RE: (RADIATOR) redirecting webpage
Hi, The FAQ item describes how you do it with a fake DNS, and that's what Shaun wants to avoid. It sounds to me as if you have a signup page for new users? If that's the case, you might solve the problem by having a a different IP address pool for this purpose, and config your firewall/routers to only allow access to the signup host. You could probably catch any http request and redirect it to the signup, otherwise you need to tell the users what URL they must use. In the case that you want regular users to go via some portal, you might want to consider this first: http://www.lfdomain.com/prgConnectionKeeperWin.php A very user-friendly tool to improve connecting time ;-) /Ingvar > -Original Message- > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Sent: den 25 juli 2002 02:32 > To: Shaun; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) redirecting webpage > > > > Hello Shaun - > > There is a FAQ item on this topic: > > http://www.open.com.au/radiator/faq.html#108 > > regards > > Hugh > > > On Wed, 24 Jul 2002 11:46, Shaun wrote: > > Hi, > > > > Could someone tell me how i could redirect users that login > using a certain > > username to be redirected to a signup page? I'm connecting > to a cisco5300 > > router and am trying to let radiator send a specific DNS > entry to it rather > > than using the ones specified in the Windows dialer. It > seems as though if > > you already have a Primary and Sec. DNS in your DUN then it > prefers this . > > Could anyone tell me how i could override this feature and > force them to > > use the bogous DNS server i modified that'll redirect them > to the page? > > > > > > Thanks in Advance > > Shaun > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Major Bug in radiator patches
Hello Achint -
What version of Radiator are you running?
What you show below is not in Radiator 3.1.
regards
Hugh
On Wed, 24 Jul 2002 16:22, Achint Saxena wrote:
> Just a quick note, in case no one has discovered this yet. In Rdict.pm,
> $vendor is redefined as a local variable, which causes incorrect vendor
> attribute and value mapping.
>
> > error
> sub valNumToName
> {
> my ($self, $attrnum, $valnum, $vendor) = @_;
>
> my $vendor += 0;
> .
> .
> }
>
> < fix
> sub valNumToName
> {
> my ($self, $attrnum, $valnum, $vendor) = @_;
>
> $vendor += 0;
> .
> .
> }
>
> Cheers.
>
> Achint.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Maximun sessions
Hello Shaun -
There are two problems in what you show below.
The first is that MaxSessions will override any other simultaneous use
checking, and the second is that Simultaneous-Use is a check item.
See below.
regards
Hugh
Foreground
LogStdout
Trace 4
PidFile /tmp/radiusd.pid
LogDir .
DbDir .
LogFile %L/logfile
DictionaryFile %D/dictionary
Secret ***
Secret *
#DupInterval 0
AcctLogFileName %L/detail
WtmpFileName %L/wtmp
PasswordLogFileName %L/password.log
RejectHasReason
AuthByPolicyContinueUntilAccept
Identifier SQL
DefaultSimultaneousUse 1
DBSourcedbi:Informix:tis
DBUsername informix
DBAuth l1gaw01
AuthSelect select password, balancetime from subscribers where
(
username='%n' and balancetime > 0)
AuthColumnDef 0,Password,check
AuthColumnDef 1,Session-Timeout,reply
AddToReply Service-Type = Framed-User,Framed-Protocol =
PPP
AcctSQLStatement update subscribers set
balancetime=balancetime-0%{Acct-
Session-Time} where username='%n'
Identifier File
DefaultSimultaneousUse 1
Filename./users
prepaid Password = "prepaid", Simultaneous-Use = 2
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP,
Session-Timeout = 300,
Primary-DNS-Server = 206.27.238.61,
Secondary-DNS-Server = 206.27.238.61,
Client-Assign-DNS = Yes,
cisco-avpair = "ip:dns-servers=206.27.238.61 206.27.238.61"
On Wed, 24 Jul 2002 11:04, Shaun wrote:
> Hello,
>
> I'm using radiator for prepaid and post internet service. I have it set up
> so that for prepaid it grabs users from an informix database and
> substracts time and so forth. The problem that i'm having is that i only
> want users from this particular database to be able to log in only once.
> Post-paid users on the other hand authenticate from a flat users file an
> will have the privelege to be able to do multiple loggin sessions.I would
> like to know how to specify different "Maximum Sessions" for each. Here is
> an example of my config file
>
>
>
> # more radius.cfg
> Foreground
> LogStdout
> Trace 4
> PidFile /tmp/radiusd.pid
>
> LogDir .
