[no subject]
I tried to use Radiator with MySQL database for accounting VOIP traffic. Everything is fine but in the database I see next: h323-gw-id=host.domen.com h323-call-origin=answer h323-call-type=VoIP h323-call-type=Telephony h323-call-origin=originat And so on But I want to see in my database only "host.domen.com", answer, VoIP, Telephony without "h323--=". It is possible to remove these prefix? What I need do for these? Thank you. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Asigning Static IP Address from mysql Database to cisco ras
Jai, I had same problem and finally figured it out two days ago. It is in the Cisco configuration of the aaa authorization lines. The router wants these lines in a specific order. I don't see any "aaa authorization" lines in the Cisco config you have included in this posting. You need the lines below to make it work: aaa authorization exec net4 local radius if-authenticated aaa authorization network net4 local radius if-authenticated Also for your "interface group-async 1" add the following line: ppp authorization net4 This should work for you. Jayanne Jai Kumar Shinde wrote: > Hi, > > I am trying to assgin static ip address from database (MYSQL using RADMIN) > to cisco ras. From the logs ..RADIATOR is sending the FRAMED-IP-ADDRESS as > shown below :- > > log file - > > Attributes: > NAS-IP-Address = 202.171.29.51 > NAS-Port = 40 > NAS-Port-Type = Async > User-Name = "jAI" > User-Password = "<219><207><11><192>C7b<207><163>b<9><193>e<213><203><29>" > Tue Jan 29 13:28:40 2002: DEBUG: Rewrote user name to jAI > Tue Jan 29 13:28:40 2002: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Tue Jan 29 13:28:40 2002: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='202.171.129.51' and NASPORT=040 > Tue Jan 29 13:28:41 2002: DEBUG: Access accepted for jAI > Tue Jan 29 13:28:41 2002: DEBUG: Packet dump: > *** Sending to 202.71.129.151 port 1645 > Code: Access-Accept > Identifier: 87 > Authentic: <23>a<16><10><197>O<6><163>0<192>f<188><160><189><189>u > Attributes: > *** FROM DATABASE STATIPADDRESS FIELD > *** > ** > Framed-IP-Address = 192.168.168.168 > Framed-Protocol = PPP > Framed-IP-Netmask = 255.255.255.0 > Framed-Routing = Broadcast > Framed-MTU = 1500 > Framed-Compression = None > Authentication-Type = RADIUS > Acct-Authentic = RADIUS > cisco-avpair = "ip:addr_pool=net4" > > --- END > > At the same time, cisco is geting that FRAMED-IP-ADDRESS passed from RADIUS > ... as seen below... > > DEBUG CISCO - > > %LINK-3-UPDOWN: Interface Async40, changed state to up > AAA/AUTHEN: create_user (0x80EA54F8) user='jai' ruser='' port='Async40' > rem_addr='async' authen_type=PAP service=PPP priv=1 > AAA/AUTHEN/START (39658391): port='Async40' list='net4' action=LOGIN > service=PPP > AAA/AUTHEN/START (39658391): found list net4 > AAA/AUTHEN/START (39658391): Method=RADIUS > RADIUS: Initial Transmit id 89 202.71.129.91:1812, Access-Request, len 73 > Attribute 4 6 CA478197 > Attribute 5 6 0028 > Attribute 61 6 > Attribute 1 5 6A616902 > Attribute 2 18 D945A55A > Attribute 6 6 0002 > Attribute 7 6 0001 > RADIUS: Received from id 89 202.71.129.91:1812, Access-Accept, len 93 > Attribute 8 6 C0A8A8A8 <- FRAMED IP ADDRESS : > 192.168.168.168 # > Attribute 7 6 0001 > Attribute 9 6 FF00 > Attribute 10 6 0001 > Attribute 12 6 05DC > Attribute 13 6 > Attribute 3 6 0004 > Attribute 45 6 0001 > Attribute 26 25 000901136970 > RADIUS: saved authorization data for user 80EA54F8 at 80C0F57C > AAA/AUTHEN (39658391): status = PASS > > --- END - > > Can anybody help me in this matter, I need to assgin static ip address to > specific dial user > > ###CISCO RAS CONFIG ## > > aaa new-model > aaa authentication password-prompt Password# > aaa authentication username-prompt account# > aaa authentication login net4 radius local > aaa authentication ppp net4 radius local > aaa accounting exec default start-stop radius > aaa accounting network default start-stop radius > > interface Group-Async1 > ip unnumbered Ethernet0/0 > ip access-group 105 in > no ip directed-broadcast > encapsulation ppp > dialer in-band > dialer idle-timeout 1500 > dialer-group 1 > async default routing > async dynamic routing > async mode interactive > peer default ip address pool 3660 > no cdp enable > ppp authentication pap callin net4 > group-range 33 48 > ! > ip local pool 3660 202.171.112.97 202.171.112.112 > > line 33 48 > session-timeout 10 > autoselect during-login > autoselect ppp > login authentication net4 > modem InOut > modem autoconfigure discovery > autocommand ppp > transport input all > transport output pad v120 telnet rlogin > line aux 0 > line vty 0 4 > > -END -- > > RADIUS CONFIG FILE - > > > > ># FramedGroup 0 > DBSourcedbi:mysql:radmin > DBUsername > DBAuth xx > > AccountingTable RADUSAGE > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer >
(RADIATOR) Session SQL/Allocator SQL/Multichannel issues on MAX hardware
Hugh, et. al., I'm having an interesting set of issues now that I have Radiator running "like I want it" :) Current configuration includes the following: 1) (which is properly configured to handle the extra reply fields mentioned in the below scenario) 2) 3) 4) So... That being said: 1) Customer A is configured for dual channel use (via modem or isdn). 2) subscribers.replyattr = 'Ascend-Maximum-Channels = 2' 3) subscribers.maxsessions = '2' 4) Device connects both channels, and is bonded as expected. 5) Session Database shows two sessions (since the session id is different, I guess?) 6) SQL Allocator assigns one IP per sessionID, though the maxen only pay attention to the first IP that was used when the MP stack was setup on the first connected channel. If I set subscribers.maxsessions = '1', of course it doesn't work because the sessions database doesn't realize this is MP and multiple channels may be considered one session... not a problem, I can live with this. What I can't live with is SQL Allocator giving out two IPs when only one is necessary. Is there any way to overcome this? Does this also indicate that if I assigned a static IP using the REPLYATTR column that SQL Allocator would also lease a DynIP to the caller? I appreciate everyone's help and insight to-date... And thanks in advance for helping me with the 'question of the day'. ;) cheers, j === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) username w/o realm
Hello, Is there a way to get the username without the realm? The %n has the realm but in my sql database I only have the username. I don’t know if I can do a Usernamerewrite because I have two different realms that have two different sql commands. Thanks, Tony B, CCNA, Network+ Systems Administration GO Concepts, Inc. / www.go-concepts.com Are you on the GO yet? What about those you know, are they on the GO? 513.934.2800 1.888.ON.GO.YET
(RADIATOR) MySQL corruption
It appears after every modification performed by Radiator to a MySQL DB, corrupts the tables (RADONLINE and ACCOUNTING). How do I resolve this without running a cron job to repair it every X minutes. Run a different DB like postgreSQL Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE). Perl DBI version is 1.20 Perl DBD-mysql version is 2.1004 perl version is v5.6.1 built for i386-freebsd Radiator Version is 2.18.4 All on FreeBSD 4.4-STABLE. Nick Rogness <[EMAIL PROTECTED]> - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) username w/o realm
Title: Message Tony, I am using the RewriteUsername inside my realm statement to do this. RewriteUsername s/^([^@]+).*/$1/ ... ... It seems to be working for me. You may want to try that. -Ronan -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony BSent: Wednesday, 30 January, 2002 16:58To: [EMAIL PROTECTED]Subject: (RADIATOR) username w/o realm Hello, Is there a way to get the username without the realm? The %n has the realm but in my sql database I only have the username. I don’t know if I can do a Usernamerewrite because I have two different realms that have two different sql commands. Thanks, Tony B, CCNA, Network+ Systems Administration GO Concepts, Inc. / www.go-concepts.com Are you on the GO yet? What about those you know, are they on the GO? 513.934.2800 1.888.ON.GO.YET
