(RADIATOR) Re: A simple usage table rotation script
Hi Gordon - Many thanks - I have forwarded your mail to Mike and this will get included in the goodies. cheers Hugh On Wednesday, November 6, 2002, at 08:15 AM, Gordon Smith wrote: Hi, Just thought I'd share this simple solution, if anyone is interested. :-) We use Radmin, and had been looking for an easy way to archive each month's usage without impacting radius. The pretty much ruled out doing a select into, because of the CPU hit you take doing that. So I wrote a simple script, called as a cron job on the first day of the month. We're using mysql with innodb tables, so the database can fill up if the data doesn't get archived off somewhere else. This script handles the rotation of the usage table, then we can archive data to CD when its convenient. Oh, on a completely different topic, if anyone is using FreeTDS and DBD::Sybase to insert info into MS-SQL databases, DON'T upgrade your DBD::Sybase. It won't work after version 0.94. This is because of some changes in the DBD::Sybase code that isn't in the freetds libraries. Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd #!/usr/bin/perl -w # Radius usage table rotation script # # Gordon Smith 31 Oct, 2002 # # [EMAIL PROTECTED] # # MoreNet Ltd. use strict; use DBI; # Database my $radius_db = DBI:mysql:radmin; my $radius_user = ; my $radius_pwd = ; # local variables my ($dbh, $last_month, $tablename, $sth, $sth2, $sth3, $sql); # Generate the name of the table to create $tablename = getdate(); # Establish database connection $dbh = DBI-connect($radius_db, $radius_user, $radius_pwd) || die Cannot connect to database!\n $DBI::errstr\n unless (defined $dbh); # Rename RADUSAGE table $sth = $dbh-prepare( qq{ALTER TABLE RADUSAGE RENAME TO $tablename}) || die Unable to prepare rename table query: .$dbh-errstr.\n; $sth-execute(); $sth-finish(); # Create new RADUSAGE table $sth2 = $dbh-prepare( qq{CREATE TABLE RADUSAGE( ACCTDELAYTIME INT(11) NULL, ACCTINPUTOCTETS INT(11) NULL, ACCTOUTPUTOCTETS INT(11) NULL, ACCTSESSIONID VARCHAR(30) NULL, ACCTSESSIONTIME INT(11) NULL, ACCTSTATUSTYPE INT(11) NULL, ACCTTERMINATECAUSE VARCHAR(50) NULL, DNIS VARCHAR(30) NULL, FRAMEDIPADDRESS VARCHAR(30) NULL, NASIDENTIFIER VARCHAR(50) NOT NULL, NASPORT INT(11) NULL, TIME_STAMP INT(11) NULL, USERNAME VARCHAR(50) NOT NULL, CALLERID VARCHAR(30) NULL, CONNECT_SPEED INT(11) NULL, INDEX RADUSAGE_ui1 (USERNAME) ) TYPE=INNODB; }) || die Unable to prepare new table query: .$dbh-errstr.\n; $sth2-execute(); $sth2-finish(); # Restart radius # This assumes a restart wrapper - we use svscan, so we just kill # the process. Change this system call to reflect the type of # wrapper you are using. Not elegant, but it works. system('/usr/bin/killall -9 radiusd'); # Now clean up the archive remove everything except STOP records $sql = DELETE from $tablename where acctstatustype != '2'; $sth3 = $dbh-prepare($sql); $sth3-execute(); $sth3-finish(); # Close the database connection $dbh-disconnect; exit(); sub getdate { # Gets the current date and creates a name to use for creation # of an archive table for the previous month's data, then # returns the name created my @months = (jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec ); # Get current time # The month returned is an integer between 0 and 11 my ($second, $minute, $hour, $day, $month, $year, $weekday, $dayofyear, $IsDST) = localtime(time); # Tidy up the year if ($year = 100){ $year = $year - 100; } # Add a leading 0 if year is less than 2010 if ($year 10){ $year = 0.$year; } # Get the last month so we can name the archive table correctly if ($month == 0){ # january $last_month = 11; # december $year = $year - 1; }else{ $last_month = $month - 1; } # generate the name of the archive table $tablename = $months[$last_month] . $year; # return the calculated value return $tablename; } NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body
Re: (RADIATOR) Question about Calls table
Hello Lin - This is because the default format for integer-date is being used. If you want to change it you should specify your own DateFromat. See sections 6.28.14 and 6.3 in the Radiator 3.3.1 reference manual. regards Hugh On Wednesday, November 6, 2002, at 07:55 AM, Huaikun Lin wrote: Hi Hugh Here is my radius configuration: Foreground LogStdout LogDir /var/log/radius DbDir /local/etc/radius PidFile /var/run/radiusd.pid SnmpgetProg /local/bin/snmpget AuthPort1645 AcctPort1646 Trace 3 client xxx ... /client Handler Request-Type = Accounting-Request RewriteUsername s/^([^@]+).*/$1/ AuthBy EMERALD # You can use this to force Radiator to limit # maximum session times to how many minutes # are left in subaccounts.timeleft DefaultSimultaneousUse 1 TimeBanking # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSourcedbi:Sybase:server=xxx;database=xxx DBUsername DBAuth # You can add to or change these if you want. AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Ascend-Disconnect-Cause,integ er # AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer # AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AddATDefaults AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check /AuthBy # Log all accounting into daily log files AcctLogFileName /var/log/radius/log/%Y%m%d.act /Handler Handler RewriteUsername s/^([^@]+).