(RADIATOR) radiator & win 2000 licence problems
hello folks, i have been unscucessfully trying to enter and fully activate our copy of radiator using the licence key provided. I am using Win2000 Advanced server with DNS running on the same machine. I have set up the hostname of the machine so that it matches exactly to the hostname in licence (let's call it hostname123.domain.com) . When i try and run the radiusd with licence information in .cfg file i get the error message saying invalid licence for the hostname. The same licence works fine on linux server. I have been trying out various options under TCP/IP settings (setting DNS suffixes trough various options there, i'm sure i tried about everything there is) . The my computer hostname shows hostname as required the "hostname" command in console only shows hostname123 instead of hostname123.domain.com. Anyone with similar problems out there ? Thanks ! Miro
(RADIATOR) client restrictions in Realm
Hi, Is it possible to restrict clients in one particular realm? I have many clients defined in my radius.cfg, but since this realm is just a AuthByRADIUS proxy, I want to restrict the clients that can be proxied? Is this possible? Mike Blancas <[EMAIL PROTECTED]> Mosaic Communications, Inc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Loadbalance
Hello Ray - The first thing to do in all cases is to identify exactly what is causing the problem - then fix it. In my experience, it is almost always a slow database that causes problems, and having multiple instances of Radiator all waiting on the slow database will gain you nothing at all. Similarily, if you are losing packets, it is usually due to saturated links, and again, using loadbalancing will not help. In short, make sure your database is really fast (multiprocessor, fast SCSI disks on a RAID controller, keep the tables small, and make sure the indexes are correct), and make very sure you have sufficient bandwidth so you don't drop packets. As mentioned in my previous mail, using one instance of Radiator for authentication and another for accounting is usually the best first step, as the authentication will not be affected by the (usually) slower accounting. regards Hugh On Wednesday, September 25, 2002, at 01:24 PM, [EMAIL PROTECTED] wrote: > > hi hugh, > >does this mean if we ever encounter performance problem > (i.e. slow auth, lost stop records) we need to separate the > authetication from accounting. and accquire additional radius > server to handle accounitng packets. and may be, add a load balancing > server (radiator)to spread the work among 3 servers? > > thanks, > ray > - Original Message - > From: Hugh Irvine <[EMAIL PROTECTED]> > Date: Wednesday, September 25, 2002 10:07 am > Subject: Re: (RADIATOR) Loadbalance > >> >> Hello Ray - >> >> I don't think using loadbalancing in the way you describe will >> gain you >> anything. >> >> You would probably do better running two instances of Radiator, >> one to >> process authentication requests and the other to process >> accounting >> requests. This tends to work better, because there are twice as >> many >> accounting requests as authentication requests (start and stop for >> every access). There is usually more overhead involved in >> processing >> accounting requests as well, but if it is in a seperate process, >> it >> doesn't get in the way of the authentication requests. >> >> The loadbalancing is really designed to spread requests across >> seperate >> machines, which of course you should have in any case. >> >> regards >> >> Hugh >> >> >> On Wednesday, September 25, 2002, at 11:40 AM, [EMAIL PROTECTED] >> wrote: >> >>> hi hugh, >>> >>> in our setup having 2 radius server (wiht 2 instance of >> radiator> running on each machine) and 1 oracle server. will there >> be an >>> advantage if we are going to use radiator loadbalancing if our >> ras port >>> grows from the current 1,500 ports to 5,000 ports? d oracle >> database is >>> hosting both prepaid and post paid system with peak and off-peak >> rating> and with credit limit on postpaid customers. all dial-up >> are terminated >>> through L2TP. our radius servers are idle most of the time. the >> highest> utilization that we are getting during peak hour is from >> 15% to 20% >>> only. will the radius capacity increase if we add 2 more >> instance of >>> radiator on the radius server (having a total of 4 instance per >>> server). one of the 4 instances will be configured as proxy >>> (loadbalancer to the 3 remaining instance of radius). do you >> have a >>> reference site that uses loadbalancing feature of radiator? >>> >>> thank you >>> >>> >>> >>> === >>> Archive at http://www.open.com.au/archives/radiator/ >>> Announcements on [EMAIL PROTECTED] >>> To unsubscribe, email '[EMAIL PROTECTED]' with >>> 'unsubscribe radiator' in the body of the message. >>> >>> >> >> -- >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >> - >> Nets: internetwork inventory and management - graphical, extensible, >> flexible with hardware, software, platform and database independence. >> >> === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >> > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Loadbalance
hi hugh, does this mean if we ever encounter performance problem (i.e. slow auth, lost stop records) we need to separate the authetication from accounting. and accquire additional radius server to handle accounitng packets. and may be, add a load balancing server (radiator)to spread the work among 3 servers? thanks, ray - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> Date: Wednesday, September 25, 2002 10:07 am Subject: Re: (RADIATOR) Loadbalance > > Hello Ray - > > I don't think using loadbalancing in the way you describe will > gain you > anything. > > You would probably do better running two instances of Radiator, > one to > process authentication requests and the other to process > accounting > requests. This tends to work better, because there are twice as > many > accounting requests as authentication requests (start and stop for > every access). There is usually more overhead involved in > processing > accounting requests as well, but if it is in a seperate process, > it > doesn't get in the way of the authentication requests. > > The loadbalancing is really designed to spread requests across > seperate > machines, which of course you should have in any case. > > regards > > Hugh > > > On Wednesday, September 25, 2002, at 11:40 AM, [EMAIL PROTECTED] > wrote: > > > hi hugh, > > > > in our setup having 2 radius server (wiht 2 instance of > radiator> running on each machine) and 1 oracle server. will there > be an > > advantage if we are going to use radiator loadbalancing if our > ras port > > grows from the current 1,500 ports to 5,000 ports? d oracle > database is > > hosting both prepaid and post paid system with peak and off-peak > rating> and with credit limit on postpaid customers. all dial-up > are terminated > > through L2TP. our radius servers are idle most of the time. the > highest> utilization that we are getting during peak hour is from > 15% to 20% > > only. will the radius capacity increase if we add 2 more > instance of > > radiator on the radius server (having a total of 4 instance per > > server). one of the 4 instances will be configured as proxy > > (loadbalancer to the 3 remaining instance of radius). do you > have a > > reference site that uses loadbalancing feature of radiator? > > > > thank you > > > > > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Loadbalance
