(RADIATOR) hardware specs
Hello, Can I ask if a Sun Netra T1 server with 512 memory sufficient for large installation using radiator? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) getting user information running AuthBy Test
Basicly I want to use AuthBy SQL using the MySql Db that I created using the .sql file in the goodies dir if the username isn't there I want it to be created with the password they used, thus creating their record so then next time they log on it will be challenged. I'm not sure where I was going with authby Test (long day) Zack Hello Zack - I am not quite sure what you mean below, could you give me a few more details on what you want to do with the AuthBy TEST? For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted password. Other forms of encryption are supported with prefixes as described in sections 13.1.1 and 13.1.2 in the Radiator reference manual ("doc/ref.html"). regards Hugh On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote: > I'm currently using a windows2000 IAS server for our radius, but am > Going to be using radiator soon.. I know I can have Radiator > authenticate Using AuthBy ADSI to my domain controler, But I want to > move this to a MySQL db for authentication. Because Win2000 does not > allow passwords to be exported, I would like to use AuthBy Test and have > the user records automatically created. How can this be done? I also > have another question, How are the ENCRYPTEDPASSWORD field in the MySQL > Db created? I'm a new user to radiator so please bear with me. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hello Tunde - As always, the only way I can see what is going on is by looking at the configuration file and the trace 4 debug. regards Hugh On Thursday, August 15, 2002, at 06:14 AM, Ayotunde Itayemi wrote: Hi Hugh, Thanks for the replies. I noticed a curious thing though I am not sure of exactly when it happened. I changed one of the IP address pools defined in my to the same name as the identifier for a NAS. Below is the DYNAADDRESS clause I used for the Handler for the NAS. The thing is that I suddenly noticed tonight that the Acct-Session-Id column for all the online users are blank (from the radwho.cgi)? Any idea what is wrong? It's 9.15 P.M. here and I am getting out :-) Talk to you later Regards, Tunde I. Identifier pattonIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} # PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) getting user information running AuthBy Test
Hello Zack - I am not quite sure what you mean below, could you give me a few more details on what you want to do with the AuthBy TEST? For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted password. Other forms of encryption are supported with prefixes as described in sections 13.1.1 and 13.1.2 in the Radiator reference manual ("doc/ref.html"). regards Hugh On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote: > I'm currently using a windows2000 IAS server for our radius, but am > Going to be using radiator soon.. I know I can have Radiator > authenticate Using AuthBy ADSI to my domain controler, But I want to > move this to a MySQL db for authentication. Because Win2000 does not > allow passwords to be exported, I would like to use AuthBy Test and have > the user records automatically created. How can this be done? I also > have another question, How are the ENCRYPTEDPASSWORD field in the MySQL > Db created? I'm a new user to radiator so please bear with me. > > > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hello Claudio - You cannot use regular expressions in SQL queries, but SQL itself is designed with pattern matching capabilities. regards Hugh On Thursday, August 15, 2002, at 06:05 AM, Claudio Lapidus wrote: > Hello Hugh, > > Lurking over this thread, I see that you define how to handle a partial > ANI number match: > >> For your first point, you could also use something like this: >> >> > =/^080[234]/> >> > > We have a similar situation here, but we need to discriminate _pairs_ > of Called-Station-Id plus the first few digits of Calling-Station-Id. I > can figure out the way to this with handlers, but the number of > permutations is huge, so I would prefer to store them in SQL and go > with SQLRADIUS. > > Can I embed regular expressions to be used as selection criteria in an > SQL query? > > regards, > cl. > > > _ > Join the worldís largest e-mail service with MSN Hotmail. > http://www.hotmail.com > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh, Thanks for the replies. I noticed a curious thing though I am not sure of exactly when it happened. I changed one of the IP address pools defined in my to the same name as the identifier for a NAS. Below is the DYNAADDRESS clause I used for the Handler for the NAS. The thing is that I suddenly noticed tonight that the Acct-Session-Id column for all the online users are blank (from the radwho.cgi)? Any idea what is wrong? It's 9.15 P.M. here and I am getting out :-) Talk to you later Regards, Tunde I. Identifier pattonIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} # PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 6:04 PM Subject: (RADIATOR) Re: Multiple Calling-Station-Id Hello Tunde -No - you can only have a single PoolHint - why do you want more?For your second question, you would do something like this:# deal with the requests..# reject calls to other NAS'sDefaultResult REJECT..regardsHughOn Thursday, August 15, 2002, at 02:50 AM, Ayotunde Itayemi wrote: Hi Hugh, I assume I can have multiple PoolHint %{Client:Identifier} in a single clause?Secondly, how do I restrict the special NAS to ONLY answer requests from clients with the mobile phone addressesI have mentioned?I thought of using but what stops the client from dialing into some ofmy other NASes? Is there some way to negate the HANDLER attributes? Something like: Regards,Tunde I. - Original Message -From: Hugh IrvineTo: Ayotunde ItayemiCc: [EMAIL PROTECTED]Sent: Wednesday, August 14, 2002 12:36 PMSubject: Re: Multiple Calling-Station-IdHello Tunde -For your second point, you would do something like this:# define Clients with IdentifiersIdentifier PoolTag.