(RADIATOR) Time conversion on Radiator 3.0
Hello, I'm having problem using the time function of radiator ver. 3.0 when i'm using the until time or until 0800 it didn't work? while it is functioning in Radiator 2.19. Is there any new configuration for version 3.0 for time attribute? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems after upgrading to 3.0
Hello Ashley - There is a bug in the "Radius/AuthNT.pm" module. The web site has a patched version and I will send you a copy seperately. regards Hugh On Tue, 30 Apr 2002 15:52, Kent, Ashley wrote: > I've just upgrade one of my NT radiator boxes from 2.18 to 3.0 and hit a > snag. > To upgrade all I did was stop the radiator service, do a "perl makefile.pl > install", and restart radiator. > Once I restart I see in the log: > > Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'Domain' in > d:\radiator\configs\radiator.cfg line 75 > Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'DomainController' in > d:\radiator\configs\radiator.cfg line 76 > Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'Domain' in > d:\radiator\configs\radiator.cfg line 81 > Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'DomainController' in > d:\radiator\configs\radiator.cfg line 82 > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/InVPN-United.cfg > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/InVPN-External.cfg > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/OutPIX-United.cfg > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/HomeUsersRtr-United.cfg > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/RASDialup-United.cfg > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/RASDialup-United.cfg > Tue Apr 30 15:29:22 2002: DEBUG: Reading users file > ./Configs/DMSRASDialup-United.cfg > Tue Apr 30 15:29:23 2002: INFO: Server started: Radiator 3.0 on infprd08 > > > It looks like radiator doesn't know how to interpret AuthByNT directives. > When I check out my /perl/site/lib/radius/ directory I see that the > authbynt.pm file is there (version 1.25). > What gives? > > > > > Thanks, > > > Ash. > > > > Here my primary radiator config file: > > # > --- >- --- > # Globals > # > # > --- >- --- > > Foreground > LogDir./Logs > LogFile %L/radiatorlog.txt > DbDir . > Trace 4 > > # > --- >- --- > # Clients > # > # > --- >- --- > > # Dialup router > > Identifier HOMEUSERSRTR > Secret xxx > > > # Burwood internet firewall (burpix01) > > Identifier PIX > Secret xxx > > > # Pinwood internet firewall (pinpix01) > > Identifier PIX > Secret xxx > > > # UEComm firewall (burpix02) > > Identifier PIX > Secret xxx > > > # RAS router (pinras01) > > Identifier RAS > Secret xxx > # convert domain\username to username@domain > RewriteUsername s/^(.*)\\(.*)/$2\@$1/ > > > > # DMS RAS router (pinras02) > > Identifier DMSRAS > Secret xxx > # convert domain\username to username@domain > RewriteUsername s/^(.*)\\(.*)/$2\@$1/ > > > > # > --- >- --- > # AuthBy Clauses > # > # > --- >- --- > > > Identifier CheckInfprd08 > Domain UNITED > DomainController \\infprd08 > > > > Identifier CheckSouthgate02 > Domain IKON > DomainController \\southgate02 > > > > Identifier CheckInVPN-United > Filename ./Configs/InVPN-United.cfg > > > > Identifier CheckInVPN-External > Filename ./Configs/InVPN-External.cfg > > > > Identifier CheckOutPIX-United > Filename ./Configs/OutPIX-United.cfg > > > > Identifier HomeUsersRtr-United > Filename ./Configs/HomeUsersRtr-United.cfg > > > > Identifier RASDialup-United > Filename ./Configs/RASDialup-United.cfg > > > > > Identifier RASDialup-Pulse > Filename ./Configs/RASDialup-United.cfg > > > > > Identifier DMSRASDialup-United > Filename ./Configs/DMSRASDialup-United.cfg > > > > # > --- >- --- > # AuthLog Clauses > # > # > --- >- --- > > > Identifier VPN-External > Filename %L/VPN/External-authlog.txt > LogSuccess 1 > LogFailure 1 > SuccessFormat External VPN Logon Success %H:%M:%S %v %d %Y %U > FailureFormat External VPN Logon Failure %H:%M:%S %v %d %Y %U > > > > Identifier VPN-UE > Filename %L/VPN/UE-authlog.txt > LogSuccess 1 > LogFailure 1 > SuccessFormat UE VPN Logon Success %H:%M:%S %v %d %Y%U > FailureFormat UE VPN Logon Failure %H:%M:%S %v %d %Y%U > > > > Identifier VPN-UEComm > Filename %L/VPN/UEComm-authlog.txt > LogSuccess 1 > LogF
Re: (RADIATOR) not appearing to be working...
Hello Jeremy -
You would use the PacketTrace parameter in the clauses in which you want the
trace 4 logging (have a look at the PacketTrace sections in the manual).
Note that it is *much* easier to do this sort of thing with Radar.
http://www.open.com.au/radar
regards
Hugh
On Tue, 30 Apr 2002 14:05, Jeremy Burton wrote:
> ok, thats all good, and i have a much cleaner config file now...
