(RADIATOR) Perl 5.8, LANG and UTF8

2002-11-19 Thread Mike McCauley 
Hello all,

a number of users have recently reported problems with Radiator on RH8 with 
Perl 5.8, where LANG is set to a UTF8 character set. This can cause perl to 
exit with an error message like:

Wide character in Socket::inet_ntoa

This is due to new UTF8 character handling in perl 5.8, including some curious 
new default behaviour involving sockets.

Previously we suggested setting the LANG environment variable to en_US, or 
some other non-UTF8 set.

We have now released some patches that should resolve the problem, independent 
of the setting of LANG. See 
http://www.open.com.au/radiator/downloads/patches-3.3.1/

We invite people who need UTF8 to try the latest patches and report their 
results to me.

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Re: NAS - Reboot

2002-11-19 Thread Hugh Irvine 

Hello Steven -

You would specify different UDP port numbers for each instance of 
Radiator.

regards

Hugh


On Wednesday, Nov 20, 2002, at 15:25 Australia/Melbourne, 
[EMAIL PROTECTED] wrote:



Thanks.

BTW how can i run multi-copy of Radiator in the same machine.




Hugh Irvine <[EMAIL PROTECTED]>  20/11/2002 09:58 AM
Sent by: [EMAIL PROTECTED]


  To:  QUEK Steven/Mgr - IDD Network/STSunPage/ST Group@ST 
Domain
  cc:  [EMAIL PROTECTED]
  Subject: (RADIATOR) Re: NAS - Reboot










Hello Steven -

You should use Handers and an AuthBy SQL clause:


 
 .
 AcctSQLStatement ..
 


.

regards

Hugh


On Wednesday, Nov 20, 2002, at 12:11 Australia/Melbourne,
[EMAIL PROTECTED] wrote:



How can i run certain SQL command whenever the NAS reboot.


I have an wireless AP send message when its reboot and i need to
logout all
the user and created all the necessary CDR ?



[This e-mail is confidential and may also be privileged. If you are
not the
intended recipient, please delete it and notify us immediately; you
should
not copy or use it for any purpose, nor disclose its contents to any
other
person. Thank you.]





--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.




[This e-mail is confidential and may also be privileged. If you are 
not the
intended recipient, please delete it and notify us immediately; you 
should
not copy or use it for any purpose, nor disclose its contents to any 
other
person. Thank you.]




--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Re: Access-Accept before reply

2002-11-19 Thread Hugh Irvine 

Hello Rabbie -

Your configuration file is not set up correctly. You cannot chain an AuthBy DYNADDRESS after an AuthBy SQLRADIUS (as you have discovered). You will need to use a ReplyHook to do this. There is an example in the file "goodies/hooks.txt".

regards

Hugh


On Wednesday, Nov 20, 2002, at 14:20 Australia/Melbourne, Rabbie Zalaf wrote:

Hi All.

 

Yesterday we started seeing in our logs that when we dial optus ports, that we are receiving the Auth request from Optus and are sending back an Access-Accept before we even receive a reply from the RADIUS server that we forwarded the request to.

 

Any Idea's how this could happen?

 

Thanks.

 

Rabbie Zalaf

Network Consultant

Leading Edge Internet

02 9497 4024

http://www.leadingedgeinternet.net.au

 

This document together with any attachments is confidential and is intended for the named recipient only. It can not be copied, disclosed, passed on or duplicated in any way shape or form, without the prior permission of the author. If you are not the intended recipient please contact the author immediately and destroy the message. All parties acknowledge that any breach of confidence or disclosures made by any party, (including their employees, agents and contracted service providers such as solicitors, accountants, auditors and others), which may result in a commercial loss to Leading Edge Group, may result in Leading Edge Group exercising such rights as are available to them in connection with that loss.

 



-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Re: (RADIATOR) Re: NAS - Reboot

2002-11-19 Thread queksteven 


Thanks.

BTW how can i run multi-copy of Radiator in the same machine.




Hugh Irvine <[EMAIL PROTECTED]>  20/11/2002 09:58 AM
Sent by: [EMAIL PROTECTED]

   

  To:  QUEK Steven/Mgr - IDD Network/STSunPage/ST Group@ST Domain  

  cc:  [EMAIL PROTECTED]

  Subject: (RADIATOR) Re: NAS - Reboot 

   

   

   








Hello Steven -

You should use Handers and an AuthBy SQL clause:


 
 .
 AcctSQLStatement ..
 


