Re: (RADIATOR) 2 servers running radiator
Hi .. Well So far I only have the 2 radius server share the users file and the UNIX authentication DataBase.. I just try to implement SessionDataBase DBM in my accounting Server and it crash ..I never was to dip to fine why the server crash after 3 hour working .. I just read the session 6.8 of Radiator Documentation .. I thing ... I really do not know so far ... that the problems is that the primary Authentication Server Do not know nothing about accounting (start , stop records) and do not know if the user is online or not ... Thank you in advance.. Ivan Hello Ivan - The only way to do this is with a shared SQL session database so both instances of Radiator can share the same view of who is online. The best way to implement such a scheme is with a separate SQL database machine that is used for the user database, the accounting database and the session database. hth Hugh On Friday 12 October 2001 01:30, Ivan Arias wrote: Hello everyone I have a problems I have 2 radiator radius server running in to different servers (both running solaris 2.6 intel platform ) Radius (A) is primary authentication server for all my NAS client and Radius (B) is primary accounting server and secondary authentication server for all my NAS. I am using snmpget to check Simultaneous-Use It is not working properly.. Because still user with this restriction (Simultaneous-Use =1)can connect to the system more than one time .. Any ideas === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. http://netwinsite.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Proxy pbs
Hello, I'm trying to set up a proxy that would be able to forward accounting to a different server. So I tried something like this (described in the reference manual) : Realm DEFAULT AuthByPolicy ContinueAlways AuthBy RADIUS Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Host 172.29.xx.xx Secretxxx /Host Host 172.29.xx.yy Secretxx /Host /AuthBy AuthBy RADIUS Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy /AuthBy /Realm The problem is that authentication is always accepted ... So I tried with "IgnoreAuth..." and "IgnoreAcct..." but it doesn't seem to work. What's the way to properly configure this proxy ? Thanx Romain VERGNIOL CEGEDIMService Réseau BoulogneFax : 33 01 46 03 45 95Tel : 33 01 49 09 84 02 [EMAIL PROTECTED]
Re: (RADIATOR) Proxy pbs
Romain: If youlikewait the reply and then to respond to the NAS. You would have to see the 6.29.17 item Synchronous Gustavo Moreira. - Original Message - From: Romain Vergniol To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Friday, October 12, 2001 12:23 PM Subject: (RADIATOR) Proxy pbs Hello, I'm trying to set up a proxy that would be able to forward accounting to a different server. So I tried something like this (described in the reference manual) : Realm DEFAULT AuthByPolicy ContinueAlways AuthBy RADIUS Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Host 172.29.xx.xx Secretxxx /Host Host 172.29.xx.yy Secretxx /Host /AuthBy AuthBy RADIUS Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy /AuthBy /Realm The problem is that authentication is always accepted ... So I tried with "IgnoreAuth..." and "IgnoreAcct..." but it doesn't seem to work. What's the way to properly configure this proxy ? Thanx Romain VERGNIOL CEGEDIMService Réseau BoulogneFax : 33 01 46 03 45 95Tel : 33 01 49 09 84 02 [EMAIL PROTECTED]
(RADIATOR) Can't set certain attributes from PostAuthHook
Hi, I'm looking into switching from radius to Radiator, but I've run into a problem with not being able to set certain attributes from a PostAuthHook. I have a really simple setup, or so I thought, so there isn't really much that can go wrong but it just won't work nevertheless. In the PostAuthHook I do this, after successfully authenticating the user: # Service-Type = Framed-User $reply-addAttrByNum( $Radius::Radius::SERVICE_TYPE, 2); # Framed-Protocol = PPP $reply-addAttrByNum( $Radius::Radius::FRAMED_PROTOCOL, PPP); (...) (framed_ip_address and framed_ip_netmask here) (...) # Framed-Routing = None $reply-addAttrByNum( $Radius::Radius::FRAMED_ROUTING, 'None'); # Framed-Compression = Van-Jacobson-TCP-IP $reply-addAttrByNum( $Radius::Radius::FRAMED_COMPRESSION, 'Van-Jacobson-TCP-IP'); # Framed-MTU = 1500 $reply-addAttrByNum( $Radius::Radius::FRAMED_MTU, '1500'); Service-type, protocol, ip_address