(RADIATOR) IPASS accouting
Hi Hugh, Thanks for your help. I have a table that looks like (below) now. USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP [EMAIL PROTECTED] StartJan 21, 2003 07:02 viruse180.247.158.69 1043136137 [EMAIL PROTECTED] StopJan 21, 2003 08:51 viruse180.247.158.69 1043142670 [EMAIL PROTECTED] StartJan 16, 2003 22:58 viruse180.247.158.68 1042761506 [EMAIL PROTECTED] StopJan 16, 2003 23:12 viruse180.247.158.68 1042762372 Now, is there a way I can generate accounting records that show how long the particular IPASS user was logged on? I guess such a record would have to be logged when the accounting stop packet is sent to radiator. So that I have a table such as: USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESS [EMAIL PROTECTED] Stop30:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop15:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop17:23 viruse180.247.158.68 [EMAIL PROTECTED] Stop1:12:02 viruse180.247.158.68 where the TIME column is the length of time the user spemt online. (I don't really need the ACCTSTYPE column) My config at the moment is as below: AuthBy SQL Identifier IPASSSQLAccounting DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold HandleAcctStatusTypes Start, Stop AuthSelect AccountingTable IPASSACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef TIME, Timestamp, integer-date AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef TIMESTAMP, Timestamp /AuthBy AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier noIPADDRESSauth Allocator mySQLallocator MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier pattonIPADDRESSauth Allocator mySQLallocator MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 /AuthBy ## proxy radius for IPASS AuthBy RADIUS Identifier ipassNetserver Host63.10.24.21 Secret AuthPort11812 AcctPort11813 AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N DefaultSimultaneousUse 1 /AuthBy #=== HANDLERs Handler Realm=myipass RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ AuthByPolicy ContinueAlways AuthBy IPASSSQLAccounting AuthBy ipassNetserver /Handler === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Anyone here used a Hot Spot Gateway ?
Hi, I'm looking to authenticate my wireless and IP DSL customers using Radius. Has anybody used a Hot Spot Gateway like MicroTik router to do this ? I don't have a very large wireless or DSL network only about 500 users. I would like to know if anyone had any suggestions for edge routers or servers to limit customers bandwidth and keep track of there IP via Radius. Wayne === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco 2611 VPN group authentication
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Emilie Shoop [EMAIL PROTECTED]] Date: Tue, 21 Jan 2003 10:24:19 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Tue Jan 21 10:24:18 2003 Received: from mail.ncsa.uiuc.edu (mail.ncsa.uiuc.edu [141.142.2.28]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id h0LGOHx13290 for [EMAIL PROTECTED]; Tue, 21 Jan 2003 10:24:18 -0600 X-Envelope-From: [EMAIL PROTECTED] X-Envelope-To: [EMAIL PROTECTED] Received: from D7YKZ021.ncsa.uiuc.edu (cab-wireless-127.ncsa.uiuc.edu [141.142.102.127]) by mail.ncsa.uiuc.edu (8.11.6/8.11.6) with ESMTP id h0LLNXk31143 for [EMAIL PROTECTED]; Tue, 21 Jan 2003 15:23:33 -0600 Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Tue, 21 Jan 2003 15:23:17 -0600 To: [EMAIL PROTECTED] From: Emilie Shoop [EMAIL PROTECTED] Subject: Cisco 2611 VPN group authentication Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed I was wondering if anyone had a sample Radiator config. for authenticating the group information on a Cisco 2611, and subsequently handing out DNS and WINS information? I have my Radius set up to authenticate the users, but now would like to move the group information (for the group VPNClients) to the radius as well. Here is my Radius config: # radius.cfg LogDir /services/radius/log DbDir /services/radius/conf BindAddress x.x.x.x AuthPort 1812 AcctPort 1813 Trace 5 #User #Group #For VPN access Client x.x.x.x Secret /Client # For testing: this allows us to honour requests from radpwtst on localhost Client localhost Secret mysecret DupInterval 0 /Client #Look for a Realm with an exact match on the realm name #look for a matching regular expression Realm #look for a Realm DEFAULT #look at each Handler in the order they appear #VPN Authentication x.x.x.x Handler NAS-IP-Address = x.x.x.x AuthBy FILE Filename %D/vpn_users /AuthBy /Handler #Default Handler for anything not specified above Handler AuthBy FILE #The Filename