*/$1/ # If Platypus rejects the login, forward it to the old Radius server #AuthByPolicy ContinueUntilAccept PasswordLogFileName %L/password.log AuthBy EMERALD # You can use this to force Radiator to limit # maximum session times to how many minutes # are left in subaccounts.timeleft DefaultSimultaneousUse 1 TimeBanking # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSourcedbi:Sybase:server=;database=xxx DBUsername xx DBAuth xx AddATDefaults AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check /AuthBy AuthBy DBFILE Filename %D/users /AuthBy AuthBy FILE Filename %D/users /AuthBy /Handler The following is one example of trace 4 debug: Thu Sep 5 23:00:03 2002: DEBUG: Packet dump: *** Received from 203.96.xx.xx port 39577 Code: Access-Request Identifier: 167 Authentic: 00X24200t00,400B173 Attributes: Proxy-Action = AUTHENTICATE User-Name = andy.hema User-Password = 184/2139gG192374177232252250223 NAS-IP-Address = 192.168.8.253 NAS-Port = 278 Acct-Session-Id = 18159809 USR-Interface-Index = 1534 Service-Type = Framed-User Framed-Protocol = PPP Chassis-Call-Slot = 2 Chassis-Call-Span = 1 Chassis-Call-Channel = 22 Calling-Station-Id = Called-Station-Id = 1900 Connect-Speed = NONE NAS-Port-Type = Async User-Id = andy.hema NAS-Identifier = ipw1-n1-15.ipnet.telecom.co.nz User-Realm = actrix Proxy-State = 0 Thu Sep 5 23:00:03 2002: DEBUG: Rewrote user name to andy.hema Thu Sep 5 23:00:03 2002: DEBUG: Check if Handler Realm=twor.ac.nz should be use d to handle this request Thu Sep 5 23:00:03 2002: DEBUG: Check if Handler Request-Type = Accounting-Requ est should be used to handle this request Thu Sep 5 23:00:03 2002: DEBUG: Check if Handler should be used to handle this request Thu Sep 5 23:00:03 2002: DEBUG: Handling request with Handler '' Thu Sep 5 23:00:03 2002: DEBUG: Rewrote user name to andy.hema Thu Sep 5 23:00:03 2002: DEBUG: Deleting session for andy.hema, 192.168.8.253, 278 Thu Sep 5 23:00:03 2002: DEBUG: do query is: delete from RADONLINE where NASIDE NTIFIER='192.168.8.253'
Re: Fwd: (RADIATOR) Question on FailurePolicy within SQLRADIUS
Hi Martin, On Wed, 6 Nov 2002 18:58, Hugh Irvine wrote: Mikey - Could you answer Martin please? ta Hugh Begin forwarded message: From: Martin Edge [EMAIL PROTECTED] Date: Wed Nov 6, 2002 9:17:50 AM Australia/Melbourne To: Radiator [EMAIL PROTECTED] Subject: (RADIATOR) Question on FailurePolicy within SQLRADIUS Hey Guys, Quick question (well, it might not be ;)), I have a feeling I might have asked something along the same lines before.. But I'm trying to test the FailurePolicy settings within SQLRADIUS. Having a look.. Now, within the code, it's saying if HostColumnDef exists, then use getHostColumns in order to set the current configuration for the next host to proxy to. When the failurepolicy is set from retrieving the server, I'm trying to confirm whether it would be assigning the FailurePolicy to that one server, just for that request, or to a group of packets to the same destination server port pair. The failure policy from teh database is used to set a flag in the request packet. So the policy you get applies to just that request sent to just that server. Obviously, the failurePolicy will usually be exactly the same for every request sent to a particular server, but it doent have to be so. $fp is used within the code here, but I'm not sure what that is referencing .. Appears to be the current packet instance ? $fp refers to the packet currently being forwarded. Technically, if there is no host to proxy to, (which I guessing is quite possible as there is no single identifier for a destination proxy, This is that NumHosts debarkle again), then it will fall back to the superclass to fall back to any hardwired hosts. At which point does it honor the failurepolicy ? If no host comes from the database, then there is no host to proxy to and therefore the failure policy has no meaning (recall the policy defines what to do if there is no reply to a proxied packet) If no host comes from the database, it falls back to any hardwired hosts in AuthBy SQLRADIUS. Is the expectation that a FailurePolicy will only be used when the hosts that are avaliable are being ignored? ...are not replying. Yes. Not when HostSelect returns no results on the second attempt for those downstreams with an additional RADIUS server (as defined by the limitations of NumHosts) that don't exist? Correct. I guess the global issue appears to be that a downstream proxy customer isn't identified as anyone in particular within the RADIUS code. Is there any plans for development within the SQLRADIUS module to create an pseudo-identifier, to give the ability to configuring information about the downstream and setting statistics etc. for each Downstream Identifier within the SQLRADIUS results.. ? Or is this too specific and would be best hiding in it's own AuthBy Module ? No current plans for SQLRADIUS, but obvious and generally felt deficiencies will (as always) be addressed. Discussion is welcome. Hope I'm not being too confusing :-) Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthSQL with password imported from /etc/shadow
Hello Daniel - You should not use "EncryptedPassword". The "{crypt}" tag on the front of the string will cause "the right thing" to happen if you access the field as just a plain password. cheers Hugh On Thursday, November 7, 2002, at 01:51 AM, [EMAIL PROTECTED]> wrote: Hi, Solaris 2.8 Node Imported my password from /etc/shadow in my SQL database in table CRYPTPW. {crypt}IofLKK/oJstSo sql.cfg: AuthSelect select CRYPTPW from USERS where N = %0 EncryptedPassword Access-Request from cisco-NAS Request denied Are I'm on the wrong way? Clear Password Authentication works fine Please help... Thanks...Daniel mailto:[EMAIL PROTECTED] Internet:www.swisscom.com/enterprise-solutions NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) How to check sessions with ADSL Cisco 6400 / 7200 ?