and netmask are set just fine but routing, compression and mtu are ignored. That doesn't really surprise me, seeing how they aren't defined in Radius.pm, but I can't set these attributes by any other means either! I've tried putting AddToReply / AddToReplyIfNotExist / DefaultReply Framed-Routing=None, Framed-Compression=Van-Jacobson-TCP-IP ... various places in my configuration file without any noticable effect. Just using one of the Reply options in the configuration file, and removing the attributes from my hook, this is what Radiator logged (trace level 4): Attributes: Service-Type = 2 Framed-Protocol = PPP Framed-IP-Address = 10.47.11.1 Framed-IP-Netmask = 255.255.255.255 If I set the attributes in my hook, as mentioned above, I get this: Fri Oct 12 22:20:54 2001: ERR: Attribute number (vendor ) is not defined in your dictionary Fri Oct 12 22:20:54 2001: ERR: Attribute number (vendor ) is not defined in your dictionary Fri Oct 12 22:20:54 2001: ERR: Attribute number (vendor ) is not defined in your dictionary Fri Oct 12 22:20:54 2001: DEBUG: Access accepted for test32 Fri Oct 12 22:20:54 2001: WARNING: No such attribute Unknown Fri Oct 12 22:20:54 2001: WARNING: No such attribute Unknown Fri Oct 12 22:20:54 2001: WARNING: No such attribute Unknown (...) Attributes: Service-Type = 2 Framed-Protocol = PPP Framed-IP-Address = 10.47.11.1 Framed-IP-Netmask = 255.255.255.255 Unknown = None Unknown = Van-Jacobson-TCP-IP Unknown = 1500 I haven't connected Radiator with a NAS yet, so the above has been generated with a radiust test program. That shouldn't make any difference, though, because radius replies correctly when testing with this program. Relevant bits from my configuration: Radiator version: 2.18.4 Dial in equippment: Cisco radiator.cfg: DbDir /usr/local/etc/radiator/ (Which only contains a dictionary file since an sql database is used for customer information.) Client DEFAULT Secret xxx DupInterval 0 /Client AuthBy SQL NoDefault Identifier db_users DBSourcedbi:mysql:database=users;host=xxx DBUsername xxx DBAuth xxx AddToReply Framed-Routing = None, \ Framed-Compression = Van-Jacobson-TCP-IP, \ Framed-MTU = 1500 /AuthBy Handler Request-Type=Access-Request PostAuthHook file:/usr/local/etc/radiator/auth.hook AuthLog myauthlogger /Handler It's been a rather long day at work, so I might have overlooked something obvious. Pointers to documentation I should read, or things I should test are welcome. :-) Thanks in advance, Jo -- When asked if that's you, pretend it isn't you and see what happens. -- Winnie the Pooh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Salut Romain - The correct answer to your question is to reverse the order of your AuthBy RADIUS clauses so the result of the last AuthBy is the result of the authentication. # define accounting before authentication Realm DEFAULT AuthByPolicy ContinueAlways AuthBy RADIUS Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy /AuthBy AuthBy RADIUS Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Host 172.29.xx.xx Secret xxx /Host Host 172.29.xx.yy Secret xx /Host /AuthBy /Realm hth Hugh PS - you really should not use Synchronous with an AuthBy RADIUS, as the impact on performance can be extreme. On Saturday 13 October 2001 04:35, Gustavo Moreira wrote: Romain: If you like wait the reply and then to respond to the NAS. You would have to see the 6.29.17 item Synchronous Gustavo Moreira. - Original Message - From: Romain Vergniol To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Friday, October 12, 2001 12:23 PM Subject: (RADIATOR) Proxy pbs Hello, I'm trying to set up a proxy that would be able to forward accounting to a different server. So I tried something like this (described in the reference manual) : Realm DEFAULT AuthByPolicy ContinueAlways AuthBy RADIUS Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Host 172.29.xx.xx Secret xxx /Host Host 172.29.xx.yy Secret xx /Host /AuthBy AuthBy RADIUS Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy /AuthBy /Realm The problem is that authentication is always accepted ... So I tried with IgnoreAuth... and IgnoreAcct... but it doesn't seem to work. What's the way to properly configure this proxy ? Thanx Romain VERGNIOL CEGEDIM Service Réseau Boulogne Fax : 33 01 46 03 45 95 Tel : 33 01 49 09 84 02 [EMAIL PROTECTED] Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1 Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Can't set certain attributes from PostAuthHook
