(RADIATOR) IPASS accouting
Hi Hugh,
Thanks for your help.
I have a table that looks like (below) now.
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP
[EMAIL PROTECTED] StartJan
21, 2003 07:02 viruse180.247.158.69
1043136137
[EMAIL PROTECTED] StopJan 21,
2003 08:51 viruse180.247.158.69
1043142670
[EMAIL PROTECTED] StartJan 16,
2003 22:58 viruse180.247.158.68
1042761506
[EMAIL PROTECTED] StopJan 16, 2003
23:12 viruse180.247.158.68
1042762372
Now, is there a way I can generate accounting records that show how long the
particular IPASS user was logged on? I guess such a
record would have to be logged when the accounting stop packet is sent to
radiator. So that I have a table such as:
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESS
[EMAIL PROTECTED] Stop30:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop15:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop17:23
viruse180.247.158.68
[EMAIL PROTECTED] Stop1:12:02
viruse180.247.158.68
where the TIME column is the length of time the user spemt online. (I
don't really need the ACCTSTYPE column)
My config at the moment is as below:
AuthBy SQL
Identifier IPASSSQLAccounting
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
HandleAcctStatusTypes Start, Stop
AuthSelect
AccountingTable IPASSACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef TIME, Timestamp, integer-date
AcctColumnDef NASIDENTIFIER, NAS-Identifier
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
AcctColumnDef TIMESTAMP, Timestamp
/AuthBy
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier noIPADDRESSauth
Allocator mySQLallocator
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier pattonIPADDRESSauth
Allocator mySQLallocator
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
/AuthBy
## proxy radius for IPASS
AuthBy RADIUS
Identifier ipassNetserver
Host63.10.24.21
Secret
AuthPort11812
AcctPort11813
AddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
DefaultSimultaneousUse 1
/AuthBy
#=== HANDLERs
Handler Realm=myipass
RewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
AuthByPolicy ContinueAlways
AuthBy IPASSSQLAccounting
AuthBy ipassNetserver
/Handler
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Anyone here used a Hot Spot Gateway ?
Hi, I'm looking to authenticate my wireless and IP DSL customers using Radius. Has anybody used a Hot Spot Gateway like MicroTik router to do this ? I don't have a very large wireless or DSL network only about 500 users. I would like to know if anyone had any suggestions for edge routers or servers to limit customers bandwidth and keep track of there IP via Radius. Wayne === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco 2611 VPN group authentication
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Emilie Shoop [EMAIL PROTECTED]] Date: Tue, 21 Jan 2003 10:24:19 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Tue Jan 21 10:24:18 2003 Received: from mail.ncsa.uiuc.edu (mail.ncsa.uiuc.edu [141.142.2.28]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h0LGOHx13290 for [EMAIL PROTECTED]; Tue, 21 Jan 2003 10:24:18 -0600 X-Envelope-From: [EMAIL PROTECTED] X-Envelope-To: [EMAIL PROTECTED] Received: from D7YKZ021.ncsa.uiuc.edu (cab-wireless-127.ncsa.uiuc.edu [141.142.102.127]) by mail.ncsa.uiuc.edu (8.11.6/8.11.6) with ESMTP id h0LLNXk31143 for [EMAIL PROTECTED]; Tue, 21 Jan 2003 15:23:33 -0600 Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Tue, 21 Jan 2003 15:23:17 -0600 To: [EMAIL PROTECTED] From: Emilie Shoop [EMAIL PROTECTED] Subject: Cisco 2611 VPN group authentication Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed I was wondering if anyone had a sample Radiator config. for authenticating the group information on a Cisco 2611, and subsequently handing out DNS and WINS information? I have my Radius set up to authenticate the users, but now would like to move the group information (for the group VPNClients) to the radius as well. Here is my Radius config: # radius.cfg LogDir /services/radius/log DbDir /services/radius/conf BindAddress x.x.x.x AuthPort 1812 AcctPort 1813 Trace 5 #User #Group #For VPN access Client x.x.x.x Secret /Client # For testing: this allows us to honour requests from radpwtst on localhost Client localhost Secret mysecret DupInterval 0 /Client #Look for a Realm with an exact match on the realm name #look for a matching regular expression Realm #look for a Realm DEFAULT #look at each Handler in the order they appear #VPN Authentication x.x.x.x Handler NAS-IP-Address = x.x.x.x AuthBy FILE Filename %D/vpn_users /AuthBy /Handler #Default Handler for anything not specified above Handler AuthBy FILE #The Filename defaults to %D/users /AuthBy /Handler Here is my Cisco 2611 config.: CLIENT_VPN#sh run aaa authentication login userauthen group radius aaa authorization network groupauthor local aaa session-id common ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNClients key dns x.x.x.x wins x.x.x.x domain ncsa.uiuc.edu pool ippool ! ! crypto ipsec transform-set SET1 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set SET1 ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! interface FastEthernet0/0 crypto map clientmap ! ip local pool ippool x.x.x.x y.y.y.y radius-server host x.x.x.x auth-port 1812 acct-port 1813 key radius-server retransmit 3 call rsvp-sync ! Thanks, Emilie * Emilie Shoop Network Engineer [EMAIL PROTECTED] Phone: 217.244.5407 Cell: 217.649.8514 National Center for Supercomputing Applications ** --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using AcctSQLStatement with integer-date format
Hello Vangelis -
Could you explain to me what you are trying to do? In other words, what
value are you trying to calculate?