defaults to %D/users /AuthBy /Handler Here is my Cisco 2611 config.: CLIENT_VPN#sh run aaa authentication login userauthen group radius aaa authorization network groupauthor local aaa session-id common ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNClients key dns x.x.x.x wins x.x.x.x domain ncsa.uiuc.edu pool ippool ! ! crypto ipsec transform-set SET1 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set SET1 ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! interface FastEthernet0/0 crypto map clientmap ! ip local pool ippool x.x.x.x y.y.y.y radius-server host x.x.x.x auth-port 1812 acct-port 1813 key radius-server retransmit 3 call rsvp-sync ! Thanks, Emilie * Emilie Shoop Network Engineer [EMAIL PROTECTED] Phone: 217.244.5407 Cell: 217.649.8514 National Center for Supercomputing Applications ** --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Using AcctSQLStatement with integer-date format
Hello Vangelis - Could you explain to me what you are trying to do? In other words, what value are you trying to calculate? thanks Hugh On Monday, Jan 20, 2003, at 23:29 Australia/Melbourne, Vangelis Kyriakakis wrote: Hi again, I'm trying to use something like AcctColumnDef CONNECTTIME,%b-0%{Acct-Session-Time},integer-date but it doesn't work. It gives a NULL value for the CONNECTTIME attribute. I have also tried AcctColumnDef CONNECTTIME,%{Timestamp}-0%{Acct-Session-Time},integer-date If I write AcctColumnDef CONNECTTIME,Timestamp,integer-date it works, but ofcourse it's not what I want. I want to use this attribute with Sybase Datetime type Regards Vangelis Hugh Irvine wrote: Hello Vangelis - You should use AcctColumnDef's for what you show below. See section 6.28.14 in the Radiator 3.5 reference manual. regards Hugh On Saturday, Jan 18, 2003, at 02:55 Australia/Melbourne, Vangelis Kyriakakis wrote: Hello, I want to write the following AcctSQLStatement: AcctSQLStatement insert into TABLE (LOGIN_TIME, LOGOUT_TIME,.) values (%{Timestamp}-%{Acct-Session-Time}Formatted using integer-date and (%Y%m%d %H:%M) Format,%{Timestamp}Formatted using integer-date and (%Y%m%d %H:%M) Format,...) How should I write the above SQL query? I have read the manual but I cannot figure out the exact format of the query. Regards Vangelis === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxy RADIUS problem
Hello Richard - Thanks for sending the files. The usual reason for this type of problem is incorrect shared secrets. You should check the shared secrets again and if you still have a problem, please send us (not to the list) the configuration files with secrets together with the contents of the users file with the real passwords. And could you also include a trace 5 hex dump of the packets so we can see exactly what is going on. regards Hugh I am currently having a problem with authentication of VPDN PPP sessions from a Cisco 7206 router. When I send this directly to the authentication radius server the authenication works fine. But when I try and proxy this via another server the authentication gets rejected with bad password. The proxy servers are working fine when proxying Lucent TNT ppp calls. It appears as though the proxy servers are changing the User-Password somehow. Below are the relevant configuration of both the authentication and proxy radius servers, as well as trace 4 logs. At the bottom is also a password log (with the passwords changed) but as you can see the second line (which is the proxyed one) has garbled decode of the password. Do you know what may be causing this? The proxy radius server is running Radiator 3.4 and the authentication radius server is running Radiator 3.4 Thanks Richard Relevent bits of Authentication RADIUS Server Client 203.76.13.132 Identifier ConnectADSL NasType CiscoVPDN Secret secret IdenticalClients 203.76.0.129 /Client Client 203.32.160.9 Identifier ConnectADSL IdenticalClients 203.32.166.111 Secret secret NasType Ascend /Client Handler Realm=zircon.com.au, Client-Identifier=ConnectADSL AuthBy FILE Filename /usr/local/etc/radius/data/users Nocache /AuthBy AcctLogFileName /var/log/radius/adsltesting.acct PasswordLogFileName /var/log/radius/adslpassword /Handler Relevent config bits of Proxy RADIUS Server Trace 1 Foreground AuthPort1812 AcctPort1813 DbDir /usr/local/etc/radius/raddb LogDir /var/log/radius DictionaryFile %D/dictionary Client 203.76.0.129 Identifier ADSL NasType CiscoVPDN Secret secret /Client Handler Realm=zircon.com.au, Client-Identifier=ADSL # RewriteUsername s/^([^@]+).