Re: (RADIATOR) AuthBy DYNADDRESS and Emerald/Platypus 3.0
Hello Matt - It might be simplest to define an additional AuthBy SQL clause to do the query and assign the returned value to the PoolHint attribute. Then you just have to define your AddressPool's with those values directly. Otherwise you can specify your own AuthSelect clause and the appropriate AuthColumnDef in the AuthBy PLATYPUS clause. And you could also use a hook of course. regards Hugh On Tuesday, October 29, 2002, at 04:46 PM, Matthew Taylor wrote: I wonder if someone might be able to suggest a simple way to trigger the use of an address allocator pool, based on when the customer.accttype field in Platypus (running in RADIUSNT mode) contains one of a few values? I need a way to set PoolHint for a couple of different values of the accttype field. In the absence of these matching values, I want the usual NAS based address allocation to occur, which is based on the settings in the Type Attributes for that accttype configuration in Platypus. Regards Matthew Taylor Senior Network Engineer CNN Internet Pty Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy DYNADDRESS and Emerald/Platypus 3.0
I wonder if someone might be able to suggest a simple way to trigger the use of an address allocator pool, based on when the customer.accttype field in Platypus (running in RADIUSNT mode) contains one of a few values? I need a way to set PoolHint for a couple of different values of the accttype field. In the absence of these matching values, I want the usual NAS based address allocation to occur, which is based on the settings in the Type Attributes for that accttype configuration in Platypus. Regards Matthew Taylor Senior Network Engineer CNN Internet Pty Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy DYNADDRESS and Emerald/Platypus 3.0
I wonder if someone might be able to suggest a simple way to trigger the use of an address allocator pool, based on when the customer.accttype field in Platypus (running in RADIUSNT mode) contains one of a few values? I need a way to set PoolHint for a couple of different values of the accttype field. In the absence of these matching values, I want the usual NAS based address allocation to occur, which is based on the settings in the Type Attributes for that accttype configuration in Platypus. Regards Matthew Taylor Senior Network Engineer CNN Internet Pty Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthBy DYNADDRESS and Emerald/Platypus 3.0
I wonder if someone might be able to suggest a simple way to trigger the use of an address allocator pool, based on when the customer.accttype field in Platypus (running in RADIUSNT mode) contains one of a few values? I need a way to set PoolHint for a couple of different values of the accttype field. In the absence of these matching values, I want the usual NAS based address allocation to occur, which is based on the settings in the Type Attributes for that accttype configuration in Platypus. Regards Matthew Taylor Senior Network Engineer CNN Internet Pty Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) BindAddress multiple IPs?
Hello Jeremy - I have copied this mail to Mike, but he is travelling until next week. My understanding is that this is a lower-level problem than Perl can deal with. Mike will be able to clarify I'm sure. regards Hugh On Tuesday, October 29, 2002, at 02:23 AM, Jeremy Hinton wrote: Hugh & crew, From reading the docs, and my own testing, it looks like the BindAddress parameter can only accept a single IP. As a result, it looks like you're limited to either having radiator respond on all IPs, or just on one. If this is not the case, someone please feel free to correct me. At any rate, i just wanted to submit a feature request to change this to accept multiple IPs. I for one would find this quite useful in our setup here. - jeremy === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Acct-Session-Id Error
Hello Doug - Have you restarted Radiator to re-read the dictionary? Are you sure you have changed the correct dictionary? I am actually surprised that Radiator is trying to use Acct-Session-Id as an integer in any case - it should be a string. And changing the dictionary definition results in a "cast" as you call it. A definition of "binary" should cause the attribute value to be treated as a string of binary characters, with no interpretation at all. If you still have a problem, please send me a trace 5 debug from Radiator showing the packet dump, together with the startup messages from Radiator, and including a copy of the configuration file (no secrets). BTW - what does your vendor say about it? regards Hugh On Monday, October 28, 2002, at 09:21 PM, Doug Clements wrote: That did not seem to do much.. I'm still getting the errors. The secondary problem we have is that since Radiator is assuming the Acct-Session-Id is 0, then people for whom we proxy radius to are getting 0 for this value, and can't track their users. Is there a way to force Radiator to "cast" this result to a value, or is changing the definition in the dictionary the best we can do? Thanks! --Doug Hugh Irvine wrote: Hello Doug - This is actually a NAS problem, due to a recent upgrade to the CVX software. The Acct-Session-Id is defined as a string (check the RFC), and the CVX is now sending binary data instead. You should check with your vendor to find out what they are sending and how to interpret it. In the meantime, you may be able to redfine the Acct-Session-Id as binary in the Radiator dictionary. ATTRIBUTE Acct-Session-Id 44 binary Please let me know if the above works for you, as other people have been having the same problem. regards Hugh NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) using the already connected DB refs
Hello Martin -
I think from the code below you are referring to the session database?
In any case, my answer holds true for an AuthBy SQL as well.
You should have a look at the example code in "goodies/hooks.txt", the
reply hook that does dynamic address allocation.