thanks
Hugh
On Monday, Jan 20, 2003, at 23:29 Australia/Melbourne, Vangelis
Kyriakakis wrote:
Hi again,
I'm trying to use something like
AcctColumnDef CONNECTTIME,%b-0%{Acct-Session-Time},integer-date
but it doesn't work. It gives a NULL value for the CONNECTTIME
attribute.
I have also tried AcctColumnDef
CONNECTTIME,%{Timestamp}-0%{Acct-Session-Time},integer-date
If I write AcctColumnDef CONNECTTIME,Timestamp,integer-date it works,
but
ofcourse it's not what I want.
I want to use this attribute with Sybase Datetime type
Regards
Vangelis
Hugh Irvine wrote:
Hello Vangelis -
You should use AcctColumnDef's for what you show below.
See section 6.28.14 in the Radiator 3.5 reference manual.
regards
Hugh
On Saturday, Jan 18, 2003, at 02:55 Australia/Melbourne, Vangelis
Kyriakakis wrote:
Hello,
I want to write the following AcctSQLStatement:
AcctSQLStatement insert into TABLE (LOGIN_TIME, LOGOUT_TIME,.)
values
(%{Timestamp}-%{Acct-Session-Time}Formatted using integer-date and
(%Y%m%d %H:%M) Format,%{Timestamp}Formatted using integer-date and
(%Y%m%d %H:%M) Format,...)
How should I write the above SQL query? I have read the manual
but
I cannot figure out the exact format of the query.
Regards
Vangelis
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy RADIUS problem
Hello Richard - Thanks for sending the files. The usual reason for this type of problem is incorrect shared secrets. You should check the shared secrets again and if you still have a problem, please send us (not to the list) the configuration files with secrets together with the contents of the users file with the real passwords. And could you also include a trace 5 hex dump of the packets so we can see exactly what is going on. regards Hugh I am currently having a problem with authentication of VPDN PPP sessions from a Cisco 7206 router. When I send this directly to the authentication radius server the authenication works fine. But when I try and proxy this via another server the authentication gets rejected with bad password. The proxy servers are working fine when proxying Lucent TNT ppp calls. It appears as though the proxy servers are changing the User-Password somehow. Below are the relevant configuration of both the authentication and proxy radius servers, as well as trace 4 logs. At the bottom is also a password log (with the passwords changed) but as you can see the second line (which is the proxyed one) has garbled decode of the password. Do you know what may be causing this? The proxy radius server is running Radiator 3.4 and the authentication radius server is running Radiator 3.4 Thanks Richard Relevent bits of Authentication RADIUS Server Client 203.76.13.132 Identifier ConnectADSL NasType CiscoVPDN Secret secret IdenticalClients 203.76.0.129 /Client Client 203.32.160.9 Identifier ConnectADSL IdenticalClients 203.32.166.111 Secret secret NasType Ascend /Client Handler Realm=zircon.com.au, Client-Identifier=ConnectADSL AuthBy FILE Filename /usr/local/etc/radius/data/users Nocache /AuthBy AcctLogFileName /var/log/radius/adsltesting.acct PasswordLogFileName /var/log/radius/adslpassword /Handler Relevent config bits of Proxy RADIUS Server Trace 1 Foreground AuthPort1812 AcctPort1813 DbDir /usr/local/etc/radius/raddb LogDir /var/log/radius DictionaryFile %D/dictionary Client 203.76.0.129 Identifier ADSL NasType CiscoVPDN Secret secret /Client Handler Realm=zircon.com.au, Client-Identifier=ADSL # RewriteUsername s/^([^@]+).