> but one more question - i can't get packet logs unless I have Global
> logging at trace 4. whats the recommended way to handle the situation where
> I only want level 3 logs globally, but want packet dumps for a particular
> few AuthBy clauses.
> would having 2 global loggers, one at level 3 and one at level 4 running,
> with the level 4 logger pointing to some form of null, and the using
> something along the lines of what is suggested below to get the packets
> work?
> or am i misunderstanding again the way in which this works (ie the
> availability of the packet logs at any level below global)?
>
> thanks
>
> jeremy
>
> On Mon, Apr 29, 2002 at 06:22:23PM +1000, Hugh Irvine wrote:
> > Hello Jeremy -
> >
> > You are correct - if you put a inside an object - you only get
> > the logging for that object.
> >
> > It is generally preferable to use Identifiers for this sort of thing:
> >
> >
> >
> > Identifer MyLogger
> > Filename .
> > Trace ...
> >
> >
> >
> >
> > Identifier MyAuthBy
> > .
> > Log MyLogger
> > .
> >
> >
> >
> > AuthBy MyAuthBy
> > .
> >
> >
> > This makes it *much* easier to understand and maintain.
> >
> > NB - the is defined inside an AuthBy GROUP so it does not
> > become another global logger.
> >
> > TFAP (tricks for advanced players)
> >
> > :-)
> >
> > regards
> >
> > Hugh
> >
> > BTW - you can now use Radar with Radiator 3.0 to do much, much more than
> > was ever possible previously with traces and debugging.
> >
> > http://www.open.com.au/radar
> >
> > On Mon, 29 Apr 2002 17:18, Jeremy Burton wrote:
> > > Hi Hugh,
> > > If you look closely in the two files, one of them does indeed include
> > > all logging (the global logfile). The second one *only* contains the
> > > following line for each request:
> > >
> > > Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP
> > >
> > > and nothing more it is the details for the AuthGROUP that i am
> > > indeed after (which should be in here, given that the
> > > is contained within the and not any other
> > > stuff...)
> > > a little more probing has found that if I then go and put a > > FILE> into the I get that info.. so am i
> > > misinterpreting that the isn't inherited by the "children"
> > > authby's of an ?
> > >
> > > Thanks
> > >
> > > Jeremy
> > >
> > > On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote:
> > > > Hello Jeremy -
> > > >
> > > > There are a few things wrong with the configuration file, but you
> > > > should be getting two different logfiles:
> > > >
> > > > /etc/raddb/logfile.testing-normal
> > > >
> > > > and
> > > >
> > > > %D/logfile.testing-adsl
> > > >
> > > > where %D = /etc/raddb
> > > >
> > > > The first one should contain everything, and the second one should
> > > > contain a subset corresponding to the .
> > > >
> > > > I have just been testing this here and it works correctly with the
> > > > configuration file that I will attach to this mail.
> > > >
> > > > BTW - here is the ls -l log*:
> > > >
> > > > ls -l log*
> > > > -rw-r--r--1 root root14994 Apr 29 16:32 logfile
> > > > -rw-r--r--1 root root 195 Apr 29 16:31
> > > > logfile.testing-adsl
> > > >
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > > On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote:
> > > > > Hi All,
> > > > > I've just upgraded from Radiator 2.17.1 to Radiator 3.0.
> > > > > I am trying to log different parts of the config to different log
> > > > > files, and am having no luck at all - everything just ends up in
> > > > > the global logfile. Attached is my config file - this isn't
> > > > > actually my main config file, but a smaller one which replicates
> > > > > the problem. Also I'll attach the default entries for the
> > > > > users.dialup and users.adsl... Basically, anyone know why I'm only
> > > > > getting one log file, not two, as i would expect from the
> > > > > additional directive?
> > > > >
> > > > > radius.cfg:
> > > > >
> > > > > # $Revision: 1.7 $
> > > > > # $Date: 2001/06/28 08:31:35 $
> > > > > #
> > > > > #Foreground
> > > > > #LogStdout
> > > > > Trace 3
> > > > >
> > > > > # NOTE: Anywhere that
> > > > > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS',
> > > > > '5550');} # appears is so that eXtremes can log onto analogue
> > > > > equipment..
