(RADIATOR) Using RADIUS as authentication provider for WIN2K RRAS

2001-10-01 Thread Alireza Veiseh 

Does anybody know how to setup Routhing and Remote Access (RRAS) of
WIN2k to use the radiator as the authentication provider?  Do I need to
edit the registory to add the raditor as a new service first?  

Here is what I have done, but it doesn't work:

1. Opened the property window of the RRAS
2. selected the Security tab
3. selected the "RADIUS Authentication"  as the Authentication provider
4. selected the Configure button
5. added the "radiusd" as the Server name and changed the port to 1647
(I'm sure this port works)
6. clicked Ok

When I restart the RRAS the server name is not recognized!  When I
changed the server name to localhost's Ip address, no error message
appeared, however the authentication failed!

Alireza

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Multiple Clients

2001-10-01 Thread Hugh Irvine 


Hello Shane -

On Tuesday 02 October 2001 16:51, Shane Malden wrote:

> > We are looking at purchasing a copy of Radiator but I was just after some
> opinion on it?? Also one of our Main features was to Proxy the Requests off
> to another Radius Product (RSA ACE/Server) and have Radiator reply with the
> IP and correct details. As we have two Network clients that request
> authentication, is there any way of replying differently to both of them?? 
> Any help and configuration examples would be appreciated.
>

My opinion may be slightly biased, but Radiator is by far the best radius 
server out there.

You can certainly proxy to an ACE/Server, but you may be interested to know 
that the next version of Radiator includes direct authentication against the 
ACE/Server API, so there will be no need to proxy.

I am not sure exactly what you mean by "Network clients", however if you mean 
a NAS or similar, there are a variety of ways to differentiate between them.

Here is one example:

# define Clients


Identifier ClientOne
Secret .
.



Identifier ClientTwo
Secret .
.


# define Handlers


.



.


There are *many* other options. 

If you give me a few more details I will be happy to assist.

regards

Hugh

ps - don't forget to have a look at the archive site

http://www.open.com.au/archives/radiator/


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Multiple Clients

2001-10-01 Thread Shane Malden 



We are looking at purchasing a copy of Radiator but 
I was just after some opinion on it?? Also one of our Main features was to Proxy 
the Requests off to another Radius Product (RSA ACE/Server) and have Radiator 
reply with the IP and correct details. As we have two Network clients that 
request authentication, is there any way of replying differently to both of 
them??  Any help and configuration examples would be 
appreciated.
 
 
Regards,
Shane

Re: (RADIATOR) Attibute Value Pair for Priv_lvl

2001-10-01 Thread Hugh Irvine 


Hello Amy -

This doesn't really have a radius equivalent (as far as I know), however 
there are lots of things that you can do with Cisco's using the "cisco-avpair 
..." construct, so you should check with Cisco what is possible. You should 
also be aware that there are *major* differences in radius/cisco-avpair 
support in the *many* different IOS versions.

YMMV

regards

Hugh


On Tuesday 02 October 2001 10:49, Amy Stratton wrote:
> Hiya, I'm curious if anyone can tell me what the Attribute Priv_lvl in
> tacacs+ translates to for Radius or if its possible.  This is for Cisco
> Routers/Switches. I've looked in the dictionary file and the
> dictionary.cisco file.  I've just started looking on cisco's page, but I
> figured I should check here first, maybe someone can help me.  Thanks in
> advance.
>
> -Amy
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) MAXSESSIONTIME

2001-10-01 Thread Hugh Irvine 


Hello Jesus -

On Tuesday 02 October 2001 10:25, Jesus Duarte wrote:
> Hello
>
> I want to set a MAXSESSIONTIME for all users.  Can I do that with the
> config file with an AddToReply statement instead of adding that field to
> all user accounts? If so, what is the syntax?
>

# define AuthBy 


..
AddToReply Session-Timeout = n


Have a look at section 13.2.7 in the Radiator 2.18.4 reference manual.

regards

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Attibute Value Pair for Priv_lvl

2001-10-01 Thread Amy Stratton 

Hiya, I'm curious if anyone can tell me what the Attribute Priv_lvl in
tacacs+ translates to for Radius or if its possible.  This is for Cisco
Routers/Switches. I've looked in the dictionary file and the
dictionary.cisco file.  I've just started looking on cisco's page, but I
figured I should check here first, maybe someone can help me.  Thanks in
advance.