*/$1/ AuthBy STAFF AcctLogFileName /var/log/radius/adsltesting.acct /Handler AuthBy RADIUS Identifier STAFF Host staff.syd.ip.net.au AuthPort 1812 AcctPort 1813 RetryTimeout 15 Retries 0 Secret secret /AuthBy Direct Authentication Logfile Tue Jan 21 09:25:52 2003: DEBUG: Packet dump: *** Received from 203.76.0.129 port 1645 Code: Access-Request Identifier: 174 Authentic: 21324023h192172I21711152245222M167159 Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = Virtual-Access1 NAS-Port-Type = Virtual User-Name = [EMAIL PROTECTED] Calling-Station-Id = nkt112100600855 User-Password = 24716)HZ=141621827V236f252217 Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:25:52 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ConnectADSL' Tue Jan 21 09:25:52 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 203.76.0.129, 1 Tue Jan 21 09:25:52 2003: DEBUG: Handling with Radius::AuthFILE: Tue Jan 21 09:25:52 2003: DEBUG: Reading users file /usr/local/etc/radius/data/users Tue Jan 21 09:25:52 2003: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED] Tue Jan 21 09:25:52 2003: DEBUG: Radius::AuthFILE ACCEPT: Tue Jan 21 09:25:52 2003: DEBUG: Access accepted for [EMAIL PROTECTED] Tue Jan 21 09:25:52 2003: DEBUG: Packet dump: *** Sending to 203.76.0.129 port 1645 Code: Access-Accept Identifier: 174 Authentic: 21324023h192172I21711152245222M167159 Attributes: Framed-IP-Address = 203.76.9.174 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Route = 203.76.9.128/29 203.76.9.174 1 Port-Limit = 2 Idle-Timeout = 60 Session-Timeout = 1200 Via Proxy Server PROXY Server LOGFILE Tue Jan 21 09:35:29 2003: DEBUG: Packet dump: *** Received from 203.76.0.129 port 1645 Code: Access-Request Identifier: 195 Authentic: 19153164:211129e159191249208/13522715 Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = Virtual-Access1 NAS-Port-Type = Virtual User-Name = [EMAIL PROTECTED] Calling-Station-Id = nkt112100600855 User-Password = Ekp229187O142170a1692518917018520145 Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:35:29 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ADSL' Tue Jan
Re: (RADIATOR) Cisco 2611 VPN group authentication
Hello Emilie - If the Cisco can be configured to do group authentication with radius, then it should be possible to use Radiator to deal with the requests. If you run Radiator at trace 4 you will be able to see the incoming requests and then you can configure accordingly. The simplest way to do this sort of debugging is to run radiusd from the command line and watch the log messages: perl radiusd -foreground -log_stdout -trace 4 -config_file .. If you send me a copy of the trace 4 I will try to help. regards Hugh I was wondering if anyone had a sample Radiator config. for authenticating the group information on a Cisco 2611, and subsequently handing out DNS and WINS information? I have my Radius set up to authenticate the users, but now would like to move the group information (for the group VPNClients) to the radius as well. Here is my Radius config: # radius.cfg LogDir /services/radius/log DbDir /services/radius/conf BindAddress x.x.x.x AuthPort 1812 AcctPort 1813 Trace 5 #User #Group #For VPN access Client x.x.x.x Secret /Client # For testing: this allows us to honour requests from radpwtst on localhost Client localhost Secret mysecret DupInterval 0 /Client #Look for a Realm with an exact match on the realm name #look for a matching regular expression Realm #look for a Realm DEFAULT #look at each Handler in the order they appear #VPN Authentication x.x.x.x Handler NAS-IP-Address = x.x.x.x AuthBy FILE Filename %D/vpn_users /AuthBy /Handler #Default Handler for anything not specified above Handler AuthBy FILE #The Filename defaults to %D/users /AuthBy /Handler Here is my Cisco 2611 config.: CLIENT_VPN#sh run aaa authentication login userauthen group radius aaa authorization network groupauthor local aaa session-id common ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNClients key dns x.x.x.x wins x.x.x.x domain ncsa.uiuc.edu pool ippool ! ! crypto ipsec transform-set SET1 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set SET1 ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! interface FastEthernet0/0 crypto map clientmap ! ip local pool ippool x.x.x.x y.y.y.y radius-server host x.x.x.x auth-port 1812 acct-port 1813 key radius-server retransmit 3 call rsvp-sync ! Thanks, Emilie * Emilie Shoop Network Engineer [EMAIL PROTECTED] Phone: 217.244.5407 Cell: 217.649.8514 National Center for Supercomputing Applications ** --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Anyone here used a Hot Spot Gateway ?