This is how to find a specific AuthBy clause:
# Find the AuthBy clause with the same Identifier
my $authby = Radius::AuthGeneric::find($identifier);
&main::log($main::LOG_DEBUG, "Found AuthBy with Identifier
$identifier");
Similarily you could use something like this for a session database:
# Find the session database with the same Identifier
my $sessdb = Radius::SessGeneric::find($identifier);
&main::log($main::LOG_DEBUG, "Found SessionDatabase with Identifier
$identifier");
Once you have the handle to a specific clause, you can use it to call
any of the routines supported by that module to reference the object
that the module refers to.
You should also have a look at the code in Radius/SessSQL.pm.
regards
Hugh
On Tuesday, October 29, 2002, at 11:33 AM, Martin Edge wrote:
Hey Guys,
Little curious, I need to perform an Extra SQL query while processing
RADIUS
requests, and set the value to an internal Radiator variable, it comes
from
the same database, so I was wondering how one would utilise the
existing DB
connection easily, without having to spawn an additional one using DBI.
Below is the code I'm using..
# find the POP id
sub
{
my $p = ${$_[0]};
my $nasip;
my $db;
$nasip = $p->get_attr('NAS-IP-Address');
# If there is a NAS at all..
if ($nasip) {
use DBI;
my $user = "xx";
my $password = "x";
my $database = "xx";
my $dsn =
"DBI:mysql:database=$database;host=192.168.3.21";
$db = DBI->connect($dsn, $user, $password);
if (!$db) {
&main::log($main::LOG_DEBUG,"Failed Bringin Up
Second DB\n".DBI::errstr);
return;
}
# get the popid
my $popidquery = "select popid from nascache where
nasidentifier = '$nasip'";
my $sth = $db->prepare($popidquery);
$sth->execute;
my $popid = ($sth->fetchrow())[0];
if ($popid) {
&main::setVariable("popid", $popid);
&main::log($main::LOG_DEBUG,"Resolved Packet to
POPid $popid");
} else {
&main::log($main::LOG_DEBUG,"No POPid for NASIP
$nasip");
&main::setVariable("popid", "0");
}
}
Regards,
Martin Edge
Software/Network Engineer
KBS Internet
Phone: 1300 727 205
Web: http://www.kbs.net.au/
Extranet: http://xray.kbs.net.au/
eMail: [EMAIL PROTECTED]
-=-=-=-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) using the already connected DB refs
Hey Guys,
Little curious, I need to perform an Extra SQL query while processing RADIUS
requests, and set the value to an internal Radiator variable, it comes from
the same database, so I was wondering how one would utilise the existing DB
connection easily, without having to spawn an additional one using DBI.
Below is the code I'm using..
# find the POP id
sub
{
my $p = ${$_[0]};
my $nasip;
my $db;
$nasip = $p->get_attr('NAS-IP-Address');
# If there is a NAS at all..
if ($nasip) {
use DBI;
my $user = "xx";
my $password = "x";
my $database = "xx";
my $dsn = "DBI:mysql:database=$database;host=192.168.3.21";
$db = DBI->connect($dsn, $user, $password);
if (!$db) {
&main::log($main::LOG_DEBUG,"Failed Bringin Up
Second DB\n".DBI::errstr);
return;
}
# get the popid
my $popidquery = "select popid from nascache where
nasidentifier = '$nasip'";
my $sth = $db->prepare($popidquery);
$sth->execute;
my $popid = ($sth->fetchrow())[0];
if ($popid) {
&main::setVariable("popid", $popid);
&main::log($main::LOG_DEBUG,"Resolved Packet to
POPid $popid");
} else {
&main::log($main::LOG_DEBUG,"No POPid for NASIP
$nasip");
&main::setVariable("popid", "0");
}
}
Regards,
Martin Edge
Software/Network Engineer
KBS Internet
Phone: 1300 727 205
Web: http://www.kbs.net.au/
Extranet: http://xray.kbs.net.au/
eMail: [EMAIL PROTECTED]
-=-=-=-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Acct-Session-Id Error
That did not seem to do much.. I'm still getting the errors. The secondary problem we have is that since Radiator is assuming the Acct-Session-Id is 0, then people for whom we proxy radius to are getting 0 for this value, and can't track their users. Is there a way to force Radiator to "cast" this result to a value, or is changing the definition in the dictionary the best we can do? Thanks! --Doug Hugh Irvine wrote: Hello Doug - This is actually a NAS problem, due to a recent upgrade to the CVX software. The Acct-Session-Id is defined as a string (check the RFC), and the CVX is now sending binary data instead. You should check with your vendor to find out what they are sending and how to interpret it. In the meantime, you may be able to redfine the Acct-Session-Id as binary in the Radiator dictionary. ATTRIBUTE Acct-Session-Id 44 binary Please let me know if the above works for you, as other people have been having the same problem. regards Hugh === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) BindAddress multiple IPs?
Hugh & crew, From reading the docs, and my own testing, it looks like the BindAddress parameter can only accept a single IP. As a result, it looks like you're limited to either having radiator respond on all IPs, or just on one. If this is not the case, someone please feel free to correct me. At any rate, i just wanted to submit a feature request to change this to accept multiple IPs. I for one would find this quite useful in our setup here. - jeremy === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