.

regards

Hugh


On Wednesday, Nov 20, 2002, at 12:11 Australia/Melbourne,
[EMAIL PROTECTED] wrote:

>
>
> How can i run certain SQL command whenever the NAS reboot.
>
>
> I have an wireless AP send message when its reboot and i need to
> logout all
> the user and created all the necessary CDR ?
>
>
>
> [This e-mail is confidential and may also be privileged. If you are
> not the
> intended recipient, please delete it and notify us immediately; you
> should
> not copy or use it for any purpose, nor disclose its contents to any
> other
> person. Thank you.]
>
>
>

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.




[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Access-Accept before reply

2002-11-19 Thread Rabbie Zalaf 








Hi All.

 

Yesterday we started seeing in our logs that when we dial optus ports, that we are receiving the Auth request from
Optus and are sending back an Access-Accept before we
even receive a reply from the RADIUS server that we forwarded the request to.

 

Any Idea's how this could happen?

 

Thanks.

 

Rabbie Zalaf

Network Consultant

Leading Edge Internet

02 9497 4024

http://www.leadingedgeinternet.net.au

 

This document together with any attachments is
confidential and is intended for the named recipient only. It can not be
copied, disclosed, passed on or duplicated in any way shape or form, without
the prior permission of the author. If you are not the intended recipient
please contact the author immediately and destroy the message. All parties
acknowledge that any breach of confidence or disclosures made by any party,
(including their employees, agents and contracted service providers such as
solicitors, accountants, auditors and others), which may result in a commercial
loss to Leading Edge Group, may result in Leading Edge Group exercising such
rights as are available to them in connection with that loss.

 








optus
Description: Binary data


radius.cfg
Description: Binary data

(RADIATOR) Re: NAS - Reboot

2002-11-19 Thread Hugh Irvine 

Hello Steven -

You should use Handers and an AuthBy SQL clause:


	
		.
		AcctSQLStatement ..
	


.

regards

Hugh


On Wednesday, Nov 20, 2002, at 12:11 Australia/Melbourne, 
[EMAIL PROTECTED] wrote:



How can i run certain SQL command whenever the NAS reboot.


I have an wireless AP send message when its reboot and i need to 
logout all
the user and created all the necessary CDR ?



[This e-mail is confidential and may also be privileged. If you are 
not the
intended recipient, please delete it and notify us immediately; you 
should
not copy or use it for any purpose, nor disclose its contents to any 
other
person. Thank you.]




--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Deleting Rogue Sessions Automatically..... Help!

2002-11-19 Thread Hugh Irvine 

Hello Brad -

The usual reason for this problem is missing accounting stop records (or incorrect processing of same).

You will need to find out first of all what the exact problem is, then you can try to fix it.

If you would like me to help you, I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening.

regards

Hugh


On Wednesday, Nov 20, 2002, at 09:20 Australia/Melbourne, Brad Green - Fox All Services P/L wrote:

Hi guys,
 
Im running Radiator and am having trouble with a few things. My main issue is that some sessions are kept alive when the user has long since disconnected from the service. Is there a modification or a line I can put in to stop this from occuring? Im just wanting to put in a line that basically tells it to delete a session if it cannot communicate with it (but it cannot be by IP address, as the IP addresses are dynamically assigned to users, so the same IP could be in use but for a different user)
 
Brad


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

(RADIATOR) NAS - Reboot

2002-11-19 Thread queksteven 


How can i run certain SQL command whenever the NAS reboot.


I have an wireless AP send message when its reboot and i need to logout all
the user and created all the necessary CDR ?



[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Deleting Rogue Sessions Automatically..... Help!

2002-11-19 Thread Brad Green - Fox All Services P/L 



Hi guys, 
 
Im running Radiator and am having trouble with a 
few things. My main issue is that some sessions are kept alive when the user has 
long since disconnected from the service. Is there a modification or a line I 
can put in to stop this from occuring? Im just wanting to put in a line that 
basically tells it to delete a session if it cannot communicate with it (but it 
cannot be by IP address, as the IP addresses are dynamically assigned to users, 
so the same IP could be in use but for a different user)
 
Brad

Re: (RADIATOR) MaxSessions per user and per domain

2002-11-19 Thread Hugh Irvine 

Hello Julio -

Rather than two session databases, you would use the AuthBy 
PORTLIMITCHECK clause.