> DbDir .
>
> LogFile %L/logfile
> DictionaryFile %D/dictionary
>
>
>
>
>
> Secret ***
>
>
>
> Secret *
>
>
> #DupInterval 0
>
>
>MaxSessions 1
> AcctLogFileName %L/detail
>
> WtmpFileName %L/wtmp
>
> PasswordLogFileName %L/password.log
>
> RejectHasReason
> AuthByPolicyContinueUntilAccept
>
>
> Identifier SQL
> DBSourcedbi:Informix:tis
> DBUsername informix
> DBAuth l1gaw01
>
> AuthSelect select password, balancetime from subscribers
> where ( username='%n' and balancetime > 0)
>
> AuthColumnDef 0,Password,check
> AuthColumnDef 1,Session-Timeout,reply
> AddToReply Service-Type = Framed-User,Framed-Protocol
> = PPP
>
> AcctSQLStatement update subscribers set
> balancetime=balancetime-0%{Acct- Session-Time} where username='%n'
>
>
>
>
> Identifier File
> Filename./users
>
>
>
>
>
>
>
>
> And here is an example of our users file:
>
> prepaid Password = "prepaid"
> Simultaneous-Use = 2,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.255,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP,
> Session-Timeout = 300,
> Primary-DNS-Server = 206.27.238.61,
> Secondary-DNS-Server = 206.27.238.61,
> Client-Assign-DNS = Yes,
> cisco-avpair = "ip:dns-servers=206.27.238.61 206.27.238.61"
>
> Could you tell me what i'm doing wrong?
>
>
>
> Regards
> Shaun Eck
> Belize Telecom Ltd
> Belize City, Belize
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) redirecting webpage
Hello Shaun - There is a FAQ item on this topic: http://www.open.com.au/radiator/faq.html#108 regards Hugh On Wed, 24 Jul 2002 11:46, Shaun wrote: > Hi, > > Could someone tell me how i could redirect users that login using a certain > username to be redirected to a signup page? I'm connecting to a cisco5300 > router and am trying to let radiator send a specific DNS entry to it rather > than using the ones specified in the Windows dialer. It seems as though if > you already have a Primary and Sec. DNS in your DUN then it prefers this . > Could anyone tell me how i could override this feature and force them to > use the bogous DNS server i modified that'll redirect them to the page? > > > Thanks in Advance > Shaun -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Timestamp attribute
Hello Miko -
The Timestamp attribute is an internal Radiator attribute that is the local
hosts time (in UNIX number of seconds since Jan 1, 1970).
The radius protocol itself has no notion of wall time - all times in radius
are delta times in number of seconds.
>From the Radiator 3.1 reference manual (search Timestamp):
The attribute Timestamp is always available for insertion, and is set to the
time the packet was received, adjusted by Acct-Delay-Time (if present), as an
integer number of seconds since Midnight Jan 1 1970 UTC. The Timestamp
atttribute is added by Radiator to all received Accounting requests, and is
set to the current time according to the host on which the Radiator is
running.
regards
Hugh
On Thu, 25 Jul 2002 04:19, [EMAIL PROTECTED] wrote:
> I have a question along the same lines,,, What is the Timestamp
> Attribute??? I could only find a Timestamp in the Tunneling
> attributes...
>
> Miko
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Kitabjian
> > Sent: Wednesday, July 24, 2002 10:03 AM
> > To: Viraj Alankar; [EMAIL PROTECTED]
> > Subject: RE: (RADIATOR) Timestamp attribute
> >
> >
> > Interesting question.
> >
> > The question for you is, what event do you want the stamp for?
> >
> > The Timestamp attribute indicates, I think, when the RADIUS
> > packet is actually sent by the NAS.
> >
> > The line at the top:
> >
> > Wed Jul 24 12:59:01 2002
> > Acct-Session-Id = "0002BAA0"
> > Framed-Protocol = PPP
> >
> > indicates when RADIATOR generated the record.
> >
> > Your 2nd Timestamp attribute might be when RADIATOR is acting
> > like a NAS and proxying the packet to the next RADIUS server.
> > In theory, that could be minutes or hours later.
