(RADIATOR) hardware specs
Hello, Can I ask if a Sun Netra T1 server with 512 memory sufficient for large installation using radiator? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) getting user information running AuthBy Test
Basicly I want to use AuthBy SQL using the MySql Db that I created using
the .sql file in the goodies dir if the username isn't there I want it
to be created with the password they used, thus creating their record so
then next time they log on it will be challenged. I'm not sure where I
was going with authby Test (long day)
Zack
Hello Zack -
I am not quite sure what you mean below, could you give me a few more
details on what you want to do with the AuthBy TEST?
For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted
password. Other forms of encryption are supported with prefixes as
described in sections 13.1.1 and 13.1.2 in the Radiator reference manual
("doc/ref.html").
regards
Hugh
On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote:
> I'm currently using a windows2000 IAS server for our radius, but am
> Going to be using radiator soon.. I know I can have Radiator
> authenticate Using AuthBy ADSI to my domain controler, But I want to
> move this to a MySQL db for authentication. Because Win2000 does not
> allow passwords to be exported, I would like to use AuthBy Test and
have
> the user records automatically created. How can this be done? I also
> have another question, How are the ENCRYPTEDPASSWORD field in the
MySQL
> Db created? I'm a new user to radiator so please bear with me.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hello Tunde -
As always, the only way I can see what is going on is by looking at the configuration file and the trace 4 debug.
regards
Hugh
On Thursday, August 15, 2002, at 06:14 AM, Ayotunde Itayemi wrote:
Hi Hugh,
Thanks for the replies. I noticed a curious thing though I am not sure of exactly when it happened.
I changed one of the IP address pools defined in my to the same name
as the identifier for a NAS. Below is the DYNAADDRESS clause I used for the Handler for the NAS.
The thing is that I suddenly noticed tonight that the Acct-Session-Id column for all the online users
are blank (from the radwho.cgi)?
Any idea what is wrong?
It's 9.15 P.M. here and I am getting out :-) Talk to you later
Regards,
Tunde I.
Identifier pattonIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
# PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
Re: (RADIATOR) getting user information running AuthBy Test
Hello Zack -
I am not quite sure what you mean below, could you give me a few more
details on what you want to do with the AuthBy TEST?
For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted
password. Other forms of encryption are supported with prefixes as
described in sections 13.1.1 and 13.1.2 in the Radiator reference manual
("doc/ref.html").
regards
Hugh
On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote:
> I'm currently using a windows2000 IAS server for our radius, but am
> Going to be using radiator soon.. I know I can have Radiator
> authenticate Using AuthBy ADSI to my domain controler, But I want to
> move this to a MySQL db for authentication. Because Win2000 does not
> allow passwords to be exported, I would like to use AuthBy Test and have
> the user records automatically created. How can this be done? I also
> have another question, How are the ENCRYPTEDPASSWORD field in the MySQL
> Db created? I'm a new user to radiator so please bear with me.
>
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hello Claudio - You cannot use regular expressions in SQL queries, but SQL itself is designed with pattern matching capabilities. regards Hugh On Thursday, August 15, 2002, at 06:05 AM, Claudio Lapidus wrote: > Hello Hugh, > > Lurking over this thread, I see that you define how to handle a partial > ANI number match: > >> For your first point, you could also use something like this: >> >> > =/^080[234]/> >> > > We have a similar situation here, but we need to discriminate _pairs_ > of Called-Station-Id plus the first few digits of Calling-Station-Id. I > can figure out the way to this with handlers, but the number of > permutations is huge, so I would prefer to store them in SQL and go > with SQLRADIUS. > > Can I embed regular expressions to be used as selection criteria in an > SQL query? > > regards, > cl. > > > _ > Join the worldís largest e-mail service with MSN Hotmail. > http://www.hotmail.com > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh,
Thanks for the replies. I noticed a curious thing
though I am not sure of exactly when it happened.
I changed one of the IP address pools defined in my
to the same name
as the identifier for a NAS. Below is the
DYNAADDRESS clause I used for the Handler for the NAS.
The thing is that I suddenly noticed tonight that
the Acct-Session-Id column for all the
online users
are blank (from the radwho.cgi)?
Any idea what is wrong?
It's 9.15 P.M. here and I am getting out :-) Talk
to you later
Regards,
Tunde I.