Hello Antonio - I suspect this is a question for Cisco. Anybody happen to know the answer? regards Hugh On Friday, September 6, 2002, at 06:57 PM, Antonio J. Anton wrote: Hello everybody, We are going to use Cisco 6400 Cisco 7200 to connect ADSL subscribers. We want to use the same Radiator we're using for dialup access. The problem we have is we don't know how to check for simultaneous use or phantom session to that access servers for a specific user. We know an SNMP OID to get the Username in case of VPDN tunnels, but we are not using that access mode, we're ending our tunnels with PPPoA and we don't know any OID to get the Username based on any radius attribute. Anybody knows how to do this job? We're looking for a SNMP solution instead of asking directly the access server with IOS commands because these systems are very loaded. Thanks in advance, Antonio === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator not honoring shadow attributes
Hello Mike - You should probably use an AuthBy SYSTEM instead. regards Hugh On Wednesday, November 6, 2002, at 03:54 AM, Mike Saunders wrote: -Original Message- From: Hugh Irvine [mailto:hugh;open.com.au] Sent: Tuesday, November 05, 2002 10:21 AM To: Mike Saunders Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator not honoring shadow attributes Hello Mike - What exactly are you referring to as shadow attributes? regards Hugh Account is unlocked and works fine test123:Changed:11996::9136461764 Account is locked or expired. test123:Changed:11996::9:::11995:136461764 Notice the 11995. It's the number of days since the UNIX epoch. That entry puts the expiration on the account at November 4th, 2002. So today the account *should not* be able to dial up. However it still is. This is from man 5 shadow on this box: SHADOW(5) SHADOW(5) NAME shadow - encrypted password file DESCRIPTION shadow contains the encrypted password information for user's accounts and optional the password aging informa- tion. Included is Login name Encrypted password Days since Jan 1, 1970 that password was last changed Days before password may be changed Days after which password must be changed Days before password is to expire that user is warned Days after password expires that account is disabled Days since Jan 1, 1970 that account is disabled A reserved field So, radiator isn't honoring the shadow account disabled field. Any ideas on how to make it do this, or do we need to use a different Auth mechanism? -Mike Saunders Mike Saunders Systems Administration Magic Internet Services, Inc. (701) 838-1265 (701) 857-0238 (voicemail) [EMAIL PROTECTED] http://www.minot.com NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Auth by NAS-Identifier
Hello - You can use a regular expression in the check like this: NAS-IP-Address = /^10\.0\.0\./ which will match all the IP addresses starting with 10.0.0.. Note that you are matching strings with a Perl regexp, not an IP address per se. And no you should not have to upgrade, but do some testing to make sure. regards Hugh On Wednesday, November 6, 2002, at 03:26 AM, Ben-Nes Michael wrote: Hi Again What will the ( AuthColumnDef n, GENERIC, check ) is going to check ? That the Ip in the db is equal to the one from the NAS ? If so how can i specify an ALL IP ? can I use netmask like 10.0.0.1/0 ? or maybe 'ALL' ? And last Q, will i have to upgrade from ver 2.17.1 to enable such check ? Have a nice travelling ;) Hello - Yes you can do what you describe, with a check and reply column. You will need to redefine your AuthSelect query and add the corresponding AuthColumnDef's as you show below. BTW - the latest version is Radiator 3.3.1. regards Hugh On Wednesday, November 6, 2002, at 02:56 AM, Ben-Nes Michael wrote: Hi All I'm an old radiator user :) using ver 2.17.1 with (AuthBy SQL) And Nas: cisco 2511 and PM3 All work great but now I want to enable filters so customer will have PPP accounts that are restricted to emails only. This can be achieved with PM3 easily by using Attribute: Filter-Id. My Q is how can I tell my radius to log only the users that come form the PM3. I thought of adding a column to my db like: NAS-Identifier=some_ip and then add a AuthColumnDef n, GENERIC, check - to see if the ip is correct. Is this the right way ? if so how can I tell the radius that some of the users can log from any NAS while some can log from only one NAS ? Will I have to upgrade to the latest version ? Thanks in advance === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Best Way to do this proxy