# define AuthBy DYNADDRESSIdentifier AllocateIPAddressPoolHint %{Client:Identifier}For your first point, you could also use something like this:The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything.As always, you should test such Handlers and regular expressions thoroughly.regardsHughOn Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote:Hi All, I have a similar problem to Micheal's (see inquiry)If my understanding is correct, that user cannot connect under any circumstanceto any other NAS on the network?I require a little more flexibility in that the user should ONLY be restricted to a particularNAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of a special HANDLER clause for them.I guess I would need something like Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me toleave out the poolhint attribute from the record of each user in my database. This shouldallow the allocation of IPs based on the NAS rather than the user. Regards,Tunde Itayemi.--Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hello Hugh, Lurking over this thread, I see that you define how to handle a partial ANI number match: >For your first point, you could also use something like this: > > > We have a similar situation here, but we need to discriminate _pairs_ of Called-Station-Id plus the first few digits of Calling-Station-Id. I can figure out the way to this with handlers, but the number of permutations is huge, so I would prefer to store them in SQL and go with SQLRADIUS. Can I embed regular expressions to be used as selection criteria in an SQL query? regards, cl. _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) getting user information running AuthBy Test
I'm currently using a windows2000 IAS server for our radius, but am Going to be using radiator soon.. I know I can have Radiator authenticate Using AuthBy ADSI to my domain controler, But I want to move this to a MySQL db for authentication. Because Win2000 does not allow passwords to be exported, I would like to use AuthBy Test and have the user records automatically created. How can this be done? I also have another question, How are the ENCRYPTEDPASSWORD field in the MySQL Db created? I'm a new user to radiator so please bear with me. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Multiple Calling-Station-Id
Hello Tunde - No - you can only have a single PoolHint - why do you want more? For your second question, you would do something like this: # deal with the requests .. # reject calls to other NAS's DefaultResult REJECT .. regards Hugh On Thursday, August 15, 2002, at 02:50 AM, Ayotunde Itayemi wrote: Hi Hugh, I assume I can have multiple PoolHint %{Client:Identifier} in a single clause? Secondly, how do I restrict the special NAS to ONLY answer requests from clients with the mobile phone addresses I have mentioned? I thought of using but what stops the client from dialing into some of my other NASes? Is there some way to negate the HANDLER attributes? Something like: Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 12:36 PM Subject: Re: Multiple Calling-Station-Id Hello Tunde - For your second point, you would do something like this: # define Clients with Identifiers Identifier PoolTag . # define AuthBy DYNADDRESS Identifier AllocateIPAddress PoolHint %{Client:Identifier} . ... For your first point, you could also use something like this: The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything. As always, you should test such Handlers and regular expressions thoroughly. regards Hugh On Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote: Hi All, I have a similar problem to Micheal's (see inquiry) If my understanding is correct, that user cannot connect under any circumstance to any other NAS on the network? I require a little more flexibility in that the user should ONLY be restricted to a particular NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR 0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of a special HANDLER clause for them. I guess I would need something like Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to leave out the poolhint attribute from the record of each user in my database. This should allow the allocation of IPs based on the NAS rather than the user. Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh, I assume I can have multiple PoolHint %{Client:Identifier} in a single clause? Secondly, how do I restrict the special NAS to ONLY answer requests from clients with the mobile phone addresses I have mentioned? I thought of using but what stops the client from dialing into some of my other NASes? Is there some way to negate the HANDLER attributes? Something like: Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 14, 2002 12:36 PM Subject: Re: Multiple Calling-Station-Id Hello Tunde -For your second point, you would do something like this:# define Clients with IdentifiersIdentifier PoolTag.# define AuthBy DYNADDRESSIdentifier AllocateIPAddressPoolHint %{Client:Identifier}For your first point, you could also use something like this:The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything.As always, you should test such Handlers and regular expressions thoroughly.regardsHughOn Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote: Hi All, I have a similar problem to Micheal's (see inquiry)If my understanding is correct, that user cannot connect under any circumstanceto any other NAS on the network?I require a little more flexibility in that the user should ONLY be restricted to a particularNAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of a special HANDLER clause for them. I guess I would need something like Client-Identifier = specialNAS, Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ > Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me toleave out the poolhint attribute from the record of each user in my database. This shouldallow the allocation of IPs based on the NAS rather than the user. Regards,Tunde Itayemi.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Logging incorrect passwords with