-Amy 


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) MAXSESSIONTIME

2001-10-01 Thread Jesus Duarte 

Hello

I want to set a MAXSESSIONTIME for all users.  Can I do that with the
config file with an AddToReply statement instead of adding that field to
all user accounts? If so, what is the syntax?

Der Hausmeister
~~JESUS
   ~~
Jesus Duarte
UNIX System Administrator (geek)
IPNS/CNNW

[EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
[EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]
[EMAIL PROTECTED][EMAIL PROTECTED]


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) PORTLIMITCHECK problem

2001-10-01 Thread Hugh Irvine 


Hello Kevin -

This seems quite strange - can you please send me a copy of the configuration 
file (no secrets) together with a trace 4 debug showing what is happening?

BTW - the latest version of Radiator is 2.18.4.

thanks

Hugh


On Tuesday 02 October 2001 07:33, Kevin McKee wrote:
> When I try to implement PORTLIMITCHECK (see following handler), I get
> lots of people authorized with the 'Called-Station-ID' value replacing
> their Username in the Session Database.  Removing the AuthBy
> PORTLIMITCHECK seems to resolve the problem.  I'm running 2.17.1.  But,
> I really need to get PORTLIMITCHECK working.  Any suggestions.
>
> Thanks,
>
> -Kevin McKee-
> Network Manager
> Northwest Telephone, Inc.
>
> 
> 
> AcctLogFileName %L/%Y%m%d-GN-detail
> SessionDatabase gnDB
> RejectHasReason
> 
>CountQuery SELECT COUNT(*) FROM RADONLINE WHERE
> CALLEDID='%{Called-Station-Id}'
>SessionLimit 10
>
> 
> Host xxx.xxx.198.100
> Secret xx
> AuthPort 1645
> AcctPort 1646
> StripFromRequest NAS-Port-Id,NAS-Port-Type
> 
> 
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Radiator NAT problem

2001-10-01 Thread Hugh Irvine 


Hello George -

You can use the "OutPort nnn" parameter in the AuthBy RADIUS clause to force 
the use of a particular port number. This parameter is supported in Radiator 
2.18.1 and later - note that the current version is Radiator 2.18.4.

regards

Hugh


On Tuesday 02 October 2001 01:14, PANAGOPOULOU,GEORGIA (HP-Greece,ex1) wrote:
> Hello all,
>
> Here is a problem we encounter with our firewall configuration:
>
> Radiator server (outside firewall) talking to Radiator server (inside
> firewall)(version 2.18)
> The Radiator server outside the firewall changes it's source port every
> minute or so. Multiple different requests are sent to the other Radiator
> server on the same source port. The first request is NATed correctly, the
> subsequent requests are not. Once the Radiator server outside the firewall
> changes it's source port again, that first request is also NATed
> successfully, the rest are not.
>
> How can we change Radiator to use a new source port for each request that
> it proxies?
>
> Note that we are using Checkpoint FW-1 firewall.
>
> Looking forward for an answer from one of you ...
>
> Best regards,
> Georgia Panagopoulou
> Hewlett Packard Greece
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) prerequisite Digest::MD5 2.12 not found

2001-10-01 Thread Hugh Irvine 


Hello Alireza -

The latest version of Radiator is 2.18.4 - you should use that.