> >
> > So, which of these events do you want to capture? You may
> > want to write a hook to throw out preexisting Timestamp
> > attributes before you proxy them over to the next RADIUS server...
> >
> > Dave
> >
> > :)
> > :
> > > -Original Message-
> > > From: Viraj Alankar [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, July 24, 2002 9:36 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: (RADIATOR) Timestamp attribute
> > >
> > >
> > > Hello,
> > >
> > > From what I can understand, the timestamp used in AuthSQL for
> > > accounting is the Timestamp attribute that is created in the
> > > request packet by the current time minus Acct-Delay-Time.
> > >
> > > However, when I have one Radiator proxying to another, the
> > > 2nd Radiator ends up with 2 Timestamp different attributes.
> > > It isn't clear to me which one will be used by the 2nd
> > > Radiator. I see get_attr in the code being called for this
> > > value but wouldn't this just return the first (incorrect)
> > > Timestamp value?
> > >
> > > Would it be better for me to depend on a database function
> > > for the timestamp? For example, with an insert statement similar to:
> > >
> > > ..., now() - 0%{Acct-Delay-Time}, ...
> > >
> > > Viraj.
> > > ===
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Timestamp attribute
Hello Dave, Hello Viraj -
The radius protocol itself has no notion of wall (clock) time - it only deals
with delta times in numbers of seconds. This being the case, there are
various "hacks" in use to get some idea of wall time.
In the case of Radiator, there is an internal Radiator attribute called
"Timestamp" added to each packet when it is received which contains the local
time on the host on which Radiator is running.
In addition, there are some other definitons for Timestamp, such as when using
GRIC roaming services, that add a "Timestamp" attribute to forwarded
requests.
As Dave says, the question really is "what time do you need?".
If it is the local time on the local host, then it is most useful to use the
Radiator "Timestamp", because it has already been corrected to deal with any
potential Acct-Delay-Time in the request. Again keep in mind that the radius
protocol is UDP based, and packets can and do go missing, therefore
accounting packets contain this mechanism to indicate how much of a delay
there was between the actual event occuring and the transmission of the
request.
regards
Hugh
On Thu, 25 Jul 2002 03:03, Dave Kitabjian wrote:
> Interesting question.
>
> The question for you is, what event do you want the stamp for?
>
> The Timestamp attribute indicates, I think, when the RADIUS packet is
> actually sent by the NAS.
>
> The line at the top:
>
> Wed Jul 24 12:59:01 2002
> Acct-Session-Id = "0002BAA0"
> Framed-Protocol = PPP
>
> indicates when RADIATOR generated the record.
>
> Your 2nd Timestamp attribute might be when RADIATOR is acting like a NAS
> and proxying the packet to the next RADIUS server. In theory, that could
> be minutes or hours later.
>
> So, which of these events do you want to capture? You may want to write
> a hook to throw out preexisting Timestamp attributes before you proxy
> them over to the next RADIUS server...
>
> Dave
>
> :)
> :
> > -Original Message-
> > From: Viraj Alankar [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 24, 2002 9:36 AM
> > To: [EMAIL PROTECTED]
> > Subject: (RADIATOR) Timestamp attribute
> >
> >
> > Hello,
> >
> > From what I can understand, the timestamp used in AuthSQL for
> > accounting is the Timestamp attribute that is created in the
> > request packet by the current time minus Acct-Delay-Time.
> >
> > However, when I have one Radiator proxying to another, the
> > 2nd Radiator ends up with 2 Timestamp different attributes.
> > It isn't clear to me which one will be used by the 2nd
> > Radiator. I see get_attr in the code being called for this
> > value but wouldn't this just return the first (incorrect)
> > Timestamp value?
> >
> > Would it be better for me to depend on a database function
> > for the timestamp? For example, with an insert statement similar to:
> >
> > ..., now() - 0%{Acct-Delay-Time}, ...
> >
> > Viraj.
> > ===
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Error in AuthLog
Hello Dave -
You are correct - go to the head of the class!
:-)
regards
Hugh
On Wed, 24 Jul 2002 22:48, Dave Kitabjian wrote:
> I might be confusing the issue, but I know that we often get a Reason =
> Proxied in our AuthLog.
>
> In our case, we have a ContinueWhileReject AuthByPolicy, and if the
> first AuthBy fails then the second one is an AuthBy RADIUS. So we were a
> little confused at first to see the "Proxied" in the AuthLog, rather
> than the the reason for the failure. But we assumed it was because it
> was failing over to an AuthBy RADIUS, and it hadn't failed completely
> yet...