See section 6.41 in the Radiator 3.3.1 reference manual 
("doc/ref.html").

regards

Hugh


On Wednesday, Nov 20, 2002, at 01:23 Australia/Melbourne, Prada López, 
Julio wrote:

Ok, great idea. But it is possible to have two 'sessions databases' in 
the
same .cfg with different 'CountQueries' (one for user maxsessionscheck 
and
the other for domain maxsessions-check)??

regards,
jules

Julio Prada López
BT Ignite
Isabel Colbrand, 8 2º 28050 Madrid SPAIN
telf: +34 91 270 6152
fax: +34 91 270 6161
mail: [EMAIL PROTECTED] 


-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el: lunes 18 de noviembre de 2002 22:41
Para: "Prada López, Julio"
Cc: [EMAIL PROTECTED]
Asunto: Re: (RADIATOR) MaxSessions per user and per domain



Hello Julio -

The simplest way to do this is to define two AuthBy LDAP* clauses, one
for each check.

regards

Hugh


On Monday, Nov 18, 2002, at 22:30 Australia/Melbourne, Prada López,
Julio wrote:

Hi all,

I am trying to configure a Radiator instance to allow controlling both
the
maximum sessions per user and per domain.

Nowadays I have implemented the 'Simultaneous-Use' check with a LDAP
atribute and the default query in CountQuery (default query uses
[...]where
USERNAME=%"u"). That works fine but I'm interested in adding another
extra
level of controlling sessions by domain (based in LDAP too). I'm
thinking in
doing some changes in CountQuery ([...]where USERNAME like '%%@%R')
but once
modified the CountQuery, I supose it will affect the way Radiator
check the
Simultaneous-Use per user.

Any workaround in order to do dual control of sessions per user and 
per
domain basis?
Anyone has implemented this idea? In which way?

regards,
jules

Julio Prada López
BT Ignite
Isabel Colbrand, 8 2º 28050 Madrid SPAIN
telf: +34 91 270 6152
fax: +34 91 270 6161
mail: [EMAIL PROTECTED] 

**
Noticia legal
Este mensaje electrónico contiene información de BT Ignite España
S.A.U. que
es privada y confidencial, siendo para el uso exclusivo de la persona
(s) o
entidades arriba mencionadas. Si usted no es el destinatario señalado,
le
informamos que cualquier divulgación, copia, distribución o uso de los
contenidos está prohibida. Si usted ha recibido este mensaje por
error, por
favor borre su contenido lo antes posible.
Gracias.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

**
Noticia legal
Este mensaje electrónico contiene información de BT Ignite España 
S.A.U. que
es privada y confidencial, siendo para el uso exclusivo de la persona 
(s) o
entidades arriba mencionadas. Si usted no es el destinatario señalado, 
le
informamos que cualquier divulgación, copia, distribución o uso de los
contenidos está prohibida. Si usted ha recibido este mensaje por 
error, por
favor borre su contenido lo antes posible.
Gracias.



--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Re: cisco-avpairs via LDAP

2002-11-19 Thread Hugh Irvine 

Hello Riza -

AddToReply will not work in the way you show below (it expects an attribute = value pair).

I would be inclined to simply add the attributes in the AuthBy LDAP2 clause:



AuthAttrDef radiusciscoavpair, GENERIC, reply



regards

Hugh


On Tuesday, Nov 19, 2002, at 22:13 Australia/Melbourne, Riza Kamalie wrote:

guys,
 
running radiator 3.3.1 authenticating users via LDAP. 
 
I'm having a problem with assigning cisco-avpairs via an LDAP attribute to the AddToReply function,
calling it via Radiator doesnt work correclty. It fails with "Bad attribute=value pair: %{RadiusCisco}"
below is a part of teh config and output trace 4 of the log file.
 