Hello Skeeve - There is no difference using Handlers. I am not sure I understand your question - could you give me a bit more detail please? regards Hugh On Tuesday, November 5, 2002, at 07:54 PM, Skeeve Stevens wrote: Is there much difference because we use Handlers? I am not sure how you would integrate the Proxy radius for say user@customer to be checked before being allowed to continue. ...Skeeve example client: Client 203.194.28.131 Secret m0d3m5 NasType Ascend Identifier Comindico /Client Session Address: SessionDatabase SQL Identifier SDB1 DBSource dbi:mysql:xxx:xxx DBUsername xxx DBAuth xxx AddQuery insert into online (acct_handle,nas_id,online_nasport,online_sessionid,online_date,online_ i paddress,online_servicetype,online_calling_station,online_called_statio n ,online_key,online_group) values ('%n','%N','%{NAS-Port}','%{Acct-Session- Id}',from_unixtime(%{Timestamp} ),'%{Framed-IP-Address}','%{Service-Type}','%{Calling-Station- Id}','%{Ca lled-Station-Id}','%{Ascend-Session-Svr-Key}','%{Client:X-GroupName}') DeleteQuery delete from online where acct_handle = '%n' and nas_id = '%N' and online_nasport = %{NAS-Port} ClearNasQuery delete from online where nas_id = '%N' CountQuery select nas_id,online_nasport,online_sessionid from online where acct_handle = '%n' /SessionDatabase AddressAllocator SQL Identifier SDB1 DBSource dbi:mysql:xxx:xxx DBUsername xxx DBAuth xxx FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='%0' and STATE=0 order by TIME_STAMP AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=%0, EXPIRY=%1, USERNAME=%2, NAS='%{Calling-Station-Id}' where YIADDR='%3' and TIME_STAMP %4 AddAddressQuery insert into RADPOOL (STATE, TIME_STAMP, POOL, YIADDR, SUBNETMASK, DNSSERVER, USERNAME, NAS) values (0, %t, '%0', '%1', '%2', '%3', '%n', '%{Calling-Station-Id}') AddressPool pool1 Subnetmask 255.255.255.255 DNSServer 203.24.66.204 Range 203.222.150.192/26 /AddressPool /AddressAllocator The Handler: Handler Client-Identifier = Comindico #Realm DEFAULT #AuthByPolicy ContinueWhileIgnore# AuthByPolicy ContinueWhileAccept RewriteUsername tr/A-Z/a-z/ SessionDatabase SDB1 AuthBy SQL Identifier SDB1 DBSource dbi:mysql:xxx:xxx DBUsername xxx DBAuth xxx AuthSelect select auth_upass_crypt,((auth_max_sessions)*2) as auth_max_sessions,auth_idle_timeout,auth_subnet,auth_netmask,auth_reply p airs,auth_dc_time,auth_group from auth where auth_uname='%n' and auth_stat_id = 1 and curdate() auth_expire auth_server != 1 RejectEmptyPassword EncryptedPassword AddToReply Ascend-Client-Primary-DNS=203.24.66.204, Ascend-Client-Secondary-DNS=203.24.66.193, Ascend-Client-Assign-DNS = DNS-Assign-Yes, Framed-Protocol = PPP, Service-Type = Framed-User AccountingTable detail AuthColumnDef 0, Encrypted-Password, check AuthColumnDef 1, Simultaneous-Use, check AuthColumnDef 2, Idle-Timeout, reply AuthColumnDef 3, Framed-IP-Address, reply AuthColumnDef 4, Framed-IP-Netmask, reply AuthColumnDef 5, Framed-Route, reply AuthColumnDef 6, Session-Timeout, reply AuthColumnDef 7, X-GroupName, reply AcctColumnDef detail_acct_handle,User-Name AcctColumnDef detail_nas_id,NAS-IP-Address AcctColumnDef detail_date,Timestamp,formatted-date,from_unixtime(%s) AcctColumnDef detail_type,Acct-Status-Type AcctColumnDef detail_delay,Acct-Delay-Time,integer AcctColumnDef detail_called_station,Called-Station-Id AcctColumnDef detail_calling_station,Calling-Station-Id AcctColumnDef detail_inbytes,Acct-Input-Octets,integer AcctColumnDef detail_outbytes,Acct-Output-Octets,integer AcctColumnDef detail_sessionid,Acct-Session-Id AcctColumnDef detail_sessiontime,Acct-Session-Time,integer AcctColumnDef detail_termcause,Acct_Terminate-Cause AcctColumnDef detail_termcause,Ascend-Disconnect-Cause AcctColumnDef detail_nasport,NAS-Port,integer AcctColumnDef detail_ipaddress,Framed-IP-Address /AuthBy AuthBy DYNADDRESS Allocator SDB1 PoolHint pool1 MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask /AuthBy AuthLog SQL DBSource dbi:mysql:xxx:xxx DBUsername root DBAuth tekflex Table RADAUTHLOG LogSuccess 0 LogFailure 1 FailureQuery INSERT INTO authlog (username,timestamp,priority,message,password) VALUES ('%n', %t, %0, %1%r%r, '%P') /AuthLog Log SQL DBSource dbi:mysql:xxx:xxx DBUsername xxx DBAuth xxx Table radlog /Log /Handler -Original Message- From: [EMAIL PROTECTED] [mailto:owner-radiator;open.com.au] On Behalf Of Hugh Irvine Sent: Monday, November 04, 2002 2:22 AM To:
(RADIATOR) RE: Upgrade Procedure
Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) AuthBy LDAP2
Hello, I have resolved my issue. We were rewriting the username, stripping off the Realm, and then trying to use %R. %R must have been empty or something because the realm was stripped off. Rather than using this: UsernameAttr uid We now use this and skip the username rewriting altogether: SearchFilter (uid=%U) So far, it seems to work just fine. Thanks, Jason Hugh Irvine wrote: Hello Jason - Yes you can use special characters in the BaseDN parameter. Could you please send me a copy of the configuration file (no secrets), together with a trace 4 debug from Radiator showing what is happening. BTW - what version of Radiator are you running, and what hardware/software platform? regards Hugh On Wednesday, November 6, 2002, at 02:50 AM, Jason Signalness wrote: Hello, I have been trying to set up authentication against an LDAP directory. This clause results in LDAP_NO_SUCH_OBJECT errors: AuthBy LDAP2 Identifier BTICheckLDAP Hostds.btinet.net UsernameAttruid BaseDN ou=People,o=%R,o=bti EncryptedPasswordAttr userPassword /AuthBy But if I hard code the realm name it works: AuthBy LDAP2 Identifier BTICheckLDAP Hostds.btinet.net UsernameAttruid BaseDN ou=People,o=testrealm.com,o=bti EncryptedPasswordAttr userPassword /AuthBy Since we have many realms, it is not going to work to hard code them in the radiator config file. Am I correct to assume that the %R cannot be used in an AuthBy LDAP2 clause? If so, how can I get around this? Thanks in advance, -- Jason Signalness, Systems Administrator Basin Telecommunications, Inc. [EMAIL PROTECTED] 1-701-355-5727 -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Jason Signalness, Systems Administrator Basin Telecommunications, Inc. [EMAIL PROTECTED] 1-701-355-5727 -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) password encryption and proxying to iPass