Hello Ray - I don't think using loadbalancing in the way you describe will gain you anything. You would probably do better running two instances of Radiator, one to process authentication requests and the other to process accounting requests. This tends to work better, because there are twice as many accounting requests as authentication requests (start and stop for every access). There is usually more overhead involved in processing accounting requests as well, but if it is in a seperate process, it doesn't get in the way of the authentication requests. The loadbalancing is really designed to spread requests across seperate machines, which of course you should have in any case. regards Hugh On Wednesday, September 25, 2002, at 11:40 AM, [EMAIL PROTECTED] wrote: > hi hugh, > > in our setup having 2 radius server (wiht 2 instance of radiator > running on each machine) and 1 oracle server. will there be an > advantage if we are going to use radiator loadbalancing if our ras port > grows from the current 1,500 ports to 5,000 ports? d oracle database is > hosting both prepaid and post paid system with peak and off-peak rating > and with credit limit on postpaid customers. all dial-up are terminated > through L2TP. our radius servers are idle most of the time. the highest > utilization that we are getting during peak hour is from 15% to 20% > only. will the radius capacity increase if we add 2 more instance of > radiator on the radius server (having a total of 4 instance per > server). one of the 4 instances will be configured as proxy > (loadbalancer to the 3 remaining instance of radius). do you have a > reference site that uses loadbalancing feature of radiator? > > thank you > > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Loadbalance
hi hugh, in our setup having 2 radius server (wiht 2 instance of radiator running on each machine) and 1 oracle server. will there be an advantage if we are going to use radiator loadbalancing if our ras port grows from the current 1,500 ports to 5,000 ports? d oracle database is hosting both prepaid and post paid system with peak and off-peak rating and with credit limit on postpaid customers. all dial-up are terminated through L2TP. our radius servers are idle most of the time. the highest utilization that we are getting during peak hour is from 15% to 20% only. will the radius capacity increase if we add 2 more instance of radiator on the radius server (having a total of 4 instance per server). one of the 4 instances will be configured as proxy (loadbalancer to the 3 remaining instance of radius). do you have a reference site that uses loadbalancing feature of radiator? thank you === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Orinoco AP-500/1000 MAC auth problem
Hello, ... >>I don't need this Reply Attributes, really. Are you really sure this >>is needed in your environment? If this is the truth, perhaps we should >>talk about Firmware versions, but since AP500 V.3.83 it was really not >>necessary >>to spend reply attributes here in my environment, just "empty" Access >>Accept packets. >> > > > My AP-500 has V3.95. Since the AP serves more than just one wireless > device, it seems reasonable that AP needs to know which MAC address > username the RADIUS is granting the access. NAS-IP-address I know for sure > is necessary in my case since the AP is behind a firewall, and the > AP request (on behalf of the wireless device) is NATed and sent through a > router to the RADIUS in another network. The inbound message from the > RADIUS to the router certainly has to provide NAS-IP-address information > for the router to know which device behind the firewall should pick up > (without a broadcast through the entire subnet). First, I'm also running a lot of AP-500 with Firmware v.3.95 and MAC address based authorization, handled by a radius server (radiator) with more than 400 wireless users in the moment, still very fast growing. The AP sends an access-request with the following attributes to the radius server: ### Code: Access-Request Identifier: 134 Authentic: <164><183><146><135><8>r<206><28>Q<9><154>"<195><169><225>Y Attributes: NAS-IP-Address = 212.17.1.7 User-Name = "00022d-0eaae0" User-Password = "G`<173>'"<192><242>!<147>:<137><175>0n0<182>" Code: Access-Accept Identifier: 134 Authentic: <164><183><146><135><8>r<206><28>Q<9><154>"<195><169><225>Y Attributes: ### the radius server checks in my configuration just the "User-Name", and this is in this context the MAC-addr in the format xx-xx. The password sent by the AP is just the shared secret between the AP and teh radius server, you have no user based passwords without 802.1X. > My AP-500 has V3.95. Since the AP serves more than just one wireless > device, it seems reasonable that AP needs to know which MAC address The NAS knows already the MAC address, because he sends the Access-Request with the Identifier (e.g.134, see the example above), the Access-Accept has this same Identifier and then the NAS knows the accepted MAC > username the RADIUS is granting the access. NAS-IP-address I know for sure > is necessary in my case since the AP is behind a firewall, and the > AP request (on behalf of the wireless device) is NATed and sent through a > router to the RADIUS in another network. The inbound message from the > RADIUS to the router certainly has to provide NAS-IP-address information > for the router to know which device behind the firewall should pick up > (without a broadcast through the entire subnet). do you really believe your NAT Router is able to decode the radius Accept packet, gaining the Radius Attribute NAS-IP-address and then sending this to the proper target. Please tell me the vendor and model of this wonderfull device. No, normally this is done by a state table, IP addrs, protocol and ports so the NAT router knows to where to send the answer packets, I'm quite sure this is also in your environment. Regards Charly P.S. please send us a snippet of your config and your users file for MAC based WLAN authentication -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration Tel.: ++49 731 50-22499 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