*/$1/ AuthBy STAFF AcctLogFileName /var/log/radius/adsltesting.acct /Handler AuthBy RADIUS Identifier STAFF Host staff.syd.ip.net.au AuthPort 1812 AcctPort 1813 RetryTimeout 15 Retries 0 Secret secret /AuthBy Direct Authentication Logfile Tue Jan 21 09:25:52 2003: DEBUG: Packet dump: *** Received from 203.76.0.129 port 1645 Code: Access-Request Identifier: 174 Authentic: 21324023h192172I21711152245222M167159 Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = Virtual-Access1 NAS-Port-Type = Virtual User-Name = [EMAIL PROTECTED] Calling-Station-Id = nkt112100600855 User-Password = 24716)HZ=141621827V236f252217 Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:25:52 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ConnectADSL' Tue Jan 21 09:25:52 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 203.76.0.129, 1 Tue Jan 21 09:25:52 2003: DEBUG: Handling with Radius::AuthFILE: Tue Jan 21 09:25:52 2003: DEBUG: Reading users file /usr/local/etc/radius/data/users Tue Jan 21 09:25:52 2003: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED] Tue Jan 21 09:25:52 2003: DEBUG: Radius::AuthFILE ACCEPT: Tue Jan 21 09:25:52 2003: DEBUG: Access accepted for [EMAIL PROTECTED] Tue Jan 21 09:25:52 2003: DEBUG: Packet dump: *** Sending to 203.76.0.129 port 1645 Code: Access-Accept Identifier: 174 Authentic: 21324023h192172I21711152245222M167159 Attributes: Framed-IP-Address = 203.76.9.174 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Route = 203.76.9.128/29 203.76.9.174 1 Port-Limit = 2 Idle-Timeout = 60 Session-Timeout = 1200 Via Proxy Server PROXY Server LOGFILE Tue Jan 21 09:35:29 2003: DEBUG: Packet dump: *** Received from 203.76.0.129 port 1645 Code: Access-Request Identifier: 195 Authentic: 19153164:211129e159191249208/13522715 Attributes: NAS-IP-Address = 203.76.0.129 NAS-Port = 1 Cisco-NAS-Port = Virtual-Access1 NAS-Port-Type = Virtual User-Name = [EMAIL PROTECTED] Calling-Station-Id = nkt112100600855 User-Password = Ekp229187O142170a1692518917018520145 Service-Type = Framed-User Framed-Protocol = PPP Tue Jan 21 09:35:29 2003: DEBUG: Handling request with Handler 'Realm=zircon.com.au, Client-Identifier=ADSL' Tue Jan
Re: (RADIATOR) Cisco 2611 VPN group authentication
Hello Emilie - If the Cisco can be configured to do group authentication with radius, then it should be possible to use Radiator to deal with the requests. If you run Radiator at trace 4 you will be able to see the incoming requests and then you can configure accordingly. The simplest way to do this sort of debugging is to run radiusd from the command line and watch the log messages: perl radiusd -foreground -log_stdout -trace 4 -config_file .. If you send me a copy of the trace 4 I will try to help. regards Hugh I was wondering if anyone had a sample Radiator config. for authenticating the group information on a Cisco 2611, and subsequently handing out DNS and WINS information? I have my Radius set up to authenticate the users, but now would like to move the group information (for the group VPNClients) to the radius as well. Here is my Radius config: # radius.cfg LogDir /services/radius/log DbDir /services/radius/conf BindAddress x.x.x.x AuthPort 1812 AcctPort 1813 Trace 5 #User #Group #For VPN access Client x.x.x.x Secret /Client # For testing: this allows us to honour requests from radpwtst on localhost Client localhost Secret mysecret DupInterval 0 /Client #Look for a Realm with an exact match on the realm name #look for a matching regular expression Realm #look for a Realm DEFAULT #look at each Handler in the order they appear #VPN Authentication x.x.x.x Handler NAS-IP-Address = x.x.x.x AuthBy FILE Filename %D/vpn_users /AuthBy /Handler #Default Handler for anything not specified above Handler AuthBy FILE #The Filename defaults to %D/users /AuthBy /Handler Here is my Cisco 2611 config.: CLIENT_VPN#sh run aaa authentication login userauthen group radius aaa authorization network groupauthor local aaa session-id common ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group VPNClients key dns x.x.x.x wins x.x.x.x domain ncsa.uiuc.edu pool ippool ! ! crypto ipsec transform-set SET1 esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set SET1 ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! interface FastEthernet0/0 crypto map clientmap ! ip local pool ippool x.x.x.x y.y.y.y radius-server host x.x.x.x auth-port 1812 acct-port 1813 key radius-server retransmit 3 call rsvp-sync ! Thanks, Emilie * Emilie Shoop Network Engineer [EMAIL PROTECTED] Phone: 217.244.5407 Cell: 217.649.8514 National Center for Supercomputing Applications ** --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Anyone here used a Hot Spot Gateway ?