> > > > >
> > > > > PidFile /etc/raddb/radiusd.testing.pid
> > > > > AuthPort 1645
> > > > > AcctPort 1646
> > > > > LogDir/v
Re: (RADIATOR) logfile per realm or handler
Hello Ray - What version of Radiator are you running? This is only supported in Radiator 3.0 and later. >From the Radiator 3.0 release notes: Any clause may now have any number of private clauses, which will be used to log errors and messages originating from within that clause before being logged by any global loggers. Can also use 'Log identifier' to refer to an already existing clause from within any other clause. regards Hugh On Tue, 30 Apr 2002 13:45, [EMAIL PROTECTED] wrote: > Hello, > > > Is it possible to have a logfile on a per Realm/Handler? If yes how > can we configure it on my config file? I've tried using: > > > > Filename /usr/local/raddb/logfile/logfile > >. >. >. > > > > I'm getting an error like Unknown object 'Log' in line 24 > > > > > Ray > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) failed login in password log
Hello Ray - You will need to add a column for failed logins to your user records which will be incremented by one for each login failure and reset to zero for each successful login. Have a look at the module "Radius/AuthRADMIN.pm" to see how this is done with our Radmin product. regards Hugh On Tue, 30 Apr 2002 13:38, [EMAIL PROTECTED] wrote: > Hello again, > > > How can we do this? we have a mysql server. > > > Ray > > - Original Message - > From: Hugh Irvine <[EMAIL PROTECTED]> > Date: Tuesday, April 30, 2002 11:21 am > Subject: Re: (RADIATOR) failed login in password log > > > Hello Ray - > > > > Yes there is, but you will need an SQL database for your user records. > > > > regards > > > > Hugh > > > > On Tue, 30 Apr 2002 13:01, [EMAIL PROTECTED] wrote: > > > Hi, > > > > > > > > > Is there a way we can count the failed login of a certain > > > > user for > > > > > us to lock that user? > > > > > > > > > Ray > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problems after upgrading to 3.0
I've just upgrade one of my NT radiator boxes from 2.18 to 3.0 and hit a snag. To upgrade all I did was stop the radiator service, do a "perl makefile.pl install", and restart radiator. Once I restart I see in the log: Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'Domain' in d:\radiator\configs\radiator.cfg line 75 Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'DomainController' in d:\radiator\configs\radiator.cfg line 76 Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'Domain' in d:\radiator\configs\radiator.cfg line 81 Tue Apr 30 15:29:22 2002: ERR: Unknown keyword 'DomainController' in d:\radiator\configs\radiator.cfg line 82 Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/InVPN-United.cfg Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/InVPN-External.cfg Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/OutPIX-United.cfg Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/HomeUsersRtr-United.cfg Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/RASDialup-United.cfg Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/RASDialup-United.cfg Tue Apr 30 15:29:22 2002: DEBUG: Reading users file ./Configs/DMSRASDialup-United.cfg Tue Apr 30 15:29:23 2002: INFO: Server started: Radiator 3.0 on infprd08 It looks like radiator doesn't know how to interpret AuthByNT directives. When I check out my /perl/site/lib/radius/ directory I see that the authbynt.pm file is there (version 1.25). What gives? Thanks, Ash. Here my primary radiator config file: # --- # Globals # # --- Foreground LogDir ./Logs LogFile %L/radiatorlog.txt DbDir . Trace 4 # --- # Clients # # --- # Dialup router Identifier HOMEUSERSRTR Secret xxx # Burwood internet firewall (burpix01) Identifier PIX Secret xxx # Pinwood internet firewall (pinpix01) Identifier PIX Secret xxx # UEComm firewall (burpix02) Identifier PIX Secret xxx # RAS router (pinras01) Identifier RAS Secret xxx # convert domain\username to username@domain RewriteUsername s/^(.*)\\(.*)/$2\@$1/ # DMS RAS router (pinras02) Identifier DMSRAS Secret xxx # convert domain\username to username@domain RewriteUsername s/^(.*)\\(.*)/$2\@$1/ # --- # AuthBy Clauses # # --- Identifier CheckInfprd08 Domain UNITED DomainController \\infprd08 Identifier CheckSouthgate02 Domain IKON DomainController \\southgate02 Identifier CheckInVPN-United Filename ./Configs/InVPN-United.cfg Identifier CheckInVPN-External Filename ./Configs/InVPN-External.cfg Identifier CheckOutPIX-United Filename ./Configs/OutPIX-United.cfg Identifier HomeUsersRtr-United Filename ./Configs/HomeUsersRtr-United.cfg Identifier RASDialup-United Filename ./Configs/RASDialup-United.cfg Identifier RASDialup-Pulse Filename ./Configs/RASDialup-United.cfg Identifier DMSRASDialup-United Filename ./Configs/DMSRASDialup-United.cfg # --- # AuthLog Clauses # # --- Identifier VPN-External Filename %L/VPN/External-authlog.txt LogSuccess 1 LogFailure 1 SuccessFormat External VPN Logon Success %H:%M:%S %v %d %Y %U FailureFormat External VPN Logon Failure %H:%M:%S %v %d %Y %U Identifier VPN-UE Filename %L/VPN/UE-authlog.txt LogSuccess 1 LogFailure 1 SuccessFormat UE VPN Logon Success %H:%M:%S %v %d %Y%U FailureFormat UE VPN Logon Failure %H:%M:%S %v %d %Y%U Identifier VPN-UEComm Filename %L/VPN/UEComm-authlog.txt LogSuccess 1 LogFailure 1 SuccessFormat UEComm VPN Logon Success %H:%M:%S %v %d %Y%U FailureFormat UEComm VPN Logon Failure %H:%M:%S %v %d %Y%U Identifier UnitedInternetAccess Filename %L/Internet/united-authfailure.txt LogSuccess 0 LogFailure 1 FailureFormat United Internet Logon Fail %H:%M:%S %v %d %Y %U Identifier IkonInternetAccess Filename %L/Internet/ikon-authfailure.txt LogSuccess 0
Re: (RADIATOR) not appearing to be working...