Please let me know if you still have problems, and send me the complete 
transcript of the steps you have followed.

thanks

Hugh


On Tuesday 02 October 2001 05:16, Alireza Veiseh wrote:

> > I just downloaded the evaluation version of RADIATOR  version 2.18 and
> followed the installation on Win2K. When I perform "perl Makefile.PL" in
> radiator directory, i get the following warning message:
>
> Warning: prerequisite Digest::MD5 2.12 not found at
> E:/Perl/lib/ExtUtils/MakeMak
> er.pm line 343.
>
> I downloaded and installed the Digest::MD5 package using the PPM, but
> still get the same error?
>
> Anybody had this problem before?
>
> Alireza


Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Efficiency

2001-10-01 Thread Hugh Irvine 


Hello Jaime -

The first example that you show below is incorrect and not supported.

The second example is correct.

regards

Hugh


On Monday 01 October 2001 22:08, Jaime Elizaga Jr. wrote:

> > Hello everyone,
>
> I just need some inputs on which config would provide a more efficient
> running radiator at high loads.
>
> Thanks,
>
> Jaime
>
> CONFIG 1:
>
> 
> Identifier FIRST
> 
> 
> Identifier SECOND
> 
> 
> Identifier DEFAULT
> 
>
> 
> 
> AuthBy FIRST
> 
> 
> AuthBy SECOND
> 
> 
> Authby DEFAULT
> 
> 
> 
> 
> AuthBy SECOND
> 
> 
> Authby DEFAULT
> 
> 
>
> OR
>
> 
> Identifier FIRST
> 
> 
> Identifier SECOND
> 
> 
> Identifier DEFAULT
> 
>
> 
> AuthBy FIRST
> 
> 
> AuthBy SECOND
> 
> 
> AuthBy SECOND
> 
> 
> AuthBy DEFAULT
> 


Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) AuthByPolicy question

2001-10-01 Thread Hugh Irvine 


Hello Toni -

You have discovered the reason for the existence of the AuthBy GROUP clause.

Ie. you cannot change an AuthByPolicy part way through a list of AuthBy 
clauses, so you need different lists.

So here is what to do:


Identifier  Auth-SQL
...
AccountingTable



Identifier  Acct-SQL
...
AuthSelect



Identifier  Auth-File
...



Identifier Auth-Group
AuthByPolicy ContinueUntilAccept
AuthBy Auth-Sql
AuthBy Auth-File



...
AuthByPolicyContinueAlways
AuthBy  Acct-SQL
AuthBy  Auth-Group



hth

Hugh


On Monday 01 October 2001 19:11, Toni Riekkinen wrote:
> I have the following situation:
>
> 
> Identifier  Auth-SQL
> ...
> AccountingTable
> 
>
> 
> Identifier  Acct-SQL
> ...
> AuthSelect
> 
>
> 
> Identifier  Auth-File
> ...
> 
>
> 
> ...
> AuthByPolicyContinueAlways
> AuthBy  Acct-SQL
> AuthBy  Auth-SQL
> #AuthBy  Auth-File
> 
>
>
> I'd like to improve this Realm with a flat file authentication. So that
> _IF_ connection to Auth-SQL database fails (I have different database in
> auth and acct), we would fall back to a flat file as our last change. I
> can't use ContinueAlways anymore, right?
>
> I tried for example ContinueUntilReject, because thought it would have been
> the solution (though that if we can't connect into database, it would
> continue to file), but for some reason it don't seem to work. What
> AuthByPolicy method should I use?
>
>
> ++Toni
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) PreClientHook

2001-10-01 Thread Hugh Irvine 


Hello Michael -

I don't think that a PreClientHook is the right way to go about this.