Nomadix makes a NAS (network access server) that can authenticate via radius and limit bandwidth by user. Colubris, nokia and cisco also make NAS's I am not familiar with MicroTik Lucent Access Points could also be used to limit bandwidth, with the added benefit of bandwidth borrowing for efficiency. JLM Jeremy Mordkoff Tatara Systems 978-206-0808 (direct) 978-206-0888 (fax) injustice anywhere threatens justice everywhere -- Dr. Martin Luther King -Original Message- From: Wayne [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 21, 2003 3:34 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Anyone here used a Hot Spot Gateway ? Hi, I'm looking to authenticate my wireless and IP DSL customers using Radius. Has anybody used a Hot Spot Gateway like MicroTik router to do this ? I don't have a very large wireless or DSL network only about 500 users. I would like to know if anyone had any suggestions for edge routers or servers to limit customers bandwidth and keep track of there IP via Radius. Wayne === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems with Multiple Address Bind
Hello William - It is the underlying operating system that chooses which interface to use in sending the return packet, not Radiator. You should use a packet sniffer (tcpdump, snoop, ethereal, whatever) on your interfaces to verify your analysis, then reorganise your setup to get the operation you require. regards Hugh On Wednesday, Jan 22, 2003, at 07:52 Australia/Melbourne, William Taylor wrote: Hello, I am having a problem binding multiple address in Radiator. I I bind more then one address to radiator, authentication stops working. Im using pm3's. What I think it happening is the pm3 is getting a response back on a differnt address and is not acknowledging it. Is there a way to tell it to only reply back on the address it recieves the request on? === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: IPASS accouting
Hello Tunde - The radius accounting stop records should already contain an Acct-Session-Time attribute containing the duration of the session. So you just need to add the corresponding column to your database and alter the AcctColumnDef's accordingly. AuthBy SQL Identifier IPASSSQLAccounting DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold HandleAcctStatusTypes Start, Stop AuthSelect AccountingTable IPASSACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef TIME, Timestamp, integer-date AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef TIMESTAMP, Timestamp AcctColumnDef SESSIONTIME, Acct-Session-Time /AuthBy regards Hugh On Tuesday, Jan 21, 2003, at 19:57 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Thanks for your help. I have a table that looks like (below) now. USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP [EMAIL PROTECTED] Start Jan 21, 2003 07:02 viruse180.247.158.69 1043136137 [EMAIL PROTECTED] Stop Jan 21, 2003 08:51 viruse180.247.158.69 1043142670 [EMAIL PROTECTED] StartJan 16, 2003 22:58 viruse180.247.158.68 1042761506 [EMAIL PROTECTED] StopJan 16, 2003 23:12 viruse180.247.158.68 1042762372 Now, is there a way I can generate accounting records that show how long the particular IPASS user was logged on? I guess such a record would have to be logged when the accounting stop packet is sent to radiator. So that I have a table such as: USERNAME ACCTSTYPETIME NAS-IDENTIFIERFRAMED-IP-ADDRESS [EMAIL PROTECTED] Stop 30:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop 15:00 viruse180.247.158.69 [EMAIL PROTECTED] Stop17:23 viruse180.247.158.68 [EMAIL PROTECTED] Stop1:12:02 viruse180.247.158.68 where the TIME column is the length of time the user spemt online. (I don't really need the ACCTSTYPE column) My config at the moment is as below: AuthBy SQL Identifier IPASSSQLAccounting DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold HandleAcctStatusTypes Start, Stop AuthSelect AccountingTable IPASSACCOUNTING AcctColumnDef USERNAME, User-Name AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef TIME, Timestamp, integer-date AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef TIMESTAMP, Timestamp /AuthBy AuthBy DYNADDRESS Identifier myIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier noIPADDRESSauth Allocator mySQLallocator MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key DefaultSimultaneousUse 1 /AuthBy AuthBy DYNADDRESS Identifier pattonIPADDRESSauth Allocator mySQLallocator MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint DefaultSimultaneousUse 1 /AuthBy ## proxy radius for IPASS AuthBy RADIUS Identifier ipassNetserver Host63.10.24.21 Secret AuthPort11812 AcctPort11813 AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N DefaultSimultaneousUse 1 /AuthBy #=== HANDLERs Handler Realm=myipass RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ AuthByPolicy ContinueAlways AuthBy IPASSSQLAccounting AuthBy ipassNetserver /Handler -- Radiator: the most portable, flexible and configurable RADIUS server anywhere.
