(RADIATOR) Re: A simple usage table rotation script
Hi Gordon -
Many thanks - I have forwarded your mail to Mike and this will get
included in the goodies.
cheers
Hugh
On Wednesday, November 6, 2002, at 08:15 AM, Gordon Smith wrote:
Hi,
Just thought I'd share this simple solution, if anyone is interested.
:-)
We use Radmin, and had been looking for an easy way to archive each
month's usage without impacting radius.
The pretty much ruled out doing a select into, because of the CPU hit
you take doing that.
So I wrote a simple script, called as a cron job on the first day of
the
month.
We're using mysql with innodb tables, so the database can fill up if
the
data doesn't get archived off somewhere else.
This script handles the rotation of the usage table, then we can
archive
data to CD when its convenient.
Oh, on a completely different topic, if anyone is using FreeTDS and
DBD::Sybase to insert info into MS-SQL databases, DON'T upgrade your
DBD::Sybase. It won't work after version 0.94. This is because of some
changes in the DBD::Sybase code that isn't in the freetds libraries.
Cheers,
Gordon Smith CCNA
Network Operations Manager
MoreNet Ltd
#!/usr/bin/perl -w
# Radius usage table rotation script
#
# Gordon Smith 31 Oct, 2002
#
# [EMAIL PROTECTED]
#
# MoreNet Ltd.
use strict;
use DBI;
# Database
my $radius_db = DBI:mysql:radmin;
my $radius_user = ;
my $radius_pwd = ;
# local variables
my ($dbh, $last_month, $tablename, $sth, $sth2, $sth3, $sql);
# Generate the name of the table to create
$tablename = getdate();
# Establish database connection
$dbh = DBI-connect($radius_db, $radius_user, $radius_pwd)
|| die Cannot connect to database!\n $DBI::errstr\n
unless (defined $dbh);
# Rename RADUSAGE table
$sth = $dbh-prepare(
qq{ALTER TABLE RADUSAGE RENAME TO $tablename})
|| die Unable to prepare rename table query:
.$dbh-errstr.\n;
$sth-execute();
$sth-finish();
# Create new RADUSAGE table
$sth2 = $dbh-prepare(
qq{CREATE TABLE RADUSAGE(
ACCTDELAYTIME INT(11) NULL,
ACCTINPUTOCTETS INT(11) NULL,
ACCTOUTPUTOCTETS INT(11) NULL,
ACCTSESSIONID VARCHAR(30) NULL,
ACCTSESSIONTIME INT(11) NULL,
ACCTSTATUSTYPE INT(11) NULL,
ACCTTERMINATECAUSE VARCHAR(50) NULL,
DNIS VARCHAR(30) NULL,
FRAMEDIPADDRESS VARCHAR(30) NULL,
NASIDENTIFIER VARCHAR(50) NOT NULL,
NASPORT INT(11) NULL,
TIME_STAMP INT(11) NULL,
USERNAME VARCHAR(50) NOT NULL,
CALLERID VARCHAR(30) NULL,
CONNECT_SPEED INT(11) NULL,
INDEX RADUSAGE_ui1 (USERNAME)
) TYPE=INNODB;
})
|| die Unable to prepare new table query: .$dbh-errstr.\n;
$sth2-execute();
$sth2-finish();
# Restart radius
# This assumes a restart wrapper - we use svscan, so we just kill
# the process. Change this system call to reflect the type of
# wrapper you are using. Not elegant, but it works.
system('/usr/bin/killall -9 radiusd');
# Now clean up the archive remove everything except STOP records
$sql = DELETE from $tablename where acctstatustype != '2';
$sth3 = $dbh-prepare($sql);
$sth3-execute();
$sth3-finish();
# Close the database connection
$dbh-disconnect;
exit();
sub getdate {
# Gets the current date and creates a name to use for creation
# of an archive table for the previous month's data, then
# returns the name created
my @months =
(jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec
);
# Get current time
# The month returned is an integer between 0 and 11
my ($second, $minute, $hour, $day, $month, $year, $weekday,
$dayofyear, $IsDST) = localtime(time);
# Tidy up the year
if ($year = 100){
$year = $year - 100;
}
# Add a leading 0 if year is less than 2010
if ($year 10){
$year = 0.$year;
}
# Get the last month so we can name the archive table correctly
if ($month == 0){ # january
$last_month = 11; # december
$year = $year - 1;
}else{
$last_month = $month - 1;
}
# generate the name of the archive table
$tablename = $months[$last_month] . $year;
# return the calculated value
return $tablename;
}
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body
Re: (RADIATOR) Question about Calls table
Hello Lin - This is because the default format for integer-date is being used. If you want to change it you should specify your own DateFromat. See sections 6.28.14 and 6.3 in the Radiator 3.3.1 reference manual. regards Hugh On Wednesday, November 6, 2002, at 07:55 AM, Huaikun Lin wrote: Hi Hugh Here is my radius configuration: Foreground LogStdout LogDir /var/log/radius DbDir /local/etc/radius PidFile /var/run/radiusd.pid SnmpgetProg /local/bin/snmpget AuthPort1645 AcctPort1646 Trace 3 client xxx ... /client Handler Request-Type = Accounting-Request RewriteUsername s/^([^@]+).*/$1/ AuthBy EMERALD # You can use this to force Radiator to limit # maximum session times to how many minutes # are left in subaccounts.timeleft DefaultSimultaneousUse 1 TimeBanking # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSourcedbi:Sybase:server=xxx;database=xxx DBUsername DBAuth # You can add to or change these if you want. AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Ascend-Disconnect-Cause,integ er # AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer # AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AddATDefaults AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check /AuthBy # Log all accounting into daily log files AcctLogFileName /var/log/radius/log/%Y%m%d.act /Handler Handler RewriteUsername s/^([^@]+).