Nomadix makes a NAS (network access server) that can authenticate via radius and limit bandwidth by user. Colubris, nokia and cisco also make NAS's I am not familiar with MicroTik Lucent Access Points could also be used to limit bandwidth, with the added benefit of bandwidth borrowing for efficiency. JLM Jeremy Mordkoff Tatara Systems 978-206-0808 (direct) 978-206-0888 (fax) injustice anywhere threatens justice everywhere -- Dr. Martin Luther King -Original Message- From: Wayne [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 3:34 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Anyone here used a Hot Spot Gateway ? Hi, I'm looking to authenticate my wireless and IP DSL customers using Radius. Has anybody used a Hot Spot Gateway like MicroTik router to do this ? I don't have a very large wireless or DSL network only about 500 users. I would like to know if anyone had any suggestions for edge routers or servers to limit customers bandwidth and keep track of there IP via Radius. Wayne === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with Multiple Address Bind
Hello William - It is the underlying operating system that chooses which interface to use in sending the return packet, not Radiator. You should use a packet sniffer (tcpdump, snoop, ethereal, whatever) on your interfaces to verify your analysis, then reorganise your setup to get the operation you require. regards Hugh On Wednesday, Jan 22, 2003, at 07:52 Australia/Melbourne, William Taylor wrote: Hello, I am having a problem binding multiple address in Radiator. I I bind more then one address to radiator, authentication stops working. Im using pm3's. What I think it happening is the pm3 is getting a response back on a differnt address and is not acknowledging it. Is there a way to tell it to only reply back on the address it recieves the request on? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: IPASS accouting
Hello Tunde -
The radius accounting stop records should already contain an
Acct-Session-Time attribute containing the duration of the session.
So you just need to add the corresponding column to your database and
alter the AcctColumnDef's accordingly.
AuthBy SQL
Identifier IPASSSQLAccounting
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
HandleAcctStatusTypes Start, Stop
AuthSelect
AccountingTable IPASSACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef TIME, Timestamp, integer-date
AcctColumnDef NASIDENTIFIER, NAS-Identifier
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
AcctColumnDef TIMESTAMP, Timestamp
AcctColumnDef SESSIONTIME, Acct-Session-Time
/AuthBy
regards
Hugh
On Tuesday, Jan 21, 2003, at 19:57 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh,
Thanks for your help.
I have a table that looks like (below) now.
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP
[EMAIL PROTECTED] Start
Jan
21, 2003 07:02 viruse180.247.158.69
1043136137
[EMAIL PROTECTED] Stop
Jan 21,
2003 08:51 viruse180.247.158.69
1043142670
[EMAIL PROTECTED] StartJan
16,
2003 22:58 viruse180.247.158.68
1042761506
[EMAIL PROTECTED] StopJan
16, 2003
23:12 viruse180.247.158.68
1042762372
Now, is there a way I can generate accounting records that show how
long the
particular IPASS user was logged on? I guess such a
record would have to be logged when the accounting stop packet is sent
to
radiator. So that I have a table such as:
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESS
[EMAIL PROTECTED] Stop
30:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop
15:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop17:23
viruse180.247.158.68
[EMAIL PROTECTED] Stop1:12:02
viruse180.247.158.68
where the TIME column is the length of time the user spemt online. (I
don't really need the ACCTSTYPE column)
My config at the moment is as below:
AuthBy SQL
Identifier IPASSSQLAccounting
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
HandleAcctStatusTypes Start, Stop
AuthSelect
AccountingTable IPASSACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef TIME, Timestamp, integer-date
AcctColumnDef NASIDENTIFIER, NAS-Identifier
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
AcctColumnDef TIMESTAMP, Timestamp
/AuthBy
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1,
MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier noIPADDRESSauth
Allocator mySQLallocator
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1,
MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier pattonIPADDRESSauth
Allocator mySQLallocator
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
/AuthBy
## proxy radius for IPASS
AuthBy RADIUS
Identifier ipassNetserver
Host63.10.24.21
Secret
AuthPort11812
AcctPort11813
AddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
DefaultSimultaneousUse 1
/AuthBy
#=== HANDLERs
Handler Realm=myipass
RewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
AuthByPolicy ContinueAlways
AuthBy IPASSSQLAccounting
AuthBy ipassNetserver
/Handler
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere.
