RE: (RADIATOR) AuthBy OPIE - can't locate loadable object
Hi Again Many thanks to Hugh for helping me out. A proper installation of the Perl OPIE module was exactly the issue. I was trying to enable s/key (now OPIE) authentication for Radius users in a Check Point VPN-1 environemnt, since native s/key will not be a feature of the next Check Point version. I can provide the document I wrote for anyone who needs to setup a similar environment Regards, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hugh Irvine Sent: Thursday, February 27, 2003 10:46 PM To: Mark Wellins Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy OPIE - can't locate loadable object Hello Mark - See my other mail for instructions on installing Perl modules. regards Hugh On Thursday, Feb 27, 2003, at 19:42 Australia/Melbourne, Mark Wellins wrote: Again thanks Hugh. I am not sure how you install the files included in that tarball. Currently I just copied OPIE.pm and OPIE.xs to /usr/lib/perl5/site_perl/5.6.1/ which is probably not correct Thanks for your advice, Mark -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, February 27, 2003 10:18 AM To: Mark Wellins Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy OPIE - can't locate loadable object Hello Mark - Thanks for sending the files. It actually looks like you have not installed the Perl OPIE module as described in section 6.44 of the Radiator reference manual (included in the distribution in the file doc/ref.html). regards Hugh On Thursday, Feb 27, 2003, at 18:34 Australia/Melbourne, Mark Wellins wrote: Thanks Hugh. I hope it's as simple as that! Attached if the radius.cfg and logfile (after I changed the debug variable to 4) (I left the file whole since it's a lab environment, you'll see the secret still) Regards, Mark -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, February 27, 2003 12:33 AM To: Mark Wellins Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy OPIE - can't locate loadable object Hello Mark - Thanks for sending the debug output. It looks to me more like a typo in the configuration file, which should look like this: AuthBy OPIE /AuthBy If you still have a problem, please send me a copy of the configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening at startup. regards Hugh On Wednesday, Feb 26, 2003, at 20:01 Australia/Melbourne, Mark Wellins wrote: Hello, I am having trouble starting Radiator (3.5 Eval) with OPIE authentication enabled. The logflie reports as follows: Wed Feb 26 07:19:06 2003: ERR: Unknown object 'AuthBy' in /etc/radiator/radius.cfg line 34 Wed Feb 26 07:19:06 2003: INFO: Server started: Radiator 3.5 on claw (DEMO) Wed Feb 26 07:32:41 2003: NOTICE: SIGTERM received: stopping Wed Feb 26 07:32:42 2003: ERR: Could not load AuthBy module Radius::AuthOPIE: Can't locate loadable object for module OPIE in @INC (@INC contains: . /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at Radius/AuthOPIE.pm line 15 Compilation failed in require at Radius/AuthOPIE.pm line 15, FILE line 34. BEGIN failed--compilation aborted at Radius/AuthOPIE.pm line 15, FILE line 34. Compilation failed in require at (eval 23) line 3, FILE line 34. Wed Feb 26 07:32:42 2003: ERR: Unknown object 'AuthBy' in /etc/radiator/radius.cfg line 34 Wed Feb 26 07:32:42 2003: INFO: Server started: Radiator 3.5 on claw (DEMO) I am guessing that the @INC variable does not contain the necessary information to find the loadable module for OPIE. Since I am pretty new to Linux I really don't know where to start debugging - looking through the archive it looks like I need to recompile PERL with OPIE somehow. Any guidance would help - many thanks. Mark === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. logflieradius.cfg NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere.
(RADIATOR) help with ipass accouting
Hi All, Hi Hugh,
I haven't been active on the list for some time
since Radiator has simple been radiant!
I want to get radiator to log the following values
into an oracle table called IPASSTABLE.
The time the ipass user disconnected ( as contained
in %o) into both a VARCHAR2 and DATE field.
The time the user logged on ( calculated by
subtracting the %{Acct-Session-Time} from the disconnect time) -
this value
would also be stored in aVARCHAR2 and DATE field.
I already have the first, but the second seems a
little tricky. I though of subtracting %{Acct-Session-Time} from
%b,
but the problem is how to convert the resulting
timestamp (in seconds) back to a DATE value (and a CHAR value too)
Currently I have the following AcctSqlStatement in my radius config file.