Identifier
pattonIPADDRESSauth Allocator
mySQLallocator
PoolHint
%{Client:Identifier}
#
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr,
Framed-IP-Address
MapAttribute subnetmask,
Framed-IP-Netmask StripFromReply
PoolHint DefaultSimultaneousUse
1
- Original Message -
From:
Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 6:04
PM
Subject: (RADIATOR) Re: Multiple
Calling-Station-Id
Hello Tunde -No - you can only have a single PoolHint -
why do you want more?For your second question, you would do something
like this:# deal with the
requests..# reject calls to other NAS'sDefaultResult
REJECT..regardsHughOn
Thursday, August 15, 2002, at 02:50 AM, Ayotunde Itayemi wrote:
Hi Hugh, I
assume I can have multiple PoolHint
%{Client:Identifier} in a single clause?Secondly, how do I restrict
the special NAS to ONLY answer requests from clients with the mobile phone
addressesI
have mentioned?I
thought of using but what stops the client from dialing
into some ofmy other
NASes? Is there some way to negate the HANDLER attributes? Something like: Regards,Tunde
I. - Original Message
-From: Hugh
IrvineTo: Ayotunde
ItayemiCc:
[EMAIL PROTECTED]Sent:
Wednesday, August 14, 2002 12:36 PMSubject: Re: Multiple
Calling-Station-IdHello Tunde -For your second point, you
would do something like this:# define Clients with
IdentifiersIdentifier
PoolTag.# define AuthBy
DYNADDRESSIdentifier
AllocateIPAddressPoolHint
%{Client:Identifier}For
your first point, you could also use something like this:The above says "080" at the start of the string,
followed by 2 or 3 or 4, followed by anything.As always, you should
test such Handlers and regular expressions
thoroughly.regardsHughOn Wednesday, August 14,
2002, at 07:31 PM, Ayotunde Itayemi wrote:Hi All, I
have a similar problem to Micheal's (see inquiry)If my understanding is
correct, that user cannot connect under any circumstanceto any other NAS
on the network?I require a little more flexibility in that the user
should ONLY be restricted to a particularNAS if he uses a special (GSM)
number. The numbers are of the form 0802xxx OR0803xxx OR
0804xxx (where xxx is any sequence of 7
digits) I was thinking of a special HANDLER
clause for them.I guess I would need something
like Would this
work? Also, how can I associate a pool of IPs with a particular
NAS. The purpose is to allow me toleave out the poolhint attribute from
the record of each user in my database. This shouldallow the allocation
of IPs based on the NAS rather than the
user. Regards,Tunde
Itayemi.--Radiator: the most portable, flexible and configurable
RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
MacOS X.-Nets: internetwork inventory and management - graphical,
extensible,flexible with hardware, software, platform and database
independence.-- Radiator: the most portable,
flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD,
Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and
management - graphical, extensible,flexible with hardware, software,
platform and database independence.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hello Hugh, Lurking over this thread, I see that you define how to handle a partial ANI number match: >For your first point, you could also use something like this: > > > We have a similar situation here, but we need to discriminate _pairs_ of Called-Station-Id plus the first few digits of Calling-Station-Id. I can figure out the way to this with handlers, but the number of permutations is huge, so I would prefer to store them in SQL and go with SQLRADIUS. Can I embed regular expressions to be used as selection criteria in an SQL query? regards, cl. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) getting user information running AuthBy Test
I'm currently using a windows2000 IAS server for our radius, but am Going to be using radiator soon.. I know I can have Radiator authenticate Using AuthBy ADSI to my domain controler, But I want to move this to a MySQL db for authentication. Because Win2000 does not allow passwords to be exported, I would like to use AuthBy Test and have the user records automatically created. How can this be done? I also have another question, How are the ENCRYPTEDPASSWORD field in the MySQL Db created? I'm a new user to radiator so please bear with me. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Multiple Calling-Station-Id
Hello Tunde -
No - you can only have a single PoolHint - why do you want more?
For your second question, you would do something like this:
# deal with the requests
..
# reject calls to other NAS's
DefaultResult REJECT
..
regards
Hugh
On Thursday, August 15, 2002, at 02:50 AM, Ayotunde Itayemi wrote:
Hi Hugh,
I assume I can have multiple PoolHint %{Client:Identifier} in a single clause?