*/$1/ # If Platypus rejects the login, forward it to the old Radius server #AuthByPolicy ContinueUntilAccept PasswordLogFileName %L/password.log AuthBy EMERALD # You can use this to force Radiator to limit # maximum session times to how many minutes # are left in subaccounts.timeleft DefaultSimultaneousUse 1 TimeBanking # Change DBSource, DBUsername, DBAuth for your database # See the reference manual DBSourcedbi:Sybase:server=;database=xxx DBUsername xx DBAuth xx AddATDefaults AuthSelect ,sa.LoginLimit AuthColumnDef 0,Simultaneous-Use,check /AuthBy AuthBy DBFILE Filename %D/users /AuthBy AuthBy FILE Filename %D/users /AuthBy /Handler The following is one example of trace 4 debug: Thu Sep 5 23:00:03 2002: DEBUG: Packet dump: *** Received from 203.96.xx.xx port 39577 Code: Access-Request Identifier: 167 Authentic: 00X24200t00,400B173 Attributes: Proxy-Action = AUTHENTICATE User-Name = andy.hema User-Password = 184/2139gG192374177232252250223 NAS-IP-Address = 192.168.8.253 NAS-Port = 278 Acct-Session-Id = 18159809 USR-Interface-Index = 1534 Service-Type = Framed-User Framed-Protocol = PPP Chassis-Call-Slot = 2 Chassis-Call-Span = 1 Chassis-Call-Channel = 22 Calling-Station-Id = Called-Station-Id = 1900 Connect-Speed = NONE NAS-Port-Type = Async User-Id = andy.hema NAS-Identifier = ipw1-n1-15.ipnet.telecom.co.nz User-Realm = actrix Proxy-State = 0 Thu Sep 5 23:00:03 2002: DEBUG: Rewrote user name to andy.hema Thu Sep 5 23:00:03 2002: DEBUG: Check if Handler Realm=twor.ac.nz should be use d to handle this request Thu Sep 5 23:00:03 2002: DEBUG: Check if Handler Request-Type = Accounting-Requ est should be used to handle this request Thu Sep 5 23:00:03 2002: DEBUG: Check if Handler should be used to handle this request Thu Sep 5 23:00:03 2002: DEBUG: Handling request with Handler '' Thu Sep 5 23:00:03 2002: DEBUG: Rewrote user name to andy.hema Thu Sep 5 23:00:03 2002: DEBUG: Deleting session for andy.hema, 192.168.8.253, 278 Thu Sep 5 23:00:03 2002: DEBUG: do query is: delete from RADONLINE where NASIDE NTIFIER='192.168.8.253'
Re: Fwd: (RADIATOR) Question on FailurePolicy within SQLRADIUS
Hi Martin, On Wed, 6 Nov 2002 18:58, Hugh Irvine wrote: Mikey - Could you answer Martin please? ta Hugh Begin forwarded message: From: Martin Edge [EMAIL PROTECTED] Date: Wed Nov 6, 2002 9:17:50 AM Australia/Melbourne To: Radiator [EMAIL PROTECTED] Subject: (RADIATOR) Question on FailurePolicy within SQLRADIUS Hey Guys, Quick question (well, it might not be ;)), I have a feeling I might have asked something along the same lines before.. But I'm trying to test the FailurePolicy settings within SQLRADIUS. Having a look.. Now, within the code, it's saying if HostColumnDef exists, then use getHostColumns in order to set the current configuration for the next host to proxy to. When the failurepolicy is set from retrieving the server, I'm trying to confirm whether it would be assigning the FailurePolicy to that one server, just for that request, or to a group of packets to the same destination server port pair. The failure policy from teh database is used to set a flag in the request packet. So the policy you get applies to just that request sent to just that server. Obviously, the failurePolicy will usually be exactly the same for every request sent to a particular server, but it doent have to be so. $fp is used within the code here, but I'm not sure what that is referencing .. Appears to be the current packet instance ? $fp refers to the packet currently being forwarded. Technically, if there is no host to proxy to, (which I guessing is quite possible as there is no single identifier for a destination proxy, This is that NumHosts debarkle again), then it will fall back to the superclass to fall back to any hardwired hosts. At which point does it honor the failurepolicy ? If no host comes from the database, then there is no host to proxy to and therefore the failure policy has no meaning (recall the policy defines what to do if there is no reply to a proxied packet) If no host comes from the database, it falls back to any hardwired hosts in AuthBy SQLRADIUS. Is the expectation that a FailurePolicy will only be used when the hosts that are avaliable are being ignored? ...are not replying. Yes. Not when HostSelect returns no results on the second attempt for those downstreams with an additional RADIUS server (as defined by the limitations of NumHosts) that don't exist? Correct. I guess the global issue appears to be that a downstream proxy customer isn't identified as anyone in particular within the RADIUS code. Is there any plans for development within the SQLRADIUS module to create an pseudo-identifier, to give the ability to configuring information about the downstream and setting statistics etc. for each Downstream Identifier within the SQLRADIUS results.. ? Or is this too specific and would be best hiding in it's own AuthBy Module ? No current plans for SQLRADIUS, but obvious and generally felt deficiencies will (as always) be addressed. Discussion is welcome. Hope I'm not being too confusing :-) Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthSQL with password imported from /etc/shadow
Hello Daniel -
You should not use "EncryptedPassword". The "{crypt}" tag on the front of the string will cause "the right thing" to happen if you access the field as just a plain password.
cheers
Hugh
On Thursday, November 7, 2002, at 01:51 AM, [EMAIL PROTECTED]> wrote:
Hi,
Solaris 2.8 Node
Imported my password from /etc/shadow in my SQL database in table CRYPTPW.
{crypt}IofLKK/oJstSo
sql.cfg:
AuthSelect select CRYPTPW from USERS where N = %0 EncryptedPassword
Access-Request from cisco-NAS
Request denied
Are I'm on the wrong way? Clear Password Authentication works fine
Please help...