Hello Nicolai - Yes, you can use the %P special character to give you the decoded password in the SuccessQuery and/or FailureQuery (you may need to upgrade however - Radiator 3.1 is the latest release - and there are also some patches). regards Hugh On Wednesday, August 14, 2002, at 10:39 PM, Nicolai van der Smagt wrote: > Hello, > > Recently I moved our authentication logging to Authlog SQL. In the old > setup we had a PasswordLogFileName %L/ clause. When a user tried > logging in with a bad password, the password that the user used was > logged to the password logfile. This was nice because our users cannot > change the passwords in their routers. We changed the password in the > radius configuration, the router would come online, we changed the > password in the router and the radius server back to the correct value > -> problem solved. > Is there a way to log the used password with Authlog SQL the way it > worked with PasswordLogFileName? > > Radiator 2.19 > > > Identifier Radmin_authlog > DBSource dbi:mysql:radmin > DBUsername radmin > DBAuth > Table RADAUTHLOG > SuccessQuery insert into RADAUTHLOG values ('%1','%t','%0','%n') > FailureQuery insert into RADAUTHLOG values ('%1','%t','%0','%n') > LogSuccess 1 > > > Regards, > -- > Nicolai van der Smagt UNIX Support Engineer > BBned NV. PO Box 692 > 2130 AR Hoofddorp phone +31 23 565 > > http://www.vandersmagt.nl/pgp-public-key.txt > > Silence! Or I shall replace you with a very small shell script! >- The Wizard of OS > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator AS a Proxy?
Hello Skeve, Hello Frank - Frank is correct (thanks Frank) - you would do something like this: # define AuthBy clauses Identifier ForwardToProxy Host . Secret . AllowInReply . . Identifier CheckUsersLocally Filename %D/localusers . . # define Realms # set "remote.realm" to the target realm AuthBy CheckUsersLocally . .. Then the file %D/localusers would look like this: # only users defined here will be proxied someuser Auth-Type = ForwardToProxy anotheruser Auth-Type = ForwardToProxy . Have a look at section 6.29 in the Radiator 3.1 reference manual ("doc/ref.html"). If you have any other questions, please feel free to ask. regards Hugh On Thursday, August 15, 2002, at 12:42 AM, Frank Danielson wrote: > You could set up an AuthBy RADIUS clause to point to your customer's > RADIUS > server and then add and Auth-Type check item to those users in you users > file to database to force them to authenticate using the AuthBy RADIUS. > In > the 2.19 manual section 13.1.6 explains the use of the Auth-Type check > item. > AuthBy RADIUS is also well documented in the manual and has been > discussed > in length on the mailing list. > > Frank Danielson > [Infrastructure Architect] > > wireless: 407.467.7832 > wireline: 407.515.8633 > > Data On Air > 301 E. Pine St. Suite 450 > Orlando, Fl 32801 > http://www.dataonair.com > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 14, 2002 9:06 AM > To: Skeeve Stevens > Cc: [EMAIL PROTECTED] > Subject: Re: (RADIATOR) Radiator AS a Proxy? > > > On Wed, 14 Aug 2002, Skeeve Stevens wrote: > >> Is it possible to use Radiator as a Proxy Radius? >> >> We have a customer who wants to be able to authenticate their own >> dialup >> users... so they can keep control of the passwords. >> >> I am not completely against this, but would like to let them only >> authenticate users that we have approved > > Radiator can do this, but in a typical proxy radius setup, you would > have > this customer's users dial in as [EMAIL PROTECTED] (whatever their > domain is) and you would pass these requests on to their radius > server(s). > You can (and should) strip and add certain attributes to their radius > replies...but I'm not sure how you would handle proxy radius and > approving > or denying access for certain users. If you want to do that, what's the > point in proxying the authentication? > > -- > Jon Lewis *[EMAIL PROTECTED]*| I route > System Administrator| therefore you are > Atlantic Net| > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) enable mode on cisco equipment
Hello Francisco - I will need to see a copy of your configuration file (no secrets), together with a trace 4 debug from Radiator and a copy of your users file to be able to see what is going on. Something like this in your users file should work though: # users file entry for cisco login # Service-Type must be set to the same value as received in the request # you may also require additional reply attributes ciscouser Password = Service-Type = .. , . , cisco-avpair="shell-priv-lvl=15" regards Hugh On Thursday, August 15, 2002, at 01:05 AM, Francisco Arache wrote: hi all, I've been trying to configure radiator to give access to a cisco equipment and log the user in the enable mode inmediatly, but no result. I'm using standard dictionary,and also i also have cisco-avpair="shell-priv-lvl=15" defined in the user attributes. Also i defined in the router the radius-server vsa send authentication. can anyone tell me what i'm doing wrong??? thanks in advance and regards, Francisco. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) enable mode on cisco equipment
hi all, I've been trying to configure radiator to give access to a cisco equipment and log the user in the enable mode inmediatly, but no result. I'm using standard dictionary,and also i also have cisco-avpair="shell-priv-lvl=15" defined in the user attributes. Also i defined in the router the radius-server vsa send authentication. can anyone tell me what i'm doing wrong??? thanks in advance and regards, Francisco.