Secondly, how do I restrict the special NAS to ONLY answer requests from clients with the mobile phone addresses
I have mentioned?
I thought of using but what stops the client from dialing into some of
my other NASes? Is there some way to negate the HANDLER attributes? Something like:
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 12:36 PM
Subject: Re: Multiple Calling-Station-Id
Hello Tunde -
For your second point, you would do something like this:
# define Clients with Identifiers
Identifier PoolTag
.
# define AuthBy DYNADDRESS
Identifier AllocateIPAddress
PoolHint %{Client:Identifier}
.
...
For your first point, you could also use something like this:
The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything.
As always, you should test such Handlers and regular expressions thoroughly.
regards
Hugh
On Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote:
Hi All,
I have a similar problem to Micheal's (see inquiry)
If my understanding is correct, that user cannot connect under any circumstance
to any other NAS on the network?
I require a little more flexibility in that the user should ONLY be restricted to a particular
NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR
0803xxx OR 0804xxx (where xxx is any sequence of 7 digits)
I was thinking of a special HANDLER clause for them.
I guess I would need something like
Would this work?
Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to
leave out the poolhint attribute from the record of each user in my database. This should
allow the allocation of IPs based on the NAS rather than the user.
Regards,
Tunde Itayemi.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
(RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh,
I assume I can have multiple PoolHint
%{Client:Identifier} in a single clause?
Secondly, how do I restrict the special NAS to ONLY
answer requests from clients with the mobile phone addresses
I have mentioned?
I thought of using but what stops
the client from dialing into some of
my other NASes?
Is there some way to negate the HANDLER attributes? Something
like:
Regards,
Tunde I.
- Original Message -
From:
Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 12:36
PM
Subject: Re: Multiple
Calling-Station-Id
Hello Tunde -For your
second point, you would do something like this:# define Clients with
IdentifiersIdentifier
PoolTag.# define AuthBy
DYNADDRESSIdentifier
AllocateIPAddressPoolHint
%{Client:Identifier}For
your first point, you could also use something like this:The
above says "080" at the start of the string, followed by 2 or 3 or 4, followed
by anything.As always, you should test such Handlers and regular
expressions thoroughly.regardsHughOn Wednesday,
August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote:
Hi All, I
have a similar problem to Micheal's (see
inquiry)If
my understanding is correct, that user cannot connect under any circumstanceto
any other NAS on the network?I
require a little more flexibility in that the user should ONLY be restricted
to a particularNAS
if he uses a special (GSM) number. The numbers are of the form 0802xxx
OR0803xxx
OR 0804xxx (where xxx is any sequence of 7 digits) I
was thinking of a special HANDLER clause for them. I guess I
would need something like Client-Identifier
=
specialNAS, Calling-Station-Id=/0802xxx|0803xxx|0804xxx/
> Would
this work? Also,
how can I associate a pool of IPs with a particular NAS. The purpose is to
allow me toleave
out the poolhint attribute from the record of each user in my database. This
shouldallow
the allocation of IPs based on the NAS rather than the user. Regards,Tunde
Itayemi.-- Radiator: the
most portable, flexible and configurable RADIUS serveranywhere. Available
on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork
inventory and management - graphical, extensible,flexible with hardware,
software, platform and database independence.
Re: (RADIATOR) Logging incorrect passwords with
Hello Nicolai -
Yes, you can use the %P special character to give you the decoded
password in the SuccessQuery and/or FailureQuery (you may need to
upgrade however - Radiator 3.1 is the latest release - and there are
also some patches).
regards
Hugh
On Wednesday, August 14, 2002, at 10:39 PM, Nicolai van der Smagt wrote:
> Hello,
>
> Recently I moved our authentication logging to Authlog SQL. In the old
> setup we had a PasswordLogFileName %L/ clause. When a user tried
> logging in with a bad password, the password that the user used was
> logged to the password logfile. This was nice because our users cannot
> change the passwords in their routers. We changed the password in the
> radius configuration, the router would come online, we changed the
> password in the router and the radius server back to the correct value
> -> problem solved.
> Is there a way to log the used password with Authlog SQL the way it
> worked with PasswordLogFileName?