If you are going to keep the number matrix in a database, it is probably 
easiest to just use two AuthBy SQL clauses - the first one to check the 
numbers and the second one to check the users.

hth

Hugh


On Monday 01 October 2001 21:42, Michael wrote:
> Hi all,
>
> I am trying to work out how to use the PreClientHook to check that the
> customer
> is dialling the correct number, the idea being to prevent them accidentally
> dialling
> the wrong number and incurring hefty call charges.
>
> here is what I am thinking of (I know bugger all about Perl).
>
>
> #Perl Script
> my $dialled = ${$_[0]}->get_attr(`Called-Station-Id');
> my $callfrom = ${$_[0]}->get_attr(`Calling-Station-Id');
> #Compare numbers to list and allow or deny logon
>
> The way I was thinking to do this would be to have a file that is named as
> the dial
> up number for the region.
> So we would have a buch of files named the number the customer should
> call. So the script could simply go and check in a file called $dialled for
> a
> partial number $callfrom (first 4 digits) if it is not there deny logon and
> log it. This
> should make it easy to add more dial up locations later. If we go into a
> new area
> we simply need more files named for $dialled.
>
> Would this work? What does the script need to return to prevent or allow
> logon?
>
> Michael
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Check callingstationid

2001-10-01 Thread Hugh Irvine 


Hello Anton -

This should be quite easy to do with an AuthBy PORTLIMITCHECK clause 
(together with a SessionDatabase SQL).

Have a look at section 6.41 in the Radiator 2.18.4 reference manual.

regards

Hugh


On Tuesday 02 October 2001 03:55, Anton Krall wrote:

> > Guys.
>
> I just enabled a service where some users can dial into a certain
> telephone number thats dedicated only to them...
>
> So user [EMAIL PROTECTED] can dial into phone 555- but only that user
> should be able to dial into that number, everybody else thats tries to
> log into that number should be disconnected..
>
> How can I do this?? checking for calledstationid or something?
>
> Thx as usual for the help.
>
> Saludos
>
> Anton Krall
> Director de Tecnología
> Inter.net México / Panamá
>
> ' 5241-7609 Directo
> ' 5241-7600 Conmutador
> ' 0445-105-5160 Mobile
> * [EMAIL PROTECTED]
> * http://www.mx.inter.net 
>
> Outside Mexico:
> Office: (525)241-7609
> PBX: (525)241-7600
> Mobile: (525)105-5160


Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) PORTLIMITCHECK problem

2001-10-01 Thread Kevin McKee 

When I try to implement PORTLIMITCHECK (see following handler), I get
lots of people authorized with the 'Called-Station-ID' value replacing
their Username in the Session Database.  Removing the AuthBy
PORTLIMITCHECK seems to resolve the problem.  I'm running 2.17.1.  But,
I really need to get PORTLIMITCHECK working.  Any suggestions.

Thanks,

-Kevin McKee-
Network Manager
Northwest Telephone, Inc.



AcctLogFileName %L/%Y%m%d-GN-detail
SessionDatabase gnDB
RejectHasReason

   CountQuery SELECT COUNT(*) FROM RADONLINE WHERE
CALLEDID='%{Called-Station-Id}'
   SessionLimit 10
   

Host xxx.xxx.198.100
Secret xx
AuthPort 1645
AcctPort 1646
StripFromRequest NAS-Port-Id,NAS-Port-Type





===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) prerequisite Digest::MD5 2.12 not found

2001-10-01 Thread Alireza Veiseh 
Title: Message



I just downloaded 
the evaluation version of RADIATOR  version 2.18 and followed the 
installation on Win2K. When I perform "perl Makefile.PL" in  radiator 
directory, i get the following warning message:
 
Warning: 
prerequisite Digest::MD5 2.12 not found at E:/Perl/lib/ExtUtils/MakeMaker.pm 
line 343.
 
I downloaded and 
installed the Digest::MD5 package using the PPM, but still get the same 
error?
 
Anybody had this 
problem before?
 
Alireza

(RADIATOR) Check callingstationid

2001-10-01 Thread Anton Krall 
Title: Message



Guys.
 
I just enabled a 
service where some users can dial into a certain telephone number thats 
dedicated only to them... 
 
