Re: (RADIATOR) Building MySql Db

2002-08-15 Thread Hugh Irvine 


Hello Zack -

As mentioned previously, an AuthSQLStatement in the AuthBy SQL clause 
will do the trick.

If you really want the database update to happen after the AuthBy NT, 
you will have to use a hook.

You will find some example hooks in the file "goodies/hooks.txt".

regards

Hugh


On Friday, August 16, 2002, at 08:25 AM, Zack W. Kneisley wrote:

> First I would like to say I feel your software is amazing, I've used IAS
> that's built into win2k for a while now and think it is so primitive to
> radiator, I sure wish I knew what I was missing before I began revolving
> our user base around NT users... I read where you pointed me to but now
> I would like to try something else. I am currently using an AuthBy SQL
> to record the accounting data with a blank AuthSelect and then another
> AuthBy NT to actually authenticate from. Now, AFTER the user has
> Authenticated using the AuthBy NT and it is Access-Accept, I want to
> write that Username and Password to the MySql SUBSCIBERS so that I may
> eventually rotate to using just the MySql db.. Could someone help with
> the formatting and syntax for such an operation?
>
> Zack
>
> Currently
>
> 
>   
>   AuthByPolicy ContinueAlways
>
>   RewriteUsername s/^([^@]+).*/$1/
>
> 
>   DBSourcedbi:mysql:
>   DBUsername  ...
>   DBAuth  ...
>   
>   
> 
>   DBSourcedbi:mysql:
>   DBUsername  ...
>   DBAuth  ...
>   
>
> 
>   
>
>   DBSourcedbi:mysql:
>   DBUsername  ...
>   DBAuth  ...
>   
>   AuthSelect
>
>   AccountingTable ACCOUNTING
>   AcctColumnDef   USERNAME,User-Name
>   AcctColumnDef   TIME_STAMP,Timestamp,integer
>   AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>   AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>   AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>   AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>   AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>   AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>   AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>   AcctColumnDef   NASPORT,NAS-Port,integer
>   AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>
>   
>
> 
>
>   
>
>
>   # Log accounting to a detail file
>   AcctLogFileName ./detail
> 
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of Hugh Irvine
> Sent: Wednesday, August 14, 2002 10:23 PM
> To: Zack W. Kneisley
> Cc: [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) getting user information running AuthBy Test
>
>
> Hello Zack -
>
> You could use an AuthSQLStatement in the AuthBy SQL clause to add the
> user entry.
>
> Have a look at section 6.28.14 in the Radiator 3.1 reference manual
> ("doc/ref.html").
>
> regards
>
> Hugh
>
>
> On Thursday, August 15, 2002, at 11:30 AM, Zack W. Kneisley wrote:
>
>>
>> Basicly I want to use AuthBy SQL using the MySql Db that I created
> using
>> the .sql file in the goodies dir if the username isn't there I want it
>> to be created with the password they used, thus creating their record
> so
>> then next time they log on it will be challenged. I'm not sure where I
>> was going with authby Test (long day)
>>
>> Zack
>>
>>
>>
>>
>> Hello Zack -
>>
>> I am not quite sure what you mean below, could you give me a few more
>> details on what you want to do with the AuthBy TEST?
>>
>> For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted
>> password. Other forms of encryption are supported with prefixes as
>> described in sections 13.1.1 and 13.1.2 in the Radiator reference
> manual
>>
>> ("doc/ref.html").
>>
>> regards
>>
>> Hugh
>>
>>
>>
>> On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote:
>>
>>> I'm currently using a windows2000 IAS server for our radius, but am
>>> Going to be using radiator soon.. I know I can have Radiator
>>> authenticate Using AuthBy ADSI to my domain controler, But I want to
>>> move this to a MySQL db for authentication. Because Win2000 does not
>>> allow passwords to be exported, I would like to use AuthBy Test and
>> have
>>> the user records automatically created. How can this be done? I also
>>> have another question, How are the ENCRYPTEDPASSWORD field in the
>> MySQL
>>> Db created? I'm a new user to radiator so please bear with me.
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on [EMAIL PROTECTED]
>> To unsubscribe, email '[EMAIL PROTECTED]' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive

Re: (RADIATOR) OT: Unix / Radius time to Wall Clock Time

2002-08-15 Thread Hugh Irvine 


Hello Brian -

Just use the special characters defined in section 6.2 of the Radiator 
3.1 reference manual.
("doc/ref.html").