(RADIATOR) DYNADDRESS ContinueWhileAccept (Looping)
I am trying to set up DYNADDRESS authentication. What am I doing wrong? This seems fairly simple It is just loops through all the IP's in the pool instead of assigning 1 ip, and coming back accepted. I am not sure what is going on. Also, do you have any hints on making this work correctly with MLPP and ISDN customers? Reading through the archives I see it mention but never a final howto. Any help is appreciated. Cortney Here is a snip of my config file. ---CONFIG AddressAllocator SQL Identifier radpools DBSourcedbi:Sybase:XX DBUsername DBAuth DefaultLeasePeriod 604800 LeaseReclaimInterval 86400 /AddressAllocator Handler NAS-IP-Address=XXX.XXX.XXX.XXX AuthByPolicy ContinueWhileAccept AuthBy SQL No Default DBSourcedbi:Sybase: DBUsername DBAuth AuthSelect select PASSWORD, CHECKATTR, REPLYATTR from AUTHENTICATION where USERNAME='%n' RejectEmptyPassword Timeout 10 #Put a Defualt Simultaneous Use of 1 so Mulit Link is not possible unless it is turned on. DefaultSimultaneousUse 1 # For testing AddToReply PoolHint=test1 /AuthBy AuthBy DYNADDRESS AddressAllocator radpools PoolHint %{Reply:PoolHint} # Because we set it above. StripFromReply PoolHint /AuthBy /Handler ---CONFIG--- I get the following logs Trace 4. ---LOG- Tue Jan 21 17:47:45 2003: DEBUG: Packet dump: *** Received from XXX.XXX.XXX.XXX port 1147 Packet length = 93 Code: Access-Request Identifier: 133 Authentic: 1234567890123456 Attributes: User-Name = jdoe Service-Type = Framed-User NAS-IP-Address = XXX NAS-Port = 1234 Called-Station-Id = 123456789 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 171178142153118m@2224229?Z.220238 Tue Jan 21 17:47:45 2003: DEBUG: Handling request with Handler 'NAS-IP-Address=XXX Tue Jan 21 17:47:45 2003: DEBUG: SDB1 Deleting session for jdoe, X, 1234 Tue Jan 21 17:47:45 2003: DEBUG: do query is: delete from RADONLINE where USERNAME='jdoe' and NASIDENTIFIER='XXX' and NASPORT=1234 Tue Jan 21 17:47:46 2003: DEBUG: Handling with Radius::AuthSQL Tue Jan 21 17:47:46 2003: DEBUG: Handling with Radius::AuthSQL: Tue Jan 21 17:47:46 2003: DEBUG: Query is: select PASSWORD, CHECKATTR, REPLYATTR from AUTHENTICATION where USERNAME='jdoe' Tue Jan 21 17:47:46 2003: DEBUG: Radius::AuthSQL looks for match with jdoe Tue Jan 21 17:47:46 2003: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='jdoe' Tue Jan 21 17:47:46 2003: DEBUG: Radius::AuthSQL ACCEPT: Tue Jan 21 17:47:46 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Tue Jan 21 17:47:46 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr, subnetmask, dnsserver from radpool where pool='test1' and state=0 order by time_stamp Tue Jan 21 17:47:46 2003: DEBUG: do query is: update radpool set state=1,time_stamp=1043196466, expiry=1043801266, username='jdoe' where YIaddr='204.XXX.XXX.16' and time_stamp is NULL Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr, subnetmask, dnsserver from radpool where pool='test1' and state=0 order by time_stamp Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where YIaddr='204.XXX.XXX.17' and time_stamp is NULL Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr, subnetmask, dnsserver from radpool where pool='test1' and state=0 order by time_stamp Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where YIaddr='204.XXX.XXX.18' and time_stamp is NULL Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr, subnetmask, dnsserver from radpool where pool='test1' and state=0 order by time_stamp Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where YIaddr='204.XXX.XXX.19' and time_stamp is NULL Tue Jan 21 17:47:47 2003: DEBUG: Query is: Select TOP 1 time_stamp, yiaddr, subnetmask, dnsserver from radpool where pool='test1' and state=0 order by time_stamp Tue Jan 21 17:47:47 2003: DEBUG: do query is: update radpool set state=1,time_stamp=1043196467, expiry=1043801267, username='jdoe' where YIaddr='204.XXX.XXX.20' and time_stamp is NULL Tue Jan 21
(RADIATOR) Radiator
