Re: (RADIATOR) Help Required
Hello Wasim -
You should use the "Time = ." check item.
If you could tell me how you are going to distinguish these users, I will be
able to make more detailed suggestions.
Have a look at section 13.1.13 in the Radiator 3.0 reference manual.
("doc/ref.html").
regards
Hugh
On Mon, 22 Apr 2002 17:21, Wasim Ahmed Khan wrote:
> Dear Sir,
>
> I have a new query in which I would need your help.
>
> We need to configure one package that should allow users to connect
> from 11:00 a.m. to 5:00 p.m. only. Users attempting to connect anytime
> before 11:00 should not be allowed and so the users attemtping to
> connect after 5:00 p.m.
>
> I would require your kind help to enable me to configure this through
> DATABASE only. Means the account type should be daytime (between 11:00
> a.m. to 5:00 p.m.) only.
>
> Thank you and awiating your kind input.
>
> Regards,
> Wasim Ahmed Khan.
> Application Programmer.
> eWorld Internet Services.
> Karachi,
> Pakistan.
> Ph:(92-21)111-246-246.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
Hello Arnulfo - How are you programming the amount of time that a user is allowed to use? Most Radiator users employ an SQL database for user definitions and accounting and it is relatively easy to provide pre-paid services such as you describe in this way. This topic has been discussed many times on the mailing list, so have a look at the archive site and do a search. http://www.open.com.au/archives/radiator regards Hugh On Mon, 22 Apr 2002 16:10, Arnulfo Rojas Yanquen wrote: > Hugh > our company offer services of Internet acces, the users hire this service > by time determined, when has finished this time the Radiator must avoid > that the user may connect again. This function is not doing the Radiator, > and I not find the cause possible. > > Radiator is setup over RedHat 7, and use for authetication passwd-shadow > and the version is Radiator 2.18.1 > THANKS > > Arnulfo > > > _ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help Required
Dear Sir, I have a new query in which I would need your help. We need to configure one package that should allow users to connect from 11:00 a.m. to 5:00 p.m. only. Users attempting to connect anytime before 11:00 should not be allowed and so the users attemtping to connect after 5:00 p.m. I would require your kind help to enable me to configure this through DATABASE only. Means the account type should be daytime (between 11:00 a.m. to 5:00 p.m.) only. Thank you and awiating your kind input. Regards, Wasim Ahmed Khan. Application Programmer. eWorld Internet Services. Karachi, Pakistan. Ph:(92-21)111-246-246. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) question
Hugh our company offer services of Internet acces, the users hire this service by time determined, when has finished this time the Radiator must avoid that the user may connect again. This function is not doing the Radiator, and I not find the cause possible. Radiator is setup over RedHat 7, and use for authetication passwd-shadow and the version is Radiator 2.18.1 THANKS Arnulfo _ Chat with friends online, try MSN Messenger: http://messenger.msn.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) question
Hugh our company offer services of Internet acces, the users hire this service by time determined, when has finished this time the Radiator must avoid that the user may connect again. This function is not doing the Radiator, and I not find the cause possible. Radiator is setup over RedHat 7, and use for authetication passwd-shadow and the version is Radiator 2.18.1 THANKS Arnulfo _ Chat with friends online, try MSN Messenger: http://messenger.msn.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radmin question
Hello Chris - With Radmin 1.5 you can have per-user check items, so you could use the NAS-IP-Address or the NAS-Identifier as check items with the existing database. Otherwise, have a look at the "createdb.pl" script in the Radmin distribution. regards Hugh On Mon, 22 Apr 2002 15:10, Chris M wrote: > I am trying to figure out how to create my own database entries so I can > create some custom columns (in a table analogous to SUBSCRIBERS in > Radiator) so I can add special authentication features. > > I am a little confused by how I would go about adding columns to the > SUBSCRIBERS table (or whatever Radmin has) with MySQL. I am used to > creating a .sql script that I feed to mysql like: > > mysql -u mysqluser -p < TheScript.sql > > Anyway, anyone have any hints on how I "extend" the column definition of > the SQL database that Radmin uses to add my own goofy features? What I'd > like to do is figure out a way to figure out what client the request is > coming from and then check the new column to see if their request is coming > from an allowed client based on the values in the column. So, in effect, > checking Client IP against a range of allowed values stored in the > SUBSCRIBERS table of the database to see if this user is allowed to come in > from this list of client IPs. > > Thanks, > Chris > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question Time
Hello Mick - You would use an AuthLog SQL for authentication logging. See section 6.50 in the Radiator 3.0 reference manual. For your proxy question I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. regards Hugh On Mon, 22 Apr 2002 15:02, Michael Saunders wrote: > I would like to log. When users type in the wrong password. > So I can explain to them how to type there own name correctly. > I have found in the documentation how to do this with a log file. > Is there anyway to do this into the database instead. As we have to > many operators for a log file. > > Also when you proxy requests across to another radius server does > radiator strip any reply attributes you may send. Because I am sending a > request off > to a third party using radiator but my reply attributes never make it to > the other end. > But they have nothing in there config that would make me think it is being > stripped > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin question