AcctSQLStatement insert into ipasstable values (
\'%{User-Name}', '%{Acct-Status-Type}',
\'%{NAS-Identifier}', '%{Framed-IP-Address}',
\%{Acct-Session-Time}, \'%o', \to_date('%o', 'DY
MON DD HH24:MI:SS '), \'%o', \to_date('%o', 'DY MON DD
HH24:MI:SS ') )
The first "to_date (..." is supposed to contain the
calculated login time (some variation of "%b - %{Acct-Session-Time}"
?)
while the first %o is supposed to hold the login time in char
format ( to_char(whatever_i_get_from_the_calculation above) ?).
Please see the LOGIN_START_DATE_DATE and
LOGIN_START_DATE_CHAR in the table def below.
HELP
Regards,
Tunde I.
IPASSTABLE table def
Name
Null?
Type-
--USERNAME
VARCHAR2(50)ACCTSTATUSTYPEVARCHAR2(10)NASIDENTIFIERVARCHAR2(20)FRAMEDIPADDRESSVARCHAR2(20)SESSIONTIMENUMBER(38)LOGIN_START_DATE_CHARVARCHAR2(25)LOGIN_START_DATE_DATEDATELOGIN_STOP_DATE_CHARVARCHAR2(25)LOGIN_STOP_DATE_DATEDATE
Re: Fwd: (RADIATOR) Odyssey client and Radiator - Question
It seems to me that the accounting is useless if everything appears to come from anonymous. Is there a way to configure radiator so it records the actual username that authenticated? Funk says this will be possible in the new release of their radius server and suggests I buy it...not acceptable to us. Thanks, Steve Mike McCauley wrote: Hello Steve, Begin forwarded message: From: Steve Caporossi [EMAIL PROTECTED] Date: Tue Mar 4, 2003 00:38:57 Australia/Melbourne To: [EMAIL PROTECTED] Subject: (RADIATOR) Odyssey client and Radiator - Question We are evaluating the Odyssey client for authenticating our wireless users via TTLS. I noticed that unless a user sets their username under the TTLS settings tab, anonymous is recorded in the logs. Is anyone else using this client and, have you come up with a workaround for this behavior? This is the normal and expected behaviour for TTLS. They put anonymous by default in the outer request so that the 'real' user name is not available for sniffing. The downside is that the Radius requests all appear to be from 'anonymous'. You can change this behaviour in the Odyssey client by editing the Profile/TTLS Setting page, and changing the 'Anonymous name:' field. Hope that helps. Cheers. Thanks, -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Steve Caporossi Network Systems Engineer Center for Computing and Information Technology Medical University of South Carolina 843.876.5083 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MS-MPPE needed for pptp
I am using radiator to authenticate wireless users (from a bluesocket wireless gateway) with the authentication going against an imap server on our campus. The problem I am having is that I can't seem to figure out what I need to return on a pptp request. The bluesocket people say I need to get a MS-MPPE-RECV-key and a MS-MPPE-RECV-send but the log from the radiator looks like i'm failing authentication even before i'm not getting the receives back. I tried adding some information to my config i found on the faq site, but that didn't seem to help. Any ideas? Realm DEFAULT AuthBy IMAP # Host specifies the name or addressd of the IMAP server to use # You should set this to suit your own site Host po.cc.fredonia.edu # If Debug is set, IMAPClient will print details # of its communications to stdout Debug 1 # Timeout specifies a timeout in seconds, If the IMAP # server does not respond in this time, the authentication # will fail. # Defaults to 10 seconds # Timeout 2 # Port specifies the number of the IMAP port to use on # Host. # Defaults to 143 # Port 9000 # Generate MPPE keys to encrypt pptp vpns #AutoMPPEKeys Yes #AddToReply Service-Type = Framed-User,\ # Framed-Protocol = PPP,\ # Framed-IP-Netmask = 255.255.255.255,\ # Framed-Routing = None,\ # Framed-MTU = 1500,\ # Framed-Compression = Van-Jacobson-TCP-IP,\ # Message-Authenticator = ,\ # MS-MPPE-Encrpytion-Policy = Encryption-Allowed,\ # MS-MPPE-Encrption-Types = Encrption-Any /AuthBy /Realm Joe Baxter Assistant Network Administrator SUNY College at Fredonia Fredonia, NY 14063 (716) 673-4712 [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Help concerning PreAuthentication with Radiator