(RADIATOR) Null returned value
Hello again, I am now trying to setup radiator to work with our static ips. In the database we have a field called StaticIP, which contains the ip address. I am using this for the sql command Select password, StaticIP FROM …. Then can I do this in the conf AuthColumnDef 0, User-Password, check AuthColumnDef 1, Framed-Address, reply I know that will work for the people that have a static IP address but what happens if they do not and it returns a NULL value? Will it send Framed-Address to the NAS still? Thanks, Tony B, CCNA, Network+ Systems Administration GO Concepts, Inc. / www.go-concepts.com Are you on the GO yet? What about those you know, are they on the GO? 513.934.2800 1.888.ON.GO.YET
(RADIATOR) Rewrite Username
I have a need for some of our users to rewrite the username for Authentication purposes. The user name used needs to have certain reply data, while there is only one actual user with the one Password. What is the correct command for this and does this go in my user file or radiator config file? If anyone can help, it would be appreciated. Regards, Shane
RE: (RADIATOR) Null returned value
Tony, Unless you have a Address Pool assigned to the RAS, then the customer will not be given an address and they will either be disconnected by the RAS, or if they are not disconnected, they will not be given an IP. -Ronan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tony B Sent: Wednesday, 30 January, 2002 17:58 To: [EMAIL PROTECTED] Subject: (RADIATOR) Null returned value Hello again, I am now trying to setup radiator to work with our static ips. In the database we have a field called StaticIP, which contains the ip address. I am using this for the sql command Select password, StaticIP FROM .. Then can I do this in the conf AuthColumnDef 0, User-Password, check AuthColumnDef 1, Framed-Address, reply I know that will work for the people that have a static IP address but what happens if they do not and it returns a NULL value? Will it send Framed-Address to the NAS still? Thanks, Tony B, CCNA, Network+ Systems Administration GO Concepts, Inc. / www.go-concepts.com Are you on the GO yet? What about those you know, are they on the GO? 513.934.2800 1.888.ON.GO.YET === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Null returned value
Hello Tony - If you want to send a default Framed-IP-Address, you would use the following in your AuthBy clause: AddToReplyIfNotExist Framed-IP-Address = n.n.n.n regards Hugh On Thu, 31 Jan 2002 09:57, Tony B wrote: > Hello again, > > I am now trying to setup radiator to work with our static > ips. In the database we have a field called StaticIP, which contains > the ip address. I am using this for the sql command > > Select password, StaticIP FROM .. > > Then can I do this in the conf > > AuthColumnDef 0, User-Password, check > AuthColumnDef 1, Framed-Address, reply > > I know that will work for the people that have a static IP address but > what happens if they do not and it returns a NULL value? > Will it send Framed-Address to the NAS still? > > Thanks, > Tony B, CCNA, Network+ > Systems Administration > GO Concepts, Inc. / www.go-concepts.com > Are you on the GO yet? > What about those you know, are they on the GO? > 513.934.2800 > 1.888.ON.GO.YET -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL corruption
Hello Nick - This is the first time I have heard of such a thing. I would suspect that there is a problem with either the version of MySQL and/or the version of DBD-mysql. You should probably check the MySQL web site and also do a google search (www.google.com). regards Hugh On Thu, 31 Jan 2002 09:29, Nick Rogness wrote: > It appears after every modification performed by Radiator to a MySQL DB, > corrupts the tables (RADONLINE and ACCOUNTING). How do I resolve > this without running a cron job to repair it every X minutes. Run a > different DB like postgreSQL > > Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE). > > Perl DBI version is 1.20 > Perl DBD-mysql version is 2.1004 > perl version is v5.6.1 built for i386-freebsd > Radiator Version is 2.18.4 > > All on FreeBSD 4.4-STABLE. > > Nick Rogness <[EMAIL PROTECTED]> > - Don't mind me...I'm just sniffing your packets > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rewrite Username