>
> Dave
>
> > -Original Message-
> > From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, July 23, 2002 6:11 PM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: Re: (RADIATOR) Error in AuthLog
> >
> >
> >
> > Hello Miko -
> >
> > I am not sure what your question is - what exactly is the problem?
> >
> > regards
> >
> > Hugh
> >
> > On Wed, 24 Jul 2002 02:25, [EMAIL PROTECTED] wrote:
> > > New to the list,,, just curious about a strange possible config
> > > problem...
> > >
> > > It appears that when a proxy-user fails auth radiator adds
> > >
> > > "Reply-Message=Proxied"
> > >
> > > to the response packet, and thus this error gets logged in my
> > > authlog...
> > >
> > > I am using the following as my FailureQuery:
> > >
> > > INSERT INTO RADAUTHLOG_%{GlobalVar:nwk} (USERNAME, REALM,
> >
> > TIME_STAMP,
> >
> > > NASID, CALLEDID, CALLINGID, REASON) VALUES ('%u', '%R', '%m/%d/%Y
> > > %H:%M:%S', '%c', '%{Called-Station-Id}',
> >
> > '%{Calling-Station-Id}', %1)
> >
> > > Any thoughts or ideas would be most helpful...
> > >
> > > -Miko
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on [EMAIL PROTECTED]
> > > To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe
> > > radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS
> > server anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> > NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical,
> > extensible, flexible with hardware, software, platform and
> > database independence. === Archive at
> > http://www.open.com.au/archives/radiator/
> > Announcements on
> > [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ascend Session-Timeout includes PreSession time?
Hello Viraj - Unless someone else on the list happens to know, these are really questions for Ascend, although I am sure everyone here would like to know the answers when you find them. Of course you could always do some experiments to see what really happens, as that may be different to what Ascend tell you in any case. :-) regards Hugh On Wed, 24 Jul 2002 23:39, Viraj Alankar wrote: > Hello, > > We have Ascend RASes and I was wondering if anyone with these devices can > clarify something for me. > > If I send a Session-Timeout value in my access accept, does this value > include the time it takes for the modem to train and the user to > authenticate, or is the timer started after authentication is successful? > > Related to this, does the Acct-Session-Time in accounting include that > pre-authentication time as well? > > Thanks, > > Viraj. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple Line Caller ID feature
Hello Amit - Yes it is possible to do what you describe, but I need to know what type of authentication you are using. If you send me a copy of your configuration file (no secrets) I will take a look. If you are using a flat file, you would do something like this: # flat file for users someuser Password = x, Calling-Station-Id = .. .. # can also use regular expressions anotheruser Password = yy, Calling-Station-Id = /./ .. regards Hugh On Wed, 24 Jul 2002 17:37, Subscirptions wrote: > Dear Friends, > > Hello. > > We are a cable internet service provider. > > My problem is that I am using a PPPOE server for which authentication and > accounting is done with Radiator. Can I set in Radiator to authenticate on > basis of CALLER ID ( ie hardware [MAC address] address of ethernet card ), > USERNAME and PASSWORD. While right now we are using only 2 parameter for > authentication USERNAME and PASSWORD. > > If it is possible, than is it also possible to assign multiple caller ID > station. As i have few customer who got SImultaneous-Use >1, in such case > MAC address of all the possible stations is suppose to be provided. > > > If someone can help that would be so nice, > > > Regards, > > Amit Gupta > > Network Administrator, > Kappa Infotech Private Ltd., Kota > INDIA > > www.kappa.net.in -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Storing copies of proxied accounting packets
Hello Robert -
I don't recommend mixing Realms and Handlers in the same configuration file,
so Realms should be converted to Handlers, and your configuration would then
look something like this:
# convert Realm foo.bar to Handler
AuthByPolicy ContinueAlways
# AuthBy SQL to store local accounting
# *MUST* appear first
DBSource ...
DBUsername ...
DBAuth
# disable authentication
AuthSelect
# configure accounting
AccountingTable
AcctColumnDef .
..
# AuthBy RADIUS clause to forward requests
# *MUST* appear last
.
..
Have a look at section 6.28 in the Radiator 3.1 reference manual.