(RADIATOR) DYNADDRESS ContinueWhileAccept (Looping)
I am trying to set up DYNADDRESS authentication. What am I doing
wrong? This seems fairly simple It is just loops through all the IP's in
the pool instead of assigning 1 ip, and coming back accepted. I am not
sure what is going on.
Also, do you have any hints on making this work correctly with MLPP and
ISDN customers? Reading through the archives I see it mention but never a
final howto.
Any help is appreciated.
Cortney
Here is a snip of my config file.
---CONFIG
AddressAllocator SQL
Identifier radpools
DBSourcedbi:Sybase:XX
DBUsername
DBAuth
DefaultLeasePeriod 604800
LeaseReclaimInterval 86400
/AddressAllocator
Handler NAS-IP-Address=XXX.XXX.XXX.XXX
AuthByPolicy ContinueWhileAccept
AuthBy SQL
No Default
DBSourcedbi:Sybase:
DBUsername
DBAuth
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR from
AUTHENTICATION where USERNAME='%n'
RejectEmptyPassword
Timeout 10
#Put a Defualt Simultaneous Use of 1 so Mulit Link is not
possible unless it is turned on.
DefaultSimultaneousUse 1
# For testing
AddToReply PoolHint=test1
/AuthBy
AuthBy DYNADDRESS
AddressAllocator radpools
PoolHint %{Reply:PoolHint}
# Because we set it above.
StripFromReply PoolHint
/AuthBy
/Handler
---CONFIG---
I get the following logs Trace 4.
---LOG-
Tue Jan 21 17:47:45 2003: DEBUG: Packet dump:
*** Received from XXX.XXX.XXX.XXX port 1147
Packet length = 93
Code: Access-Request
Identifier: 133
Authentic: 1234567890123456
Attributes:
User-Name = jdoe
Service-Type = Framed-User
NAS-IP-Address = XXX
NAS-Port = 1234
Called-Station-Id = 123456789
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
171178142153118m@2224229?Z.220238
Tue Jan 21 17:47:45 2003: DEBUG: Handling request with Handler
'NAS-IP-Address=XXX
Tue Jan 21 17:47:45 2003: DEBUG: SDB1 Deleting session for jdoe, X,
1234
Tue Jan 21 17:47:45 2003: DEBUG: do query is: delete from RADONLINE where
USERNAME='jdoe' and NASIDENTIFIER='XXX' and NASPORT=1234
Tue Jan 21 17:47:46 2003: DEBUG: Handling with Radius::AuthSQL
Tue Jan 21 17:47:46 2003: DEBUG: Handling with Radius::AuthSQL:
Tue Jan 21 17:47:46 2003: DEBUG: Query is: select PASSWORD, CHECKATTR,
REPLYATTR from AUTHENTICATION where USERNAME='jdoe'
Tue Jan 21 17:47:46 2003: DEBUG: Radius::AuthSQL looks for match with jdoe
Tue Jan 21 17:47:46 2003: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID from RADONLINE where USERNAME='jdoe'
Tue Jan 21 17:47:46 2003: DEBUG: Radius::AuthSQL ACCEPT:
Tue Jan 21 17:47:46 2003: DEBUG: Handling with Radius::AuthDYNADDRESS
Tue Jan 21 17:47:46 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr,
subnetmask, dnsserver from radpool where pool='test1' and state=0 order by
time_stamp
Tue Jan 21 17:47:46 2003: DEBUG: do query is: update radpool set
state=1,time_stamp=1043196466, expiry=1043801266, username='jdoe' where
YIaddr='204.XXX.XXX.16' and time_stamp is NULL
Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr,
subnetmask, dnsserver from radpool where pool='test1' and state=0 order by
time_stamp
Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set
state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where
YIaddr='204.XXX.XXX.17' and time_stamp is NULL
Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr,
subnetmask, dnsserver from radpool where pool='test1' and state=0 order by
time_stamp
Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set
state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where
YIaddr='204.XXX.XXX.18' and time_stamp is NULL
Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr,
subnetmask, dnsserver from radpool where pool='test1' and state=0 order by
time_stamp
Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set
state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where
YIaddr='204.XXX.XXX.19' and time_stamp is NULL
Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr,
subnetmask, dnsserver from radpool where pool='test1' and state=0 order by
time_stamp
Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set
state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where
YIaddr='204.XXX.XXX.20' and time_stamp is NULL
Tue Jan 21
(RADIATOR) Radiator
