(RADIATOR) WildCard Handler Definition
Hi, I have a list of NAS having the Name as 123_Loc1 123_LocUS 123_LocCHINA 123_LocTHAILAND to use the below handler, How to I define the Handler Definition below RewriteUsername s/^([^@]+).*/$1/ AuthBy AP_ICC_AccountingStarts [This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete it and notify us immediately; you should not copy or use it for any purpose, nor disclose its contents to any other person. Thank you.] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radiator and wireless APs
Hello Vincent - Thanks for your mail. FYI - there is now a radius extension called "Disconnect-Request" that some NAS software implements. It is worth noting however that this support is provided by a stub radius *server* in the NAS, and the Disconnect-Request is sent by a radius *client*. Typically when using Radiator, this is accomplished by using "radpwtst" to send the Disconnect-Request to the NAS. regards Hugh We use a lot of CN3000. As far as I know, the CN3000 fetches the user's account information (available credit of time) upon the user login and keeps its own timer on the user and disconnect the user when the timer counts to the end. This should achieve what you attempt to do. FYI, the RADIUS protocol doesn't have the provision for sending back user disconnect requests to the NAS. Cheers. == Vincent Hua VP Operations ISG Infotech Systems Group Inc. 13988 Cambie Road, Suite 313 (2/F) Richmond, BC, V6V 2K4, Canada Web: www.ISGGroup.com www.Power2Roam.com Voice: +1 (604) 303 6881 ext. 101 Fax: +1 (604) 303 6854 ICQ: 196980 http://wwp.icq.com/196980 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Anton Krall Sent: January 9, 2003 9:27 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) radiator and wireless APs Guys.. Anybody using any Colubris Aps or any other Aps that support external radius auth? I want to know of those Aps that say support external auth and acct really do? And also if radiator send a STOP acct request after X amount of time.. Will the AP close network access to that client? Or how do you do that? Thx for your comments. __ Anton Krall CEO Intruder Consulting Email: [EMAIL PROTECTED] Tel: (55)5233-9281 Celular: (044)55-5105-5160 ICQ#: 4979450 MSN: [EMAIL PROTECTED] AIM: antonkrall Web: www.intruder.com.mx Outside Mexico Tel: (+52)5233-9281 Celular: (+52)5105-5160 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) radiator and wireless APs
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Vincent Hua" <[EMAIL PROTECTED]>] Date: Thu, 9 Jan 2003 19:58:35 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Thu Jan 9 19:58:35 2003 Received: from power2roam.com (isggroup.com [64.114.81.105] (may be forged)) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h0A1wXx26815 for <[EMAIL PROTECTED]>; Thu, 9 Jan 2003 19:58:34 -0600 Received: from Conqueror (810209.cipherkey.com [64.114.81.209]) (authenticated bits=0) by power2roam.com (8.12.5/8.12.6) with ESMTP id h0A6wikX031633; Thu, 9 Jan 2003 22:58:45 -0800 Reply-To: <[EMAIL PROTECTED]> From: "Vincent Hua" <[EMAIL PROTECTED]> To: "'Anton Krall'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: (RADIATOR) radiator and wireless APs Date: Thu, 9 Jan 2003 22:58:47 -0800 Organization: Power2Roam Inc. Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.4510 Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 In-Reply-To: Disposition-Notification-To: "Vincent Hua" <[EMAIL PROTECTED]> Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by server1.open.com.au id h0A1wZx26816 We use a lot of CN3000. As far as I know, the CN3000 fetches the user's account information (available credit of time) upon the user login and keeps its own timer on the user and disconnect the user when the timer counts to the end. This should achieve what you attempt to do. FYI, the RADIUS protocol doesn't have the provision for sending back user disconnect requests to the NAS. Cheers. == Vincent Hua VP Operations ISG Infotech Systems Group Inc. 13988 Cambie Road, Suite 313 (2/F) Richmond, BC, V6V 2K4, Canada Web:www.ISGGroup.com www.Power2Roam.com Voice: +1 (604) 303 6881 ext. 101 Fax: +1 (604) 303 6854 ICQ: 196980 http://wwp.icq.com/196980 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Anton Krall Sent: January 9, 2003 9:27 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) radiator and wireless APs Guys.. Anybody using any Colubris Aps or any other Aps that support external radius auth? I want to know of those Aps that say support external auth and acct really do? And also if radiator send a STOP acct request after X amount of time.. Will the AP close network access to that client? Or how do you do that? Thx for your comments. __ Anton Krall CEO Intruder Consulting Email: [EMAIL PROTECTED] Tel: (55)5233-9281 Celular: (044)55-5105-5160 ICQ#: 4979450 MSN: [EMAIL PROTECTED] AIM: antonkrall Web: www.intruder.com.mx Outside Mexico Tel: (+52)5233-9281 Celular: (+52)5105-5160 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radiator and wireless APs