("doc/ref.html").
Also note that this topic (and many others) has been discussed on the mailing
list many times already, so you should also check the archive site:
http://www.open.com.au/archives/radiator
regards
Hugh
On Thu, 25 Jul 2002 08:24, Robert G. Fisher wrote:
> I'm using AuthEMERALD within two handlers to deal with
> specific situations. However, before my Handler defs, I
> also have one REALM clause in which I am proxying the
> authentication and accounting data to a remote server.
>
> What I'd like to be able to do is to continue to relay
> these packets to the remote server, but at least on the
> Accounting packets to also retain a local copy. Is there
> any way I can do this? I should mention I need for these
> to be logged to a database, so utilizing a key word that
> logs to a detail file is not what I'm looking for.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Are you tired of working and getting Nowhere?
All our mailings are sent complying to the proposed H.R. 3113 Unsolicited Commercial Electronic Mail Act of 2000. Please see the bottom of this message for further information and removal instructions. PARENTS OF 15 - YEAR OLD - FIND $71,000 CASH HIDDEN IN HIS CLOSET! Does this headline look familiar? Of course it does. You most likely have just seen this story recently featured on a major nightly news program (USA). And reported elsewhere in the world (including my neck of the woods New Zealand). His mother was cleaning and putting laundry away when she came across a large brown paper bag that was suspiciously buried beneath some clothes and a skateboard in the back of her 15-year-old sons closet. Nothing could have prepared her for the shock she got when she opened the bag and found it was full of cash. Five-dollar bills, twenties, fifties and hundreds - all neatly rubber-banded in labelled piles. "My first thought was that he had robbed a bank", says the 41-year-old woman, "There was over $71,000 dollars in that bag -- that's more than my husband earns in a year". The woman immediately called her husband at the car-dealership where he worked to tell him what she had discovered.He came home right away and they drove together to the boys school and picked him up. Little did they suspect that where the money came from was more shocking than actually finding it in the closet. As it turns out, the boy had been sending out, via E-mail, a type of "Report" to E-mail addresses that he obtained off the Internet. Everyday after school for the past 2 months, he had been doing this right on his computer in his bedroom. "I just got the E-mail one day and I figured what the heck, I put my name on it like the instructions said and I started sending it out", says the clever 15-year-old. The E-mail letter listed 5 addresses and contained instructions to send one $5 dollar bill to each person on the list, then delete the address at the top and move the others addresses Down , and finally to add your name to the top of the list. The letter goes on to state that you would receive several thousand dollars in five-dollar bills within 2 weeks if you sent out the letter with your name at the top of the 5-address list. "I get junk E-mail all the time, and really did not think it was going to work", the boy continues. Within the first few days of sending out the E-mail, the Post Office Box that his parents had gotten him for his video-game magazine subscriptions began to fill up with not magazines, but envelopes containing $5 bills. "About a week later I rode [my bike] down to the post office and my box had 1 magazine and about 300 envelops stuffed in it. There was also a yellow slip that said I had to go up to the [post office] counter. I thought I was in trouble or something (laughs)". He goes on, "I went up to the counter and they had a whole box of more mail for me. I had to ride back home and empty out my backpack because I could not carry it all". Over the next few weeks, the boy continued sending out the E-mail."The money just kept coming in and I just kept sorting it and stashing it in the closet, barely had time for my homework".He had also been riding his bike to several of the banks in his area and exchanging the $5 bills for twenties, fifties and hundreds. "I didn't want the banks to get suspicious so I kept riding to different banks with like five thousand at a time in my backpack. I would usually tell the lady at the bank counter that my dad had sent me in to exchange the money] and he was outside waiting for me.One time the lady gave me a really strange look and told me that she would not be able to do it for me and my dad would have to come in and do it, but I just rode to the next bank down the street (laughs)." Surprisingly, the boy did not have any reason to be afraid.The reporting news team examined and investigated the so-called "chain-letter" the boy was sending out and found that it was not a chain-letter at all.In fact, it was completely legal according to US Postal and Lottery Laws, Title 18, Section 1302 and 1341, or Title 18, Section 3005 in the US code, also in the code of federal regulations, Volume 16, Sections 255 and 436, which state a product or service must be exchanged for money received. Every five-dollar bill that he received contained a little note that read, "Please send me report number XYX".This simple note made the letter legal because he was exchanging a service (A Report on how-to) for a five-dollar fee. [This is the end of the media release. If you would like to understand how the system works and get your $71,000 - please continue reading. What appears below is what the 15 year old was sending out on the net - YOU CAN USE IT TOO - just follow the simple instructions]. + BE FINANCIALLY FREE LIKE OTHERS WITHIN A YEAR!!! Before you say "Bull", please read the following. This is
(RADIATOR) Storing copies of proxied accounting packets
I'm using AuthEMERALD within two handlers to deal with specific situations. However, before my Handler defs, I also have one REALM clause in which I am proxying the authentication and accounting data to a remote server. What I'd like to be able to do is to continue to relay these packets to the remote server, but at least on the Accounting packets to also retain a local copy. Is there any way I can do this? I should mention I need for these to be logged to a database, so utilizing a key word that logs to a detail file is not what I'm looking for. -- Robert G. Fisher Sitestar.net, Inc. System Engineer (276) 666-9533 x 116 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Timestamp attribute
I have a question along the same lines,,, What is the Timestamp
Attribute??? I could only find a Timestamp in the Tunneling
attributes...