Thanks...Daniel
mailto:[EMAIL PROTECTED]
Internet:www.swisscom.com/enterprise-solutions
NB: I am travelling this week, so there may be delays in our correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
Re: (RADIATOR) How to check sessions with ADSL Cisco 6400 / 7200 ?
Hello Antonio - I suspect this is a question for Cisco. Anybody happen to know the answer? regards Hugh On Friday, September 6, 2002, at 06:57 PM, Antonio J. Anton wrote: Hello everybody, We are going to use Cisco 6400 Cisco 7200 to connect ADSL subscribers. We want to use the same Radiator we're using for dialup access. The problem we have is we don't know how to check for simultaneous use or phantom session to that access servers for a specific user. We know an SNMP OID to get the Username in case of VPDN tunnels, but we are not using that access mode, we're ending our tunnels with PPPoA and we don't know any OID to get the Username based on any radius attribute. Anybody knows how to do this job? We're looking for a SNMP solution instead of asking directly the access server with IOS commands because these systems are very loaded. Thanks in advance, Antonio === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator not honoring shadow attributes
Hello Mike - You should probably use an AuthBy SYSTEM instead. regards Hugh On Wednesday, November 6, 2002, at 03:54 AM, Mike Saunders wrote: -Original Message- From: Hugh Irvine [mailto:hugh;open.com.au] Sent: Tuesday, November 05, 2002 10:21 AM To: Mike Saunders Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator not honoring shadow attributes Hello Mike - What exactly are you referring to as shadow attributes? regards Hugh Account is unlocked and works fine test123:Changed:11996::9136461764 Account is locked or expired. test123:Changed:11996::9:::11995:136461764 Notice the 11995. It's the number of days since the UNIX epoch. That entry puts the expiration on the account at November 4th, 2002. So today the account *should not* be able to dial up. However it still is. This is from man 5 shadow on this box: SHADOW(5) SHADOW(5) NAME shadow - encrypted password file DESCRIPTION shadow contains the encrypted password information for user's accounts and optional the password aging informa- tion. Included is Login name Encrypted password Days since Jan 1, 1970 that password was last changed Days before password may be changed Days after which password must be changed Days before password is to expire that user is warned Days after password expires that account is disabled Days since Jan 1, 1970 that account is disabled A reserved field So, radiator isn't honoring the shadow account disabled field. Any ideas on how to make it do this, or do we need to use a different Auth mechanism? -Mike Saunders Mike Saunders Systems Administration Magic Internet Services, Inc. (701) 838-1265 (701) 857-0238 (voicemail) [EMAIL PROTECTED] http://www.minot.com NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Auth by NAS-Identifier
Hello - You can use a regular expression in the check like this: NAS-IP-Address = /^10\.0\.0\./ which will match all the IP addresses starting with 10.0.0.. Note that you are matching strings with a Perl regexp, not an IP address per se. And no you should not have to upgrade, but do some testing to make sure. regards Hugh On Wednesday, November 6, 2002, at 03:26 AM, Ben-Nes Michael wrote: Hi Again What will the ( AuthColumnDef n, GENERIC, check ) is going to check ? That the Ip in the db is equal to the one from the NAS ? If so how can i specify an ALL IP ? can I use netmask like 10.0.0.1/0 ? or maybe 'ALL' ? And last Q, will i have to upgrade from ver 2.17.1 to enable such check ? Have a nice travelling ;) Hello - Yes you can do what you describe, with a check and reply column. You will need to redefine your AuthSelect query and add the corresponding AuthColumnDef's as you show below. BTW - the latest version is Radiator 3.3.1. regards Hugh On Wednesday, November 6, 2002, at 02:56 AM, Ben-Nes Michael wrote: Hi All I'm an old radiator user :) using ver 2.17.1 with (AuthBy SQL) And Nas: cisco 2511 and PM3 All work great but now I want to enable filters so customer will have PPP accounts that are restricted to emails only. This can be achieved with PM3 easily by using Attribute: Filter-Id. My Q is how can I tell my radius to log only the users that come form the PM3. I thought of adding a column to my db like: NAS-Identifier=some_ip and then add a AuthColumnDef n, GENERIC, check - to see if the ip is correct. Is this the right way ? if so how can I tell the radius that some of the users can log from any NAS while some can log from only one NAS ? Will I have to upgrade to the latest version ? Thanks in advance === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Best Way to do this proxy
Hello Skeeve -
There is no difference using Handlers.
I am not sure I understand your question - could you give me a bit more
detail please?
regards
Hugh
On Tuesday, November 5, 2002, at 07:54 PM, Skeeve Stevens wrote:
Is there much difference because we use Handlers?
I am not sure how you would integrate the Proxy radius for say
user@customer to be checked before being allowed to continue.