Hello Anton - We have a number of customers using a variety of wireless equipment. You should be aware that the radius support in this type of equipment varies considerably, even between versions of the same vendor's software. It is the access point that sends the radius accounting starts and stops to Radiator, not the other way around. I imagine that you would have to check the vendor documentation (and try some experiments) to ascertain exactly what functionality is implemented in any particular vendor/version hardware/software. regards Hugh On Friday, Jan 10, 2003, at 16:26 Australia/Melbourne, Anton Krall wrote: Guys.. Anybody using any Colubris Aps or any other Aps that support external radius auth? I want to know of those Aps that say support external auth and acct really do? And also if radiator send a STOP acct request after X amount of time.. Will the AP close network access to that client? Or how do you do that? Thx for your comments. __ Anton Krall CEO Intruder Consulting Email: [EMAIL PROTECTED] Tel: (55)5233-9281 Celular: (044)55-5105-5160 ICQ#: 4979450 MSN: [EMAIL PROTECTED] AIM: antonkrall Web: www.intruder.com.mx Outside Mexico Tel: (+52)5233-9281 Celular: (+52)5105-5160 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator and wireless APs
Guys.. Anybody using any Colubris Aps or any other Aps that support external radius auth? I want to know of those Aps that say support external auth and acct really do? And also if radiator send a STOP acct request after X amount of time.. Will the AP close network access to that client? Or how do you do that? Thx for your comments. __ Anton Krall CEO Intruder Consulting Email: [EMAIL PROTECTED] Tel: (55)5233-9281 Celular: (044)55-5105-5160 ICQ#: 4979450 MSN: [EMAIL PROTECTED] AIM: antonkrall Web: www.intruder.com.mx Outside Mexico Tel: (+52)5233-9281 Celular: (+52)5105-5160 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS subnet problem
Hello Tunde - Thanks for sending the files. It sounds to me like you have a routing problem on the Windows box when it is on a different subnet. I suspect you will need to add a default gateway or perhaps a static route so that the radius requests are sent to the correct place. regards Hugh On Thursday, Jan 9, 2003, at 21:31 Australia/Melbourne, Ayotunde Itayemi wrote: Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RFC 2868
Hello Marius - Yes the tunnel attributes from RFC 2868 are included in the Radiator dictionary and are fully supported. Here is an extract from the current Radiator 3.5 dictionary. ATTRIBUTE Tunnel-Type 64 tagged-integer ATTRIBUTE Tunnel-Medium-Type 65 tagged-integer ATTRIBUTE Tunnel-Client-Endpoint 66 tagged-string ATTRIBUTE Tunnel-Server-Endpoint 67 tagged-string ATTRIBUTE Acct-Tunnel-Connection 68 tagged-string ATTRIBUTE Tunnel-ID 68 tagged-string # Tunnel-Password is really tagged, but we have special internal code # to handle it ATTRIBUTE Tunnel-Password 69 string ATTRIBUTE ARAP-Password 70 string ATTRIBUTE ARAP-Features 71 string ATTRIBUTE ARAP-Zone-Access72 integer ATTRIBUTE ARAP-Security 73 integer ATTRIBUTE ARAP-Security-Data 74 string ATTRIBUTE Password-Retry 75 integer # Some experimental attributes from RFC 2869: ATTRIBUTE Prompt 76 integer ATTRIBUTE Connect-Info77 string ATTRIBUTE Configuration-Token 78 binary ATTRIBUTE EAP-Message 79 binary ATTRIBUTE Signature 80 binary ATTRIBUTE Message-Authenticator 80 binary ATTRIBUTE Tunnel-Private-Group-ID 81 tagged-string ATTRIBUTE Tunnel-Assignment-ID82 tagged-string ATTRIBUTE Tunnel-Preference 83 tagged-integer ATTRIBUTE Acct-Interim-Interval 85 integer ATTRIBUTE Ascend-Owner-IP-Addr86 ipaddr ATTRIBUTE NAS-Port-Id 87 string ATTRIBUTE Framed-Pool 88 string ATTRIBUTE Tunnel-Client-Auth-ID 90 tagged-string ATTRIBUTE Tunnel-Server-Auth-ID 91 tagged-string regards Hugh On Thursday, Jan 9, 2003, at 22:59 Australia/Melbourne, [EMAIL PROTECTED] wrote: Hi all Does the Radiator fully comply with RFC 2868, RADIUS Attributes for Tunnel Protocol Support? Kind Regards Marius Stefan Service Designer/Development Department Enertel N.V K.P van der Mandelelaan 130-144 3062 MB Rotterdam Postbus 25226 3001 HE Rotterdam Phone:+31(0)10 880 3798 Fax:+31(0)10 880 3901 Mobile:+31(0)65 460 4973 www.enertel.nl #** * # # Dit e-mailbericht met eventuele attachments is uitsluitend bestemd voor de # geadresseerde(n) en bevat mogelijk vertrouwelijke gegevens en/of is # beschermd door intellectuele eigendomsrechten. Bent u niet de # geadresseerde, neemt u dan zo spoedig mogelijk contact op met de afzender # en verzoeken wij u het e-mailbericht en eventuele attachments van uw # computer te verwijderen. Elk gebruik van de inhoud van dit e-mailbericht # en eventuele attachments (waaronder verveelvoudiging, verspreiding of het # anderzins openbaar maken in welke vorm dan ook) door andere personen dan # de bedoelde geadresseerden is verboden. De weergegeven mening is puur # persoonlijk en hoeft niet noodzakelijk over een te komen met die van # Enertel. Enertel is niet aansprakelijk voor de inhoud van dit # e-mailbericht en eventuele attachments. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RFC 2868