    
   
UsernameAttr    uid

    AuthAttrDef radiusciscoavpair,RadiusCisco,request
AuthAttrDef radiusmaxsessions,RadiusMaxSessions,request
 
    


    Identifier LDAP_NETWORK_PROFILES
    Filename ./eldappy.profile
    StripFromReply RadiusEnabled,RadiusAuthenticationNumber,RadiusAuthentication
 
    AddToReply  %{RadiusCisco}  
 
    
 


 

*** Received from 127.0.0.1 port 47049 
Code:   Access-Request
Identifier: 208
Authentic:  1234567890123456
Attributes:
    User-Name = "[EMAIL PROTECTED]"
    Service-Type = Framed-User
    NAS-IP-Address = 196.25.1.1
    NAS-Port = 1
    Called-Station-Id = "123456789"
    Calling-Station-Id = "987654321"
    NAS-Port-Type = Async
    User-Password = "<152><233>n<159><156>h<4><246><188>8<9><160><216>}x<153>"
 
Mon Nov 18 17:18:14 2002: DEBUG: Handling request with Handler 'Request-Type = Access-Request'
Mon Nov 18 17:18:14 2002: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Tue Nov 19 12:09:35 2002: INFO: Connecting to , port xxx
Tue Nov 19 12:09:35 2002: INFO: Attempting to bind with uid=xx,ou=xx,o=xx,c=xx, unlink (server eldap.worldonline.co.za:
389)
Tue Nov 19 12:09:35 2002: DEBUG: LDAP got result for uid=5328,ou=xxx,ou=xxx,o=xxx,c=xx
Tue Nov 19 12:09:35 2002: DEBUG: LDAP got passwordcleartext: 
Tue Nov 19 12:09:35 2002: DEBUG: LDAP got userpassword: xx

Tue Nov 19 12:09:35 2002: DEBUG: LDAP got radiusciscoavpair: cisco-avpair="ip:inacl#10=permit udp any any eq 53",cisco-avpair="ip:inacl#40=permit icmp any any",cisco-avpair="ip:inacl#60=permit tcp any 196.41.0.0 0.0.255.255",cisco-avpair="ip:inacl#70=deny ip any any"

Tue Nov 19 12:09:35 2002: DEBUG: LDAP got radiusmaxsessions: 2
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthLDAP2 looks for match with 5328
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
Tue Nov 19 12:09:35 2002: DEBUG: AuthWOL handle_request: Received from 127.0.0.1 port 59299
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthWOL ACCEPT:
Tue Nov 19 12:09:35 2002: DEBUG: Handling with PORTLIMITCHECK: LDAP_PORTLIMITCHECK
Tue Nov 19 12:09:35 2002: DEBUG: Query is: select count(userid) from radonline where userid='5328' and CLI not like 'IPASS%'
 
Tue Nov 19 12:09:35 2002: DEBUG: PORTLIMITCHECK got a current session count of 0
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthFILE looks for match with 5328
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthFILE REJECT: Check item RadiusEnabled expression 'suspend' does not match 'active' in request
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT1
Tue Nov 19 12:09:35 2002: DEBUG: Radius::AuthFILE ACCEPT:

Tue Nov 19 12:09:35 2002: ERR: Bad attribute=value pair: %{RadiusCisco}

Tue Nov 19 12:09:35 2002: DEBUG: Access accepted for 5328
Tue Nov 19 12:09:35 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 59299 
Code:   Access-Accept
Identifier: 3
Authentic:  1234567890123456
Attributes:
    Service-Type = Framed-User
    Framed-Protocol = PPP
 

 
 
 
 
 
Thanks
 
Riza Kamalie
Technical Systems Manager
Engineering

Worldonline 
A Division of Tiscali (Pty) Ltd
+27 (21) 940 9791
+27(0) 82 992 2027  
[EMAIL PROTECTED]
http://www.worldonline.co.za
 
 
Disclaimer:This email is considered a business record and is therefore property of Tiscali. This email, and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of Tiscali. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please immediately notify .
Very funny Scotty... Now beam down my clothes!!

 


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,

Re: (RADIATOR) dictionary

2002-11-19 Thread Hugh Irvine 

Hello -

Vendor 429 is USR, and you will find many USR dictionary definitions in 
the file "dictionary.usr".

You should add the vendor-specifics to the standard Radiator dictionary 
with your favourite text editor.

After changing the dictionary you will need to restart Radiator so the 
new dictionary is re-read.

regards

Hugh


On Wednesday, Nov 20, 2002, at 00:18 Australia/Melbourne, 
<[EMAIL PROTECTED]> wrote:

Hi

I keep getting too many of "Attribute not defined in your dictionary" 
- when
can I get a dictionary
that has all these attributes?
I have these types of Nases.