regards

Hugh


On Friday, August 16, 2002, at 11:38 AM, Brian Morris wrote:

> Hi All,
>
> I need to be able to convert Epoch time to a date/time value - does 
> anyone
> have a formula or program to do his?
>
> Ideally I want to pass in an epoch (Unix) timestamp and get back the
> Calendar date/time
>
> I am sure this has been done a million times before so any help / 
> pointers
> would be appreciated.
>
> Regards,  Brian.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) OT: Unix / Radius time to Wall Clock Time

2002-08-15 Thread Brian Morris 

Hi All,

I need to be able to convert Epoch time to a date/time value - does anyone
have a formula or program to do his?

Ideally I want to pass in an epoch (Unix) timestamp and get back the
Calendar date/time

I am sure this has been done a million times before so any help / pointers
would be appreciated.

Regards,  Brian.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Building MySql Db

2002-08-15 Thread Zack W. Kneisley 

First I would like to say I feel your software is amazing, I've used IAS
that's built into win2k for a while now and think it is so primitive to
radiator, I sure wish I knew what I was missing before I began revolving
our user base around NT users... I read where you pointed me to but now
I would like to try something else. I am currently using an AuthBy SQL
to record the accounting data with a blank AuthSelect and then another
AuthBy NT to actually authenticate from. Now, AFTER the user has
Authenticated using the AuthBy NT and it is Access-Accept, I want to
write that Username and Password to the MySql SUBSCIBERS so that I may
eventually rotate to using just the MySql db.. Could someone help with
the formatting and syntax for such an operation? 

Zack

Currently



AuthByPolicy ContinueAlways

RewriteUsername s/^([^@]+).*/$1/ 


DBSourcedbi:mysql:
DBUsername  ...
DBAuth  ...


 
DBSourcedbi:mysql:
DBUsername  ...
DBAuth  ...
 




DBSourcedbi:mysql:
DBUsername  ...
DBAuth  ...

AuthSelect

AccountingTable ACCOUNTING
AcctColumnDef   USERNAME,User-Name
AcctColumnDef   TIME_STAMP,Timestamp,integer
AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef   NASPORT,NAS-Port,integer
AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address

  






# Log accounting to a detail file
AcctLogFileName ./detail


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of Hugh Irvine
Sent: Wednesday, August 14, 2002 10:23 PM
To: Zack W. Kneisley
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) getting user information running AuthBy Test


Hello Zack -

You could use an AuthSQLStatement in the AuthBy SQL clause to add the 
user entry.

Have a look at section 6.28.14 in the Radiator 3.1 reference manual 
("doc/ref.html").

regards

Hugh


On Thursday, August 15, 2002, at 11:30 AM, Zack W. Kneisley wrote:

>
> Basicly I want to use AuthBy SQL using the MySql Db that I created
using
> the .sql file in the goodies dir if the username isn't there I want it
> to be created with the password they used, thus creating their record
so
> then next time they log on it will be challenged. I'm not sure where I
> was going with authby Test (long day)
>
> Zack
>
>
>
>
> Hello Zack -
>
> I am not quite sure what you mean below, could you give me a few more
> details on what you want to do with the AuthBy TEST?
>
> For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted
> password. Other forms of encryption are supported with prefixes as
> described in sections 13.1.1 and 13.1.2 in the Radiator reference
manual
>
> ("doc/ref.html").
>
> regards
>
> Hugh
>
>
>
> On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote:
>
>> I'm currently using a windows2000 IAS server for our radius, but am
>> Going to be using radiator soon.. I know I can have Radiator
>> authenticate Using AuthBy ADSI to my domain controler, But I want to
>> move this to a MySQL db for authentication. Because Win2000 does not
>> allow passwords to be exported, I would like to use AuthBy Test and
> have
>> the user records automatically created. How can this be done? I also
>> have another question, How are the ENCRYPTEDPASSWORD field in the
> MySQL
>> Db created? I'm a new user to radiator so please bear with me.
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Hello OSC

2002-08-15 Thread Hugh Irvine 


Hello David -

The Radiator version can be checked by doing:

radiusd -v

and the Perl version can be checked by doing:

perl -v

The latest version of Radiator is 3.1 (plus patches).