Hello Shane - You would use a RewriteUsername parameter. It is not clear to me how you are going to decide what set of reply attributes to use - can you clarify? regards Hugh On Thu, 31 Jan 2002 10:26, Shane Malden wrote: > I have a need for some of our users to rewrite the username for > Authentication purposes. The user name used needs to have certain reply > data, while there is only one actual user with the one Password. What is > the correct command for this and does this go in my user file or radiator > config file? If anyone can help, it would be appreciated. > > Regards, > Shane -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re:
Hello Andrey - On Thu, 31 Jan 2002 02:25, Andrey Petrov wrote: > I tried to use Radiator with MySQL database for accounting VOIP > traffic. Everything is fine but in the database I see next: > h323-gw-id=host.domen.com > h323-call-origin=answer > h323-call-type=VoIP > h323-call-type=Telephony > h323-call-origin=originat > And so on > > But I want to see in my database only "host.domen.com", answer, VoIP, > Telephony without "h323--=". It is possible to remove > these prefix? What I need do for these? > You will need to write a PreClientHook to go through the attributes in the incoming request and alter them as required. There are some example hooks in the file "goodies/hooks.txt". regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session SQL/Allocator SQL/Multichannel issues on MAX hardware
Hello Justin - On Thu, 31 Jan 2002 07:07, Justin Scott wrote: > Hugh, et. al., > > I'm having an interesting set of issues now that I have Radiator running > "like I want it" :) > > Current configuration includes the following: > 1) (which is properly configured to handle the extra reply > fields mentioned in the below scenario) 2) > 3) > 4) > Understood. > So... That being said: > > 1) Customer A is configured for dual channel use (via modem or isdn). > 2) subscribers.replyattr = 'Ascend-Maximum-Channels = 2' > 3) subscribers.maxsessions = '2' > 4) Device connects both channels, and is bonded as expected. > 5) Session Database shows two sessions (since the session id is different, > I guess?) 6) SQL Allocator assigns one IP per sessionID, though the maxen > only pay attention to the first IP that was used when the MP stack was > setup on the first connected channel. > > If I set subscribers.maxsessions = '1', of course it doesn't work because > the sessions database doesn't realize this is MP and multiple channels may > be considered one session... not a problem, I can live with this. > What you really need to do is look at a trace 4 debug from Radiator to see exactly what is contained in the request packets for each channel. If we can confidently recognise the second channel request, we can configure Handlers for each case and only allocate an IP address for the first channel. > What I can't live with is SQL Allocator giving out two IPs when only one is > necessary. Is there any way to overcome this? Does this also indicate > that if I assigned a static IP using the REPLYATTR column that SQL > Allocator would also lease a DynIP to the caller? > The AuthBy DYNADDRESS clause checks the contents of the reply packet before doing anything and if there is a Framed-IP-Address already present it won't allocate another address. So the answer to your question is if you supply a static IP address, the AuthBy DYNADDRESS won't do anything. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: CHAP detection
Hello Nick -
On Wed, 30 Jan 2002 10:20, Nick Rogness wrote:
> How do I detect if the NAS sends a CHAP versus PAP request?
>
> An idea was to see if {CHAP-Password} is defined in the current
> Access-Request Packet. Will that work?
>
Yes that will work.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous logins allowed but logged?