>
> Radiator 2.19
>
>
> Identifier Radmin_authlog
> DBSource dbi:mysql:radmin
> DBUsername radmin
> DBAuth
> Table RADAUTHLOG
> SuccessQuery insert into RADAUTHLOG values ('%1','%t','%0','%n')
> FailureQuery insert into RADAUTHLOG values ('%1','%t','%0','%n')
> LogSuccess 1
>
>
> Regards,
> --
> Nicolai van der Smagt UNIX Support Engineer
> BBned NV. PO Box 692
> 2130 AR Hoofddorp phone +31 23 565
>
> http://www.vandersmagt.nl/pgp-public-key.txt
>
> Silence! Or I shall replace you with a very small shell script!
>- The Wizard of OS
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator AS a Proxy?
Hello Skeve, Hello Frank -
Frank is correct (thanks Frank) - you would do something like this:
# define AuthBy clauses
Identifier ForwardToProxy
Host .
Secret .
AllowInReply .
.
Identifier CheckUsersLocally
Filename %D/localusers
.
.
# define Realms
# set "remote.realm" to the target realm
AuthBy CheckUsersLocally
.
..
Then the file %D/localusers would look like this:
# only users defined here will be proxied
someuser Auth-Type = ForwardToProxy
anotheruser Auth-Type = ForwardToProxy
.
Have a look at section 6.29 in the Radiator 3.1 reference manual
("doc/ref.html").
If you have any other questions, please feel free to ask.
regards
Hugh
On Thursday, August 15, 2002, at 12:42 AM, Frank Danielson wrote:
> You could set up an AuthBy RADIUS clause to point to your customer's
> RADIUS
> server and then add and Auth-Type check item to those users in you users
> file to database to force them to authenticate using the AuthBy RADIUS.
> In
> the 2.19 manual section 13.1.6 explains the use of the Auth-Type check
> item.
> AuthBy RADIUS is also well documented in the manual and has been
> discussed
> in length on the mailing list.
>
> Frank Danielson
> [Infrastructure Architect]
>
> wireless: 407.467.7832
> wireline: 407.515.8633
>
> Data On Air
> 301 E. Pine St. Suite 450
> Orlando, Fl 32801
> http://www.dataonair.com
>
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 14, 2002 9:06 AM
> To: Skeeve Stevens
> Cc: [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Radiator AS a Proxy?
>
>
> On Wed, 14 Aug 2002, Skeeve Stevens wrote:
>
>> Is it possible to use Radiator as a Proxy Radius?
>>
>> We have a customer who wants to be able to authenticate their own
>> dialup
>> users... so they can keep control of the passwords.
>>
>> I am not completely against this, but would like to let them only
>> authenticate users that we have approved
>
> Radiator can do this, but in a typical proxy radius setup, you would
> have
> this customer's users dial in as [EMAIL PROTECTED] (whatever their
> domain is) and you would pass these requests on to their radius
> server(s).
> You can (and should) strip and add certain attributes to their radius
> replies...but I'm not sure how you would handle proxy radius and
> approving
> or denying access for certain users. If you want to do that, what's the
> point in proxying the authentication?
>
> --
> Jon Lewis *[EMAIL PROTECTED]*| I route
> System Administrator| therefore you are
> Atlantic Net|
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) enable mode on cisco equipment
Hello Francisco - I will need to see a copy of your configuration file (no secrets), together with a trace 4 debug from Radiator and a copy of your users file to be able to see what is going on. Something like this in your users file should work though: # users file entry for cisco login # Service-Type must be set to the same value as received in the request # you may also require additional reply attributes ciscouser Password = Service-Type = .. , . , cisco-avpair="shell-priv-lvl=15" regards Hugh On Thursday, August 15, 2002, at 01:05 AM, Francisco Arache wrote: hi all, I've been trying to configure radiator to give access to a cisco equipment and log the user in the enable mode inmediatly, but no result. I'm using standard dictionary,and also i also have cisco-avpair="shell-priv-lvl=15" defined in the user attributes. Also i defined in the router the radius-server vsa send authentication. can anyone tell me what i'm doing wrong??? thanks in advance and regards, Francisco. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) enable mode on cisco equipment
hi all, I've been trying to configure radiator to give access to a cisco equipment and log the user in the enable mode inmediatly, but no result. I'm using standard dictionary,and also i also have cisco-avpair="shell-priv-lvl=15" defined in the user attributes. Also i defined in the router the radius-server vsa send authentication. can anyone tell me what i'm doing wrong??? thanks in advance and regards, Francisco.
