Re: (RADIATOR) Proxy pbs
Salut Hugh, thank you for your help, the proxy works fine now. But is this normal that the proxy sends an empty acounting-response packet before the real one ? Is there a way to avoid this ? Romain VERGNIOL CEGEDIM Service Réseau Boulogne Fax : +33 01 46 03 45 95 Tel : +33 01 49 09 84 02 [EMAIL PROTECTED] - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Gustavo Moreira [EMAIL PROTECTED]; Romain Vergniol [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 13, 2001 5:23 AM Subject: Re: (RADIATOR) Proxy pbs Salut Romain - The correct answer to your question is to reverse the order of your AuthBy RADIUS clauses so the result of the last AuthBy is the result of the authentication. # define accounting before authentication Realm DEFAULT AuthByPolicy ContinueAlways AuthBy RADIUS Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy /AuthBy AuthBy RADIUS Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Host 172.29.xx.xx Secret xxx /Host Host 172.29.xx.yy Secret xx /Host /AuthBy /Realm hth Hugh PS - you really should not use Synchronous with an AuthBy RADIUS, as the impact on performance can be extreme. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Salut Romain - On Monday 15 October 2001 20:15, Romain Vergniol wrote: Salut Hugh, thank you for your help, the proxy works fine now. But is this normal that the proxy sends an empty acounting-response packet before the real one ? Is there a way to avoid this ? I am not sure I understand your question. In the case you describe, you are sending the same accounting record to two different target radius hosts. In this situation, which one is the real one? If you have a different requirement, I am sure we can come up with a suitable configuration for you. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Sorry, my last message wasn't clear... In fact, the proxy replies twice to the NAS, the first accounting-response packet is empty, the other contains the appropriate attributes. Ex (with tcpdump listening trafic only between the proxy and the NAS): 172.29.xx.xx = NAS 172.29.yy.yy = Proxy 172.29.xx.xx.1028 172.29.yy.yy.1646: rad-account-req 97 [id 236] Attr[ NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40} Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.} Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137} ] 172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 20 [id 236] 172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 109 [id 236] Attr[ NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40} Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649} Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137} NAS_id{172.29.xx.xx} ] Is there a way to avoid sending the first reply (rad-account-resp 20) ? Regards Romain VERGNIOL CEGEDIM Service Réseau Boulogne Fax : +33 01 46 03 45 95 Tel : +33 01 49 09 84 02 [EMAIL PROTECTED] I am not sure I understand your question. In the case you describe, you are sending the same accounting record to two different target radius hosts. In this situation, which one is the real one? If you have a different requirement, I am sure we can come up with a suitable configuration for you. regards Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Reply Attribute
Hi all, I've some different types of users, the difference between the types of users is into the replay attributes. In this moment I've configured different AuthBy RADMIN one for every types of users, the only differences are the replay attributes. The problem is that in this way I've got a large and extended file radius.cfg. Is there way to reduce the configuration files ? For example : AuthBy RADMIN Identifier Default DBSourcedbi:mysql:radmin:localhost DBUsername radius DBAuth radiator AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CLIENTE,RADUSERS.CLIENTE AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE AcctSQLStatement update RADUSERS set \ TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \ OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \ OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' AddToReply Service-Type=2, \ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy AuthBy RADMIN Identifier Callback DBSourcedbi:mysql:radmin:localhost DBUsername radius DBAuth radiator AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CLIENTE,RADUSERS.CLIENTE AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE AcctSQLStatement update RADUSERS set \ TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \ OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \ OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' AddToReply Service-Type=2,\ cisco-avpair = lcp:callback-dialstring=,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy the AcctColumnDef row are duplicate in both types of users, the best solution should be that the AcctColumnDef is put once int the file, but I don't know if it is possible and how. Regards Gionata Lamia Networking Services/Systems Integrations T-Systems Italia - debis IT Services Italia S.p.A. Strada 2 Palazzo D 20090 - Assago - MI Phone: +39 02 89248240 Fax: +39 02 89248231 Mobile: +39 348 4521210 e-mail: [EMAIL PROTECTED] Internet: http://www.T-Systems.it Gionata Lamia Networking Services/Systems Integrations T-Systems Italia - debis IT Services Italia S.p.A. Strada 2 Palazzo D 20090 - Assago - MI Phone: +39 02 89248240 Fax: +39 02 89248231 Mobile: +39 348 4521210 e-mail: [EMAIL PROTECTED] Internet: http://www.T-Systems.it === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator install issue (plus Radmin)