Hi Tony You can do this schema. You want dedicate 15 modems to users with somedomens.com and DNIS number 7117117. If 15 modems are busy, next 16. call recive busy tone.(and user is no billed) So, you have to setup on cisco DNIS based preauthentification - in radius will be aplied Handler Service-Type = Outbound-User, Called-Station-Id = 7117117 - if less then 15 then modem setup will continue and will do second auth with Handler Realm = somedomain.com -if access accept then user will be connected... Hope help David Handler Service-Type = Outbound-User, Called-Station-Id = 7117117 #this do preauth SessionDatabase somedomain AuthBy PORTLIMITCHECK CountQuery select COUNT(*) from RADONLINE SessionLimit 15 /AuthBy /Handler Handler Realm = somedomain.com #this do normal user auth. SessionDatabase somedomain AuthBy SQL DBSourcexxx DBUsername xxx DBAuth xxx AccountingStopsOnly AuthSelect select PASS_WORD from RADUSERS where USERNAME='%n' . AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name .. .. AddToReply Service-Type = Framed-User, \ Framed-Protocol = PPP /AuthBy /Handler SessionDatabase SQL #have to be for pre authcheck (...how many user are online..) Identifier somedomain DBSource DBUsername xxx DBAuth xxx /SessionDatabase -Pvodn zprva- Od: tony [mailto:[EMAIL PROTECTED] Odeslno: 4. bezna 2003 2:53 Komu: [EMAIL PROTECTED] Pedmt: (RADIATOR) Help concerning PreAuthentication with Radiator Hi Everyone, We are currently evaluating Radiator. One of the decision points is to be able to test out a PreAuthentication with Radiator and a AS5400. Has anyone configured this ? We would appreciate some help. Thanks. Tony === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Oracle Accounting Log Trouble
When I run radpwtst, radiator 3.5 writes a start and stop entry into the radius_connection_log table perfectly but in live actual use I get zero entries. Any Ideas? _ Jack Burkhalter WebXites.com 713.781.1187 ext.3108 [EMAIL PROTECTED] logfile Description: Binary data radius.cfg Description: Binary data
Re: (RADIATOR) Oracle Accounting Log Trouble
Hello Jack - Thanks for sending the files. The logfile you sent does not show any live requests, but if you are not seeing any accounting data I would supsect that the NAS is not sending any accounting requests. Could you check a trace 4 debug to confirm? regards Hugh On Wednesday, Mar 5, 2003, at 04:36 Australia/Melbourne, Jack Burkhalter wrote: When I run radpwtst, radiator 3.5 writes a start and stop entry into the radius_connection_log table perfectly but in live actual use I get zero entries. Any Ideas? _ Jack Burkhalter WebXites.com 713.781.1187 ext.3108 [EMAIL PROTECTED] logfileradius.cfg NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MS-MPPE needed for pptp
Hello Fred - I will need to see a trace 4 debug from Radiator showing what is happening. regards Hugh On Wednesday, Mar 5, 2003, at 00:32 Australia/Melbourne, baxter wrote: I am using radiator to authenticate wireless users (from a bluesocket wireless gateway) with the authentication going against an imap server on our campus. The problem I am having is that I can't seem to figure out what I need to return on a pptp request. The bluesocket people say I need to get a MS-MPPE-RECV-key and a MS-MPPE-RECV-send but the log from the radiator looks like i'm failing authentication even before i'm not getting the receives back. I tried adding some information to my config i found on the faq site, but that didn't seem to help. Any ideas? Realm DEFAULT AuthBy IMAP # Host specifies the name or addressd of the IMAP server to use # You should set this to suit your own site Host po.cc.fredonia.edu # If Debug is set, IMAPClient will print details # of its communications to stdout Debug 1 # Timeout specifies a timeout in seconds, If the IMAP # server does not respond in this time, the authentication # will fail. # Defaults to 10 seconds # Timeout 2 # Port specifies the number of the IMAP port to use on # Host. # Defaults to 143 # Port 9000 # Generate MPPE keys to encrypt pptp vpns #AutoMPPEKeys Yes #AddToReply Service-Type = Framed-User,\ # Framed-Protocol = PPP,\ # Framed-IP-Netmask = 255.255.255.255,\ # Framed-Routing = None,\ # Framed-MTU = 1500,\ # Framed-Compression = Van-Jacobson-TCP-IP,\ # Message-Authenticator = ,\ # MS-MPPE-Encrpytion-Policy = Encryption-Allowed,\ # MS-MPPE-Encrption-Types = Encrption-Any /AuthBy /Realm Joe Baxter Assistant Network Administrator SUNY College at Fredonia Fredonia, NY 14063 (716) 673-4712 [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy OPIE - can't locate loadable object
