Re: (RADIATOR) Proxy pbs
Salut Hugh, thank you for your help, the proxy works fine now. But is this normal that the proxy sends an empty acounting-response packet before the real one ? Is there a way to avoid this ? Romain VERGNIOL CEGEDIM Service Réseau Boulogne Fax : +33 01 46 03 45 95 Tel : +33 01 49 09 84 02 [EMAIL PROTECTED] - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Gustavo Moreira [EMAIL PROTECTED]; Romain Vergniol [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, October 13, 2001 5:23 AM Subject: Re: (RADIATOR) Proxy pbs Salut Romain - The correct answer to your question is to reverse the order of your AuthBy RADIUS clauses so the result of the last AuthBy is the result of the authentication. # define accounting before authentication Realm DEFAULT AuthByPolicy ContinueAlways AuthBy RADIUS Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy /AuthBy AuthBy RADIUS Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Host 172.29.xx.xx Secret xxx /Host Host 172.29.xx.yy Secret xx /Host /AuthBy /Realm hth Hugh PS - you really should not use Synchronous with an AuthBy RADIUS, as the impact on performance can be extreme. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Salut Romain - On Monday 15 October 2001 20:15, Romain Vergniol wrote: Salut Hugh, thank you for your help, the proxy works fine now. But is this normal that the proxy sends an empty acounting-response packet before the real one ? Is there a way to avoid this ? I am not sure I understand your question. In the case you describe, you are sending the same accounting record to two different target radius hosts. In this situation, which one is the real one? If you have a different requirement, I am sure we can come up with a suitable configuration for you. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Sorry, my last message wasn't clear...
In fact, the proxy replies twice to the NAS, the first accounting-response
packet is empty, the other contains the appropriate attributes.
Ex (with tcpdump listening trafic only between the proxy and the NAS):
172.29.xx.xx = NAS
172.29.yy.yy = Proxy
172.29.xx.xx.1028 172.29.yy.yy.1646: rad-account-req 97 [id 236] Attr[
NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.}
Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137} ]
172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 20 [id 236]
172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 109 [id 236]
Attr[ NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649}
Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137}
NAS_id{172.29.xx.xx} ]
Is there a way to avoid sending the first reply (rad-account-resp 20) ?
Regards
Romain VERGNIOL
CEGEDIM
Service Réseau Boulogne
Fax : +33 01 46 03 45 95
Tel : +33 01 49 09 84 02
[EMAIL PROTECTED]
I am not sure I understand your question.
In the case you describe, you are sending the same accounting record to
two
different target radius hosts. In this situation, which one is the real
one?
If you have a different requirement, I am sure we can come up with a
suitable
configuration for you.
regards
Hugh
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Reply Attribute
Hi all,
I've some different types of users, the difference between the types of users is
into the replay attributes. In this moment I've configured different AuthBy
RADMIN one for every types of users, the only differences are the replay
attributes.
The problem is that in this way I've got a large and extended file radius.cfg.
Is there way to reduce the configuration files ?
For example :
AuthBy RADMIN
Identifier Default
DBSourcedbi:mysql:radmin:localhost
DBUsername radius
DBAuth radiator
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef CLIENTE,RADUSERS.CLIENTE
AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE
AcctSQLStatement update RADUSERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where
USERNAME='%n'
AddToReply Service-Type=2, \
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
/AuthBy
AuthBy RADMIN
Identifier Callback
DBSourcedbi:mysql:radmin:localhost
DBUsername radius
DBAuth radiator
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef CLIENTE,RADUSERS.CLIENTE
AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE
AcctSQLStatement update RADUSERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
AddToReply Service-Type=2,\
cisco-avpair = lcp:callback-dialstring=,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
/AuthBy
the AcctColumnDef row are duplicate in both types of users, the best solution
should be that the AcctColumnDef is put once int the file, but I don't know if
it is
possible and how.
Regards
Gionata Lamia
Networking Services/Systems Integrations
T-Systems Italia - debis IT Services Italia S.p.A.