Hello Jo - You really don't need a PostAuthHook to do this, just an AddToReply. Of course you also need to reference the AuthBy clause in the Handler. # define AuthBy clause AuthBy SQL NoDefault Identifier db_users DBSourcedbi:mysql:database=users;host=xxx DBUsername xxx DBAuth xxx AddToReply Framed-Routing = None, \ Framed-Compression = Van-Jacobson-TCP-IP, \ Framed-MTU = 1500 /AuthBy # define Handler (don't forget to reference the AuthBy clause) Handler Request-Type=Access-Request AuthBy db_users AuthLog myauthlogger /Handler For suggested reading I always recommend the RFC's and the reference manual included in the doc directory of the distribution. hth Hugh On Saturday 13 October 2001 08:06, [EMAIL PROTECTED] wrote: Hi, I'm looking into switching from radius to Radiator, but I've run into a problem with not being able to set certain attributes from a PostAuthHook. I have a really simple setup, or so I thought, so there isn't really much that can go wrong but it just won't work nevertheless. In the PostAuthHook I do this, after successfully authenticating the user: # Service-Type = Framed-User $reply-addAttrByNum( $Radius::Radius::SERVICE_TYPE, 2); # Framed-Protocol = PPP $reply-addAttrByNum( $Radius::Radius::FRAMED_PROTOCOL, PPP); (...) (framed_ip_address and framed_ip_netmask here) (...) # Framed-Routing = None $reply-addAttrByNum( $Radius::Radius::FRAMED_ROUTING, 'None'); # Framed-Compression = Van-Jacobson-TCP-IP $reply-addAttrByNum( $Radius::Radius::FRAMED_COMPRESSION, 'Van-Jacobson-TCP-IP'); # Framed-MTU = 1500 $reply-addAttrByNum( $Radius::Radius::FRAMED_MTU, '1500'); Service-type, protocol, ip_address and netmask are set just fine but routing, compression and mtu are ignored. That doesn't really surprise me, seeing how they aren't defined in Radius.pm, but I can't set these attributes by any other means either! I've tried putting AddToReply / AddToReplyIfNotExist / DefaultReply Framed-Routing=None, Framed-Compression=Van-Jacobson-TCP-IP ... various places in my configuration file without any noticable effect. Just using one of the Reply options in the configuration file, and removing the attributes from my hook, this is what Radiator logged (trace level 4): Attributes: Service-Type = 2 Framed-Protocol = PPP Framed-IP-Address = 10.47.11.1 Framed-IP-Netmask = 255.255.255.255 If I set the attributes in my hook, as mentioned above, I get this: Fri Oct 12 22:20:54 2001: ERR: Attribute number (vendor ) is not defined in your dictionary Fri Oct 12 22:20:54 2001: ERR: Attribute number (vendor ) is not defined in your dictionary Fri Oct 12 22:20:54 2001: ERR: Attribute number (vendor ) is not defined in your dictionary Fri Oct 12 22:20:54 2001: DEBUG: Access accepted for test32 Fri Oct 12 22:20:54 2001: WARNING: No such attribute Unknown Fri Oct 12 22:20:54 2001: WARNING: No such attribute Unknown Fri Oct 12 22:20:54 2001: WARNING: No such attribute Unknown (...) Attributes: Service-Type = 2 Framed-Protocol = PPP Framed-IP-Address = 10.47.11.1 Framed-IP-Netmask = 255.255.255.255 Unknown = None Unknown = Van-Jacobson-TCP-IP Unknown = 1500 I haven't connected Radiator with a NAS yet, so the above has been generated with a radiust test program. That shouldn't make any difference, though, because radius replies correctly when testing with this program. Relevant bits from my configuration: Radiator version: 2.18.4 Dial in equippment: Cisco radiator.cfg: DbDir /usr/local/etc/radiator/ (Which only contains a dictionary file since an sql database is used for customer information.) Client DEFAULT Secret xxx DupInterval 0 /Client AuthBy SQL NoDefault Identifier db_users DBSourcedbi:mysql:database=users;host=xxx DBUsername xxx DBAuth xxx AddToReplyFramed-Routing = None, \ Framed-Compression = Van-Jacobson-TCP-IP, \ Framed-MTU = 1500 /AuthBy Handler Request-Type=Access-Request PostAuthHook file:/usr/local/etc/radiator/auth.hook AuthLog myauthlogger /Handler It's been a rather long day at work, so I might have overlooked something obvious. Pointers to documentation I should read, or things I should test are welcome. :-) Thanks in advance, Jo -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at