Title: Message I just observed something, but maybe someone can tell me if I'm right or confused... I just noticed that foreign iPass users hitchhiking on our network (aka, "iPass outbound") are showing up in our Authentication Log, complete with clear text passwords. Now, I know this info is MD5 encrypted between the NAS and Radiator, and then later it's encrypted between the local outbound iPass server and the central iPass network via a proprietary iPass protocol. But I guess internal to Radiator it's inevitable that the passwords be available in clear text? Or maybe it's only necessary for CHAP, but PAP can store the p/w encrypted so it's NEVER in cleartext? Thanks all, Dave
(RADIATOR) Renaming cisco-avpair
Hello, I would like to save Radius accounting tickets from a Cisco AS5300 in a SQL database but Cisco AS5300 is sending multiple attributes cisco-avpair. I would like to save all cisco-avpair so I need to rename them. For example, An original cisco-avpair like this: cisco-avpair = connect-progress=41 I want it like this: cisco-avpair-connect-progress = 41 or just connect-progress = 41 I made a hook (based on /goddies/hooks.txt) for add a new attribute for each cisco-avpair. But this hook only catch the first cisco-avpair and I can not find the way to analize the rest of cisco-avpair. Hook code: # -*- mode: Perl -*- # Converts cisco-avpair into different attributes # sub { my $p = ${$_[0]}; my $ciscoavpair; my $ciscoavpair_name; my $ciscoavpair_value; if ($ciscoavpair = $p-get_attr('cisco-avpair')) { $ciscoavpair =~ /=/; $ciscoavpair_name = $`; $ciscoavpair_value = $'; $p-add_attr(cisco-avpair-$ciscoavpair_name, $ciscoavpair_value) } return; } # I´ve read the sub get_attr from /Radius/AttrVal.pm and found that if you ask for an attribute in a scalar context only returns the first one (that´s my case!). How can I ask for an attribute in another way? (maybe as an array but, How?) Does anyboby have anything that could help on this? I´ve tried with a while instead of an if , the result was a loop with the same (first) cisco-avpair. If I add a -delete_attr after the add, the result (as said in /Radius/AttrVal.pm ) deletes all cisco-avpair. Best Regards, German Gatica === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Renaming cisco-avpair
This may not be worth much, but... You might consider deleting each cisco-avpair attribute from the list after you recode it, and then add it back in the right way, such as cisco-avpair-connect-progress = 41. That way, you'll get the next one in line the next time you call get_attr() because the first one will be gone. Dave :) -Original Message- From: GermanG [mailto:gaticag;hotmail.com] Sent: Wednesday, November 06, 2002 3:56 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Renaming cisco-avpair Hello, I would like to save Radius accounting tickets from a Cisco AS5300 in a SQL database but Cisco AS5300 is sending multiple attributes cisco-avpair. I would like to save all cisco-avpair so I need to rename them. For example, An original cisco-avpair like this: cisco-avpair = connect-progress=41 I want it like this: cisco-avpair-connect-progress = 41 or just connect-progress = 41 I made a hook (based on /goddies/hooks.txt) for add a new attribute for each cisco-avpair. But this hook only catch the first cisco-avpair and I can not find the way to analize the rest of cisco-avpair. Hook code: # -*- mode: Perl -*- # Converts cisco-avpair into different attributes # sub { my $p = ${$_[0]}; my $ciscoavpair; my $ciscoavpair_name; my $ciscoavpair_value; if ($ciscoavpair = $p-get_attr('cisco-avpair')) { $ciscoavpair =~ /=/; $ciscoavpair_name = $`; $ciscoavpair_value = $'; $p-add_attr(cisco-avpair-$ciscoavpair_name, $ciscoavpair_value) } return; } # I´ve read the sub get_attr from /Radius/AttrVal.pm and found that if you ask for an attribute in a scalar context only returns the first one (that´s my case!). How can I ask for an attribute in another way? (maybe as an array but, How?) Does anyboby have anything that could help on this? I´ve tried with a while instead of an if , the result was a loop with the same (first) cisco-avpair. If I add a -delete_attr after the add, the result (as said in /Radius/AttrVal.pm ) deletes all cisco-avpair. Best Regards, German Gatica === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RE: Upgrade Procedure
Some additional tips which have been discussed before: When upgrading from major versions (2.x to 3.x), it is best to do some testing by installing it in a 'lab' system. Especially if the revisions differ in the way they do things. We had an issue before that affected the assignment of IP addresses (DYNADDRESS) due to the way our configuration file was written and it was good that we tested it before. Read the revision history as per my note before. And to answer your question, yes you can install on the same directory as long as you're sure that the new system has been tested according to your requirements. Regards, Neil On Thursday, November 7, 2002, at 02:20 AM, Mohammed AbdusSami wrote: Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:hugh;open.com.au] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Fwd: A simple usage table rotation script