RE: (RADIATOR) Radiator AS a Proxy?
You could set up an AuthBy RADIUS clause to point to your customer's RADIUS server and then add and Auth-Type check item to those users in you users file to database to force them to authenticate using the AuthBy RADIUS. In the 2.19 manual section 13.1.6 explains the use of the Auth-Type check item. AuthBy RADIUS is also well documented in the manual and has been discussed in length on the mailing list. Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 9:06 AM To: Skeeve Stevens Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator AS a Proxy? On Wed, 14 Aug 2002, Skeeve Stevens wrote: > Is it possible to use Radiator as a Proxy Radius? > > We have a customer who wants to be able to authenticate their own dialup > users... so they can keep control of the passwords. > > I am not completely against this, but would like to let them only > authenticate users that we have approved Radiator can do this, but in a typical proxy radius setup, you would have this customer's users dial in as [EMAIL PROTECTED] (whatever their domain is) and you would pass these requests on to their radius server(s). You can (and should) strip and add certain attributes to their radius replies...but I'm not sure how you would handle proxy radius and approving or denying access for certain users. If you want to do that, what's the point in proxying the authentication? -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: [020814-0034] (RADIATOR) Radiator AS a Proxy?
gr. ...Skeeve -Original Message- From: Support Services [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:01 PM To: Skeeve Stevens Subject: [020814-0034] (RADIATOR) Radiator AS a Proxy? This is an automated response. We have received your support email. A technical support agent will respond to your email within 2 business days. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator AS a Proxy?
On Wed, 14 Aug 2002, Skeeve Stevens wrote: > Is it possible to use Radiator as a Proxy Radius? > > We have a customer who wants to be able to authenticate their own dialup > users... so they can keep control of the passwords. > > I am not completely against this, but would like to let them only > authenticate users that we have approved Radiator can do this, but in a typical proxy radius setup, you would have this customer's users dial in as [EMAIL PROTECTED] (whatever their domain is) and you would pass these requests on to their radius server(s). You can (and should) strip and add certain attributes to their radius replies...but I'm not sure how you would handle proxy radius and approving or denying access for certain users. If you want to do that, what's the point in proxying the authentication? -- Jon Lewis *[EMAIL PROTECTED]*| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Expiration
Title: Message Well, in MS Sql Server you should be able to do something like: update USERS set EXPIRATION=DATEADD(mm, 3, '%Y-%m-%d') where . I don't use SQL with Radiator, so I'm assuming that Radiator will parse hte %Y stuff before passing it along to the database. Let me know! Dave :) -Original Message-From: Radius Admin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 10:11 AMTo: Dave Kitabjian; [EMAIL PROTECTED]Subject: Re: (RADIATOR) Expiration Dave, I am now using this: AcctSQLStatement update USERS set EXPIRATION='%Y-%m-%d' where . I would like the month to be 3 months from the current date. ie. +3. How do I do this? Thanks - Original Message - From: Dave Kitabjian To: Radius Admin ; [EMAIL PROTECTED] Sent: Tuesday, August 13, 2002 2:30 AM Subject: RE: (RADIATOR) Expiration There are a whole mess of date formatting options in the manual: http://www.open.com.au/radiator/ref.html#pgfId=290952 Let me know how you make out! Dave TABLE 2. DateFormat special characters Specifier Is replaced at run-time by: %% The percent character %a Day of the week, abbreviated %A Day of the week %b Month, of the year, abbreviated %B Month of the year %c ctime format: e.g. Sat Nov 19 21:05:57 1994 %d Numeric day of the month DD, with a leading 0 if necessary. %e Numeric day of the month, no leading 0. %D MM/DD/YY %h Month of year, abbreviated %H Hour, 24 hour clock, leading 0 %I Hour, 12 hour clock, leading 0 %j Day of the year %k Hour %l Hour, 12 hour clock %m Month number (starting with Jan = 1) %M Minute, leading 0 %n NEWLINE character %o Ornate day of month e.g. "1st", "2nd", "25th", ... %p `AM' or `PM' %r Time format: 09:05:57 PM %R Time format: 21:05 %S Seconds, leading 0 %t TAB character %T time format: 21:05:57 %U Week number, Sunday as first day of week %w Day of the week, numerically, Sunday == 0 %W Week number, Monday as first day of week %x Date format: 11/19/94 %X Time format: 21:05:57 %y Year (2 digits) %Y Year (4 digits) %Z Timezone in ascii. eg: PST -Original Message-From: Radius Admin [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 11:32 AMTo: [EMAIL PROTECTED]Subject: (RADIATOR) Expiration I am trying to update an EXPIRATION field which is a date field in my users database. I am trying to use the following statement. AcctSQLStatement update USERS set EXPIRATION=%t+7776000 where... Is there anyway for me to format the value of "%t+7776000" to a format which is acceptable to mysql date format. Thanks
(RADIATOR) Radiator AS a Proxy?