ok, thats all good, and i have a much cleaner config file now...
but one more question - i can't get packet logs unless I have Global
logging at trace 4. whats the recommended way to handle the situation where
I only want level 3 logs globally, but want packet dumps for a particular
few AuthBy clauses.
would having 2 global loggers, one at level 3 and one at level 4 running,
with the level 4 logger pointing to some form of null, and the using
something along the lines of what is suggested below to get the packets
work?
or am i misunderstanding again the way in which this works (ie the
availability of the packet logs at any level below global)?
thanks
jeremy
On Mon, Apr 29, 2002 at 06:22:23PM +1000, Hugh Irvine wrote:
>
> Hello Jeremy -
>
> You are correct - if you put a inside an object - you only get the
> logging for that object.
>
> It is generally preferable to use Identifiers for this sort of thing:
>
>
>
> Identifer MyLogger
> Filename .
> Trace ...
>
>
>
>
> Identifier MyAuthBy
> .
> Log MyLogger
> .
>
>
>
> AuthBy MyAuthBy
> .
>
>
> This makes it *much* easier to understand and maintain.
>
> NB - the is defined inside an AuthBy GROUP so it does not become
> another global logger.
>
> TFAP (tricks for advanced players)
>
> :-)
>
> regards
>
> Hugh
>
> BTW - you can now use Radar with Radiator 3.0 to do much, much more than was
> ever possible previously with traces and debugging.
>
> http://www.open.com.au/radar
>
>
> On Mon, 29 Apr 2002 17:18, Jeremy Burton wrote:
> > Hi Hugh,
> > If you look closely in the two files, one of them does indeed include
> > all logging (the global logfile). The second one *only* contains the
> > following line for each request:
> >
> > Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP
> >
> > and nothing more it is the details for the AuthGROUP that i am
> > indeed after (which should be in here, given that the
> > is contained within the and not any other
> > stuff...)
> > a little more probing has found that if I then go and put a > FILE> into the I get that info.. so am i
> > misinterpreting that the isn't inherited by the "children"
> > authby's of an ?
> >
> > Thanks
> >
> > Jeremy
> >
> > On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote:
> > > Hello Jeremy -
> > >
> > > There are a few things wrong with the configuration file, but you should
> > > be getting two different logfiles:
> > >
> > > /etc/raddb/logfile.testing-normal
> > >
> > > and
> > >
> > > %D/logfile.testing-adsl
> > >
> > > where %D = /etc/raddb
> > >
> > > The first one should contain everything, and the second one should
> > > contain a subset corresponding to the .
> > >
> > > I have just been testing this here and it works correctly with the
> > > configuration file that I will attach to this mail.
> > >
> > > BTW - here is the ls -l log*:
> > >
> > > ls -l log*
> > > -rw-r--r--1 root root14994 Apr 29 16:32 logfile
> > > -rw-r--r--1 root root 195 Apr 29 16:31
> > > logfile.testing-adsl
> > >
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote:
> > > > Hi All,
> > > > I've just upgraded from Radiator 2.17.1 to Radiator 3.0.
> > > > I am trying to log different parts of the config to different log
> > > > files, and am having no luck at all - everything just ends up in the
> > > > global logfile. Attached is my config file - this isn't actually my
> > > > main config file, but a smaller one which replicates the problem. Also
> > > > I'll attach the default entries for the users.dialup and users.adsl...
> > > > Basically, anyone know why I'm only getting one log file, not two, as i
> > > > would expect from the additional directive?
> > > >
> > > > radius.cfg:
> > > >
> > > > # $Revision: 1.7 $
> > > > # $Date: 2001/06/28 08:31:35 $
> > > > #
> > > > #Foreground
> > > > #LogStdout
> > > > Trace 3
> > > >
> > > > # NOTE: Anywhere that
> > > > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS',
> > > > '5550');} # appears is so that eXtremes can log onto analogue
> > > > equipment..