I am having a issue installed the latest version of radiator I can not install Class::DBI:mysql DBD::mysql I have obtained the following from the archives and wondering if this is my problem Error I am getting is Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: CSV, ExampleP, File, Proxy. at t/mysql.t line 14 Use of uninitialized value in concatenation (.) or string at t/mysql.t line 149. Can't call method do on an undefined value at t/mysql.t line 149. END failed--call queue aborted. # No tests run! t/mysqldubious quote Turns out, there is a problem with the MySQL module compiling on my system. From the docs in the tarball, the error I am seeing has something to do with Perl and MySQL not being comiled with the same comiler. Mysql was compile using GCC. I know because I installed MySQL from the tarball. Perl, on the other hand, was installed from a binary RPM...the one that came with RedHat 5.2. /quote quote It's an old problem and I don't know other solution. You must to compile all the perl and mysql stuff in the same system and with the same compiler. If not, you can have problems not only with mysql, but also with any other perl modules. /quote Would the above quotes indicate that is my problems... if not would any one have any idea as to what it could be - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Anyone here used a Hot Spot Gateway ?
Hi I have tried Nokia Access Controller, now I'm useing Nomadix USG and today I will look at one box from Cisco. There are some feature differences and Nomadix USG (Universal Subscriber Gateway) is actually L2 device. It can do pretty nice stuff (for example no L3 reconfiguration is needed on customers PC, even with wrong static IP aadress). They all do basically the same thing but I would like to have even more features than they support today. Lets see what the Cisco is capable of. Rgds. Toomas Kärner - Original Message - From: Wayne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 10:33 PM Subject: (RADIATOR) Anyone here used a Hot Spot Gateway ? Hi, I'm looking to authenticate my wireless and IP DSL customers using Radius. Has anybody used a Hot Spot Gateway like MicroTik router to do this ? I don't have a very large wireless or DSL network only about 500 users. I would like to know if anyone had any suggestions for edge routers or servers to limit customers bandwidth and keep track of there IP via Radius. Wayne === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator
Hello Chris - You need to install DBI and DBD for MySQL using the same C compiler as was used to build Perl. On Linux systems this is not usually a problem because everything is compiled with the same compiler that is included in the distribution. You must install DBI first, then DBD. regards Hugh On Wednesday, Jan 22, 2003, at 12:22 Australia/Melbourne, Chris Kay wrote: I am having a issue installed the latest version of radiator I can not install Class::DBI:mysql DBD::mysql I have obtained the following from the archives and wondering if this is my problem Error I am getting is Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: CSV, ExampleP, File, Proxy. at t/mysql.t line 14 Use of uninitialized value in concatenation (.) or string at t/mysql.t line 149. Can't call method do on an undefined value at t/mysql.t line 149. END failed--call queue aborted. # No tests run! t/mysqldubious quote Turns out, there is a problem with the MySQL module compiling on my system. From the docs in the tarball, the error I am seeing has something to do with Perl and MySQL not being comiled with the same comiler. Mysql was compile using GCC. I know because I installed MySQL from the tarball. Perl, on the other hand, was installed from a binary RPM...the one that came with RedHat 5.2. /quote quote It's an old problem and I don't know other solution. You must to compile all the perl and mysql stuff in the same system and with the same compiler. If not, you can have problems not only with mysql, but also with any other perl modules. /quote Would the above quotes indicate that is my problems... if not would any one have any idea as to what it could be - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