Hello Mike - On Wed, 30 Jan 2002 12:39, Forbes Mike wrote: > I have been looking through the mail list archives on simultaneous logins. > I have a request to allow simultaneous logins but to kick out a log > message about the simultaneous use that also shows calling number, user > name, etc. Can radiator be tweaked to do this? The logfile could then be > used to contact the offending users. > You can use an AuthLog clause to do this. Have a look at section 6.47 in the Radiator 2.19 reference manual (contained in the distribution in the file "doc/ref.html"). regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session database SQL
Hello Matthew -
On Wed, 30 Jan 2002 13:56, mhobbs wrote:
> I have set up a session database using the following
>
>
> DBSourcedbi:mysql:RADONLINE
> DBUsername
> DBAuth
>
> AddQuery insert into RADONLINE (FRAMEDIPADDRESS, USERNAME, NASIDENTIFIER,
> NASPORT, PASSWORD) values ('%{Framed-Address}', '%U', '%N', 0%{NAS-Port},
> '%{User-Password}')
>
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%1' and NASPORT=0%2
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
>
> CountQuery
> FailureBackoffTime 5
>
>
> All work wells accept the getting the user's password details. I have also
> tried "%P" but it just inserts nothing into the database how do I get this
> to work ?
>
You will have to check a trace 4 debug to see what is happening.
> Also in the manual it says
> "If CountQuery is defined as an empty string, then the query will not be
> executed, and the current session count will be fixed at 0."
>
> So what is the syntax for this ?
>
Your configuration already has the correct syntax.
CountQuery
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authenticating against multiple NT & 2000 domains
Hello Brad - Yes, you can use multiple RewriteUsernames to do whaterer is required. regards Hugh On Wed, 30 Jan 2002 16:54, [EMAIL PROTECTED] wrote: > Hello Mr Radiator, > > A further question, if I may ... :-) > > Given the response below, what if I want the best of both worlds ? > > We have an NT4 domain that requires the traditional MS form of > domain\username, but the 2000 domain is fine for [EMAIL PROTECTED] > > Will Radiator be able to handle this in the multi-realm config noted in the > original response below ? > > Regards, > > Brad Cook > Senior Network Engineer > Tourism Queensland > Level 10 Tourism Qld House > 30 Makerston St > Brisbane, Australia 4000 > > Ph: +61 7 3535 5504 > Fax: +61 7 3535 5246 > mailto:[EMAIL PROTECTED] > web : http://www.tq.com.au > > >> Hello, > >> > >> I'm in the process of setting up my eval copy of Radiator 2.19 to > >> authenticate users dialing into my NT domain via an Ascend NAS. > >> > >> No issue with the single NT4 domain , hopefully , but what if I want to > > be > > >> able to deal with users who might specify either that NT4 or our other > >> native Win2000 domain in their login settings ? > >> > >> Our aim is that the user will specify the username+domain they require > > in > > >> their dialin profile settings (as per LAN login) , have the NAS pass > > the > > >> relevant details to the RADIUS server and have it deal with polling the > >> requisite domain controller/ AD server. > >> > >> Can I expect to have issues, or do you have a recommended way of > > dealing > > >> with dialin users hitting a single NAS to gain access either one of two > >> domains ? > >> > >> This is a common situation. > >> You would usually deal withthis in your Radaitor configuration by > > creating 3 > > >> realm clauses. One that handles username@domain1, one for > > username@domain2, > > >> and one to handle just username. Somthing like this: > > > > > > > ># strip the realm > >RewriteUsername s/^([^@]+).*/$1/ > > > > Domain domain1 > > > > > > > > > ># strip the realm > >RewriteUsername s/^([^@]+).*/$1/ > > > > Domain domain2 > > > > > > > > > > # If they dont have a realm, auth from domain1 > > > ># strip the realm > >RewriteUsername s/^([^@]+).*/$1/ > > > > Domain domain1 > > > > > > > > > > > > with only a little more effort, you users can use the domain\username > > form > > > instead of username@domain, but this may be incompatible with global > > roaming > > > or other plans you might have. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rewrite Username