Is it possible to use Radiator as a Proxy Radius? We have a customer who wants to be able to authenticate their own dialup users... so they can keep control of the passwords. I am not completely against this, but would like to let them only authenticate users that we have approved If it is possible... anyone have an example of what the radius.cfg to do this would be? ___ Skeeve Stevens, RHCE Email: [EMAIL PROTECTED] Website: www.skeeve.org - Telephone: (0414) 753 383 Address: P.O Box 1035, Epping, NSW, 1710, Australia eIntellego - [EMAIL PROTECTED] - www.eintellego.net ___ Nihil curo de ista tua stulta superstitione === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Logging incorrect passwords with
Hello, Recently I moved our authentication logging to Authlog SQL. In the old setup we had a PasswordLogFileName %L/ clause. When a user tried logging in with a bad password, the password that the user used was logged to the password logfile. This was nice because our users cannot change the passwords in their routers. We changed the password in the radius configuration, the router would come online, we changed the password in the router and the radius server back to the correct value -> problem solved. Is there a way to log the used password with Authlog SQL the way it worked with PasswordLogFileName? Radiator 2.19 Identifier Radmin_authlog DBSource dbi:mysql:radmin DBUsername radmin DBAuth Table RADAUTHLOG SuccessQuery insert into RADAUTHLOG values ('%1','%t','%0','%n') FailureQuery insert into RADAUTHLOG values ('%1','%t','%0','%n') LogSuccess 1 Regards, -- Nicolai van der Smagt UNIX Support Engineer BBned NV. PO Box 692 2130 AR Hoofddorp phone +31 23 565 http://www.vandersmagt.nl/pgp-public-key.txt Silence! Or I shall replace you with a very small shell script! - The Wizard of OS signature.asc Description: This is a digitally signed message part
(RADIATOR) Re: Multiple Calling-Station-Id
Hello Tunde - For your second point, you would do something like this: # define Clients with Identifiers Identifier PoolTag . # define AuthBy DYNADDRESS Identifier AllocateIPAddress PoolHint %{Client:Identifier} . ... For your first point, you could also use something like this: The above says "080" at the start of the string, followed by 2 or 3 or 4, followed by anything. As always, you should test such Handlers and regular expressions thoroughly. regards Hugh On Wednesday, August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote: Hi All, I have a similar problem to Micheal's (see inquiry) If my understanding is correct, that user cannot connect under any circumstance to any other NAS on the network? I require a little more flexibility in that the user should ONLY be restricted to a particular NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR 0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of a special HANDLER clause for them. I guess I would need something like Client-Identifier = specialNAS, Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ > Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to leave out the poolhint attribute from the record of each user in my database. This should allow the allocation of IPs based on the NAS rather than the user. Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) Multiple Calling-Station-Id
Hi All, I have a similar problem to Micheal's (see inquiry) If my understanding is correct, that user cannot connect under any circumstance to any other NAS on the network? I require a little more flexibility in that the user should ONLY be restricted to a particular NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR 0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of a special HANDLER clause for them. I guess I would need something like Client-Identifier = specialNAS, Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ > Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to leave out the poolhint attribute from the record of each user in my database. This should allow the allocation of IPs based on the NAS rather than the user. Regards, Tunde Itayemi.