Re: (RADIATOR) packet manipulation
Hello Yoga - On Friday 24 August 2001 16:21, Yoga Nandiwardhana wrote: hi all how can i manipulate the timeleft on a sent/received packet? i figured i would have to add a PreClientHook and another hook when i'm sending the packet, but which one (PostAuth/Post/PreProcessing?). And what is the format of the packet sent by radiator? if im trying to manipulate the packet at least i need to know how it looks.. thanks all The answer to your question depends on exactly what you are trying to do. If you give me a bit more detail I will try to help. Note that there are some example hooks in the Radiator distribution in the file goodies/hooks.txt. When a radius packet is being manipulated inside Radiator it is stored in decoded form in a memory structure that is referenced by a pointer - $p is the request packet and $rp is the reply packet. These are the parameters that are refered to pretty much everywhere in the source code. You can then use the normal Radiator routines to manipulate the packets (see the module Radius/AttrVal.pm). Again - the example hooks illustrate most of what you need. If you really want to know what is going on inside Radiator, I urge you to read the source code - its the best way to learn! regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Want to force a logoff at the end of a month
In the Access Accept step, send a Session-Timout with the remaining time until the end of the month. RDA.- - Original Message - From: Brian Morris [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 08, 2001 11:05 PM Subject: (RADIATOR) Want to force a logoff at the end of a month Hi All, If possible, I would like to return a max session time attribute to certain customers to force them to logoff at the end of a calendar month (say at 23:59 on the last day of each month) this is so I can close off our accounting files for billing purposes. Is there a way I can configure radiator to dynamically set this attribute to return the end of the current month? Regards, Brian Morris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Windows NT password has troubles
Hello Hugh Yes, I had checked the share secret and is fine. Otherwise I ran the radpwtst from the local server where the Radiator is installed and I get this problem. I comented the Client TotalControl to use only the localhost client and I get the same problem. I installed the radiator as WinNt superuser (administrator), but I´m not sure if it is necessary configure anything else in the service properties tab in control panel. John Edward Kekhan N. Network Manager Polycom S.A. - Colombia [EMAIL PROTECTED] -- De: Hugh Irvine[SMTP:[EMAIL PROTECTED]] Responder a: [EMAIL PROTECTED] Enviado el: Jueves, 23 de Agosto de 2001 06:46 p.m. Para: John Edward Kekhan Nino; [EMAIL PROTECTED] Asunto: Re: (RADIATOR) Windows NT password has troubles Hello John - Have you checked the shared secrets between the NAS and Radiator? And what user are you running Radiator as? Does that user have administrator priveledges to be able to access the domain controller? regards Hugh On Friday 24 August 2001 01:43, John Edward Kekhan Nino wrote: Hello I have another trouble using radiator in windows NT, when I use the password the log shows the message, Access rejected for e0999626: NT AuthenticateUser failed: Logon failure: unknown user name or bad password. but if I use the parameter NoCheckPassword in AuthBy NT, the user is success and the Access is granted Here is my radisu.cfg file # Radiator configuration file. AcctPort 1646 AuthPort 1645 DbDir E:\Radiator-2.18.2\radius DictionaryFile %D\dictionary\dictionary FingerProg C:\WINNT\system32\finger.exe LogDir E:\Radiator-2.18.2\log LogFile %L\logradius.log PidFile %L\radiusd.pid Trace 4 Client localhost DupInterval 0 Secret mysecret /Client Client TotalControl Description totalcontrol DupInterval 2 NasType TotalControl Secret xx /Client Realm DEFAULT AuthBy GROUP AuthByPolicy ContinueWhileReject AuthBy NT DefaultSimultaneousUse 2 Description domain WinNT Domain domain1 DomainController \\domaincontroller1 Identifier ECP1 /AuthBy AuthBy NT DefaultSimultaneousUse 2 Description Domain Trans Domain domain2 DomainController \\domaincontroller2 Identifier ECP2 /AuthBy AuthBy FILE Description testing Filename %D\users /AuthBy /AuthBy Description RASECP RejectHasReason SessionDatabase /Realm SNMPAgent Community public Port 161 /SNMPAgent the users file DEFAULT Auth-Type = ECP1, Service-Type = Framed-User Framed-Protocol = PPP, Fall-Through = yes DEFAULT Auth-Type = ECP2, Service-Type = Framed-User Framed-Protocol = PPP Fall-Through = yes # I left this user to probe configuration fredUser-Password = fred,Service-Type = Framed-User Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP and the log from radius server Wed Aug 22 17:55:34 2001: INFO: Server started: Radiator 2.18.2 on radecp Wed Aug 22 17:58:34 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1244 Code: Access-Request Identifier: 19 Authentic: 1234567890123456 Attributes: User-Name = e0999626 Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 145238*2011949t15513989160216}x153 Wed Aug 22 17:58:34 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 22 17:58:34 2001: DEBUG: Deleting session for e0999626, 203.63.154.1, 1234 Wed Aug 22 17:58:34 2001: DEBUG: Handling with NT Wed Aug 22 17:58:38 2001: INFO: Access rejected for e0999626: NT AuthenticateUser failed: Logon failure: unknown user name or bad password. Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1244 Code: Access-Reject Identifier: 19 Authentic: 1234567890123456 Attributes: Reply-Message = NT AuthenticateUser failed: Logon failure: unknown user name or bad password.1310 Wed Aug 22 17:58:38 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1244 Code: Accounting-Request Identifier: 20 Authentic: 217xq238146187/$,E251:1451361769 Attributes: User-Name = e0999626 Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = 1234 Acct-Status-Type = Start Called-Station-Id = 123456789
RE: (RADIATOR) Windows NT Users auth with trouble
Hello Hugh Thanks for your help. Thats right I put the leading backslashes but I had other problem too. You have to permit passing NBT traffic (137,138 and 139 tcp/udp ports) through any firewall that you have, it was my problem. After, you have to check the connection between the servers, use in a command window (CMD) the following sentence net view \\domaincontroller if it works you will see a user/password window write them and press enter then you have to see the shared folders. Check too in microsoft technet web site the message error Network path not found there are some reasons why, and how resolve this problem. Thanks John Edward Kekhan N. Network Manager Polycom S.A. - Colombia [EMAIL PROTECTED] -- De: Hugh Irvine[SMTP:[EMAIL PROTECTED]] Responder a: [EMAIL PROTECTED] Enviado el: Martes, 21 de Agosto de 2001 07:08 p.m. Para: John Edward Kekhan Nino; [EMAIL PROTECTED] Asunto: Re: (RADIATOR) Windows NT Users auth with trouble Hello John - Could you please send me a copy of your users file? I also think your AuthBy NT configuration is incorrect, as the DomainController parameter must contain the leading backslashes. However, I would not expect you to need to specify this if the Radiator host is able to find the domain controller(s) by polling the network. Have a look at section 6.25 in the Radiator 2.18.2 reference manual (in the file doc/ref.html in the distribution). regards Hugh On Wednesday 22 August 2001 06:05, John Edward Kekhan Nino wrote: Hello I have a trouble using Radiator to validate users in WindowsNT 4.0. I have a Server WinNT4.0 configured as stand-alone server where I have the Radiator 2.18.2 and there are two WinNT servers installed as Domain controllers, when I use the perl command radpwtst to check the config I just obtain an error that I don`t know how to solve. This is my radius.cfg config # Radiator configuration file. AcctPort 1646 AuthPort 1645 DbDir E:\Radiator-2.18.2\radius DictionaryFile %D\dictionary\dictionary FingerProg C:\WINNT\system32\finger.exe LogDir E:\Radiator-2.18.2\log LogFile %L\logradius.log PidFile %L\radiusd.pid Trace 4 Client localhost DupInterval 0 Secret mysecret /Client Client DEFAULT DupInterval 0 Secret mysecret /Client Client TotalControl Description totalcontrol DupInterval 2 NasType TotalControl Secret xx /Client Realm DEFAULT AuthByPolicy ContinueUntilReject AuthBy NT Description Windows NT domain Domain domain1 DomainController hostname1 Identifier domain1 /AuthBy AuthBy NT Description Windows NT Domain Trans Domain domain2 DomainController hostname2 Identifier domain2 /AuthBy AuthBy FILE Description testing Filename %D\users Identifier FileUsers /AuthBy Description RAS RejectHasReason SessionDatabase /Realm SNMPAgent Community public Port 161 /SNMPAgent and the logradius has the following Tue Aug 21 11:45:06 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1956 Code: Access-Request Identifier: 96 Authentic: 1234567890123456 Attributes: User-Name = fred Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 159249:201206\424618889160216}x153 Tue Aug 21 11:45:06 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Aug 21 11:45:06 2001: DEBUG: Deleting session for fred, 203.63.154.1, 1234 Tue Aug 21 11:45:06 2001: DEBUG: Handling with NT Tue Aug 21 11:45:17 2001: DEBUG: Handling with NT Tue Aug 21 11:45:19 2001: DEBUG: Handling with Radius::AuthFILE Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE looks for match with fred Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE REJECT: Bad Password Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE looks for match with DEFAULT Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes failed: 53: The network path was not found. Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 Tue Aug 21 11:45:19 2001: DEBUG: Handling with NT Tue Aug 21 11:45:19 2001: DEBUG: Radius::AuthFILE REJECT: NT GetAttributes failed: 53: The network path was not found. Tue Aug 21 11:45:19 2001: INFO: Access rejected for fred: NT GetAttributes failed: 53: The network path was not found. Tue Aug 21 11:45:19 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1956 Code: Access-Reject Identifier: 96 Authentic: 1234567890123456 Attributes:
(RADIATOR) RADIATOR Attribute 6
Hello, An absolute neophite here. I installed Radiator-2.18.2 and am using RAdmin-1.4 on BSDi 4.01, MySQL-3.22.32, Perl 5.005_03. I am trying to get a Cisco AS5800 box to authenticate and I get an accepted in the detail file but on the user end they get denied. The people at ELI say I am not sending attribute 6 (Framed-User) so the authentication stops on their end. I notice in the detail file that Framed is sent, not Framed-User. I do not know if that is the answer or not. If so how do I get it to send. Detail file excerpt is below. Any and all comments are extremely welcome. My boss wants me to know Radiator inside-out by next week. Yeah right! detail.23.log - Thu Aug 23 11:45:26 2001: DEBUG: Packet dump: *** Received from 207.173.144.229 port 1645 Code: Access-Request Identifier: 79 Authentic: 1821J195t160146yH311922412521612830 Attributes: NAS-IP-Address = 209.210.88.181 NAS-Port = 1617 NAS-Port-Type = Async Called-Station-Id = 8153525631 Calling-Station-Id = 3608160568 Service-Type = Framed Framed-Protocol = PPP User-Password = H225198)2431862534225316r9218H User-Name = annam Proxy-State = BSP2cecil.eli.net/B6314AC374A09279481FC0F1FCA11C1E902482197ADC9 EC4F2D9505800BABC85ABA1CDB47ADC9CA9230B08FA06D7BAD5545E324E7ADB 99AAB1B8222662D5CFB5C5CFACDC Thu Aug 23 11:45:26 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Aug 23 11:45:26 2001: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Thu Aug 23 11:45:26 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (998592326, 4, 'Handling with Radius::AuthRADMIN') Thu Aug 23 11:45:26 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (998592326, 4, 'Handling with Radius::AuthRADMIN') Thu Aug 23 11:45:26 2001: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='annam' and BADLOGINS 5 and VALIDFROM 998592326 and VALIDTO 998592326 Thu Aug 23 11:45:26 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (998592326, 4, 'Radius::AuthRADMIN looks for match with annam') Thu Aug 23 11:45:27 2001: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (998592327, 4, 'Radius::AuthRADMIN ACCEPT: ') Thu Aug 23 11:45:27 2001: DEBUG: do query is: update RADUSERS set BADLOGINS=0 where USERNAME='annam' Thu Aug 23 11:45:27 2001: DEBUG: Access accepted for annam Thu Aug 23 11:45:27 2001: ERR: There is no value named Van-Jacobson-TCP-IP for attribute Framed-Compression. Using 0. Thu Aug 23 11:45:27 2001: DEBUG: Packet dump: *** Sending to 207.173.144.229 port 1645 Code: Access-Accept Identifier: 79 Authentic: 1821J195t160146yH311922412521612830 Attributes: Proxy-State = BSP2cecil.eli.net/B6314AC374A09279481FC0F1FCA11C1E902482197ADC9EC4F2D9505 800BABC85ABA1CDB47ADC9CA9230B08FA06D7BAD5545E324E7ADB99AAB1B8222662D5CFB5 C5CFACDC Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP - The End -- Der Hausmeister ~~JESUS ~~ Jesus Duarte UNIX System Administrator (geek) IPNS/CNNW [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] [EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED] [EMAIL PROTECTED][EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) What Info is avaiable vi SNMP
Hi I have SNMP work on My Radiator Box fine and get results when polled Doing a snmpwalk against the box I get result from 67.1.1.1.1.1 to 67.2.1.1.1.14.1.11.7 With various info against great !!! Is there list of what each result means ? I was wondering if you can find out how many have LOG OFF or Logon failures (I know you can find how many log on) Thanks Matthew
(RADIATOR) What info is available via SNMP
Hi I have SNMP work on My Radiator Box fine and get results when polled Doing a snmpwalk against the box I get result from 67.1.1.1.1.1 to 67.2.1.1.1.14.1.11.7 With various info against each Is there list of what each result means ? I can see that you can get up time the NAS box IP etc I was wondering if you can find out how many have LOG OFF or Logon failures or what other info is there ? (I know you can find how many log on) Thanks Matthew === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.