RE: (RADIATOR) Radiator AS a Proxy?
You could set up an AuthBy RADIUS clause to point to your customer's RADIUS server and then add and Auth-Type check item to those users in you users file to database to force them to authenticate using the AuthBy RADIUS. In the 2.19 manual section 13.1.6 explains the use of the Auth-Type check item. AuthBy RADIUS is also well documented in the manual and has been discussed in length on the mailing list. Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 9:06 AM To: Skeeve Stevens Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator AS a Proxy? On Wed, 14 Aug 2002, Skeeve Stevens wrote: > Is it possible to use Radiator as a Proxy Radius? > > We have a customer who wants to be able to authenticate their own dialup > users... so they can keep control of the passwords. > > I am not completely against this, but would like to let them only > authenticate users that we have approved Radiator can do this, but in a typical proxy radius setup, you would have this customer's users dial in as [EMAIL PROTECTED] (whatever their domain is) and you would pass these requests on to their radius server(s). You can (and should) strip and add certain attributes to their radius replies...but I'm not sure how you would handle proxy radius and approving or denying access for certain users. If you want to do that, what's the point in proxying the authentication? -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: [020814-0034] (RADIATOR) Radiator AS a Proxy?
gr. ...Skeeve -Original Message- From: Support Services [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:01 PM To: Skeeve Stevens Subject: [020814-0034] (RADIATOR) Radiator AS a Proxy? This is an automated response. We have received your support email. A technical support agent will respond to your email within 2 business days. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator AS a Proxy?
On Wed, 14 Aug 2002, Skeeve Stevens wrote: > Is it possible to use Radiator as a Proxy Radius? > > We have a customer who wants to be able to authenticate their own dialup > users... so they can keep control of the passwords. > > I am not completely against this, but would like to let them only > authenticate users that we have approved Radiator can do this, but in a typical proxy radius setup, you would have this customer's users dial in as [EMAIL PROTECTED] (whatever their domain is) and you would pass these requests on to their radius server(s). You can (and should) strip and add certain attributes to their radius replies...but I'm not sure how you would handle proxy radius and approving or denying access for certain users. If you want to do that, what's the point in proxying the authentication? -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Expiration
Title: Message Well, in MS Sql Server you should be able to do something like: update USERS set EXPIRATION=DATEADD(mm, 3, '%Y-%m-%d') where . I don't use SQL with Radiator, so I'm assuming that Radiator will parse hte %Y stuff before passing it along to the database. Let me know! Dave :) -Original Message-From: Radius Admin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 10:11 AMTo: Dave Kitabjian; [EMAIL PROTECTED]Subject: Re: (RADIATOR) Expiration Dave, I am now using this: AcctSQLStatement update USERS set EXPIRATION='%Y-%m-%d' where . I would like the month to be 3 months from the current date. ie. +3. How do I do this? Thanks - Original Message - From: Dave Kitabjian To: Radius Admin ; [EMAIL PROTECTED] Sent: Tuesday, August 13, 2002 2:30 AM Subject: RE: (RADIATOR) Expiration There are a whole mess of date formatting options in the manual: http://www.open.com.au/radiator/ref.html#pgfId=290952 Let me know how you make out! Dave TABLE 2. DateFormat special characters Specifier Is replaced at run-time by: %% The percent character %a Day of the week, abbreviated %A Day of the week %b Month, of the year, abbreviated %B Month of the year %c ctime format: e.g. Sat Nov 19 21:05:57 1994 %d Numeric day of the month DD, with a leading 0 if necessary. %e Numeric day of the month, no leading 0. %D MM/DD/YY %h Month of year, abbreviated %H Hour, 24 hour clock, leading 0 %I Hour, 12 hour clock, leading 0 %j Day of the year %k Hour %l Hour, 12 hour clock %m Month number (starting with Jan = 1) %M Minute, leading 0 %n NEWLINE character %o Ornate day of month e.g. "1st", "2nd", "25th", ... %p `AM' or `PM' %r Time format: 09:05:57 PM %R Time format: 21:05 %S Seconds, leading 0 %t TAB character %T time format: 21:05:57 %U Week number, Sunday as first day of week %w Day of the week, numerically, Sunday == 0 %W Week number, Monday as first day of week %x Date format: 11/19/94 %X Time format: 21:05:57 %y Year (2 digits) %Y Year (4 digits) %Z Timezone in ascii. eg: PST -Original Message-From: Radius Admin [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 11:32 AMTo: [EMAIL PROTECTED]Subject: (RADIATOR) Expiration I am trying to update an EXPIRATION field which is a date field in my users database. I am trying to use the following statement. AcctSQLStatement update USERS set EXPIRATION=%t+7776000 where... Is there anyway for me to format the value of "%t+7776000" to a format which is acceptable to mysql date format. Thanks �
(RADIATOR) Radiator AS a Proxy?