Greetings; Getting ready to upgrade from an old version of Radiator to the latest. Set the new version up on a different set of servers so we can do a clean cutover. Our environment is AuthbyRADMIN using one server for the Radmin website, a second server for Radiator, and a third server for MySQL. 1) Upon installing Radiator on a fresh FreeBSD 4.4 machine, we got a message similar to the following... Differing version of ./hostname.pl you may want to rm /usr/libdata/perl/5.00503/hostname.pl a make install UNIST=1 will unlink this for you What exactly does this mean, and what is the suggested course of action? 2) The install program for Radmin appears to still assume that your webserver machine is on the same machine as Radiator (not a great assumption, IMHO). Exactly what pieces of Radmin need to be hand copied over to the Radiator machine from the webserver, and what is the procedure for this? Thanks in advance! Jay West === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Precisions about my last post : 172.29.xx.xx.1028 172.29.yy.yy.1646: rad-account-req 97 [id 236] Attr[ NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40} Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.} Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137} ] 172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 20 [id 236] This packet is generated by the proxy 172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 109 [id 236] Attr[ NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40} Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649} Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137} NAS_id{172.29.xx.xx} ] This packet is the response generated by the Radius server (and forwarded to the NAS). Is there a way to avoid sending the first reply (rad-account-resp 20) ? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Email only access
Does anyone know how I can limit a dial-up account to email only access? I'm using USR HyperARC chassis if that helps... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Email only access
I'm assuming that this is a problem for you because you share your UNIX password files between your RADIUS server and your e-mail server. That being the case, here's how I handled it before I switched to SQL authentication for RADIUS. I set usernames that are e-mail only to be in a different UNIX group. I then used the group as a RADIUS check item (which Radiator can do quite easily). Unfortunately I don't have a sample configuration since I no longer do this. It's pretty straight-forward, however. John Does anyone know how I can limit a dial-up account to email only access? I'm using USR HyperARC chassis if that helps... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authby policy question.
Here is my config for the authentication for the 'free modem services' at my university. (see below) I have a table that I'm creating through AuthbySQL that calculates the session times and then when users cross over their timelimit, are inserted into my 'overtime' table in SQL with a bogus password. I was assuming that if someone didn't have an entry in the database that Authby SQL would return an ignore, not a reject. This is not the case and this has fowled up my authentication scheme. I was going to have the users over their time rejected by that first AuthBy (why I insert a bogus password), then the other users authenticated properly with the other authby's using a AuthByPolicy ContinueWhileIgnore. Like I said, it's not working because AuthBy SQL is rejecting people not in the database. Is there anyone who has done anything similar to this? I just want to pick people off with the first one, and if they are not found, keep looking. If they had a bad password, then stop looking. Seems simple enough :-) Any ideas? -Josh (config attached below) Handler #Free modems AuthByPolicy ContinueUntilAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ AuthBy SQL Identifier FreeModemService_OVERTIME DBSourcedbi:mysql:modems DBUsername -- DBAuth -- AuthSelect SELECT pw FROM overtime WHERE login='%n' AuthColumnDef 0, User-Password, check /AuthBy AuthBy FILE Identifier FreeModemService_File Filename /etc/radius/free_users /AuthBy AuthBy LDAP2 Identifier FreeModemService_LDAP Hostdirectory.csuchico.edu AuthDN - AuthPassword- BaseDN o=California State University Chico,c=US UsernameAttruid PasswordAttruserpassword AuthAttrDef modemservicetype, X-User-MST, request PostSearchHook sub {\ my $attr = $_[4]-get_value('modemservicetype');\ if ($attr 1) {\ $_[3]-get_check-add_attr('X-User-MST',\ $attr); \ }\ else { \ $_[3]-get_check-add_attr('X-User-MST',\ 'Denied: wrong modem service type'); \ }\ } /AuthBy /Handler === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Email only access
Hello - What exactly do you mean by email only access? If you want to set filters for a particular connection, you can do that either by allocating IP addresses from different pools that have different filters applied to them (relatively easy), or by sending filter definitions in radius reply attributes (NAS dependent). hth Hugh On Tuesday 16 October 2001 06:29, ListServ wrote: Does anyone know how I can limit a dial-up account to email only access? I'm using USR HyperARC chassis if that helps... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby policy question.