> > > >
> > > > PidFile /etc/raddb/radiusd.testing.pid
> > > > AuthPort1645
> > > > AcctPort1646
> > > > LogDir /var/radacct
> > > > LogFile /etc/raddb/logfile.testing-normal
> > > > DbDir /etc/raddb
> > > > DictionaryFile /etc/raddb/dictionary.ascend
> > > >
> > > >
> > > > FramedGroupBaseAddress 10.200.0.0
> > > > Secret X
> > > > DupInterval 10
> > > >
> > > >
> > > >
> > > > # You can group multiple AuthBy methods with AuthBy GROUP
> > > >
> > > > Identifier AdslSystem
> > > > AuthByPolicy ContinueWhileAccept
> > > >
> > > > # AuthSelect with empty string means dont do
(RADIATOR) logfile per realm or handler
Hello, Is it possible to have a logfile on a per Realm/Handler? If yes how can we configure it on my config file? I've tried using: Filename /usr/local/raddb/logfile/logfile . . . I'm getting an error like Unknown object 'Log' in line 24 Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) failed login in password log
Hello again, How can we do this? we have a mysql server. Ray - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> Date: Tuesday, April 30, 2002 11:21 am Subject: Re: (RADIATOR) failed login in password log > > Hello Ray - > > Yes there is, but you will need an SQL database for your user records. > > regards > > Hugh > > On Tue, 30 Apr 2002 13:01, [EMAIL PROTECTED] wrote: > > Hi, > > > > > > Is there a way we can count the failed login of a certain > user for > > us to lock that user? > > > > > > Ray > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) failed login in password log
Hello Ray - Yes there is, but you will need an SQL database for your user records. regards Hugh On Tue, 30 Apr 2002 13:01, [EMAIL PROTECTED] wrote: > Hi, > > > Is there a way we can count the failed login of a certain user for > us to lock that user? > > > Ray > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) failed login in password log
Hi, Is there a way we can count the failed login of a certain user for us to lock that user? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQLRADIUS accounting to a database
Hello - As Frank has already mentioned (thanks Frank), you will need to add an AuthBy SQL clause if you want to keep a local copy of the accounting records. Of course you could also use the AcctLogFileName/AcctLogFileFormat parameters if you just want to keep a copy in a local file. regards Hugh On Tue, 30 Apr 2002 11:54, [EMAIL PROTECTED] wrote: > Though the documention says that AuthBy SQLRADIUS understands all the > parameters that AuthBy SQL and AuthBy RADIUS understand, it seems i cant > have accounting records to an SQL database at that levelis that the > case? > > > Rgds > TDN > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) session database
Hello Ray - Yes you can do this. regards Hugh On Mon, 29 Apr 2002 22:13, [EMAIL PROTECTED] wrote: > Hello, > > > Is it possible to have a sql session database for every handler? > > ex. > > . > . > > > . > . > > > > Ray > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) AuthBy SQLRADIUS accounting to a database
AuthBy SQLRADIUS proxies requests to other RADIUS servers and doesn't do any accounting explicitly. When the docs say it understands the parameters of AuthBy SQL they are referring to the parameters that define the connectivity to the database. If yout want to do accounting you can add an AuthBy SQL clause to your handler to do the accounting. >= Original Message From <[EMAIL PROTECTED]> = >Though the documention says that AuthBy SQLRADIUS understands all the >parameters that AuthBy SQL and AuthBy RADIUS understand, it seems i cant >have accounting records to an SQL database at that levelis that the >case? > > >Rgds >TDN > > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy SQLRADIUS accounting to a database
Though the documention says that AuthBy SQLRADIUS understands all the parameters that AuthBy SQL and AuthBy RADIUS understand, it seems i cant have accounting records to an SQL database at that levelis that the case? Rgds TDN === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) session database
Hello, Is it possible to have a sql session database for every handler? ex. . . . . Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) more confusion ;-)
Hello Jeremy -
Try something like this:
# define AuthBy clauses
Identifier ProxyAccounting
NoForwardAuthentication
Host somehost
Secret
Identifier CheckFILE
NoDefaultIfFound
Filename %D/users.adsl
Identifier CheckSQL
...
Identifier CheckUsers
AuthByPolicy ContinueAlways
AuthBy ProxyAccounting
AuthBy CheckFILE
# define Realms or Handlers
AuthBy CheckUsers
.
The file %D/users.adsl would contain something like this:
# %D/users.adsl
DEFAULT Auth-Type = CheckSQL
someuser ..
...
anotheruser ...
...
Note that you cannot change the AuthByPolicy in the middle of an AuthBy GROUP.
regards
Hugh
On Mon, 29 Apr 2002 17:42, Jeremy Burton wrote:
> Ok, more confusing stuff from me :)
>
> I have modified my config from before, in an attemp to make it neater..
> Basically, the just is this:
>
> 3 AuthBys in a group.
>
> 1. Bounce the Accounting off to a different radius server. So ignore auth
> (which with the NoForwardAuthentication flag set, will by default accept).
>
> 2. Check in a file using an . 3 scenarios:
> i) If the user is found in the file, and check items match, just accept.
> ii) If the user is found in the file, and the check items don't match,
> just reject.
> iii) If the user is not found in the file, then proceed to the next AuthBy.
>
> 3. Use an to query the database for the user's data.