-Cisco AS5300
-Total Control


Tue Nov 19 15:59:32 2002: ERR: Attribute number 105 (vendor 429) is not
defined in your dictionary
Tue Nov 19 15:59:32 2002: ERR: Attribute number 117 (vendor 429) is not
defined in your dictionary
Tue Nov 19 15:59:32 2002: ERR: Attribute number 119 (vendor 429) is not
defined in your dictionary
Tue Nov 19 15:59:32 2002: ERR: Attribute number 125 (vendor 429) is not
defined in your dictionary


Rgds
TDN


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) MaxSessions per user and per domain

2002-11-19 Thread "Prada López, Julio" 
Ok, great idea. But it is possible to have two 'sessions databases' in the
same .cfg with different 'CountQueries' (one for user maxsessionscheck and
the other for domain maxsessions-check)??

regards,
jules

Julio Prada López
BT Ignite
Isabel Colbrand, 8 2º 28050 Madrid SPAIN
telf: +34 91 270 6152
fax: +34 91 270 6161
mail: [EMAIL PROTECTED]  
 

-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el: lunes 18 de noviembre de 2002 22:41
Para: "Prada López, Julio"
Cc: [EMAIL PROTECTED]
Asunto: Re: (RADIATOR) MaxSessions per user and per domain



Hello Julio -

The simplest way to do this is to define two AuthBy LDAP* clauses, one 
for each check.

regards

Hugh


On Monday, Nov 18, 2002, at 22:30 Australia/Melbourne, Prada López, 
Julio wrote:

> Hi all,
>
> I am trying to configure a Radiator instance to allow controlling both 
> the
> maximum sessions per user and per domain.
>
> Nowadays I have implemented the 'Simultaneous-Use' check with a LDAP
> atribute and the default query in CountQuery (default query uses 
> [...]where
> USERNAME=%"u"). That works fine but I'm interested in adding another 
> extra
> level of controlling sessions by domain (based in LDAP too). I'm 
> thinking in
> doing some changes in CountQuery ([...]where USERNAME like '%%@%R') 
> but once
> modified the CountQuery, I supose it will affect the way Radiator 
> check the
> Simultaneous-Use per user.
>
> Any workaround in order to do dual control of sessions per user and per
> domain basis?
> Anyone has implemented this idea? In which way?
>
> regards,
> jules
>
> Julio Prada López
> BT Ignite
> Isabel Colbrand, 8 2º 28050 Madrid SPAIN
> telf: +34 91 270 6152
> fax: +34 91 270 6161
> mail: [EMAIL PROTECTED] 
>
> **
> Noticia legal
> Este mensaje electrónico contiene información de BT Ignite España 
> S.A.U. que
> es privada y confidencial, siendo para el uso exclusivo de la persona 
> (s) o
> entidades arriba mencionadas. Si usted no es el destinatario señalado, 
> le
> informamos que cualquier divulgación, copia, distribución o uso de los
> contenidos está prohibida. Si usted ha recibido este mensaje por 
> error, por
> favor borre su contenido lo antes posible.
> Gracias.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

** 
Noticia legal 
Este mensaje electrónico contiene información de BT Ignite España S.A.U. que
es privada y confidencial, siendo para el uso exclusivo de la persona (s) o
entidades arriba mencionadas. Si usted no es el destinatario señalado, le
informamos que cualquier divulgación, copia, distribución o uso de los
contenidos está prohibida. Si usted ha recibido este mensaje por error, por
favor borre su contenido lo antes posible. 
Gracias.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) dictionary

2002-11-19 Thread tdn 
Hi

I keep getting too many of "Attribute not defined in your dictionary" - when
can I get a dictionary
that has all these attributes?
I have these types of Nases.

-Cisco AS5300
-Total Control


Tue Nov 19 15:59:32 2002: ERR: Attribute number 105 (vendor 429) is not
defined in your dictionary
Tue Nov 19 15:59:32 2002: ERR: Attribute number 117 (vendor 429) is not
defined in your dictionary
Tue Nov 19 15:59:32 2002: ERR: Attribute number 119 (vendor 429) is not
defined in your dictionary
Tue Nov 19 15:59:32 2002: ERR: Attribute number 125 (vendor 429) is not
defined in your dictionary


Rgds
TDN


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) ldapapi.pm build problem

2002-11-19 Thread Steve Wilson 
After installing Convert::ASN1 it worked a dream. Now I'm kicking myself for 
battling to build that module to get LDAP working instead of LDAP2. 

Thanks for the help 

Steve Wilson 

Hugh Irvine writes: 


Hello Steve - 

I suggest you use the AuthBy LDAP2 clause with the perl-ldap module. 