Hello Mark - If you send us the document we will be happy to include it in the goodies. regards Hugh On Tuesday, Mar 4, 2003, at 20:15 Australia/Melbourne, Mark Wellins wrote: Hi Again Many thanks to Hugh for helping me out. A proper installation of the Perl OPIE module was exactly the issue. I was trying to enable s/key (now OPIE) authentication for Radius users in a Check Point VPN-1 environemnt, since native s/key will not be a feature of the next Check Point version. I can provide the document I wrote for anyone who needs to setup a similar environment Regards, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hugh Irvine Sent: Thursday, February 27, 2003 10:46 PM To: Mark Wellins Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy OPIE - can't locate loadable object Hello Mark - See my other mail for instructions on installing Perl modules. regards Hugh On Thursday, Feb 27, 2003, at 19:42 Australia/Melbourne, Mark Wellins wrote: Again thanks Hugh. I am not sure how you install the files included in that tarball. Currently I just copied OPIE.pm and OPIE.xs to /usr/lib/perl5/site_perl/5.6.1/ which is probably not correct Thanks for your advice, Mark -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, February 27, 2003 10:18 AM To: Mark Wellins Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy OPIE - can't locate loadable object Hello Mark - Thanks for sending the files. It actually looks like you have not installed the Perl OPIE module as described in section 6.44 of the Radiator reference manual (included in the distribution in the file doc/ref.html). regards Hugh On Thursday, Feb 27, 2003, at 18:34 Australia/Melbourne, Mark Wellins wrote: Thanks Hugh. I hope it's as simple as that! Attached if the radius.cfg and logfile (after I changed the debug variable to 4) (I left the file whole since it's a lab environment, you'll see the secret still) Regards, Mark -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, February 27, 2003 12:33 AM To: Mark Wellins Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) AuthBy OPIE - can't locate loadable object Hello Mark - Thanks for sending the debug output. It looks to me more like a typo in the configuration file, which should look like this: AuthBy OPIE /AuthBy If you still have a problem, please send me a copy of the configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening at startup. regards Hugh On Wednesday, Feb 26, 2003, at 20:01 Australia/Melbourne, Mark Wellins wrote: Hello, I am having trouble starting Radiator (3.5 Eval) with OPIE authentication enabled. The logflie reports as follows: Wed Feb 26 07:19:06 2003: ERR: Unknown object 'AuthBy' in /etc/radiator/radius.cfg line 34 Wed Feb 26 07:19:06 2003: INFO: Server started: Radiator 3.5 on claw (DEMO) Wed Feb 26 07:32:41 2003: NOTICE: SIGTERM received: stopping Wed Feb 26 07:32:42 2003: ERR: Could not load AuthBy module Radius::AuthOPIE: Can't locate loadable object for module OPIE in @INC (@INC contains: . /usr/lib/perl5/5.6.1/i386-linux /usr/lib/perl5/5.6.1 /usr/lib/perl5/site_perl/5.6.1/i386-linux /usr/lib/perl5/site_perl/5.6.1 /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.6.1/i386-linux /usr/lib/perl5/vendor_perl/5.6.1 /usr/lib/perl5/vendor_perl .) at Radius/AuthOPIE.pm line 15 Compilation failed in require at Radius/AuthOPIE.pm line 15, FILE line 34. BEGIN failed--compilation aborted at Radius/AuthOPIE.pm line 15, FILE line 34. Compilation failed in require at (eval 23) line 3, FILE line 34. Wed Feb 26 07:32:42 2003: ERR: Unknown object 'AuthBy' in /etc/radiator/radius.cfg line 34 Wed Feb 26 07:32:42 2003: INFO: Server started: Radiator 3.5 on claw (DEMO) I am guessing that the @INC variable does not contain the necessary information to find the loadable module for OPIE. Since I am pretty new to Linux I really don't know where to start debugging - looking through the archive it looks like I need to recompile PERL with OPIE somehow. Any guidance would help - many thanks. Mark === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. logflieradius.cfg NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable,