So user [EMAIL PROTECTED] can dial into phone 555- 
but only that user should be able to dial into that number, everybody else thats 
tries to log into that number should be disconnected..
 
How can I do this?? 
checking for calledstationid or something?
 
Thx as usual for the 
help.
 

Saludos
 
Anton KrallDirector de 
TecnologíaInter.net México / Panamá
 
' 5241-7609 
Directo 
' 5241-7600 
Conmutador
' 0445-105-5160 
Mobile
* 
[EMAIL PROTECTED]
þ 
http://www.mx.inter.net
 
Outside 
Mexico:Office: (525)241-7609PBX: (525)241-7600Mobile: 
(525)105-5160
 

(RADIATOR) Radiator NAT problem

2001-10-01 Thread PANAGOPOULOU,GEORGIA (HP-Greece,ex1) 

Hello all,

Here is a problem we encounter with our firewall configuration:

Radiator server (outside firewall) talking to Radiator server (inside
firewall)(version 2.18)
The Radiator server outside the firewall changes it's source port every
minute or so. Multiple different requests are sent to the other Radiator
server on the same source port. The first request is NATed correctly, the
subsequent requests are not. Once the Radiator server outside the firewall
changes it's source port again, that first request is also NATed
successfully, the rest are not.

How can we change Radiator to use a new source port for each request that it
proxies?

Note that we are using Checkpoint FW-1 firewall.

Looking forward for an answer from one of you ...

Best regards,
Georgia Panagopoulou
Hewlett Packard Greece
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) DNIS Group, Emerald Platypus Config

2001-10-01 Thread Leigh Spiegel 

Hello,

I've just been trying out the DNIS Group feature.  If no DNIS group is set
to an account type profile access is rejected.  Is there any way to change
this, I want to honourDNIS on certain accounts however allow other account
types to get in no matter what DNIS number.

Or is there an DNIS group number radiator will accept as any number eg: "*"
one would assume if no group was assigned to an account it would accept any
DNIS.

Regards,

Leigh Spiegel
Director
WinShop Internet Pty Ltd
CCNA, B Multimedia
[EMAIL PROTECTED]
PH: 1300 137 772

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Efficiency

2001-10-01 Thread Jaime Elizaga Jr. 



Hello everyone, 
 
I just need some inputs on which config would 
provide a more efficient running radiator at high loads.
 
Thanks,
 
Jaime
 
CONFIG 1:
 

    Identifier 
FIRST
    



    Identifier 
SECOND



    Identifier 
DEFAULT
   
 

    
    
AuthBy FIRST
    

    
        AuthBy 
SECOND
    

    

        Authby 
DEFAULT
    




        AuthBy 
SECOND
    

    

        Authby 
DEFAULT
    


 
OR
 


    Identifier 
FIRST
    



    Identifier 
SECOND



    Identifier 
DEFAULT

 

    AuthBy 
FIRST



    AuthBy 
SECOND



    AuthBy 
SECOND



    AuthBy 
DEFAULT



 

(RADIATOR) PreClientHook

2001-10-01 Thread Michael 

Hi all,

I am trying to work out how to use the PreClientHook to check that the
customer
is dialling the correct number, the idea being to prevent them accidentally
dialling
the wrong number and incurring hefty call charges.

here is what I am thinking of (I know bugger all about Perl).


#Perl Script
my $dialled = ${$_[0]}->get_attr(`Called-Station-Id');
my $callfrom = ${$_[0]}->get_attr(`Calling-Station-Id');
#Compare numbers to list and allow or deny logon

The way I was thinking to do this would be to have a file that is named as
the dial
up number for the region.
So we would have a buch of files named the number the customer should
call. So the script could simply go and check in a file called $dialled for
a
partial number $callfrom (first 4 digits) if it is not there deny logon and
log it. This
should make it easy to add more dial up locations later. If we go into a new
area
we simply need more files named for $dialled.