See section 6.35 in the Radiator 3.3.1 reference manual ("doc/ref.html"). 

regards 

Hugh 


On Tuesday, Nov 19, 2002, at 19:26 Australia/Melbourne, Steve Wilson 
wrote: 

Hi, 

I'm trying to build the LDAPapi.pm module to be able to use the AuthBy
LDAP and it's failing big time trying to build the object file, my
Machine is running mandrake 9.0 and has perl 5.8.0, as the perl module
hasn't been updated since 1998 I think that the perl version could be
the problem. If anyone has a precompiled version of this module I'd
realy like to give it a try as all the other radiator modules seem quite
happy running under 5.8.0 but I just cannot build it. 

If there is another way, I'd be pleased to hear it but every time I
start radiator now it complains that it cannot locate LDAPapi.pm in ...
In addition the machine has got the perl and ldap development rpms
installed and my AuthBy RADIUS section does work fine, unfortunately I
_need_ to authenticate using ldap. 

tia 

Steve Wilson. 

 


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message. 



--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence. 


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) DBI Handled Error

2002-11-19 Thread Hugh Irvine 

Hello AbdusSami -

As always, I will need to see a copy of the Radiator configuration file and a trace 4 debug showing what is happening.

regards

Hugh


On Tuesday, Nov 19, 2002, at 20:31 Australia/Melbourne, Mohammed AbdusSami wrote:

Dear All,

 

When I am tracing my radius with trace 3 it is giving an error on console which is as follow.

 

“ DBIhandle cleared whilst still active at Radius/util.pm line 514”

 

 

Any suggesting to fix this.

 

Regards,

 

AbdusSami

 



-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Re: (RADIATOR) Radiator Attribute??

2002-11-19 Thread Hugh Irvine 

Hello Daniel -

I'm not sure I understand your question.

If you want to allow a particular user to only connect to a particular NAS, you could do something like this:

# define Client


Identifier ThisNAS
.


Then in the user definition you would use this check:

# define user

someuser Client-Identifier = ThisNAS, Password = 
..


regards

Hugh


On Tuesday, Nov 19, 2002, at 19:07 Australia/Melbourne, <[EMAIL PROTECTED]> wrote:

Hello,

As I'm a newby in radiator, it's not so easy to find out everything in time...

What attribut (Session-Type / cisco-avpair) has to be used, for example, to restrict user access to an cisco nas...?
I'm right, thats an "checkattr" and not an "replyattr"?

I used the following config lines on the cisco nas:

aaa authorization exec radius enable
aaa authorization command 2 radius enable


Thanks in advance for your brief help...


Dänu

SwisscomEnterprise Solutions AG
ES-PSO-SOC-NM
Daniel Binggeli
Genfergasse 14/ Room 189
CH - 3050 BERN

Telefon   +41 31 893 89 83
Mobile    +41 79 308 82 39

mailto:[EMAIL PROTECTED]
Internet:www.swisscom.com/enterprise-solutions



-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Re: (RADIATOR) ldapapi.pm build problem

2002-11-19 Thread Hugh Irvine 

Hello Steve -

I suggest you use the AuthBy LDAP2 clause with the perl-ldap module.

See section 6.35 in the Radiator 3.3.1 reference manual 
("doc/ref.html").

regards

Hugh


On Tuesday, Nov 19, 2002, at 19:26 Australia/Melbourne, Steve Wilson 
wrote:

Hi,

I'm trying to build the LDAPapi.pm module to be able to use the AuthBy
LDAP and it's failing big time trying to build the object file, my
Machine is running mandrake 9.0 and has perl 5.8.0, as the perl module
hasn't been updated since 1998 I think that the perl version could be
the problem. If anyone has a precompiled version of this module I'd
realy like to give it a try as all the other radiator modules seem 
quite
happy running under 5.8.0 but I just cannot build it.

If there is another way, I'd be pleased to hear it but every time I
start radiator now it complains that it cannot locate LDAPapi.pm in ...
In addition the machine has got the perl and ldap development rpms
installed and my AuthBy RADIUS section does work fine, unfortunately I
_need_ to authenticate using ldap.

tia

Steve Wilson.




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) DBI Handled Error

2002-11-19 Thread Mohammed AbdusSami 








Dear All,

 

When I am tracing my radius with trace 3 it is giving an
error on console which is as follow.

