain text AcctLogFilename generates too much detail. I only need the username, Framed-IP-Address, Calling-Station-ID and time stamp - enough to identify security/abuse violations. For speed of lookups, I would like it to be in a SQL database. I need an interface where complaints can be looked up by our security team, and will also take SpamCop mail as input. My RADMIN and others are already using MySQL. From my reading archives I find that AuthBy SQL will do the logging. But, don't want to auth since my incoming RADIUS requests are either local via RADMIN, or proxied. What is the invocation to do SQL accounting only? Can I use AuthBy RADMIN, and the AccountingTable, even for proxied requests? If so, I think the way to do it for proxies is: AuthBy RADIUS Host ... /AuthBy AuthBy RADMIN AccountingTable RADUSAGEPROXIED AcctColumnDef ... /AuthBy How do I make the AuthBy RADMIN be called only for accounting? Thanks, and I think this should be useful for everyone who proxies to servers not under their control but have to be responsible to the community for spam complaints and security incidents. You are correct - many of our customers do exactly what you describe. Here is an example of what to do: # define AuthBy clauses AuthBy RADMIN Identifier CheckRADMIN DBSource . DBUsername DBAuth . ... /AuthBy # define AuthBy SQL for accounting only (note empty AuthSelect) # use the same DBSource, etc. as AuthBy RADMIN AuthBy SQL Identifier SQLAccounting DBSource . DBUsername DBAuth . AuthSelect AccountingTable RADUSAGEPROXIED AcctColumnDef . . /AuthBy AuthBy RADIUS Identifier ProxyToDownstream . /AuthBy # define Realms Realm your.local.realm AuthBy CheckRADMIN . /Realm Realm some.other.realm AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy ProxyToDownstream /Realm Of course, you can do a similar thing with Handlers if you prefer. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