Would this work? What does the script need to return to prevent or allow
logon?

Michael



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Unix Passwords

2001-10-01 Thread Hugh Irvine 


Hello Ricky -

I don't quite understand your question, sorry.

If you want to use the shadow file, you can either use an AuthBy UNIX clause 
and point it at the shadow file directly, or you can use an AuthBy SYSTEM 
(possibly with the UseGetspnamf parameter).

Have a look at sections 6.25 and 6.36 in the Radiator 2.18.4 reference manual.

regards

Hugh


On Monday 01 October 2001 17:18, Ricky Chilcott wrote:

> > Hugh,
>
> As we are migrating from Merit and we have our shadow file using Unix crypt
> instead of MD5 because Merit is can not use MD5.
>
> I have read all of the archive messages and the reference book relating to
> using Unix Crypt passwords and I still am not sure how to use the
> Encryped-Password check with a shadow file.
>
> As far as I can see I can put an entry in the users file for each user
> using the User-Password or Encryped-Password check and a prefix of {crypt}
> then the encrypted password. But I can't see how I can make it work for a
> DEFAULT user entry and get the corresponding users encrypted password from
> a shadow file.
>
> Thanks
>
> Rick


Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) AuthByPolicy question

2001-10-01 Thread Toni Riekkinen 

I have the following situation:


Identifier  Auth-SQL
...
AccountingTable



Identifier  Acct-SQL
...
AuthSelect



Identifier  Auth-File
...



...
AuthByPolicyContinueAlways
AuthBy  Acct-SQL
AuthBy  Auth-SQL
#AuthBy  Auth-File



I'd like to improve this Realm with a flat file authentication. So that _IF_
connection to Auth-SQL database fails (I have different database in auth and
acct), we would fall back to a flat file as our last change. I can't use
ContinueAlways anymore, right?

I tried for example ContinueUntilReject, because thought it would have been
the solution (though that if we can't connect into database, it would
continue to file), but for some reason it don't seem to work. What
AuthByPolicy method should I use?


++Toni

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) radiator agains Radiator-2.16.1

2001-10-01 Thread Hugh Irvine 


Hello Christian -

Radiator simply records whatever was sent in the radius accounting packets.

Have a look at a trace 4 debug (or even a trace 5 hex dump) to see what 
Radiator receives (you can also look at a tcpdump to see what is on the wire).

regards

Hugh

On Monday 01 October 2001 17:38, Christian Steger wrote:
> hello there,
>
> first of all, thanks for reading this mail.
>
> i use here on a testingplatform an cisco7200, configured with
> radius authentication and dialin per isdn.
>
> it appeared to me that the accounting packages does not equial that
> packets i have counted per snmp and a networkmonitor independend.
>
> so the stupid question, could that be a radiator specific problem ?
>
> thanks
>
> chris
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Unix Passwords

2001-10-01 Thread Ricky Chilcott 




Hugh,
 
As we are migrating from Merit and we have our 
shadow file using Unix crypt instead of MD5 because Merit is can not 
use MD5.
 
I have read all of the archive messages and the 
reference book relating to using Unix Crypt passwords and I still am not sure 
how to use the Encryped-Password check with a shadow file.
 
As far as I can see I can put an entry in the users 
file for each user using the User-Password or Encryped-Password check and a 
prefix of {crypt} then the encrypted password. But I can't see how I can 
make it work for a DEFAULT user entry and get the corresponding users 
encrypted password from a shadow file.
 
Thanks
 
Rick

(RADIATOR) radiator agains Radiator-2.16.1

2001-10-01 Thread Christian Steger 


hello there,

first of all, thanks for reading this mail.

i use here on a testingplatform an cisco7200, configured with
radius authentication and dialin per isdn.

it appeared to me that the accounting packages does not equial that
packets i have counted per snmp and a networkmonitor independend.

so the stupid question, could that be a radiator specific problem ?

thanks

chris



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.