regards

Hugh



On Friday, August 16, 2002, at 02:57 AM, David Chang wrote:

> Hi OSC,
>
> We would like to find out, how can we check  the version of the 
> Radiator  currently installed in our  node here in Malaysia. I believe 
> the radiator we
> have installed needs to have some support.
>
> Do we need to have version of the Perl installed in the node? If yes , 
> how do we check the version too.
>
> Please help
>
> Thanks
>
> Best Regards,
> David Chang.
> Ericsson Malaysia
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Windows NT RRAS

2002-08-15 Thread Hugh Irvine 


Hello Chuck -

It sounds like the shared secrets are incorrect.

If you still have problems, please send me a copy of your configuration 
file (no secrets), together with a trace 4 debug from Radiator showing 
what is happening.

regards

Hugh


On Friday, August 16, 2002, at 06:05 AM, Chuck Sine wrote:

> Has anyone gotten RRAS to run properly using a Radius server
>
> The NT radius server doesn't work (malformed packets)
> The Radiator server logs the request from RRAS but failts to 
> authenticate the
> password (works with radpwtst everytime!)
>
> Any ideas?
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Windows NT RRAS

2002-08-15 Thread Chuck Sine 

Has anyone gotten RRAS to run properly using a Radius server

The NT radius server doesn't work (malformed packets)
The Radiator server logs the request from RRAS but failts to authenticate the
password (works with radpwtst everytime!)

Any ideas?



begin:vcard 
n:Sine;Chuck 
tel;fax:613-966-2946
tel;work:613-966-9491 x2331
x-mozilla-html:TRUE
url:www.hpedsb.on.ca
org:Hastings And Prince Edward District School Board;ITS
adr:;;156 Ann st.;Belleville;Ontario;K8N 1N9;Canada
version:2.1
email;internet:[EMAIL PROTECTED]
title:Network Systems Co-ordinator
x-mozilla-cpt:;-22656
fn:Chuck Sine
end:vcard

(RADIATOR) Hello OSC

2002-08-15 Thread David Chang 

Hi OSC,

We would like to find out, how can we check  the version of the Radiator  currently 
installed in our  node here in Malaysia. I believe the radiator we 
have installed needs to have some support.

Do we need to have version of the Perl installed in the node? If yes , how do we check 
the version too.

Please help

Thanks

Best Regards,
David Chang.
Ericsson Malaysia



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Possible Solution for Double Checking Simultaneous-Use Behind Proxy

2002-08-15 Thread Hugh Irvine 


Hello Mike -

What you describe below has indeed already been implemented by various 
Radiator customers, and it will work modulo the caveats you describe. 
You may find mentions on the archive site from a couple of years ago.

And I don't think you will need any hook programming - just add a couple 
of columns to the example database schema and add the corresponding 
queries derived from the defaults in the manual.