Strada 2 Palazzo D
20090 - Assago - MI
Phone: +39 02 89248240
Fax: +39 02 89248231
Mobile: +39 348 4521210
e-mail: [EMAIL PROTECTED]
Internet: http://www.T-Systems.it
Gionata Lamia
Networking Services/Systems Integrations
T-Systems Italia - debis IT Services Italia S.p.A.
Strada 2 Palazzo D
20090 - Assago - MI
Phone: +39 02 89248240
Fax: +39 02 89248231
Mobile: +39 348 4521210
e-mail: [EMAIL PROTECTED]
Internet: http://www.T-Systems.it
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator install issue (plus Radmin)
Greetings; Getting ready to upgrade from an old version of Radiator to the latest. Set the new version up on a different set of servers so we can do a clean cutover. Our environment is AuthbyRADMIN using one server for the Radmin website, a second server for Radiator, and a third server for MySQL. 1) Upon installing Radiator on a fresh FreeBSD 4.4 machine, we got a message similar to the following... Differing version of ./hostname.pl you may want to rm /usr/libdata/perl/5.00503/hostname.pl a make install UNIST=1 will unlink this for you What exactly does this mean, and what is the suggested course of action? 2) The install program for Radmin appears to still assume that your webserver machine is on the same machine as Radiator (not a great assumption, IMHO). Exactly what pieces of Radmin need to be hand copied over to the Radiator machine from the webserver, and what is the procedure for this? Thanks in advance! Jay West === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Precisions about my last post :
172.29.xx.xx.1028 172.29.yy.yy.1646: rad-account-req 97 [id 236] Attr[
NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.}
Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137} ]
172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 20 [id 236]
This packet is generated by the proxy
172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 109 [id 236]
Attr[ NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649}
Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137}
NAS_id{172.29.xx.xx} ]
This packet is the response generated by the Radius server (and forwarded to
the NAS).
Is there a way to avoid sending the first reply (rad-account-resp 20) ?
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Email only access
Does anyone know how I can limit a dial-up account to email only access? I'm using USR HyperARC chassis if that helps... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Email only access
I'm assuming that this is a problem for you because you share your UNIX password files between your RADIUS server and your e-mail server. That being the case, here's how I handled it before I switched to SQL authentication for RADIUS. I set usernames that are e-mail only to be in a different UNIX group. I then used the group as a RADIUS check item (which Radiator can do quite easily). Unfortunately I don't have a sample configuration since I no longer do this. It's pretty straight-forward, however. John Does anyone know how I can limit a dial-up account to email only access? I'm using USR HyperARC chassis if that helps... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authby policy question.
Here is my config for the authentication for the 'free modem services' at my
university. (see below)
I have a table that I'm creating through AuthbySQL that calculates the
session times and then when users cross over their timelimit, are inserted
into my 'overtime' table in SQL with a bogus password. I was assuming that
if someone didn't have an entry in the database that Authby SQL would return
an ignore, not a reject. This is not the case and this has fowled up my
authentication scheme. I was going to have the users over their time
rejected by that first AuthBy (why I insert a bogus password), then the
other users authenticated properly with the other authby's using a
AuthByPolicy ContinueWhileIgnore. Like I said, it's not working because
AuthBy SQL is rejecting people not in the database.
Is there anyone who has done anything similar to this?
I just want to pick people off with the first one, and if they are not
found, keep looking. If they had a bad password, then stop looking. Seems
simple enough :-)
Any ideas?