Miko
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of Dave Kitabjian
> Sent: Wednesday, July 24, 2002 10:03 AM
> To: Viraj Alankar; [EMAIL PROTECTED]
> Subject: RE: (RADIATOR) Timestamp attribute
>
>
> Interesting question.
>
> The question for you is, what event do you want the stamp for?
>
> The Timestamp attribute indicates, I think, when the RADIUS
> packet is actually sent by the NAS.
>
> The line at the top:
>
> Wed Jul 24 12:59:01 2002
> Acct-Session-Id = "0002BAA0"
> Framed-Protocol = PPP
>
> indicates when RADIATOR generated the record.
>
> Your 2nd Timestamp attribute might be when RADIATOR is acting
> like a NAS and proxying the packet to the next RADIUS server.
> In theory, that could be minutes or hours later.
>
> So, which of these events do you want to capture? You may
> want to write a hook to throw out preexisting Timestamp
> attributes before you proxy them over to the next RADIUS server...
>
> Dave
> :)
>
> > -Original Message-
> > From: Viraj Alankar [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, July 24, 2002 9:36 AM
> > To: [EMAIL PROTECTED]
> > Subject: (RADIATOR) Timestamp attribute
> >
> >
> > Hello,
> >
> > From what I can understand, the timestamp used in AuthSQL for
> > accounting is the Timestamp attribute that is created in the
> > request packet by the current time minus Acct-Delay-Time.
> >
> > However, when I have one Radiator proxying to another, the
> > 2nd Radiator ends up with 2 Timestamp different attributes.
> > It isn't clear to me which one will be used by the 2nd
> > Radiator. I see get_attr in the code being called for this
> > value but wouldn't this just return the first (incorrect)
> > Timestamp value?
> >
> > Would it be better for me to depend on a database function
> > for the timestamp? For example, with an insert statement similar to:
> >
> > ..., now() - 0%{Acct-Delay-Time}, ...
> >
> > Viraj.
> > ===
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Timestamp attribute
Interesting question.
The question for you is, what event do you want the stamp for?
The Timestamp attribute indicates, I think, when the RADIUS packet is
actually sent by the NAS.
The line at the top:
Wed Jul 24 12:59:01 2002
Acct-Session-Id = "0002BAA0"
Framed-Protocol = PPP
indicates when RADIATOR generated the record.
Your 2nd Timestamp attribute might be when RADIATOR is acting like a NAS
and proxying the packet to the next RADIUS server. In theory, that could
be minutes or hours later.
So, which of these events do you want to capture? You may want to write
a hook to throw out preexisting Timestamp attributes before you proxy
them over to the next RADIUS server...
Dave
:)
> -Original Message-
> From: Viraj Alankar [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 24, 2002 9:36 AM
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) Timestamp attribute
>
>
> Hello,
>
> From what I can understand, the timestamp used in AuthSQL for
> accounting is the Timestamp attribute that is created in the
> request packet by the current time minus Acct-Delay-Time.
>
> However, when I have one Radiator proxying to another, the
> 2nd Radiator ends up with 2 Timestamp different attributes.
> It isn't clear to me which one will be used by the 2nd
> Radiator. I see get_attr in the code being called for this
> value but wouldn't this just return the first (incorrect)
> Timestamp value?