regards

Hugh


>
> We are authenticating users coming from NAS's on other networks via 
> proxy
> radius.  Our problem is the reliability of stop packets, many of which 
> get
> dropped for various reasons (thanks UDP).  The methods used to 
> double-check
> the accuracy of the data in the sessions table are designed for 
> non-proxy
> implementations (like finger and snmp).  Actually, the only option that 
> will
> work is "NasType ping", but that is about as inconsistent as it gets,
> especially when certain NAS's start replying to pings from 
> framed-addresses
> within a few seconds after user disconnect - usually with latency 20 
> times
> the usual dialup latency - possibly from a NAS reconfiguring its routing
> table.  Plus you need 5000 IP Addresses in your Client clauses for 
> every NAS
> on every network.  After coming up with several hard to implement
> out-of-the-box approaches, it finally hit me...
>
> My idea is not fool proof, but in my opinion, with the homework I have 
> done,
> will yield about 95% accuracy.  Basically, the only data that truly
> identifies the user is the username and calling-station-id.  The 
> checking of
> NAS Port and NAS Identifier doesn't seem to do the trick for those 
> users who
> drop and reconnect.  So, my solution involves two things:  an additional
> column in the RADONLINE table for calling-station-id and a PreAuthHook
> statement.  I am also working off the assumption that there can only 
> be 1
> username for 1 calling-station-id.  If this is true, then before the 
> actual
> authentication, a PreAuthHook could check the RADONLINE table for the
> existence of the user and see if the calling-station-id is null or zero,
> then if the user exists and the value calling-station-id is not null or
> zero, delete the record if the calling-station-id in RADONLINE matches 
> the
> calling-station-id of the pending authentication.  If the 
> calling-station-id
> is null or zero, exit the subroutine.  Then the pending AuthBy clause 
> does
> its usual thing.
>
> The only way this won't work is if the calling-station-id is either 
> null or
> zero.  However, parsing through our logs shows that over 92% of the 
> logins
> contain valid calling-station-id data.  I suspect some of the remaining 
> 8%
> are either caller-id blocking or telcos not giving it up.  If this 
> approach
> works about 95% of the time, it will stop 95% of the tech support calls 
> for
> hung radius sessions that need to be manually cleared.  This will also
> negate the need for a cron job to search the sessions table for stale
> records - this is particularly hard if only some of the NAS's or 
> networks
> give out the checkpoint packets.  For the caller-id blocking folks, tech
> support will recommend removing the *67 or whatever.  No solution for 
> the
> slack telcos, but I suspect there are only a few of those.
>
> Please let me know if I am missing something major that will crush my 
> idea.
> If someone thinks its valuable, and has the Perl expertise to 
> contribute,
> please post the PreAuthHook subroutine that would make this happen.  If 
> you
> think you can take my idea and pretend its yours, and you think you can 
> make
> it better, I release all rights to it.  ;-)
>
> Also, if this is a good idea, could this or similar functionality be 
> added
> as a feature in a future release?  There just does not seem to be a 
> another
> alternative for the wholesale crowd.
>
> Thanks!!!
>
>
> Mike Walker
> Director of Network Operations
> Network Operations Center
> US Express.net, Inc.
> 800-695-3636 x130
> [EMAIL PROTECTED]
>
> ---
>
> --
> Mike McCauley   [EMAIL PROTECTED]
> Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985   Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: in

(RADIATOR) Possible Solution for Double Checking Simultaneous-Use Behind Proxy

2002-08-15 Thread Mike McCauley 



--  Forwarded Message  --

Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Mike 
Walker" <[EMAIL PROTECTED]>]
Date: Wed, 14 Aug 2002 22:32:34 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

>From [EMAIL PROTECTED] Wed Aug 14 22:32:34 2002
Received: from mail.qostar.com (mail.qostar.com [65.120.171.0])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g7F3WXC05669
for <[EMAIL PROTECTED]>; Wed, 14 Aug 2002 22:32:34 -0500
Received: from noc [65.120.168.1] by mail.qostar.com
  (SMTPD32-7.06) id A6A2E480064; Thu, 15 Aug 2002 04:30:26 -0400
Message-ID: <13da01c24436$01cc6390$[EMAIL PROTECTED]>
From: "Mike Walker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Possible Solution for Double Checking Simultaneous-Use Behind Proxy
 Radius Servers Date: Thu, 15 Aug 2002 04:30:26 -0400
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.
X-Declude-Sender: [EMAIL PROTECTED] [65.120.168.1]
X-Declude-Spoolname: D66a20e4800646106.SMD
X-Spam-Tests-Failed: None
X-Note: This E-mail was sent from noc.qostar.com. ([65.120.168.1]).

We are authenticating users coming from NAS's on other networks via proxy
radius.  Our problem is the reliability of stop packets, many of which get
dropped for various reasons (thanks UDP).  The methods used to double-check
the accuracy of the data in the sessions table are designed for non-proxy
implementations (like finger and snmp).  Actually, the only option that will
work is "NasType ping", but that is about as inconsistent as it gets,
especially when certain NAS's start replying to pings from framed-addresses
within a few seconds after user disconnect - usually with latency 20 times
the usual dialup latency - possibly from a NAS reconfiguring its routing
table.  Plus you need 5000 IP Addresses in your Client clauses for every NAS
on every network.  After coming up with several hard to implement
out-of-the-box approaches, it finally hit me...