Hello Gordon, Thanks very much for your contribution. We have added it to the RAdmin goodies for the next release. Thanks again. Cheers. On Wed, 6 Nov 2002 18:53, Hugh Irvine wrote: Mikey - Contributions cheers Hugh Begin forwarded message: From: Gordon Smith [EMAIL PROTECTED] Date: Wed Nov 6, 2002 8:15:22 AM Australia/Melbourne To: [EMAIL PROTECTED] Cc: Hugh Irvine [EMAIL PROTECTED] Subject: A simple usage table rotation script Hi, Just thought I'd share this simple solution, if anyone is interested. :-) We use Radmin, and had been looking for an easy way to archive each month's usage without impacting radius. The pretty much ruled out doing a select into, because of the CPU hit you take doing that. So I wrote a simple script, called as a cron job on the first day of the month. We're using mysql with innodb tables, so the database can fill up if the data doesn't get archived off somewhere else. This script handles the rotation of the usage table, then we can archive data to CD when its convenient. Oh, on a completely different topic, if anyone is using FreeTDS and DBD::Sybase to insert info into MS-SQL databases, DON'T upgrade your DBD::Sybase. It won't work after version 0.94. This is because of some changes in the DBD::Sybase code that isn't in the freetds libraries. Cheers, Gordon Smith CCNA Network Operations Manager MoreNet Ltd #!/usr/bin/perl -w # Radius usage table rotation script # # Gordon Smith 31 Oct, 2002 # # [EMAIL PROTECTED] # # MoreNet Ltd. use strict; use DBI; # Database my $radius_db = DBI:mysql:radmin; my $radius_user = ; my $radius_pwd = ; # local variables my ($dbh, $last_month, $tablename, $sth, $sth2, $sth3, $sql); # Generate the name of the table to create $tablename = getdate(); # Establish database connection $dbh = DBI-connect($radius_db, $radius_user, $radius_pwd) || die Cannot connect to database!\n $DBI::errstr\n unless (defined $dbh); # Rename RADUSAGE table $sth = $dbh-prepare( qq{ALTER TABLE RADUSAGE RENAME TO $tablename}) || die Unable to prepare rename table query: .$dbh-errstr.\n; $sth-execute(); $sth-finish(); # Create new RADUSAGE table $sth2 = $dbh-prepare( qq{CREATE TABLE RADUSAGE( ACCTDELAYTIME INT(11) NULL, ACCTINPUTOCTETS INT(11) NULL, ACCTOUTPUTOCTETS INT(11) NULL, ACCTSESSIONID VARCHAR(30) NULL, ACCTSESSIONTIME INT(11) NULL, ACCTSTATUSTYPE INT(11) NULL, ACCTTERMINATECAUSE VARCHAR(50) NULL, DNIS VARCHAR(30) NULL, FRAMEDIPADDRESS VARCHAR(30) NULL, NASIDENTIFIER VARCHAR(50) NOT NULL, NASPORT INT(11) NULL, TIME_STAMP INT(11) NULL, USERNAME VARCHAR(50) NOT NULL, CALLERID VARCHAR(30) NULL, CONNECT_SPEED INT(11) NULL, INDEX RADUSAGE_ui1 (USERNAME) ) TYPE=INNODB; }) || die Unable to prepare new table query: .$dbh-errstr.\n; $sth2-execute(); $sth2-finish(); # Restart radius # This assumes a restart wrapper - we use svscan, so we just kill # the process. Change this system call to reflect the type of # wrapper you are using. Not elegant, but it works. system('/usr/bin/killall -9 radiusd'); # Now clean up the archive remove everything except STOP records $sql = DELETE from $tablename where acctstatustype != '2'; $sth3 = $dbh-prepare($sql); $sth3-execute(); $sth3-finish(); # Close the database connection $dbh-disconnect; exit(); sub getdate { # Gets the current date and creates a name to use for creation # of an archive table for the previous month's data, then # returns the name created my @months = (jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec ); # Get current time # The month returned is an integer between 0 and 11 my ($second, $minute, $hour, $day, $month, $year, $weekday, $dayofyear, $IsDST) = localtime(time); # Tidy up the year if ($year = 100){ $year = $year - 100; } # Add a leading 0 if year is less than 2010 if ($year 10){ $year = 0.$year; } # Get the last month so we can name the archive table correctly if ($month == 0){ # january $last_month = 11; # december $year = $year - 1; }else{ $last_month = $month - 1; } # generate the name of the archive table $tablename = $months[$last_month] . $year; # return the calculated value
(RADIATOR) Accounting Log file format
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [S H A N [EMAIL PROTECTED]] Date: Wed, 6 Nov 2002 17:14:25 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Nov 6 17:14:24 2002 Received: from smtp12.singnet.com.sg (smtp12.singnet.com.sg [165.21.6.32]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id gA6NENC03921 for [EMAIL PROTECTED]; Wed, 6 Nov 2002 17:14:24 -0600 Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp12.singnet.com.sg (8.12.6/8.12.6) with ESMTP id gA746kLE016649 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:46 +0800 Received: (from shanali@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) id MAA26714 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:40 +0800 (SST) Date: Thu, 7 Nov 2002 12:06:40 +0800 From: S H A N [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Accounting Log file format Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=EVF5PPMfhYS0aIcm Content-Disposition: inline User-Agent: Mutt/1.4i --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, attached is the derised format of accounting log file format. what would