...Skeeve
example client:
Client 203.194.28.131
Secret m0d3m5
NasType Ascend
Identifier Comindico
/Client
Session Address:
SessionDatabase SQL
Identifier SDB1
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
AddQuery insert into online
(acct_handle,nas_id,online_nasport,online_sessionid,online_date,online_
i
paddress,online_servicetype,online_calling_station,online_called_statio
n
,online_key,online_group) values
('%n','%N','%{NAS-Port}','%{Acct-Session-
Id}',from_unixtime(%{Timestamp}
),'%{Framed-IP-Address}','%{Service-Type}','%{Calling-Station-
Id}','%{Ca
lled-Station-Id}','%{Ascend-Session-Svr-Key}','%{Client:X-GroupName}')
DeleteQuery delete from online where acct_handle = '%n' and
nas_id = '%N' and online_nasport = %{NAS-Port}
ClearNasQuery delete from online where nas_id = '%N'
CountQuery select nas_id,online_nasport,online_sessionid from
online where acct_handle = '%n'
/SessionDatabase
AddressAllocator SQL
Identifier SDB1
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from
RADPOOL where POOL='%0' and STATE=0 order by TIME_STAMP
AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=%0,
EXPIRY=%1, USERNAME=%2, NAS='%{Calling-Station-Id}' where YIADDR='%3'
and TIME_STAMP %4
AddAddressQuery insert into RADPOOL (STATE, TIME_STAMP, POOL,
YIADDR, SUBNETMASK, DNSSERVER, USERNAME, NAS) values (0, %t, '%0',
'%1',
'%2', '%3', '%n', '%{Calling-Station-Id}')
AddressPool pool1
Subnetmask 255.255.255.255
DNSServer 203.24.66.204
Range 203.222.150.192/26
/AddressPool
/AddressAllocator
The Handler:
Handler Client-Identifier = Comindico
#Realm DEFAULT
#AuthByPolicy ContinueWhileIgnore#
AuthByPolicy ContinueWhileAccept
RewriteUsername tr/A-Z/a-z/
SessionDatabase SDB1
AuthBy SQL
Identifier SDB1
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
AuthSelect select auth_upass_crypt,((auth_max_sessions)*2) as
auth_max_sessions,auth_idle_timeout,auth_subnet,auth_netmask,auth_reply
p
airs,auth_dc_time,auth_group from auth where auth_uname='%n' and
auth_stat_id = 1 and curdate() auth_expire auth_server != 1
RejectEmptyPassword
EncryptedPassword
AddToReply Ascend-Client-Primary-DNS=203.24.66.204,
Ascend-Client-Secondary-DNS=203.24.66.193, Ascend-Client-Assign-DNS =
DNS-Assign-Yes, Framed-Protocol = PPP, Service-Type = Framed-User
AccountingTable detail
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, Simultaneous-Use, check
AuthColumnDef 2, Idle-Timeout, reply
AuthColumnDef 3, Framed-IP-Address, reply
AuthColumnDef 4, Framed-IP-Netmask, reply
AuthColumnDef 5, Framed-Route, reply
AuthColumnDef 6, Session-Timeout, reply
AuthColumnDef 7, X-GroupName, reply
AcctColumnDef detail_acct_handle,User-Name
AcctColumnDef detail_nas_id,NAS-IP-Address
AcctColumnDef
detail_date,Timestamp,formatted-date,from_unixtime(%s)
AcctColumnDef detail_type,Acct-Status-Type
AcctColumnDef detail_delay,Acct-Delay-Time,integer
AcctColumnDef detail_called_station,Called-Station-Id
AcctColumnDef detail_calling_station,Calling-Station-Id
AcctColumnDef detail_inbytes,Acct-Input-Octets,integer
AcctColumnDef detail_outbytes,Acct-Output-Octets,integer
AcctColumnDef detail_sessionid,Acct-Session-Id
AcctColumnDef detail_sessiontime,Acct-Session-Time,integer
AcctColumnDef detail_termcause,Acct_Terminate-Cause
AcctColumnDef detail_termcause,Ascend-Disconnect-Cause
AcctColumnDef detail_nasport,NAS-Port,integer
AcctColumnDef detail_ipaddress,Framed-IP-Address
/AuthBy
AuthBy DYNADDRESS
Allocator SDB1
PoolHint pool1
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
/AuthBy
AuthLog SQL
DBSource dbi:mysql:xxx:xxx
DBUsername root
DBAuth tekflex
Table RADAUTHLOG
LogSuccess 0
LogFailure 1
FailureQuery INSERT INTO authlog
(username,timestamp,priority,message,password) VALUES ('%n', %t, %0,
%1%r%r, '%P')
/AuthLog
Log SQL
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
Table radlog
/Log
/Handler
-Original Message-
From: [EMAIL PROTECTED]
[mailto:owner-radiator;open.com.au] On Behalf Of Hugh Irvine
Sent: Monday, November 04, 2002 2:22 AM
To:
(RADIATOR) RE: Upgrade Procedure
Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) AuthBy LDAP2
Hello, I have resolved my issue. We were rewriting the username, stripping off the Realm, and then trying to use %R. %R must have been empty or something because the realm was stripped off. Rather than using this: UsernameAttr uid We now use this and skip the username rewriting altogether: SearchFilter (uid=%U) So far, it seems to work just fine. Thanks, Jason Hugh Irvine wrote: Hello Jason - Yes you can use special characters in the BaseDN parameter. Could you please send me a copy of the configuration file (no secrets), together with a trace 4 debug from Radiator showing what is happening. BTW - what version of Radiator are you running, and what hardware/software platform? regards Hugh On Wednesday, November 6, 2002, at 02:50 AM, Jason Signalness wrote: Hello, I have been trying to set up authentication against an LDAP directory. This clause results in LDAP_NO_SUCH_OBJECT errors: AuthBy LDAP2 Identifier BTICheckLDAP Hostds.btinet.net UsernameAttruid BaseDN ou=People,o=%R,o=bti EncryptedPasswordAttr userPassword /AuthBy But if I hard code the realm name it works: AuthBy LDAP2 Identifier BTICheckLDAP Hostds.btinet.net UsernameAttruid BaseDN ou=People,o=testrealm.com,o=bti EncryptedPasswordAttr userPassword /AuthBy Since we have many realms, it is not going to work to hard code them in the radiator config file. Am I correct to assume that the %R cannot be used in an AuthBy LDAP2 clause? If so, how can I get around this? Thanks in advance, -- Jason Signalness, Systems Administrator Basin Telecommunications, Inc. [EMAIL PROTECTED] 1-701-355-5727 -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Jason Signalness, Systems Administrator Basin Telecommunications, Inc. [EMAIL PROTECTED] 1-701-355-5727 -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) password encryption and proxying to iPass
Title: Message I just observed something, but maybe someone can tell me if I'm right or confused... I just noticed that foreign iPass users hitchhiking on our network (aka, "iPass outbound") are showing up in our Authentication Log, complete with clear text passwords. Now, I know this info is MD5 encrypted between the NAS and Radiator, and then later it's encrypted between the local outbound iPass server and the central iPass network via a proprietary iPass protocol. But I guess internal to Radiator it's inevitable that the passwords be available in clear text? Or maybe it's only necessary for CHAP, but PAP can store the p/w encrypted so it's NEVER in cleartext? Thanks all, Dave
(RADIATOR) Renaming cisco-avpair
Hello,
I would like to save Radius accounting tickets from a Cisco AS5300 in a SQL
database but Cisco AS5300 is sending multiple attributes cisco-avpair. I
would like to save all cisco-avpair so I need to rename them.