>
> The way I figured this would work is as follows:
>
>
> AuthByPolicy ContinueWhileAccept
>
> NoForwardAuthentication
> Host somehost
> Secret
>
> AuthByPolicy ContinueWhileIgnore
>
> NoDefaultIfFound
> Filename %D/users.adsl
>
> AuthByPolicy ContinueWhileAccept
>
> ...
>
>
>
> and having
> DEFAULT Auth-Type=Ignore
>
> in my users.adsl ...
>
> that way, authby file would trigger return to user is accepted or rejected,
> and only continue onto authby sql if ignored.
>
> anyhow. to cut a long story short, it doesn't work... level 4 logs:
>
> Mon Apr 29 17:37:22 2002: DEBUG: Packet dump:
> *** Received from 210.15.210.5 port 36757
> Code: Access-Request
> Identifier: 51
> Authentic: 1234567890123456
> Attributes:
> User-Name = "trippinhard@adsl"
> Service-Type = Framed-User
> NAS-Identifier = "203.63.154.1"
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "{<231><133>!<20>i<226><252><253><141><209><190>^?<227> "
>
> Mon Apr 29 17:37:22 2002: DEBUG: Handling request with Handler 'Realm=adsl'
> Mon Apr 29 17:37:22 2002: DEBUG: Rewrote user name to trippinhard
> Mon Apr 29 17:37:22 2002: DEBUG: Deleting session for trippinhard@adsl,
> 203.63.154.1, 1234
> Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthGROUP
> Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthRADIUS
> Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthFILE:
> Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
> trippinhard
> Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE IGNORE: Ignored
> explicitly by Auth-Type=Ignore
>
> it never gets to the AuthBy SQL even though the AuthBy FILE ignores it...
>
> I've got this to work in the past, but in a very different manner (see
> the config file I posted earlier today).. this is quite messy, and i'd
> like to make it work this way. So If anyone can suggest how this can
> work... i'd love to hear from you :)
>
> Thanks
>
> Jeremy
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator - Double Authen
Hello Arthur - I am not sure I understand exactly what you want to do - what are you going to check the Calling-Station-Id against? regards Hugh On Mon, 29 Apr 2002 18:10, Arthur Ho wrote: > Hello, > My acend TNT need to check the called-station-id first, then change to > related profile. The authen process is firstly check the > calling-station-id and then check the user name and password and the unix > account. I did that at another radius as belows: - > > DEFAULTPassword="Ascend=CLID" > UseraccountAuthentication-Type=Unix-PW > > However I do not know how to do this on radiator. Thanks for any comment! > > Arthur -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) not appearing to be working...
Hello Jeremy -
You are correct - if you put a inside an object - you only get the
logging for that object.
It is generally preferable to use Identifiers for this sort of thing:
Identifer MyLogger
Filename .
Trace ...
Identifier MyAuthBy
.
Log MyLogger
.
AuthBy MyAuthBy
.
This makes it *much* easier to understand and maintain.
NB - the is defined inside an AuthBy GROUP so it does not become
another global logger.
TFAP (tricks for advanced players)
:-)
regards
Hugh
BTW - you can now use Radar with Radiator 3.0 to do much, much more than was
ever possible previously with traces and debugging.
http://www.open.com.au/radar
On Mon, 29 Apr 2002 17:18, Jeremy Burton wrote:
> Hi Hugh,
> If you look closely in the two files, one of them does indeed include
> all logging (the global logfile). The second one *only* contains the
> following line for each request:
>
> Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP
>
> and nothing more it is the details for the AuthGROUP that i am
> indeed after (which should be in here, given that the
> is contained within the and not any other
> stuff...)
> a little more probing has found that if I then go and put a FILE> into the I get that info.. so am i
> misinterpreting that the isn't inherited by the "children"
> authby's of an ?
>
> Thanks
>
> Jeremy
>
> On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote:
> > Hello Jeremy -
> >
> > There are a few things wrong with the configuration file, but you should
> > be getting two different logfiles:
> >
> > /etc/raddb/logfile.testing-normal
> >
> > and
> >
> > %D/logfile.testing-adsl
> >
> > where %D = /etc/raddb
> >
> > The first one should contain everything, and the second one should
> > contain a subset corresponding to the .
> >
> > I have just been testing this here and it works correctly with the
> > configuration file that I will attach to this mail.
> >
> > BTW - here is the ls -l log*:
> >
> > ls -l log*
> > -rw-r--r--1 root root14994 Apr 29 16:32 logfile
> > -rw-r--r--1 root root 195 Apr 29 16:31
> > logfile.testing-adsl
> >
> >
> > regards
> >
> > Hugh
> >
> > On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote:
> > > Hi All,
> > > I've just upgraded from Radiator 2.17.1 to Radiator 3.0.
> > > I am trying to log different parts of the config to different log
> > > files, and am having no luck at all - everything just ends up in the
> > > global logfile. Attached is my config file - this isn't actually my
> > > main config file, but a smaller one which replicates the problem. Also
> > > I'll attach the default entries for the users.dialup and users.adsl...