Basically, someone would logon with username-site and in our user file we would have reply data setup for that user. But for the authentication side of things, we need to rewrite the user to just username. If your able to help, it would be appreciated. Regards, Shane - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Shane Malden" <[EMAIL PROTECTED]>; "Shane Malden" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, January 31, 2002 11:07 AM Subject: Re: (RADIATOR) Rewrite Username > > Hello Shane - > > You would use a RewriteUsername parameter. > > It is not clear to me how you are going to decide what set of reply > attributes to use - can you clarify? > > regards > > Hugh > > > On Thu, 31 Jan 2002 10:26, Shane Malden wrote: > > I have a need for some of our users to rewrite the username for > > Authentication purposes. The user name used needs to have certain reply > > data, while there is only one actual user with the one Password. What is > > the correct command for this and does this go in my user file or radiator > > config file? If anyone can help, it would be appreciated. > > > > Regards, > > Shane > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rewrite Username
Hello Shane - There are a couple of ways of doing this. If all of the users at a particular site use the same reply attributes, you could use Handlers, otherwise you could use cascaded AuthBy clauses. Can you give me a bit more detail please? And include a copy of your configuration file (no secrets). regards Hugh On Thu, 31 Jan 2002 12:39, Shane Malden wrote: > Basically, someone would logon with username-site and in our user file we > would have reply data setup for that user. But for the authentication side > of things, we need to rewrite the user to just username. If your able to > help, it would be appreciated. > > Regards, > Shane > > - Original Message - > From: "Hugh Irvine" <[EMAIL PROTECTED]> > To: "Shane Malden" <[EMAIL PROTECTED]>; "Shane Malden" > <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Thursday, January 31, 2002 11:07 AM > Subject: Re: (RADIATOR) Rewrite Username > > > Hello Shane - > > > > You would use a RewriteUsername parameter. > > > > It is not clear to me how you are going to decide what set of reply > > attributes to use - can you clarify? > > > > regards > > > > Hugh > > > > On Thu, 31 Jan 2002 10:26, Shane Malden wrote: > > > I have a need for some of our users to rewrite the username for > > > Authentication purposes. The user name used needs to have certain reply > > > data, while there is only one actual user with the one Password. What > > > is the correct command for this and does this go in my user file or > > radiator > > > > config file? If anyone can help, it would be appreciated. > > > > > > Regards, > > > Shane > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous logins allowed but logged?
Hugh, The authlog is definitely a feature I will use, I did not know it was there. How can I use this to report duplicate logins without kicking the users off? I assume that this would work if we were kicking the user off for duplicate logins, it would show up as a failure and a reason duplicate login? Mike On Thu, 31 Jan 2002, Hugh Irvine wrote: > > Hello Mike - > > On Wed, 30 Jan 2002 12:39, Forbes Mike wrote: > > I have been looking through the mail list archives on simultaneous logins. > > I have a request to allow simultaneous logins but to kick out a log > > message about the simultaneous use that also shows calling number, user > > name, etc. Can radiator be tweaked to do this? The logfile could then be > > used to contact the offending users. > > > > You can use an AuthLog clause to do this. > > Have a look at section 6.47 in the Radiator 2.19 reference manual (contained > in the distribution in the file "doc/ref.html"). > > regards > > Hugh > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous logins allowed but logged?