be the best way in radiator to accomplish the same? thanks -- S H A N --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=detail Content-Transfer-Encoding: quoted-printable Date,Time,User-Name,NAS-IP-Address,NAS-Port,Service-Type,Frame= d-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filte= r-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Lo= gin-TCP-Port,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Ne= twork,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Terminat= ion-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Prox= y-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-App= leTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Statu= s-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Se= ssion-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-O= utput-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Co= unt,NAS-Port-Type,Port-Limit,Login-LAT-Port,Ascend-User-Acct-Type,= Ascend-User-Acct-Host,Ascend-User-Acct-Port,Ascend-User-Acct-Key,Asc= end-User-Acct-Base,Ascend-User-Acct-Time,Ascend-Event-Type,Ascend-Ses= sion-Svr-Key,Ascend-Multilink-ID,Ascend-Num-In-Multilink,Ascend-First= -Dest,Ascend-Pre-Input-Octets,Ascend-Pre-Output-Octets,Ascend-Pre-Inp= ut-Packets,Ascend-Pre-Output-Packets,Ascend-Disconnect-Cause,Ascend-C= onnect-Progress,Ascend-Data-Rate,Ascend-PreSession-Time,Ascend-Number= -Sessions 2001-02-04,11:26:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Start,1459617792,,,307= 404956,RADIUS,,,Async,, 2001-02-04,11:50:38,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Start,905969664,,,3074= 04957,RADIUS,,,Async,, 2001-02-04,12:50:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Stop,1207959552,343857,= 571682,307404956,RADIUS,5056,6685,1596Async,224.0.0.= 2,385,242,9,13,185,60,26400,25, 2001-02-04,12:51:15,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Stop,33554432,787195,75= 90014,307404957,RADIUS,3690,16800,7522Async,129.10.1= .11,385,236,8,12,45,60,28800,35, 2001-02-04,15:16:27,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Start,0,,,307404959,RADIUS,,,= Async,, 2001-02-04,15:19:29,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Stop,0,3757,17881,307404959,RADIUS= ,181,84,88Async,203.120.90.40,427,248,11,12,45,60,28800= ,30, 2001-02-04,18:08:11,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Start,0,,,307404961,= RADIUS,,,Async,, 2001-02-04,18:21:50,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Stop,0,1439934,261541,= 307404961,RADIUS,819,27008,1946Async,224.0.0.2,393,2= 42,11,13,45,60,26400,35, 2001-02-04,20:13:33,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Start,385875968,,,307404964,RADIUS= ,,,Async,, 2001-02-04,20:15:11,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Stop,369098752,3827,3222,307404964,= RADIUS,99,198,175Async,224.0.0.2,429,236,10,12,45,60,3= 1200,19, 2001-02-04,20:51:18,user5.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.=
(RADIATOR) Re: Upgrade Procedure
Hello AbdusSami - I generally recommend using seperate directories for different versions. regards Hugh On Thursday, November 7, 2002, at 05:20 AM, Mohammed AbdusSami wrote: Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Accounting Log file format
Hello Shan - You would use an AcctFileFormat specification in your Realm or Handler. Section 6.16.5 in the Radiator 3.3.1 reference manual (doc/ref.html). Alternatively you could write a hook to do the same thing. regards Hugh On Thursday, November 7, 2002, at 03:14 PM, Mike McCauley wrote: -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [S H A N [EMAIL PROTECTED]] Date: Wed, 6 Nov 2002 17:14:25 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Nov 6 17:14:24 2002 Received: from smtp12.singnet.com.sg (smtp12.singnet.com.sg [165.21.6.32]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id gA6NENC03921 for [EMAIL PROTECTED]; Wed, 6 Nov 2002 17:14:24 -0600 Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp12.singnet.com.sg (8.12.6/8.12.6) with ESMTP id gA746kLE016649 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:46 +0800 Received: (from shanali@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) id MAA26714 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:40 +0800 (SST) Date: Thu, 7 Nov 2002 12:06:40 +0800 From: S H A N [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Accounting Log file format Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=EVF5PPMfhYS0aIcm Content-Disposition: inline User-Agent: Mutt/1.4i --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, attached is the derised format of accounting log file format. what would be the best way in radiator to accomplish the same? thanks -- S H A N --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=detail Content-Transfer-Encoding: quoted-printable