>
> Would it be better for me to depend on a database function
> for the timestamp? For example, with an insert statement similar to:
>
> ..., now() - 0%{Acct-Delay-Time}, ...
>
> Viraj.
> ===
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Ascend Session-Timeout includes PreSession time?
Hello, We have Ascend RASes and I was wondering if anyone with these devices can clarify something for me. If I send a Session-Timeout value in my access accept, does this value include the time it takes for the modem to train and the user to authenticate, or is the timer started after authentication is successful? Related to this, does the Acct-Session-Time in accounting include that pre-authentication time as well? Thanks, Viraj. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Timestamp attribute
Hello,
>From what I can understand, the timestamp used in AuthSQL for accounting is
the Timestamp attribute that is created in the request packet by the current
time minus Acct-Delay-Time.
However, when I have one Radiator proxying to another, the 2nd Radiator ends
up with 2 Timestamp different attributes. It isn't clear to me which one will
be used by the 2nd Radiator. I see get_attr in the code being called for this
value but wouldn't this just return the first (incorrect) Timestamp value?
Would it be better for me to depend on a database function for the timestamp?
For example, with an insert statement similar to:
..., now() - 0%{Acct-Delay-Time}, ...
Viraj.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Error in AuthLog
I might be confusing the issue, but I know that we often get a Reason =
Proxied in our AuthLog.
In our case, we have a ContinueWhileReject AuthByPolicy, and if the
first AuthBy fails then the second one is an AuthBy RADIUS. So we were a
little confused at first to see the "Proxied" in the AuthLog, rather
than the the reason for the failure. But we assumed it was because it
was failing over to an AuthBy RADIUS, and it hadn't failed completely
yet...
Dave
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, July 23, 2002 6:11 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Error in AuthLog
>
>
>
> Hello Miko -
>
> I am not sure what your question is - what exactly is the problem?
>
> regards
>
> Hugh
>
> On Wed, 24 Jul 2002 02:25, [EMAIL PROTECTED] wrote:
> > New to the list,,, just curious about a strange possible config
> > problem...
> >
> > It appears that when a proxy-user fails auth radiator adds
> >
> > "Reply-Message=Proxied"
> >
> > to the response packet, and thus this error gets logged in my
> > authlog...
> >
> > I am using the following as my FailureQuery:
> >
> > INSERT INTO RADAUTHLOG_%{GlobalVar:nwk} (USERNAME, REALM,
> TIME_STAMP,
> > NASID, CALLEDID, CALLINGID, REASON) VALUES ('%u', '%R', '%m/%d/%Y
> > %H:%M:%S', '%c', '%{Called-Station-Id}',
> '%{Calling-Station-Id}', %1)
> >
> >
> >
> > Any thoughts or ideas would be most helpful...
> >
> > -Miko
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe
> > radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server anywhere. Available on *NIX, *BSD, Windows 95/98/2000,
> NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical,
> extensible, flexible with hardware, software, platform and
> database independence. === Archive at
> http://www.open.com.au/archives/radiator/
> Announcements on
> [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Multiple Line Caller ID feature
Dear Friends, Hello. We are a cable internet service provider. My problem is that I am using a PPPOE server for which authentication and accounting is done with Radiator. Can I set in Radiator to authenticate on basis of CALLER ID ( ie hardware [MAC address] address of ethernet card ), USERNAME and PASSWORD. While right now we are using only 2 parameter for authentication USERNAME and PASSWORD. If it is possible, than is it also possible to assign multiple caller ID station. As i have few customer who got SImultaneous-Use >1, in such case MAC address of all the possible stations is suppose to be provided. If someone can help that would be so nice, Regards, Amit Gupta Network Administrator, Kappa Infotech Private Ltd., Kota INDIA www.kappa.net.in
(RADIATOR) startup radiusd via ssh
Hi I am currently trying to seek a way to start up radiusd via ssh but I have got following errors while I was executing start up script for radiusd. # ssh [EMAIL PROTECTED] perl /usr/local/bin/radiusd -config_file xxx.cfg : (snip) Bad address family for Socket::unpack_sockaddr_in, got 1, should be 2 at /usr/local/bin/radiusd line 317. For you info, I have no problem starting up without ssh connection. Is there a way to workaround? Kind regards, Kenya Noshiro === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