> > > Basically, anyone know why I'm only getting one log file, not two, as i
> > > would expect from the additional directive?
> > >
> > > radius.cfg:
> > >
> > > # $Revision: 1.7 $
> > > # $Date: 2001/06/28 08:31:35 $
> > > #
> > > #Foreground
> > > #LogStdout
> > > Trace 3
> > >
> > > # NOTE: Anywhere that
> > > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS',
> > > '5550');} # appears is so that eXtremes can log onto analogue
> > > equipment..
> > >
> > > PidFile /etc/raddb/radiusd.testing.pid
> > > AuthPort 1645
> > > AcctPort 1646
> > > LogDir/var/radacct
> > > LogFile /etc/raddb/logfile.testing-normal
> > > DbDir /etc/raddb
> > > DictionaryFile/etc/raddb/dictionary.ascend
> > >
> > >
> > > FramedGroupBaseAddress 10.200.0.0
> > > Secret X
> > > DupInterval 10
> > >
> > >
> > >
> > > # You can group multiple AuthBy methods with AuthBy GROUP
> > >
> > > Identifier AdslSystem
> > > AuthByPolicy ContinueWhileAccept
> > >
> > > # AuthSelect with empty string means dont do auth
> > > AuthSelect SELECT password, radius.check_items_new('%n',
>'%N',
> > > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM
> > > SA.Clients, sa.adsl where username = '%n' and adsl.userid =
> > > clients.userid AuthColumnDef 0, User-Password, check
> > > AuthColumnDef 1, GENERIC, check
> > > AuthColumnDef 2, GENERIC, reply
> > > DBSourcedbi:Oracle:SOME_SID
> > > DBUsername SOME_USER
> > > DBAuth SOME_PASS
> > > AccountingTable
> > > Timeout 1
> > > FailureBackoffTime300
> > >
> > >
> > >
> > >
> > >
> > > # You can group multiple AuthBy methods with AuthBy GROUP
> > >
> > > Identifier System
> > > AuthByPolicy ContinueWhileAccept
> > >
> > > UseGetspnam
> > >
> > >
> > > # AuthSelect with empty strin
(RADIATOR) Radiator - Double Authen
Hello, My acend TNT need to check the called-station-id first, then change to related profile. The authen process is firstly check the calling-station-id and then check the user name and password and the unix account. I did that at another radius as belows: - DEFAULT Password="Ascend=CLID" Useraccount Authentication-Type=Unix-PW However I do not know how to do this on radiator. Thanks for any comment! Arthur
(RADIATOR) more confusion ;-)
Ok, more confusing stuff from me :)
I have modified my config from before, in an attemp to make it neater..
Basically, the just is this:
3 AuthBys in a group.
1. Bounce the Accounting off to a different radius server. So ignore auth
(which with the NoForwardAuthentication flag set, will by default accept).
2. Check in a file using an . 3 scenarios:
i) If the user is found in the file, and check items match, just accept.
ii) If the user is found in the file, and the check items don't match, just
reject.
iii) If the user is not found in the file, then proceed to the next AuthBy.
3. Use an to query the database for the user's data.
The way I figured this would work is as follows:
AuthByPolicy ContinueWhileAccept
NoForwardAuthentication
Host somehost
Secret
AuthByPolicy ContinueWhileIgnore
NoDefaultIfFound
Filename %D/users.adsl
AuthByPolicy ContinueWhileAccept
...
and having
DEFAULT Auth-Type=Ignore
in my users.adsl ...
that way, authby file would trigger return to user is accepted or rejected,
and only continue onto authby sql if ignored.
anyhow. to cut a long story short, it doesn't work... level 4 logs:
Mon Apr 29 17:37:22 2002: DEBUG: Packet dump:
*** Received from 210.15.210.5 port 36757
Code: Access-Request
Identifier: 51
Authentic: 1234567890123456
Attributes:
User-Name = "trippinhard@adsl"
Service-Type = Framed-User
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"{<231><133>!<20>i<226><252><253><141><209><190>^?<227> "
Mon Apr 29 17:37:22 2002: DEBUG: Handling request with Handler 'Realm=adsl'
Mon Apr 29 17:37:22 2002: DEBUG: Rewrote user name to trippinhard
Mon Apr 29 17:37:22 2002: DEBUG: Deleting session for trippinhard@adsl,
203.63.154.1, 1234
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthGROUP
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthRADIUS
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
trippinhard
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE IGNORE: Ignored explicitly by
Auth-Type=Ignore
it never gets to the AuthBy SQL even though the AuthBy FILE ignores it...
I've got this to work in the past, but in a very different manner (see
the config file I posted earlier today).. this is quite messy, and i'd
like to make it work this way. So If anyone can suggest how this can
work... i'd love to hear from you :)
Thanks
Jeremy
--
Jeremy Burton
Database Administrator, Netspace Online Systems
[EMAIL PROTECTED]
[EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) not appearing to be working...