I am having a issue installed the latest version of radiator I can not install Class::DBI:mysql DBD::mysql I have obtained the following from the archives and wondering if this is my problem Error I am getting is Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: CSV, ExampleP, File, Proxy. at t/mysql.t line 14 Use of uninitialized value in concatenation (.) or string at t/mysql.t line 149. Can't call method do on an undefined value at t/mysql.t line 149. END failed--call queue aborted. # No tests run! t/mysqldubious quote Turns out, there is a problem with the MySQL module compiling on my system. From the docs in the tarball, the error I am seeing has something to do with Perl and MySQL not being comiled with the same comiler. Mysql was compile using GCC. I know because I installed MySQL from the tarball. Perl, on the other hand, was installed from a binary RPM...the one that came with RedHat 5.2. /quote quote It's an old problem and I don't know other solution. You must to compile all the perl and mysql stuff in the same system and with the same compiler. If not, you can have problems not only with mysql, but also with any other perl modules. /quote Would the above quotes indicate that is my problems... if not would any one have any idea as to what it could be - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Anyone here used a Hot Spot Gateway ?
Hi I have tried Nokia Access Controller, now I'm useing Nomadix USG and today I will look at one box from Cisco. There are some feature differences and Nomadix USG (Universal Subscriber Gateway) is actually L2 device. It can do pretty nice stuff (for example no L3 reconfiguration is needed on customers PC, even with wrong static IP aadress). They all do basically the same thing but I would like to have even more features than they support today. Lets see what the Cisco is capable of. Rgds. Toomas Kärner - Original Message - From: Wayne [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 21, 2003 10:33 PM Subject: (RADIATOR) Anyone here used a Hot Spot Gateway ? Hi, I'm looking to authenticate my wireless and IP DSL customers using Radius. Has anybody used a Hot Spot Gateway like MicroTik router to do this ? I don't have a very large wireless or DSL network only about 500 users. I would like to know if anyone had any suggestions for edge routers or servers to limit customers bandwidth and keep track of there IP via Radius. Wayne === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator
Hello Chris - You need to install DBI and DBD for MySQL using the same C compiler as was used to build Perl. On Linux systems this is not usually a problem because everything is compiled with the same compiler that is included in the distribution. You must install DBI first, then DBD. regards Hugh On Wednesday, Jan 22, 2003, at 12:22 Australia/Melbourne, Chris Kay wrote: I am having a issue installed the latest version of radiator I can not install Class::DBI:mysql DBD::mysql I have obtained the following from the archives and wondering if this is my problem Error I am getting is Perhaps the DBD::mysql perl module hasn't been fully installed, or perhaps the capitalisation of 'mysql' isn't right. Available drivers: CSV, ExampleP, File, Proxy. at t/mysql.t line 14 Use of uninitialized value in concatenation (.) or string at t/mysql.t line 149. Can't call method do on an undefined value at t/mysql.t line 149. END failed--call queue aborted. # No tests run! t/mysqldubious quote Turns out, there is a problem with the MySQL module compiling on my system. From the docs in the tarball, the error I am seeing has something to do with Perl and MySQL not being comiled with the same comiler. Mysql was compile using GCC. I know because I installed MySQL from the tarball. Perl, on the other hand, was installed from a binary RPM...the one that came with RedHat 5.2. /quote quote It's an old problem and I don't know other solution. You must to compile all the perl and mysql stuff in the same system and with the same compiler. If not, you can have problems not only with mysql, but also with any other perl modules. /quote Would the above quotes indicate that is my problems... if not would any one have any idea as to what it could be - Chris Kay (Systems Development) Techex Communications Website: www.techex.com.au Email: [EMAIL PROTECTED] Telephone: 1300 88 111 2 - Fax: 1300 882 221 - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.