For example,
An original cisco-avpair like this:
cisco-avpair = connect-progress=41
I want it like this:
cisco-avpair-connect-progress = 41
or just
connect-progress = 41
I made a hook (based on /goddies/hooks.txt) for add a new attribute for each
cisco-avpair.
But this hook only catch the first cisco-avpair and I can not find the way
to analize the rest of cisco-avpair.
Hook code:
# -*- mode: Perl -*-
# Converts cisco-avpair into different attributes
#
sub
{
my $p = ${$_[0]};
my $ciscoavpair;
my $ciscoavpair_name;
my $ciscoavpair_value;
if ($ciscoavpair = $p-get_attr('cisco-avpair'))
{
$ciscoavpair =~ /=/;
$ciscoavpair_name = $`;
$ciscoavpair_value = $';
$p-add_attr(cisco-avpair-$ciscoavpair_name, $ciscoavpair_value)
}
return;
}
#
I´ve read the sub get_attr from /Radius/AttrVal.pm and found that if you
ask for
an attribute in a scalar context only returns the first one (that´s my
case!).
How can I ask for an attribute in another way? (maybe as an array but, How?)
Does anyboby have anything that could help on this?
I´ve tried with a while instead of an if , the result was a loop with
the same (first) cisco-avpair.
If I add a -delete_attr after the add, the result (as said in
/Radius/AttrVal.pm ) deletes all cisco-avpair.
Best Regards,
German Gatica
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Renaming cisco-avpair
This may not be worth much, but...
You might consider deleting each cisco-avpair attribute from the list after you recode
it, and then add it back in the right way, such as cisco-avpair-connect-progress =
41. That way, you'll get the next one in line the next time you call get_attr()
because the first one will be gone.
Dave
:)
-Original Message-
From: GermanG [mailto:gaticag;hotmail.com]
Sent: Wednesday, November 06, 2002 3:56 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Renaming cisco-avpair
Hello,
I would like to save Radius accounting tickets from a Cisco
AS5300 in a SQL database but Cisco AS5300 is sending multiple
attributes cisco-avpair. I would like to save all
cisco-avpair so I need to rename them. For example, An
original cisco-avpair like this: cisco-avpair =
connect-progress=41 I want it like this:
cisco-avpair-connect-progress = 41 or just connect-progress = 41
I made a hook (based on /goddies/hooks.txt) for add a new
attribute for each cisco-avpair. But this hook only catch the
first cisco-avpair and I can not find the way to analize the
rest of cisco-avpair.
Hook code:
# -*- mode: Perl -*-
# Converts cisco-avpair into different attributes
#
sub
{
my $p = ${$_[0]};
my $ciscoavpair;
my $ciscoavpair_name;
my $ciscoavpair_value;
if ($ciscoavpair = $p-get_attr('cisco-avpair'))
{
$ciscoavpair =~ /=/;
$ciscoavpair_name = $`;
$ciscoavpair_value = $';
$p-add_attr(cisco-avpair-$ciscoavpair_name, $ciscoavpair_value)
}
return;
}
#
I´ve read the sub get_attr from /Radius/AttrVal.pm and
found that if you ask for an attribute in a scalar context
only returns the first one (that´s my case!). How can I ask
for an attribute in another way? (maybe as an array but,
How?) Does anyboby have anything that could help on this?
I´ve tried with a while instead of an if , the result was
a loop with the same (first) cisco-avpair. If I add a
-delete_attr after the add, the result (as said in
/Radius/AttrVal.pm ) deletes all cisco-avpair.
Best Regards,
German Gatica
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RE: Upgrade Procedure
Some additional tips which have been discussed before: When upgrading from major versions (2.x to 3.x), it is best to do some testing by installing it in a 'lab' system. Especially if the revisions differ in the way they do things. We had an issue before that affected the assignment of IP addresses (DYNADDRESS) due to the way our configuration file was written and it was good that we tested it before. Read the revision history as per my note before. And to answer your question, yes you can install on the same directory as long as you're sure that the new system has been tested according to your requirements. Regards, Neil On Thursday, November 7, 2002, at 02:20 AM, Mohammed AbdusSami wrote: Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:hugh;open.com.au] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Fwd: A simple usage table rotation script
Hello Gordon,
Thanks very much for your contribution.
We have added it to the RAdmin goodies for the next release.
Thanks again.
Cheers.
On Wed, 6 Nov 2002 18:53, Hugh Irvine wrote:
Mikey -
Contributions
cheers
Hugh
Begin forwarded message:
From: Gordon Smith [EMAIL PROTECTED]
Date: Wed Nov 6, 2002 8:15:22 AM Australia/Melbourne
To: [EMAIL PROTECTED]
Cc: Hugh Irvine [EMAIL PROTECTED]
Subject: A simple usage table rotation script
Hi,
Just thought I'd share this simple solution, if anyone is interested.
:-)
We use Radmin, and had been looking for an easy way to archive each
month's usage without impacting radius.
The pretty much ruled out doing a select into, because of the CPU hit
you take doing that.