I am trying to figure out how to create my own database entries so I can create some custom columns (in a table analogous to SUBSCRIBERS in Radiator) so I can add special authentication features. I am a little confused by how I would go about adding columns to the SUBSCRIBERS table (or whatever Radmin has) with MySQL. I am used to creating a .sql script that I feed to mysql like: mysql -u mysqluser -p < TheScript.sql Anyway, anyone have any hints on how I "extend" the column definition of the SQL database that Radmin uses to add my own goofy features? What I'd like to do is figure out a way to figure out what client the request is coming from and then check the new column to see if their request is coming from an allowed client based on the values in the column. So, in effect, checking Client IP against a range of allowed values stored in the SUBSCRIBERS table of the database to see if this user is allowed to come in from this list of client IPs. Thanks, Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question Time
I would like to log. When users type in the wrong password. So I can explain to them how to type there own name correctly. I have found in the documentation how to do this with a log file. Is there anyway to do this into the database instead. As we have to many operators for a log file. Also when you proxy requests across to another radius server does radiator strip any reply attributes you may send. Because I am sending a request off to a third party using radiator but my reply attributes never make it to the other end. But they have nothing in there config that would make me think it is being stripped === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) question
Hello Arnulfo - I am not exactly sure what you mean, as Radiator does not normally expire user accounts. Can you give me a bit more information about what you want to have happen? regards Hugh On Sat, 20 Apr 2002 13:52, Arnulfo Rojas Yanquen wrote: > Hello, > > I work an ISP and I have a problem with Radiator. > > The problem is that the Radiator is not expired the account of the users. > > Radiator is sertup over RedHat 7, and use for authetication passwd-shadow > and the version is Radiator 2.18.1 > > THANKS > > > Atentamente, > > = > Arnulfo Rojas Yanquen. > Asistente Técnico > ExpressNet S.A. > [EMAIL PROTECTED] > Tel: (571) 5 404090 > Fax: (571) 2 491432 > Santafé de Bogotá D.C. - Colombia -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Post Processing hook
Hello Brad - There are some example hooks in the file "goodies/hooks.txt" in the Radiator distribution that should give you some ideas. regards Hugh On Tue, 23 Apr 2002 05:10, Shoalnet Admin wrote: > Hi All, > > Being lazy here Before I dream up something I thought some-one might > have invented 'the wheel' aleady. We are currently transitioning all of our > user base from usernames without realms to usernames with realms. I would > like to send an email in a post processing hook to the user when they logon > to give them a polite reminder of the changes they need to make. Obviously > I still want to allow them to have a successful logon but hopefully the > email generated each time will start to get annoying after a while and they > will look into changing their setups. We are using Auth by SQL with mysql > at present. > > I have one more question. This move to users with realms has bought about > an issue with Free BSD ppp daemon. Apparently it doesn't accept more > than 16 characters in the username. Anyone have a work around or come > across this? The easiest solution at the moment is to give them a new > account which will be < 16 characters with a realm. > > Thanks in advance for any help I receive and btw thanks for a great > product! > > Brad Lilly > > Shoalnet/Fastrac admin > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) question
Hello, I work an ISP and I have a problem with Radiator. The problem is that the Radiator is not expired the account of the users. Radiator is sertup over RedHat 7, and use for authetication passwd-shadow and the version is Radiator 2.18.1 THANKS Atentamente, =Arnulfo Rojas Yanquen.Asistente Técnico ExpressNet S.A. [EMAIL PROTECTED] Tel: (571) 5 404090 Fax: (571) 2 491432Santafé de Bogotá D.C. - Colombia
(RADIATOR) Post Processing hook
Hi All, Being lazy here Before I dream up something I thought some-one might have invented 'the wheel' aleady. We are currently transitioning all of our user base from usernames without realms to usernames with realms. I would like to send an email in a post processing hook to the user when they logon to give them a polite reminder of the changes they need to make. Obviously I still want to allow them to have a successful logon but hopefully the email generated each time will start to get annoying after a while and they will look into changing their setups. We are using Auth by SQL with mysql at present. I have one more question. This move to users with realms has bought about an issue with Free BSD ppp daemon. Apparently it doesn't accept more than 16 characters in the username. Anyone have a work around or come across this? The easiest solution at the moment is to give them a new account which will be < 16 characters with a realm. Thanks in advance for any help I receive and btw thanks for a great product! Brad Lilly Shoalnet/Fastrac admin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: Fwd: Re: (RADIATOR) sub append (Util.pm, v 2.19.1)
Hello Sergey,
Thanks for the suggestion.