-Josh
(config attached below)
Handler #Free modems
AuthByPolicy ContinueUntilAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
AuthBy SQL
Identifier FreeModemService_OVERTIME
DBSourcedbi:mysql:modems
DBUsername --
DBAuth --
AuthSelect SELECT pw FROM overtime WHERE login='%n'
AuthColumnDef 0, User-Password, check
/AuthBy
AuthBy FILE
Identifier FreeModemService_File
Filename /etc/radius/free_users
/AuthBy
AuthBy LDAP2
Identifier FreeModemService_LDAP
Hostdirectory.csuchico.edu
AuthDN -
AuthPassword-
BaseDN o=California State University Chico,c=US
UsernameAttruid
PasswordAttruserpassword
AuthAttrDef modemservicetype, X-User-MST, request
PostSearchHook sub {\
my $attr = $_[4]-get_value('modemservicetype');\
if ($attr 1) {\
$_[3]-get_check-add_attr('X-User-MST',\
$attr); \
}\
else { \
$_[3]-get_check-add_attr('X-User-MST',\
'Denied: wrong modem service type'); \
}\
}
/AuthBy
/Handler
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Email only access
Hello - What exactly do you mean by email only access? If you want to set filters for a particular connection, you can do that either by allocating IP addresses from different pools that have different filters applied to them (relatively easy), or by sending filter definitions in radius reply attributes (NAS dependent). hth Hugh On Tuesday 16 October 2001 06:29, ListServ wrote: Does anyone know how I can limit a dial-up account to email only access? I'm using USR HyperARC chassis if that helps... === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby policy question.
Hello Josh -
On Tuesday 16 October 2001 10:06, Ward, Josh wrote:
Here is my config for the authentication for the 'free modem services' at
my university. (see below)
I have a table that I'm creating through AuthbySQL that calculates the
session times and then when users cross over their timelimit, are inserted
into my 'overtime' table in SQL with a bogus password. I was assuming that
if someone didn't have an entry in the database that Authby SQL would
return an ignore, not a reject. This is not the case and this has fowled
up my authentication scheme. I was going to have the users over their time
rejected by that first AuthBy (why I insert a bogus password), then the
other users authenticated properly with the other authby's using a
AuthByPolicy ContinueWhileIgnore. Like I said, it's not working because
AuthBy SQL is rejecting people not in the database.
Is there anyone who has done anything similar to this?
I just want to pick people off with the first one, and if they are not
found, keep looking. If they had a bad password, then stop looking. Seems
simple enough :-)
Try this:
Add an entry into your overtime table like this:
DEFAULT with a Null password (which will always accept).
Then add a NoDefaultIfFound in the AuthBy SQL clause, and change the
AuthByPolicy to ContinueWhileAccept.
Handler #Free modems
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
AuthBy SQL
Identifier FreeModemService_OVERTIME
DBSourcedbi:mysql:modems
DBUsername --
DBAuth --
NoDefaultIfFound
AuthSelect SELECT pw FROM overtime WHERE login='%n'
AuthColumnDef 0, User-Password, check
/AuthBy
AuthBy FILE
Identifier FreeModemService_File
Filename /etc/radius/free_users
/AuthBy
AuthBy LDAP2
Identifier FreeModemService_LDAP
Hostdirectory.csuchico.edu
AuthDN -
AuthPassword-
BaseDN o=California State University Chico,c=US
UsernameAttruid
PasswordAttruserpassword
AuthAttrDef modemservicetype, X-User-MST, request
PostSearchHook sub {\
my $attr = $_[4]-get_value('modemservicetype');\
if ($attr 1) {\
$_[3]-get_check-add_attr('X-User-MST',\
$attr); \
}\
else { \
$_[3]-get_check-add_attr('X-User-MST',\
'Denied: wrong modem service type'); \
}\
}
/AuthBy
/Handler
Note that you may also need to use an AuthBy GROUP, as it is not clear from
the above what should happen with the AuthBy FILE and the AuthBy LDAP2.
If you have any other questions, please ask.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy pbs
Salut Romain -
On Tuesday 16 October 2001 00:12, Romain Vergniol wrote:
Precisions about my last post :
172.29.xx.xx.1028 172.29.yy.yy.1646: rad-account-req 97 [id 236] Attr[
NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.}
Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137} ]
172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 20 [id 236]
This packet is generated by the proxy
Correct.
172.29.yy.yy.1646 172.29.xx.xx.1028: rad-account-resp 109 [id 236]
Attr[ NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649}
Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137}
NAS_id{172.29.xx.xx} ]
This packet is the response generated by the Radius server (and forwarded
to the NAS).
Is there a way to avoid sending the first reply (rad-account-resp 20) ?