 

“ DBI handle cleared
whilst still active at Radius/util.pm line 514”

 

 

Any suggesting to fix this.

 

Regards,

 

AbdusSami

 

(RADIATOR) ldapapi.pm build problem

2002-11-19 Thread Steve Wilson 
Hi,

I'm trying to build the LDAPapi.pm module to be able to use the AuthBy
LDAP and it's failing big time trying to build the object file, my
Machine is running mandrake 9.0 and has perl 5.8.0, as the perl module
hasn't been updated since 1998 I think that the perl version could be
the problem. If anyone has a precompiled version of this module I'd
realy like to give it a try as all the other radiator modules seem quite
happy running under 5.8.0 but I just cannot build it.

If there is another way, I'd be pleased to hear it but every time I
start radiator now it complains that it cannot locate LDAPapi.pm in ...
In addition the machine has got the perl and ldap development rpms
installed and my AuthBy RADIUS section does work fine, unfortunately I
_need_ to authenticate using ldap.

tia

Steve Wilson.




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Error Message

2002-11-19 Thread Toomas Kärner 
Hi,
Actually that's overall problem. I have met several PPPoE client software
that do not display it and it's not even in the document that describes set
of parameters passed to eachother in radius roaming (wlan, international,
propietary). There is only one place that I know that uses it. That is
Nomadix and it's logon failure webpage.

Rgds.
Toomas Kärner
- Original Message -
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Toomas Kärner" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, November 18, 2002 11:37 PM
Subject: Re: (RADIATOR) Error Message


>
> Hello Chris, Hello Toomas -
>
> The real problem you will have is with the end-user dialer not
> displaying the message.
>
> Most Microsoft products do not display the reply message even if you
> send it.
>
> YMMV
>
> regards
>
> Hugh
>
>
> On Monday, Nov 18, 2002, at 23:35 Australia/Melbourne, Toomas Kärner
> wrote:
>
> > Hi,
> >
> > You can do it like this.
> > First you set up session database.
> > Second you put in a keyword RejectHasReason.
> > Third you add such postauthhook what changes your reject message
> >
> > PostAuthHooksub { \
> > my $originalmessage=${$_[3]}; \
> > my $mymessage; \
> >
> > if (${$_[2]} == $main::REJECT  )  {\
> > $_=$originalmessage; \
> > if(/Simultaneous-Use/) { \
> >  $mymessage='Go and visit plah plah plah.'; \
> >  } \
> > if(/StringToFindInRejectMessage/) { \
> >  $mymessage='MyNewRejectMessage'; \
> >  } \
> > ${$_[3]}=$mymessage \
> > if ($mymessage); \
> > } \
> > }
> >
> > - Original Message -
> > From: "Chris Kay" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, November 18, 2002 2:10 PM
> > Subject: (RADIATOR) Error Message
> >
> >
> >>
> >> Is there a way to manipulate error message that the customer see on
> >> The clients side, I knows these are windows error messages just not
> >> sure
> >> If I can change these
> >>
> >> EG: I have a port limit set for groups of users and each limit is
> >> different, and I
> >> Would like to see if I could display a message like
> >>
> >> "No more connections from your group is permitted, please visit
> >> http://blah,
> >> For assistance."
> >>
> >> Can this be done?
> >>
> >> Regards
> >> Chris Kay
> >> Techex Communications Pty Ltd
> >>
> >> ===
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on [EMAIL PROTECTED]
> >> To unsubscribe, email '[EMAIL PROTECTED]' with
> >> 'unsubscribe radiator' in the body of the message.
> >>
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Radiator Attribute??

2002-11-19 Thread Daniel.Binggeli1 
Title: Radiator Attribute??







Hello,


As I'm a newby in radiator, it's not so easy to find out everything in time...


What attribut (Session-Type / cisco-avpair) has to be used, for example, to restrict user access to an cisco nas...?

I'm right, thats an "checkattr" and not an "replyattr"?


I used the following config lines on the cisco nas:


aaa authorization exec radius enable

aaa authorization command 2 radius enable



Thanks in advance for your brief help...



Dänu


Swisscom Enterprise Solutions AG

ES-PSO-SOC-NM

Daniel Binggeli

Genfergasse 14 / Room 189

CH - 3050 BERN


Telefon   +41 31 893 89 83

Mobile    +41 79 308 82 39


mailto:[EMAIL PROTECTED]

Internet: www.swisscom.com/enterprise-solutions