Attached is a new Util.pm that implements your suggestion both for LogFile
and for AcctLogFileName etc.
Please let me know if its OK for you and we wil roll it in to the next
release.
Cheers.
On Tue, 23 Apr 2002 01:54, Mike McCauley wrote:
> -- Forwarded Message --
>
> Subject: Re: (RADIATOR) sub append (Util.pm, v 2.19.1)
> Date: Sat, 20 Apr 2002 11:01:41 +1000
> From: Hugh Irvine <[EMAIL PROTECTED]>
> To: "Sergey Y. Afonin" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
>
> Hello Sergey -
>
> Thanks for the suggestion.
>
> I have copied Mike on this mail and he will look at it next week.
>
> regards
>
> Hugh
>
> On Fri, 19 Apr 2002 22:27, Sergey Y. Afonin wrote:
> > Hello.
> >
> > What do you think about this replace for "append" ?
> >
> > sub append
> > {
> > my ($file, $line) = @_;
> >
> > if ( substr($file, 0, 1) eq "|" ) {
> > open(FILE, "$file") || return;
> > }
> > else {
> > open(FILE, ">>$file") || return;
> > }
> > print FILE $line;
> > close(FILE) || return;
> > return 1;
> > }
> >
> > It's allow write some logs to STDIN of external programs...
> > For example:
> > PasswordLogFileName |/etc/radiator/logpwd
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
# Util.pm
#
# Utility routines required by Radiator
# Author: Mike McCauley ([EMAIL PROTECTED]),
# strftime and friends based on code by David Muir Sharnoff
# <[EMAIL PROTECTED]> in CTime.pm. Source code provided on request.
# $Id: Util.pm,v 1.25 2002/03/24 23:07:49 mikem Exp mikem $
package Radius::Util;
use Digest::MD5;
use Socket;
use File::Path;
use File::Basename;
use strict;
# This is the official Radiator version number:
$main::VERSION = '3.0';
# For md5crypt
my $magic = '$1$'; # The prefix that signals an md5 password
my @itoa64 = split(//,
'./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz');
# Temp variables, used by format_special
my (@time, @ptime, $ptime, $cpacket, $rpacket);
# Private arrays for date calculations
my @DoW = qw(Sun Mon Tue Wed Thu Fri Sat);
my @DayOfWeek = qw(Sunday Monday Tuesday Wednesday Thursday
Friday Saturday);
my @MoY = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec);
my @MonthOfYear = qw(January February March April May June
July August September October November December);
my %tzn_cache;
# These are the conversion functions for format_special
my %conversions =
(
'%', sub { '%' },
'a', sub { return unless $rpacket;
$rpacket->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS) },
'c', sub { return unless $cpacket;
my @l = Socket::unpack_sockaddr_in($cpacket->{RecvFrom});
Socket::inet_ntoa($l[1]) },
'C', sub { return unless $cpacket;
my @l = Socket::unpack_sockaddr_in($cpacket->{RecvFrom});
my $a = scalar gethostbyaddr($l[1], Socket::AF_INET);
return $a ? $a : Socket::inet_ntoa($l[1])},
'D', sub { $main::config->{DbDir} },
'h', sub { $main::hostname },
'L', sub { $main::config->{LogDir} },
'N', sub { return unless $cpacket; $cpacket->getNasId() },
'n', sub { return unless $cpacket;
$cpacket->getAttrByNum($Radius::Radius::USER_NAME) },
'r', sub { "\n" },
'R', sub { return unless $cpacket; my @n = split(/@/,
$cpacket->getAttrByNum($Radius::Radius::USER_NAME)); $n[1] },
'T', sub { return unless $cpacket; $cpacket->code },
'U', sub { return unless $cpacket; my @n = split(/@/,
$cpacket->getAttrByNum($Radius::Radius::USER_NAME)); $n[0] },
'u', sub { return unless $cpacket; $cpacket->{OriginalUserName} },