Hi all Does the Radiator fully comply with RFC 2868, RADIUS Attributes for Tunnel Protocol Support? Kind Regards Marius Stefan Service Designer/Development Department Enertel N.V K.P van der Mandelelaan 130-144 3062 MB Rotterdam Postbus 25226 3001 HE Rotterdam Phone:+31(0)10 880 3798 Fax:+31(0)10 880 3901 Mobile:+31(0)65 460 4973 www.enertel.nl #*** # # Dit e-mailbericht met eventuele attachments is uitsluitend bestemd voor de # geadresseerde(n) en bevat mogelijk vertrouwelijke gegevens en/of is # beschermd door intellectuele eigendomsrechten. Bent u niet de # geadresseerde, neemt u dan zo spoedig mogelijk contact op met de afzender # en verzoeken wij u het e-mailbericht en eventuele attachments van uw # computer te verwijderen. Elk gebruik van de inhoud van dit e-mailbericht # en eventuele attachments (waaronder verveelvoudiging, verspreiding of het # anderzins openbaar maken in welke vorm dan ook) door andere personen dan # de bedoelde geadresseerden is verboden. De weergegeven mening is puur # persoonlijk en hoeft niet noodzakelijk over een te komen met die van # Enertel. Enertel is niet aansprakelijk voor de inhoud van dit # e-mailbericht en eventuele attachments. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS subnet problem
Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfg Description: Binary data Thu Jan 9 10:35:49 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: <248><203>aK<239><149><154>OG<158><169>$<150>,<152><29> Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = "4" Thu Jan 9 10:35:49 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:49 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:49 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:49 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:49 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:49 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:49 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:49 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: <248><203>aK<239><149><154>OG<158><169>$<150>,<152><29> Attributes: Thu Jan 9 10:35:54 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: <248><203>aK<239><149><154>OG<158><169>$<150>,<152><29> Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = "4" Thu Jan 9 10:35:54 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:54 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:54 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:54 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:54 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:54 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:54 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:54 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: <248><203>aK<239><149><154>OG<158><169>$<150>,<152><29> Attributes: Thu Jan 9 10:35:55 2003: DEBUG: Packet dump: *** Received from 80.247.158.2 port 513 Code: Access-Request Identifier: 4 Authentic: <215>7Js!J<12><221><251><244><30>f<229><22><0>[ Attributes: User-Name = "sashton" User-Password = "Pz<22><167>u<188><202>}+<170><12><188>_<190><244>q" NAS-Port = 6 NAS-Port-Type = Async NAS-Identifier = "NitelPat1" Called-Station-Id = "" Calling-Station-Id = "1" Service-Type = Framed-User Framed-Protocol = PPP Thu Jan 9 10:35:59 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: <248><203>aK<239><149><154>OG<158><169>$<150>,<152><29> Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = "4" Thu Jan 9 10:35:59 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:59 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:59 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:59 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:59 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:59 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:59 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:59 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: <248><203>aK<239><149><154>OG<158><169>$<150>,<152><29> Attributes: Thu Jan 9 10:39:14 2003: DEBUG: Packet dump: *** Received from 80.247.140.51 port 1198 Code: Accounting-Request Identifier: 0 Authentic: <12><23>?<198>e<233><198>K?<205>s<245><149>@<174>P Attributes: Acct-Status-Type = Accounting-On NAS-IP-Address = 80.247.140.51 Acct-Session-Id = "34" Thu Jan 9 10:39:14 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:39:14 2003: DEBUG: SDB1 D