Is it possible to use Radiator as a Proxy Radius? We have a customer who wants to be able to authenticate their own dialup users... so they can keep control of the passwords. I am not completely against this, but would like to let them only authenticate users that we have approved If it is possible... anyone have an example of what the radius.cfg to do this would be? ___ Skeeve Stevens, RHCE Email: [EMAIL PROTECTED] Website: www.skeeve.org - Telephone: (0414) 753 383 Address: P.O Box 1035, Epping, NSW, 1710, Australia eIntellego - [EMAIL PROTECTED] - www.eintellego.net ___ Nihil curo de ista tua stulta superstitione === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Logging incorrect passwords with
Hello,
Recently I moved our authentication logging to Authlog SQL. In the old
setup we had a PasswordLogFileName %L/ clause. When a user tried
logging in with a bad password, the password that the user used was
logged to the password logfile. This was nice because our users cannot
change the passwords in their routers. We changed the password in the
radius configuration, the router would come online, we changed the
password in the router and the radius server back to the correct value
-> problem solved.
Is there a way to log the used password with Authlog SQL the way it
worked with PasswordLogFileName?
Radiator 2.19
Identifier Radmin_authlog
DBSource dbi:mysql:radmin
DBUsername radmin
DBAuth
Table RADAUTHLOG
SuccessQuery insert into RADAUTHLOG values ('%1','%t','%0','%n')
FailureQuery insert into RADAUTHLOG values ('%1','%t','%0','%n')
LogSuccess 1
Regards,
--
Nicolai van der Smagt UNIX Support Engineer
BBned NV. PO Box 692
2130 AR Hoofddorp phone +31 23 565
http://www.vandersmagt.nl/pgp-public-key.txt
Silence! Or I shall replace you with a very small shell script!
- The Wizard of OS
signature.asc
Description: This is a digitally signed message part
(RADIATOR) Re: Multiple Calling-Station-Id
Hello Tunde -
For your second point, you would do something like this:
# define Clients with Identifiers
Identifier PoolTag
.
# define AuthBy DYNADDRESS
Identifier AllocateIPAddress
PoolHint %{Client:Identifier}
.
...
For your first point, you could also use something like this:
The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything.
As always, you should test such Handlers and regular expressions thoroughly.
regards
Hugh
On Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote:
Hi All,
I have a similar problem to Micheal's (see inquiry)
If my understanding is correct, that user cannot connect under any circumstance
to any other NAS on the network?
I require a little more flexibility in that the user should ONLY be restricted to a particular
NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR
0803xxx OR 0804xxx (where xxx is any sequence of 7 digits)
I was thinking of a special HANDLER clause for them.
I guess I would need something like
Client-Identifier = specialNAS, Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ >
Would this work?
Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to
leave out the poolhint attribute from the record of each user in my database. This should
allow the allocation of IPs based on the NAS rather than the user.
Regards,
Tunde Itayemi.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
(RADIATOR) Multiple Calling-Station-Id
Hi All, I have a similar problem to Micheal's (see inquiry) If my understanding is correct, that user cannot connect under any circumstance to any other NAS on the network? I require a little more flexibility in that the user should ONLY be restricted to a particular NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR 0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of a special HANDLER clause for them. I guess I would need something like Client-Identifier = specialNAS, Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ > Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to leave out the poolhint attribute from the record of each user in my database. This should allow the allocation of IPs based on the NAS rather than the user. Regards, Tunde Itayemi.