As mentioned in a previous mail, the answer to this depends on what else you
are wanting to do in the Radiator configuration file, so if you can give me a
clear description of your requirements I will be able to make some
suggestions on how best to implement them.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Reply Attribute
Ciao Gionata -
Come va?
On Tuesday 16 October 2001 00:11, Gionata Lamia wrote:
Hi all,
I've some different types of users, the difference between the types of
users is into the replay attributes. In this moment I've configured
different AuthBy RADMIN one for every types of users, the only
differences are the replay attributes.
The problem is that in this way I've got a large and extended file
radius.cfg. Is there way to reduce the configuration files ?
For example :
AuthBy RADMIN
Identifier Default
DBSourcedbi:mysql:radmin:localhost
DBUsername radius
DBAuth radiator
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef CLIENTE,RADUSERS.CLIENTE
AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE
AcctSQLStatement update RADUSERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where
USERNAME='%n'
AddToReply Service-Type=2, \
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
/AuthBy
AuthBy RADMIN
Identifier Callback
DBSourcedbi:mysql:radmin:localhost
DBUsername radius
DBAuth radiator
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef CLIENTE,RADUSERS.CLIENTE
AcctColumnDef NUMERO_VERDE,RADUSERS.NUMERO_VERDE
AcctSQLStatement update RADUSERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where
USERNAME='%n'
AddToReply Service-Type=2,\
cisco-avpair = lcp:callback-dialstring=,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
/AuthBy
the AcctColumnDef row are duplicate in both types of users, the best
solution should be that the AcctColumnDef is put once int the file, but I
don't know if it is
possible and how.
Facile -
# define AuthBy RADMIN clause
AuthBy RADMIN
Identifier CheckRADMIN
DBSourcedbi:mysql:radmin:localhost
DBUsername radius
DBAuth radiator
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
(RADIATOR) AddToReply
Hi again, When I have set AddToReply with all the attributes that I need everything works fine. But when the same is set to AddToReplyIfNotExist then the user can not surf the wed or even ping any address, am I missing something in the latter way of adding to the reply. best regards === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator install issue (plus Radmin)
Hello Jay, On Tue, 16 Oct 2001 12:47, Hugh Irvine wrote: Hello Jay - I have also copied this mail to Mike for his comments. On Monday 15 October 2001 23:09, Jay West wrote: Greetings; Getting ready to upgrade from an old version of Radiator to the latest. Set the new version up on a different set of servers so we can do a clean cutover. Our environment is AuthbyRADMIN using one server for the Radmin website, a second server for Radiator, and a third server for MySQL. Sounds like a good setup. 1) Upon installing Radiator on a fresh FreeBSD 4.4 machine, we got a message similar to the following... Differing version of ./hostname.pl you may want to rm /usr/libdata/perl/5.00503/hostname.pl a make install UNIST=1 will unlink this for you What exactly does this mean, and what is the suggested course of action? H - this is curious. It looks like your Perl already has a hostname.pl. Mike? I think that you must have upgraded your perl too, and the new perl is seeing some bits of the old perl. Recommend completely removing /usr/lib/perl5 (or whatever and reinstalling perl and perl modules. 2) The install program for Radmin appears to still assume that your webserver machine is on the same machine as Radiator (not a great assumption, IMHO). Exactly what pieces of Radmin need to be hand copied over to the Radiator machine from the webserver, and what is the procedure for this? Nothing needs to be copied over to the Radiator machine. There is already an AuthBy RADMIN module in the Radiator distribution. Note that both Radiator and Radmin will access the database on the MySQL machine. If I haven't understood your question, please let me know. regards Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AddToReply
Hello - On Tuesday 16 October 2001 13:49, Tech wrote: Hi again, When I have set AddToReply with all the attributes that I need everything works fine. But when the same is set to AddToReplyIfNotExist then the user can not surf the wed or even ping any address, am I missing something in the latter way of adding to the reply. As usual, a copy of the configuration file (no secrets) and a trace 4 debug showing what is going on are what I need. Note that an AddToReplyIfNotExist will not let you add multiple identical attributes (like cisco-avpair), because the first one that is added then exists, and the others won't be added by definition. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