Hello Josh - On Tuesday 16 October 2001 10:06, Ward, Josh wrote: Here is my config for the authentication for the 'free modem services' at my university. (see below) I have a table that I'm creating through AuthbySQL that calculates the session times and then when users cross over their timelimit, are inserted into my 'overtime' table in SQL with a bogus password. I was assuming that if someone didn't have an entry in the database that Authby SQL would return an ignore, not a reject. This is not the case and this has fowled up my authentication scheme. I was going to have the users over their time rejected by that first AuthBy (why I insert a bogus password), then the other users authenticated properly with the other authby's using a AuthByPolicy ContinueWhileIgnore. Like I said, it's not working because AuthBy SQL is rejecting people not in the database. Is there anyone who has done anything similar to this? I just want to pick people off with the first one, and if they are not found, keep looking. If they had a bad password, then stop looking. Seems simple enough :-) Try this: Add an entry into your overtime table like this: DEFAULT with a Null password (which will always accept). Then add a NoDefaultIfFound in the AuthBy SQL clause, and change the AuthByPolicy to ContinueWhileAccept. Handler #Free modems AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ AuthBy SQL Identifier FreeModemService_OVERTIME DBSourcedbi:mysql:modems DBUsername -- DBAuth -- NoDefaultIfFound AuthSelect SELECT pw FROM overtime WHERE login='%n' AuthColumnDef 0, User-Password, check /AuthBy AuthBy FILE Identifier FreeModemService_File Filename /etc/radius/free_users /AuthBy AuthBy LDAP2 Identifier FreeModemService_LDAP Hostdirectory.csuchico.edu AuthDN - AuthPassword- BaseDN o=California State University Chico,c=US UsernameAttruid PasswordAttruserpassword AuthAttrDef modemservicetype, X-User-MST, request PostSearchHook sub {\ my $attr = $_[4]-get_value('modemservicetype');\ if ($attr 1) {\ $_[3]-get_check-add_attr('X-User-MST',\ $attr); \ }\ else { \ $_[3]-get_check-add_attr('X-User-MST',\ 'Denied: wrong modem service type'); \ }\ } /AuthBy /Handler Note that you may also need to use an AuthBy GROUP, as it is not clear from the above what should happen with the AuthBy FILE and the AuthBy LDAP2. If you have any other questions, please ask. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Salut Romain - On Tuesday 16 October 2001 00:12, Romain Vergniol wrote: Precisions about my last post : 172.29.xx.xx.1028 172.29.yy.yy.1646: rad-account-req 97 [id 236] Attr[ NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40} Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.} Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137} ] 172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 20 [id 236] This packet is generated by the proxy Correct. 172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 109 [id 236] Attr[ NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40} Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649} Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137} NAS_id{172.29.xx.xx} ] This packet is the response generated by the Radius server (and forwarded to the NAS). Is there a way to avoid sending the first reply (rad-account-resp 20) ? As mentioned in a previous mail, the answer to this depends on what else you are wanting to do in the Radiator configuration file, so if you can give me a clear description of your requirements I will be able to make some suggestions on how best to implement them. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Attribute