So I wrote a simple script, called as a cron job on the first day of
the
month.
We're using mysql with innodb tables, so the database can fill up if
the
data doesn't get archived off somewhere else.
This script handles the rotation of the usage table, then we can
archive
data to CD when its convenient.
Oh, on a completely different topic, if anyone is using FreeTDS and
DBD::Sybase to insert info into MS-SQL databases, DON'T upgrade your
DBD::Sybase. It won't work after version 0.94. This is because of some
changes in the DBD::Sybase code that isn't in the freetds libraries.
Cheers,
Gordon Smith CCNA
Network Operations Manager
MoreNet Ltd
#!/usr/bin/perl -w
# Radius usage table rotation script
#
# Gordon Smith 31 Oct, 2002
#
# [EMAIL PROTECTED]
#
# MoreNet Ltd.
use strict;
use DBI;
# Database
my $radius_db = DBI:mysql:radmin;
my $radius_user = ;
my $radius_pwd = ;
# local variables
my ($dbh, $last_month, $tablename, $sth, $sth2, $sth3, $sql);
# Generate the name of the table to create
$tablename = getdate();
# Establish database connection
$dbh = DBI-connect($radius_db, $radius_user, $radius_pwd)
|| die Cannot connect to database!\n $DBI::errstr\n
unless (defined $dbh);
# Rename RADUSAGE table
$sth = $dbh-prepare(
qq{ALTER TABLE RADUSAGE RENAME TO $tablename})
|| die Unable to prepare rename table query:
.$dbh-errstr.\n;
$sth-execute();
$sth-finish();
# Create new RADUSAGE table
$sth2 = $dbh-prepare(
qq{CREATE TABLE RADUSAGE(
ACCTDELAYTIME INT(11) NULL,
ACCTINPUTOCTETS INT(11) NULL,
ACCTOUTPUTOCTETS INT(11) NULL,
ACCTSESSIONID VARCHAR(30) NULL,
ACCTSESSIONTIME INT(11) NULL,
ACCTSTATUSTYPE INT(11) NULL,
ACCTTERMINATECAUSE VARCHAR(50) NULL,
DNIS VARCHAR(30) NULL,
FRAMEDIPADDRESS VARCHAR(30) NULL,
NASIDENTIFIER VARCHAR(50) NOT NULL,
NASPORT INT(11) NULL,
TIME_STAMP INT(11) NULL,
USERNAME VARCHAR(50) NOT NULL,
CALLERID VARCHAR(30) NULL,
CONNECT_SPEED INT(11) NULL,
INDEX RADUSAGE_ui1 (USERNAME)
) TYPE=INNODB;
})
|| die Unable to prepare new table query: .$dbh-errstr.\n;
$sth2-execute();
$sth2-finish();
# Restart radius
# This assumes a restart wrapper - we use svscan, so we just kill
# the process. Change this system call to reflect the type of
# wrapper you are using. Not elegant, but it works.
system('/usr/bin/killall -9 radiusd');
# Now clean up the archive remove everything except STOP records
$sql = DELETE from $tablename where acctstatustype != '2';
$sth3 = $dbh-prepare($sql);
$sth3-execute();
$sth3-finish();
# Close the database connection
$dbh-disconnect;
exit();
sub getdate {
# Gets the current date and creates a name to use for creation
# of an archive table for the previous month's data, then
# returns the name created
my @months =
(jan,feb,mar,apr,may,jun,jul,aug,sep,oct,nov,dec
);
# Get current time
# The month returned is an integer between 0 and 11
my ($second, $minute, $hour, $day, $month, $year, $weekday,
$dayofyear, $IsDST) = localtime(time);
# Tidy up the year
if ($year = 100){
$year = $year - 100;
}
# Add a leading 0 if year is less than 2010
if ($year 10){
$year = 0.$year;
}
# Get the last month so we can name the archive table correctly
if ($month == 0){ # january
$last_month = 11; # december
$year = $year - 1;
}else{
$last_month = $month - 1;
}
# generate the name of the archive table
$tablename = $months[$last_month] . $year;
# return the calculated value
(RADIATOR) Accounting Log file format
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [S H A N [EMAIL PROTECTED]] Date: Wed, 6 Nov 2002 17:14:25 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Nov 6 17:14:24 2002 Received: from smtp12.singnet.com.sg (smtp12.singnet.com.sg [165.21.6.32]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id gA6NENC03921 for [EMAIL PROTECTED]; Wed, 6 Nov 2002 17:14:24 -0600 Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp12.singnet.com.sg (8.12.6/8.12.6) with ESMTP id gA746kLE016649 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:46 +0800 Received: (from shanali@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) id MAA26714 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:40 +0800 (SST) Date: Thu, 7 Nov 2002 12:06:40 +0800 From: S H A N [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Accounting Log file format Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=EVF5PPMfhYS0aIcm Content-Disposition: inline User-Agent: Mutt/1.4i --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, attached is the derised format of accounting log file format. what would be the best way in radiator to accomplish the same? thanks -- S H A N --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=detail Content-Transfer-Encoding: quoted-printable Date,Time,User-Name,NAS-IP-Address,NAS-Port,Service-Type,Frame= d-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed-Routing,Filte= r-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login-Service,Lo= gin-TCP-Port,Callback-Number,Callback-Id,Framed-Route,Framed-IPX-Ne= twork,Class,Vendor-Specific,Session-Timeout,Idle-Timeout,Terminat= ion-Action,Called-Station-Id,Calling-Station-Id,NAS-Identifier,Prox= y-State,Login-LAT-Service,Login-LAT-Node,Login-LAT-Group,Framed-App= leTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct-Statu= s-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output-Octets,Acct-Se= ssion-Id,Acct-Authentic,Acct-Session-Time,Acct-Input-Packets,Acct-O= utput-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct-Link-Co= unt,NAS-Port-Type,Port-Limit,Login-LAT-Port,Ascend-User-Acct-Type,= Ascend-User-Acct-Host,Ascend-User-Acct-Port,Ascend-User-Acct-Key,Asc= end-User-Acct-Base,Ascend-User-Acct-Time,Ascend-Event-Type,Ascend-Ses= sion-Svr-Key,Ascend-Multilink-ID,Ascend-Num-In-Multilink,Ascend-First= -Dest,Ascend-Pre-Input-Octets,Ascend-Pre-Output-Octets,Ascend-Pre-Inp= ut-Packets,Ascend-Pre-Output-Packets,Ascend-Disconnect-Cause,Ascend-C= onnect-Progress,Ascend-Data-Rate,Ascend-PreSession-Time,Ascend-Number= -Sessions 