Hi Hugh,
If you look closely in the two files, one of them does indeed include
all logging (the global logfile). The second one *only* contains the
following line for each request:
Mon Apr 29 17:10:32 2002: DEBUG: Handling with Radius::AuthGROUP
and nothing more it is the details for the AuthGROUP that i am
indeed after (which should be in here, given that the
is contained within the and not any other
stuff...)
a little more probing has found that if I then go and put a
into the I get that info.. so am i misinterpreting
that the isn't inherited by the "children" authby's of an
?
Thanks
Jeremy
On Mon, Apr 29, 2002 at 04:37:01PM +1000, Hugh Irvine wrote:
>
> Hello Jeremy -
>
> There are a few things wrong with the configuration file, but you should be
> getting two different logfiles:
>
> /etc/raddb/logfile.testing-normal
>
> and
>
> %D/logfile.testing-adsl
>
> where %D = /etc/raddb
>
> The first one should contain everything, and the second one should contain a
> subset corresponding to the .
>
> I have just been testing this here and it works correctly with the
> configuration file that I will attach to this mail.
>
> BTW - here is the ls -l log*:
>
> ls -l log*
> -rw-r--r--1 root root14994 Apr 29 16:32 logfile
> -rw-r--r--1 root root 195 Apr 29 16:31 logfile.testing-adsl
>
>
> regards
>
> Hugh
>
>
> On Mon, 29 Apr 2002 15:59, Jeremy Burton wrote:
> > Hi All,
> > I've just upgraded from Radiator 2.17.1 to Radiator 3.0.
> > I am trying to log different parts of the config to different log files,
> > and am having no luck at all - everything just ends up in the global
> > logfile. Attached is my config file - this isn't actually my main config
> > file, but a smaller one which replicates the problem. Also I'll attach the
> > default entries for the users.dialup and users.adsl... Basically, anyone
> > know why I'm only getting one log file, not two, as i would expect from
> > the additional directive?
> >
> > radius.cfg:
> >
> > # $Revision: 1.7 $
> > # $Date: 2001/06/28 08:31:35 $
> > #
> > #Foreground
> > #LogStdout
> > Trace 3
> >
> > # NOTE: Anywhere that
> > # PreHandlerHook sub { ${$_[0]}->add_attr('Client-Port-DNIS', '5550');}
> > # appears is so that eXtremes can log onto analogue equipment..
> >
> > PidFile /etc/raddb/radiusd.testing.pid
> > AuthPort1645
> > AcctPort1646
> > LogDir /var/radacct
> > LogFile /etc/raddb/logfile.testing-normal
> > DbDir /etc/raddb
> > DictionaryFile /etc/raddb/dictionary.ascend
> >
> >
> > FramedGroupBaseAddress 10.200.0.0
> > Secret X
> > DupInterval 10
> >
> >
> >
> > # You can group multiple AuthBy methods with AuthBy GROUP
> >
> > Identifier AdslSystem
> > AuthByPolicy ContinueWhileAccept
> >
> > # AuthSelect with empty string means dont do auth
> > AuthSelect SELECT password, radius.check_items_new('%n',
>'%N',
> > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM SA.Clients,
> > sa.adsl where username = '%n' and adsl.userid = clients.userid
> > AuthColumnDef 0, User-Password, check
> > AuthColumnDef 1, GENERIC, check
> > AuthColumnDef 2, GENERIC, reply
> > DBSourcedbi:Oracle:SOME_SID
> > DBUsername SOME_USER
> > DBAuth SOME_PASS
> > AccountingTable
> > Timeout 1
> > FailureBackoffTime 300
> >
> >
> >
> >
> >
> > # You can group multiple AuthBy methods with AuthBy GROUP
> >
> > Identifier System
> > AuthByPolicy ContinueWhileAccept
> >
> > UseGetspnam
> >
> >
> > # AuthSelect with empty string means dont do auth
> > AuthSelect SELECT radius.check_items_new('%n', '%N',
> > '%{Client-Port-DNIS}'), radius.reply_items_new('%n', '%N') FROM SA.Clients
> > where username = '%n' AuthColumnDef 0, GENERIC, check
> > AuthColumnDef 1, GENERIC, reply
> > DBSourcedbi:Oracle:SOME_SID
> > DBUsername SOME_USER
> > DBAuth SOME_PASS
> > AccountingTable
> > Timeout 1
> > FailureBackoffTime 300
> >
> >
> >
> >
> >
> > RejectHasReason
> > RewriteUsername s/\@adsl//
> > AcctLogFileName %L/adsl/%C/%v%f-%i-%H
> > PasswordLogFileName /etc/raddb/password.adsl
> >
> > AuthByPolicy ContinueWhileAccept
> >
> > Trace 3
> > Filename %D/logfile.testing-adsl
> >
> >
> >