Hello Mike - On Thu, 31 Jan 2002 14:48, Forbes Mike wrote: > Hugh, > > The authlog is definitely a feature I will use, I did not know it was > there. > Might I suggest a quick read through the manual? It only takes an hour or so and it will save you *lots* of time later. BTW - you should also read the radius RFC's, also included in the "doc" directory. > How can I use this to report duplicate logins without kicking the > users off? I assume that this would work if we were kicking the user off > for duplicate logins, it would show up as a failure and a reason duplicate > login? > You can use it for success and/or failure. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MySQL corruption
On Thu, 31 Jan 2002, Hugh Irvine wrote: > > Hello Nick - > > This is the first time I have heard of such a thing. Take a look: // First on DB server mngmt1# myisamchk -c ACCOUNTING.MYI Checking MyISAM file: ACCOUNTING.MYI Data records: 48 Deleted blocks: 0 - check file-size - check key delete-chain - check record delete-chain - check index reference - check data record references index: 1 // Test Radiator server # radpwtst -s $host -user nick -password nick -secret secret sending Access-Request... OK sending Accounting-Request Start... OK sending Accounting-Request Stop... OK // Now look at DB Server again mngmt1# myisamchk -c ACCOUNTING.MYI Checking MyISAM file: ACCOUNTING.MYI Data records: 50 Deleted blocks: 0 - check file-size myisamchk: error: Size of datafile is: 7776 Should be: 8100 - check key delete-chain - check record delete-chain - check index reference - check data record references index: 1 myisamchk: error: Found key at page 1024 that points to record outside datafile MyISAM-table 'ACCOUNTING.MYI' is corrupted Fix it using switch "-r" or "-o" > I would suspect that there is a problem with either the version of > MySQL and/or the version of DBD-mysql. You should probably check the > MySQL web site and also do a google search (www.google.com). I will do some research... > > regards > > Hugh > > > On Thu, 31 Jan 2002 09:29, Nick Rogness wrote: > > It appears after every modification performed by Radiator to a MySQL DB, > > corrupts the tables (RADONLINE and ACCOUNTING). How do I resolve > > this without running a cron job to repair it every X minutes. Run a > > different DB like postgreSQL > > > > Using AuthBy SQL (for Accounting) and SessionDB's (for RADONLINE). > > > > Perl DBI version is 1.20 > > Perl DBD-mysql version is 2.1004 > > perl version is v5.6.1 built for i386-freebsd > > Radiator Version is 2.18.4 > > > > All on FreeBSD 4.4-STABLE. > > > > Nick Rogness <[EMAIL PROTECTED]> > > - Don't mind me...I'm just sniffing your packets > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > Nick Rogness <[EMAIL PROTECTED]> - Don't mind me...I'm just sniffing your packets === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous logins allowed but logged?
I might add I did read the manual and have read it more than once. It has saved plenty of emails. Let me restate my question: I want to allow simultaneous logins, this is the default. But, I want to log simultaneous logins to a file, I still want them allowed. I was wondering if the Simultaneous-Use or Max-Sessions could be used to log the simultaneous logon (as a simultaneous logon) but not kick off the user. Mike On Thu, 31 Jan 2002, Hugh Irvine wrote: > > Hello Mike - > > On Thu, 31 Jan 2002 14:48, Forbes Mike wrote: > > Hugh, > > > > The authlog is definitely a feature I will use, I did not know it was > > there. > > > > Might I suggest a quick read through the manual? It only takes an hour or so > and it will save you *lots* of time later. BTW - you should also read the > radius RFC's, also included in the "doc" directory. > > > > How can I use this to report duplicate logins without kicking the > > users off? I assume that this would work if we were kicking the user off > > for duplicate logins, it would show up as a failure and a reason duplicate > > login? > > > > You can use it for success and/or failure. > > regards > > Hugh > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous logins allowed but logged?
Hi Mike - On Thu, 31 Jan 2002 16:16, Forbes Mike wrote: > I might add I did read the manual and have read it more than once. It > has saved plenty of emails. > I should have added a smiley! :-) > Let me restate my question: > > I want to allow simultaneous logins, this is the default. > > But, > > I want to log simultaneous logins to a file, I still want them allowed. > I was wondering if the Simultaneous-Use or Max-Sessions could be used to > log the simultaneous logon (as a simultaneous logon) but not kick off the > user. > Ahh - OK - now I understand (this is the opposite of what most people ask...). The only way I can think of to do it is to write a hook (probably a PreAuthHook) to check the session database and log the result. There are some example hooks in the file "goodies/hooks.txt". regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