2001-02-04,11:26:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Start,1459617792,,,307= 404956,RADIUS,,,Async,, 2001-02-04,11:50:38,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Start,905969664,,,3074= 04957,RADIUS,,,Async,, 2001-02-04,12:50:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Stop,1207959552,343857,= 571682,307404956,RADIUS,5056,6685,1596Async,224.0.0.= 2,385,242,9,13,185,60,26400,25, 2001-02-04,12:51:15,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Stop,33554432,787195,75= 90014,307404957,RADIUS,3690,16800,7522Async,129.10.1= .11,385,236,8,12,45,60,28800,35, 2001-02-04,15:16:27,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Start,0,,,307404959,RADIUS,,,= Async,, 2001-02-04,15:19:29,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Stop,0,3757,17881,307404959,RADIUS= ,181,84,88Async,203.120.90.40,427,248,11,12,45,60,28800= ,30, 2001-02-04,18:08:11,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Start,0,,,307404961,= RADIUS,,,Async,, 2001-02-04,18:21:50,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Stop,0,1439934,261541,= 307404961,RADIUS,819,27008,1946Async,224.0.0.2,393,2= 42,11,13,45,60,26400,35, 2001-02-04,20:13:33,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Start,385875968,,,307404964,RADIUS= ,,,Async,, 2001-02-04,20:15:11,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Stop,369098752,3827,3222,307404964,= RADIUS,99,198,175Async,224.0.0.2,429,236,10,12,45,60,3= 1200,19, 2001-02-04,20:51:18,user5.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.=
(RADIATOR) Re: Upgrade Procedure
Hello AbdusSami - I generally recommend using seperate directories for different versions. regards Hugh On Thursday, November 7, 2002, at 05:20 AM, Mohammed AbdusSami wrote: Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Accounting Log file format
Hello Shan - You would use an AcctFileFormat specification in your Realm or Handler. Section 6.16.5 in the Radiator 3.3.1 reference manual (doc/ref.html). Alternatively you could write a hook to do the same thing. regards Hugh On Thursday, November 7, 2002, at 03:14 PM, Mike McCauley wrote: -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [S H A N [EMAIL PROTECTED]] Date: Wed, 6 Nov 2002 17:14:25 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Nov 6 17:14:24 2002 Received: from smtp12.singnet.com.sg (smtp12.singnet.com.sg [165.21.6.32]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id gA6NENC03921 for [EMAIL PROTECTED]; Wed, 6 Nov 2002 17:14:24 -0600 Received: from singapura.singnet.com.sg (singapura.singnet.com.sg [165.21.10.10]) by smtp12.singnet.com.sg (8.12.6/8.12.6) with ESMTP id gA746kLE016649 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:46 +0800 Received: (from shanali@localhost) by singapura.singnet.com.sg (8.8.5/8.7.2) id MAA26714 for [EMAIL PROTECTED]; Thu, 7 Nov 2002 12:06:40 +0800 (SST) Date: Thu, 7 Nov 2002 12:06:40 +0800 From: S H A N [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Accounting Log file format Message-ID: [EMAIL PROTECTED] Mail-Followup-To: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=EVF5PPMfhYS0aIcm Content-Disposition: inline User-Agent: Mutt/1.4i --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi, attached is the derised format of accounting log file format. what would be the best way in radiator to accomplish the same? thanks -- S H A N --EVF5PPMfhYS0aIcm Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=detail Content-Transfer-Encoding: quoted-printable Date,Time,User-Name,NAS-IP-Address,NAS-Port,Service- Type,Frame= d-Protocol,Framed-IP-Address,Framed-IP-Netmask,Framed- Routing,Filte= r-Id,Framed-MTU,Framed-Compression,Login-IP-Host,Login- Service,Lo= gin-TCP-Port,Callback-Number,Callback-Id,Framed-Route,Framed- IPX-Ne= twork,Class,Vendor-Specific,Session-Timeout,Idle- Timeout,Terminat= ion-Action,Called-Station-Id,Calling-Station-Id,NAS- Identifier,Prox= y-State,Login-LAT-Service,Login-LAT-Node,Login-LAT- Group,Framed-App= leTalk-Link,Framed-AppleTalk-Network,Framed-AppleTalk-Zone,Acct- Statu= s-Type,Acct-Delay-Time,Acct-Input-Octets,Acct-Output- Octets,Acct-Se= ssion-Id,Acct-Authentic,Acct-Session-Time,Acct-Input- Packets,Acct-O= utput-Packets,Acct-Terminate-Cause,Acct-Multi-Session-Id,Acct- Link-Co= unt,NAS-Port-Type,Port-Limit,Login-LAT-Port,Ascend-User-Acct- Type,= Ascend-User-Acct-Host,Ascend-User-Acct-Port,Ascend-User-Acct- Key,Asc= end-User-Acct-Base,Ascend-User-Acct-Time,Ascend-Event- Type,Ascend-Ses= sion-Svr-Key,Ascend-Multilink-ID,Ascend-Num-In-Multilink,Ascend- First= -Dest,Ascend-Pre-Input-Octets,Ascend-Pre-Output-Octets,Ascend- Pre-Inp= ut-Packets,Ascend-Pre-Output-Packets,Ascend-Disconnect- Cause,Ascend-C= onnect-Progress,Ascend-Data-Rate,Ascend-PreSession-Time,Ascend- Number= -Sessions 2001-02- 04,11:26:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Start,1459617792,,, 307= 404956,RADIUS,,,Async,, 2001-02- 04,11:50:38,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Start,905969664,,, 3074= 04957,RADIUS,,,Async,, 2001-02- 04,12:50:37,user3.