Date,Time,User-Name,NAS-IP-Address,NAS-Port,Service- Type,Frame= d-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed- Routing,Filte= r-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login- Service,Lo= gin-TCP-Port,Callback-Number,Callback-Id,Framed-Route,Framed- IPX-Ne= twork,Class,Vendor-Specific,Session-Timeout,Idle- Timeout,Terminat= ion-Action,Called-Station-Id,Calling-Station-Id,NAS- Identifier,Prox= y-State,Login-LAT-Service,Login-LAT-Node,Login-LAT- Group,Framed-App= leTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct- Statu= s-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output- Octets,Acct-Se= ssion-Id,Acct-Authentic,Acct-Session-Time,Acct-Input- Packets,Acct-O= utput-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct- Link-Co= unt,NAS-Port-Type,Port-Limit,Login-LAT-Port,Ascend-User-Acct- Type,= Ascend-User-Acct-Host,Ascend-User-Acct-Port,Ascend-User-Acct- Key,Asc= end-User-Acct-Base,Ascend-User-Acct-Time,Ascend-Event- Type,Ascend-Ses= sion-Svr-Key,Ascend-Multilink-ID,Ascend-Num-In-Multilink,Ascend- First= -Dest,Ascend-Pre-Input-Octets,Ascend-Pre-Output-Octets,Ascend- Pre-Inp= ut-Packets,Ascend-Pre-Output-Packets,Ascend-Disconnect- Cause,Ascend-C= onnect-Progress,Ascend-Data-Rate,Ascend-PreSession-Time,Ascend- Number= -Sessions 2001-02- 04,11:26:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Start,1459617792,,, 307= 404956,RADIUS,,,Async,, 2001-02- 04,11:50:38,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Start,905969664,,, 3074= 04957,RADIUS,,,Async,, 2001-02- 04,12:50:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Stop,1207959552,343 857,= 571682,307404956,RADIUS,5056,6685,1596Async,224. 0.0.= 2,385,242,9,13,185,60,26400,25, 2001-02- 04,12:51:15,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Stop,33554432,78719 5,75= 90014,307404957,RADIUS,3690,16800,7522Async,129. 10.1= .11,385,236,8,12,45,60,28800,35, 2001-02- 04,15:16:27,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Start,0,,,307404959,RADIUS ,,,= Async,, 2001-02- 04,15:19:29,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Stop,0,3757,17881,307404959,RAD IUS= ,181,84,88Async,203.120.90.40,427,248,11,12,45,60,2 8800= ,30, 2001-02- 04,18:08:11,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Start,0,,,30740496 1,= RADIUS,,,Async,, 2001-02- 04,18:21:50,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Stop,0,1439934,2615 41,= 307404961,RADIUS,819,27008,1946Async,224.0.0.2,3 93,2= 42,11,13,45,60,26400,35, 2001-02- 04,20:13:33,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Start,385875968,,,307404964,RAD IUS=
Re: (RADIATOR) Renaming cisco-avpair
Hello German - If you call $p-get_attr(..) in a list context instead of a scalar context, you will get the complete list. Have a look at the code in Radius/AttrVal.pm. regards Hugh On Thursday, November 7, 2002, at 07:56 AM, GermanG wrote: Hello, I would like to save Radius accounting tickets from a Cisco AS5300 in a SQL database but Cisco AS5300 is sending multiple attributes cisco-avpair. I would like to save all cisco-avpair so I need to rename them. For example, An original cisco-avpair like this: cisco-avpair = connect-progress=41 I want it like this: cisco-avpair-connect-progress = 41 or just connect-progress = 41 I made a hook (based on /goddies/hooks.txt) for add a new attribute for each cisco-avpair. But this hook only catch the first cisco-avpair and I can not find the way to analize the rest of cisco-avpair. Hook code: # -*- mode: Perl -*- # Converts cisco-avpair into different attributes # sub { my $p = ${$_[0]}; my $ciscoavpair; my $ciscoavpair_name; my $ciscoavpair_value; if ($ciscoavpair = $p-get_attr('cisco-avpair')) { $ciscoavpair =~ /=/; $ciscoavpair_name = $`; $ciscoavpair_value = $'; $p-add_attr(cisco-avpair-$ciscoavpair_name, $ciscoavpair_value) } return; } # I´ve read the sub get_attr from /Radius/AttrVal.pm and found that if you ask for an attribute in a scalar context only returns the first one (that´s my case!). How can I ask for an attribute in another way? (maybe as an array but, How?) Does anyboby have anything that could help on this? I´ve tried with a while instead of an if , the result was a loop with the same (first) cisco-avpair. If I add a -delete_attr after the add, the result (as said in /Radius/AttrVal.pm ) deletes all cisco-avpair. Best Regards, German Gatica === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) password encryption and proxying to iPass
Hello Dave - Actually, you will see the decoded password if PAP is being used. You will not see it for CHAP. regards Hugh On Thursday, November 7, 2002, at 06:22 AM, Dave Kitabjian wrote: I just observed something, but maybe someone can tell me if I'm right or confused... I just noticed that foreign iPass users hitchhiking on our network (aka, "iPass outbound") are showing up in our Authentication Log, complete with clear text passwords. Now, I know this info is MD5 encrypted between the NAS and Radiator, and then later it's encrypted between the local outbound iPass server and the central iPass network via a proprietary iPass protocol. But I guess internal to Radiator it's inevitable that the passwords be available in clear text? Or maybe it's only necessary for CHAP, but PAP can store the p/w encrypted so it's NEVER in cleartext? Thanks all, Dave NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
RE: (RADIATOR) Re: Upgrade Procedure
Thanks a lot. Regards, AbdusSami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Thursday, November 07, 2002 9:51 AM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: (RADIATOR) Re: Upgrade Procedure Hello AbdusSami - I generally recommend using seperate directories for different versions. regards Hugh On Thursday, November 7, 2002, at 05:20 AM, Mohammed AbdusSami wrote: Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.