Ciao Gionata - Come va? On Tuesday 16 October 2001 00:11, Gionata Lamia wrote: Hi all, I've some different types of users, the difference between the types of users is into the replay attributes. In this moment I've configured different AuthBy RADMIN one for every types of users, the only differences are the replay attributes. The problem is that in this way I've got a large and extended file radius.cfg. Is there way to reduce the configuration files ? For example : AuthBy RADMIN Identifier Default DBSourcedbi:mysql:radmin:localhost DBUsername radius DBAuth radiator AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CLIENTE,RADUSERS.CLIENTE AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE AcctSQLStatement update RADUSERS set \ TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \ OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \ OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' AddToReply Service-Type=2, \ Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy AuthBy RADMIN Identifier Callback DBSourcedbi:mysql:radmin:localhost DBUsername radius DBAuth radiator AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctColumnDef CLIENTE,RADUSERS.CLIENTE AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE AcctSQLStatement update RADUSERS set \ TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \ OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \ OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' AddToReply Service-Type=2,\ cisco-avpair = lcp:callback-dialstring=,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Protocol = PPP,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP /AuthBy the AcctColumnDef row are duplicate in both types of users, the best solution should be that the AcctColumnDef is put once int the file, but I don't know if it is possible and how. Facile - # define AuthBy RADMIN clause AuthBy RADMIN Identifier CheckRADMIN DBSourcedbi:mysql:radmin:localhost DBUsername radius DBAuth radiator AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef
(RADIATOR) AddToReply
Hi again, When I have set AddToReply with all the attributes that I need everything works fine. But when the same is set to AddToReplyIfNotExist then the user can not surf the wed or even ping any address, am I missing something in the latter way of adding to the reply. best regards === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator install issue (plus Radmin)
Hello Jay, On Tue, 16 Oct 2001 12:47, Hugh Irvine wrote: Hello Jay - I have also copied this mail to Mike for his comments. On Monday 15 October 2001 23:09, Jay West wrote: Greetings; Getting ready to upgrade from an old version of Radiator to the latest. Set the new version up on a different set of servers so we can do a clean cutover. Our environment is AuthbyRADMIN using one server for the Radmin website, a second server for Radiator, and a third server for MySQL. Sounds like a good setup. 1) Upon installing Radiator on a fresh FreeBSD 4.4 machine, we got a message similar to the following... Differing version of ./hostname.pl you may want to rm /usr/libdata/perl/5.00503/hostname.pl a make install UNIST=1 will unlink this for you What exactly does this mean, and what is the suggested course of action? H - this is curious. It looks like your Perl already has a hostname.pl. Mike? I think that you must have upgraded your perl too, and the new perl is seeing some bits of the old perl. Recommend completely removing /usr/lib/perl5 (or whatever and reinstalling perl and perl modules. 2) The install program for Radmin appears to still assume that your webserver machine is on the same machine as Radiator (not a great assumption, IMHO). Exactly what pieces of Radmin need to be hand copied over to the Radiator machine from the webserver, and what is the procedure for this? Nothing needs to be copied over to the Radiator machine. There is already an AuthBy RADMIN module in the Radiator distribution. Note that both Radiator and Radmin will access the database on the MySQL machine. If I haven't understood your question, please let me know. regards Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AddToReply
Hello - On Tuesday 16 October 2001 13:49, Tech wrote: Hi again, When I have set AddToReply with all the attributes that I need everything works fine. But when the same is set to AddToReplyIfNotExist then the user can not surf the wed or even ping any address, am I missing something in the latter way of adding to the reply. As usual, a copy of the configuration file (no secrets) and a trace 4 debug showing what is going on are what I need. Note that an AddToReplyIfNotExist will not let you add multiple identical attributes (like cisco-avpair), because the first one that is added then exists, and the others won't be added by definition. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.