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.13,ou=3DCompanyA,,,Stop,1207959552,343 857,= 571682,307404956,RADIUS,5056,6685,1596Async,224. 0.0.= 2,385,242,9,13,185,60,26400,25, 2001-02- 04,12:51:15,user2.domain,xxx.xxx.xxx.227,20103,,1,xxx.xxx.= xxx.14,ou=3DCompanyA,,,Stop,33554432,78719 5,75= 90014,307404957,RADIUS,3690,16800,7522Async,129. 10.1= .11,385,236,8,12,45,60,28800,35, 2001-02- 04,15:16:27,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Start,0,,,307404959,RADIUS ,,,= Async,, 2001-02- 04,15:19:29,user1.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.15Stop,0,3757,17881,307404959,RAD IUS= ,181,84,88Async,203.120.90.40,427,248,11,12,45,60,2 8800= ,30, 2001-02- 04,18:08:11,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Start,0,,,30740496 1,= RADIUS,,,Async,, 2001-02- 04,18:21:50,user2.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.16,ou=3DCompanyA,,,Stop,0,1439934,2615 41,= 307404961,RADIUS,819,27008,1946Async,224.0.0.2,3 93,2= 42,11,13,45,60,26400,35, 2001-02- 04,20:13:33,user4.domain,xxx.xxx.xxx.227,20102,,1,xxx.xxx.= xxx.17Start,385875968,,,307404964,RAD IUS=
Re: (RADIATOR) Renaming cisco-avpair
Hello German -
If you call $p-get_attr(..) in a list context instead of a scalar
context, you will get the complete list.
Have a look at the code in Radius/AttrVal.pm.
regards
Hugh
On Thursday, November 7, 2002, at 07:56 AM, GermanG wrote:
Hello,
I would like to save Radius accounting tickets from a Cisco AS5300 in
a SQL
database but Cisco AS5300 is sending multiple attributes cisco-avpair.
I
would like to save all cisco-avpair so I need to rename them.
For example,
An original cisco-avpair like this:
cisco-avpair = connect-progress=41
I want it like this:
cisco-avpair-connect-progress = 41
or just
connect-progress = 41
I made a hook (based on /goddies/hooks.txt) for add a new attribute
for each
cisco-avpair.
But this hook only catch the first cisco-avpair and I can not find the
way
to analize the rest of cisco-avpair.
Hook code:
# -*- mode: Perl -*-
# Converts cisco-avpair into different attributes
#
sub
{
my $p = ${$_[0]};
my $ciscoavpair;
my $ciscoavpair_name;
my $ciscoavpair_value;
if ($ciscoavpair = $p-get_attr('cisco-avpair'))
{
$ciscoavpair =~ /=/;
$ciscoavpair_name = $`;
$ciscoavpair_value = $';
$p-add_attr(cisco-avpair-$ciscoavpair_name, $ciscoavpair_value)
}
return;
}
#
I´ve read the sub get_attr from /Radius/AttrVal.pm and found that if
you
ask for
an attribute in a scalar context only returns the first one (that´s my
case!).
How can I ask for an attribute in another way? (maybe as an array but,
How?)
Does anyboby have anything that could help on this?
I´ve tried with a while instead of an if , the result was a loop
with
the same (first) cisco-avpair.
If I add a -delete_attr after the add, the result (as said in
/Radius/AttrVal.pm ) deletes all cisco-avpair.
Best Regards,
German Gatica
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) password encryption and proxying to iPass
Hello Dave - Actually, you will see the decoded password if PAP is being used. You will not see it for CHAP. regards Hugh On Thursday, November 7, 2002, at 06:22 AM, Dave Kitabjian wrote: I just observed something, but maybe someone can tell me if I'm right or confused... I just noticed that foreign iPass users hitchhiking on our network (aka, "iPass outbound") are showing up in our Authentication Log, complete with clear text passwords. Now, I know this info is MD5 encrypted between the NAS and Radiator, and then later it's encrypted between the local outbound iPass server and the central iPass network via a proprietary iPass protocol. But I guess internal to Radiator it's inevitable that the passwords be available in clear text? Or maybe it's only necessary for CHAP, but PAP can store the p/w encrypted so it's NEVER in cleartext? Thanks all, Dave NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
RE: (RADIATOR) Re: Upgrade Procedure
Thanks a lot. Regards, AbdusSami -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Hugh Irvine Sent: Thursday, November 07, 2002 9:51 AM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: (RADIATOR) Re: Upgrade Procedure Hello AbdusSami - I generally recommend using seperate directories for different versions. regards Hugh On Thursday, November 7, 2002, at 05:20 AM, Mohammed AbdusSami wrote: Can I install in same directory where old version is installed. Regards, AbdusSami -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 31, 2002 12:39 PM To: Mohammed AbdusSami Cc: [EMAIL PROTECTED] Subject: Re: Upgrade Procedure Hello AbdusSami - Simply download and install the new version. perl Makefile.PL make make test make install regards Hugh On Wednesday, October 30, 2002, at 05:05 PM, Mohammed AbdusSami wrote: Dear All, Can anybody send the procedure to upgrade radiator on a machine which already running with old version(2.8 or 3.1) Regards, AbdusSami NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