My idea is not fool proof, but in my opinion, with the homework I have done,
will yield about 95% accuracy.  Basically, the only data that truly
identifies the user is the username and calling-station-id.  The checking of
NAS Port and NAS Identifier doesn't seem to do the trick for those users who
drop and reconnect.  So, my solution involves two things:  an additional
column in the RADONLINE table for calling-station-id and a PreAuthHook
statement.  I am also working off the assumption that there can only be 1
username for 1 calling-station-id.  If this is true, then before the actual
authentication, a PreAuthHook could check the RADONLINE table for the
existence of the user and see if the calling-station-id is null or zero,
then if the user exists and the value calling-station-id is not null or
zero, delete the record if the calling-station-id in RADONLINE matches the
calling-station-id of the pending authentication.  If the calling-station-id
is null or zero, exit the subroutine.  Then the pending AuthBy clause does
its usual thing.

The only way this won't work is if the calling-station-id is either null or
zero.  However, parsing through our logs shows that over 92% of the logins
contain valid calling-station-id data.  I suspect some of the remaining 8%
are either caller-id blocking or telcos not giving it up.  If this approach
works about 95% of the time, it will stop 95% of the tech support calls for
hung radius sessions that need to be manually cleared.  This will also
negate the need for a cron job to search the sessions table for stale
records - this is particularly hard if only some of the NAS's or networks
give out the checkpoint packets.  For the caller-id blocking folks, tech
support will recommend removing the *67 or whatever.  No solution for the
slack telcos, but I suspect there are only a few of those.

Please let me know if I am missing something major that will crush my idea.
If someone thinks its valuable, and has the Perl expertise to contribute,
please post the PreAuthHook subroutine that would make this happen.  If you
think you can take my idea and pretend its yours, and you think you can make
it better, I release all rights to it.  ;-)

Also, if this is a good idea, could this or similar functionality be added
as a feature in a future release?  There just does not seem to be a another
alternative for the wholesale crowd.

Thanks!!!


Mike Walker
Director of Network Operations
Network Operations Center
US Express.net, Inc.
800-695-3636 x130
[EMAIL PROTECTED]

---

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +6

(RADIATOR)

2002-08-15 Thread Waheeb Abader - MWeb 






unsubscribe




Give your child an unfair advantage with M-Web Learning.  To join, call 08600 32 000 or click here

M-Web  JUST LIKE THAT

Re: (RADIATOR) getting user information running AuthBy Test

2002-08-15 Thread Hugh Irvine 


Hello Zack -

You could use an AuthSQLStatement in the AuthBy SQL clause to add the 
user entry.

Have a look at section 6.28.14 in the Radiator 3.1 reference manual 
("doc/ref.html").

regards

Hugh


On Thursday, August 15, 2002, at 11:30 AM, Zack W. Kneisley wrote:

>
> Basicly I want to use AuthBy SQL using the MySql Db that I created using
> the .sql file in the goodies dir if the username isn't there I want it
> to be created with the password they used, thus creating their record so
> then next time they log on it will be challenged. I'm not sure where I
> was going with authby Test (long day)
>
> Zack
>
>
>
>
> Hello Zack -
>
> I am not quite sure what you mean below, could you give me a few more
> details on what you want to do with the AuthBy TEST?
>
> For your second question, the ENCRYPTEDPASSWORD is a UNIX encrypted
> password. Other forms of encryption are supported with prefixes as
> described in sections 13.1.1 and 13.1.2 in the Radiator reference manual
>
> ("doc/ref.html").
>
> regards
>
> Hugh
>
>
>
> On Thursday, August 15, 2002, at 03:55 AM, Zack W. Kneisley wrote:
>
>> I'm currently using a windows2000 IAS server for our radius, but am
>> Going to be using radiator soon.. I know I can have Radiator
>> authenticate Using AuthBy ADSI to my domain controler, But I want to
>> move this to a MySQL db for authentication. Because Win2000 does not
>> allow passwords to be exported, I would like to use AuthBy Test and
> have
>> the user records automatically created. How can this be done? I also
>> have another question, How are the ENCRYPTEDPASSWORD field in the
> MySQL
>> Db created? I'm a new user to radiator so please bear with me.
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) hardware specs

2002-08-15 Thread Hugh Irvine 


Hello Ray -

This sort of machine is in use at many of our customer sites.

Keep in mind that you should have a primary and a secondary for 
redundancy purposes.

regards

Hugh


On Thursday, August 15, 2002, at 02:27 PM, [EMAIL PROTECTED] wrote:

> Hello,
>
>
>   Can I ask if a Sun Netra T1 server with 512 memory sufficient
> for large installation using radiator?
>
>
>
> Ray
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.