'P', sub { return unless $cpacket; $cpacket->decodedPassword() },
'z', sub { return unless $cpacket;
MD5->hexhash($cpacket->getAttrByNum($Radius::Radius::USER_NAME))},
# From current time
'd', sub { @time = localtime(time) unless @time; sprintf("%02d", $time[3]) },
'H', sub { @time = localtime(time) unless @time; sprintf("%02d", $time[2]) },
'l', sub { scalar localtime(time)},
'm', sub { @time = localtime(time) unless @time; sprintf("%02d", $time[4]+1); },
'M', sub { @time = localtime(time) unless @time; sprintf("%02d", $time[1]) },
's', sub { require Time::HiRes; (&Time::HiRes::gettimeofday())[1] },
'S', sub { @time = localtime(time) unless @time; sprintf("%02d", $time[0]) },
Re: (RADIATOR) Radius
Hello Barrett - I suspect you will find that your configuration will work properly with Client xxx.xxx.xxx.xxx, but not yyy.yyy.yyy.yyy or zzz.zzz.zzz.zzz. If you want to use the "Identifier theirclients", you will have to specify seperate Client clauses. # define Clients Secret Identifier theirclients yyy.yyy.yyy.yyy Secret Identifier theirclients Secret Identifier theirclients You should also check a trace 4 debug from Radiator to verify the format of the Called-Station-Id you are receiving from the NAS to make sure it matches the Handler specification. regards Hugh On Sun, 21 Apr 2002 09:07, Barrett W Clark wrote: > Hugh, > > I have tried to follow the example below but customers can still dial in on > that number. > > Any suggestions as to what I am doing wrong would be helpful!! Also on > improving the radius.cfg file would be greatly appreciated! > > regards > > bwc > > --Begin radius.cfg--- > > #Foreground > LogStdout > LogDir /usr/local/radius/log > DbDir /usr/local/etc/raddb > # User a lower trace level in production systems: > Trace 3 > AuthPort 1645 > AcctPort 1646 > > #strip realm > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername s/%//g > > > Secret > DupInterval 0 > > > # All of our clients are listed here > > Secret > Identifier ourclients > > IdenticalClients host2.domain.com host3.domain.com \ > host4.domain.com host5.domain.com host6.domain.com \ > host7.domain.com host8.domain.com > > > > Secret > Identifier theirclients > > IdenticalClients yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz > > > > > DefaultResult REJECT > > > > > > Filename %D/users > > AcctLogFileName %L/cd-%Y%m%d > > > > > Filename %D/users > > AcctLogFileName %L/cd-%Y%m%d > > > > # The name of the DBM file. Defaults on %D/online > Filename %D/online > > > -Example of the cd-20020419--- > > Sat Apr 20 06:47:59 2002 > NAS-IP-Address = xxx.xxx.xxx.xxx > NAS-Port = > NAS-Port-Type = Async > Called-Station-Id = "##" > Calling-Station-Id = "**" > Acct-Status-Type = Start > Acct-Authentic = RADIUS > Service-Type = Framed-User > Acct-Session-Id = "000DDF72" > Framed-Protocol = PPP > Acct-Link-Count = 1 > Ascend-Num-In-Multilink = 1 > Acct-Multi-Session-Id = "156668" > Framed-IP-Address = ooo.ooo.ooo.ooo > Ascend-Multilink-ID = 156668 > Acct-Delay-Time = 0 > User-Name = "username" > > At 08:15 AM 4/17/2002 +1000, Hugh Irvine wrote: > >Hello Barrett - > > > >In my example below, you would reject all calls to a particular > >Called-Station-Id on the Clients with "Identifier somewhere". > > > >Ie. "##" is the number you want to deny. > > > > > > > >You could also use regular expressions in the . > > > >regards > > > >Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
