(RADIATOR) Separate AuthLog FILE per Realm?
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Michael Bellears [EMAIL PROTECTED]] Date: Wed, 16 Jul 2003 03:49 pm From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Jul 16 00:49:55 2003 Received: from webmail.datafx.com.au (mail03.datafx.com.au [203.149.65.11]) by server1.open.com.au (8.11.6/8.11.0) with ESMTP id h6G5ns817513 for [EMAIL PROTECTED]; Wed, 16 Jul 2003 00:49:54 -0500 Received: (qmail 26015 invoked by uid 1005); 16 Jul 2003 05:35:32 - Received: from [EMAIL PROTECTED] by webmail by uid 1008 with qmail-scanner-1.16 (clamscan: 0.60. Clear:. Processed in 0.184778 secs); 16 Jul 2003 05:35:32 - Received: from (HELO datafx-sbs.datafx.com.au) () by 0 with SMTP; 16 Jul 2003 05:35:32 - content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 Subject: Separate AuthLog FILE per Realm? Date: Wed, 16 Jul 2003 15:38:33 +1000 Message-ID: [EMAIL PROTECTED] X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Separate AuthLog FILE per Realm? Thread-Index: AcNLXH4zXm/rxnLxS3O7MaiJKdCLdw== From: Michael Bellears [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by server1.open.com.au id h6G5nt817515 I have the following: Realm DEFAULT AuthByPolicy ContinueWhileAccept AuthBy RADMIN /AuthBy AuthLog FILE Identifier myauthlogger Filename authlog SuccessFormat %l:NAS:%N:Calling_Number:%{Calling-Station-Id}:Username:%U:Password:%P:A ssigned:%a:Reply:{Reply:Reply-Message}:Connect_Info:%{Connect-Info}:SUCC ESS FailureFormat %l:NAS:%N:Calling_Number:%{Calling-Station-Id}:Username:%U:Password:%P:R eply:%{Reply:Reply Message}:FAILURE LogSuccess 1 LogFailure 1 /AuthLog /Realm And: Realm dsl.datafx.com.au AuthByPolicy ContinueWhileAccept AuthBy RADMIN /AuthBy AuthLog FILE Identifier myauthlogger2 Filename authlog_dsl SuccessFormat %l:NAS:%N:Calling_Number:%{Calling-Station-Id}:Username:%U:Password:%P:A ssigned:%a:Reply:%{Reply:Reply-Message} :Connect_Info:%{Connect-Info}:SUCCESS FailureFormat %l:NAS:%N:Calling_Number:%{Calling-Station-Id}:Username:%U:Password:%P:R eply:%{Reply:Reply-Message}:FAILURE LogSuccess 1 LogFailure 1 /AuthLog /Realm The DEFAULT Realm is successfully logging to 'authlog', but the dsl.datafx.com.au Realm is not logging to authlog_dsl. Regards, MB --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Separate AuthLog FILE per Realm?
Hello Michael - I can't see any reason why this shouldn't work. Can you send me a trace 4 debug showing what is happening? regards Hugh I have the following: Realm DEFAULT AuthByPolicy ContinueWhileAccept AuthBy RADMIN /AuthBy AuthLog FILE Identifier myauthlogger Filename authlog SuccessFormat %l:NAS:%N:Calling_Number:%{Calling-Station- Id}:Username:%U:Password:%P:A ssigned:%a:Reply:{Reply:Reply-Message}:Connect_Info:%{Connect- Info}:SUCC ESS FailureFormat %l:NAS:%N:Calling_Number:%{Calling-Station- Id}:Username:%U:Password:%P:R eply:%{Reply:Reply Message}:FAILURE LogSuccess 1 LogFailure 1 /AuthLog /Realm And: Realm dsl.datafx.com.au AuthByPolicy ContinueWhileAccept AuthBy RADMIN /AuthBy AuthLog FILE Identifier myauthlogger2 Filename authlog_dsl SuccessFormat %l:NAS:%N:Calling_Number:%{Calling-Station- Id}:Username:%U:Password:%P:A ssigned:%a:Reply:%{Reply:Reply-Message} :Connect_Info:%{Connect-Info}:SUCCESS FailureFormat %l:NAS:%N:Calling_Number:%{Calling-Station- Id}:Username:%U:Password:%P:R eply:%{Reply:Reply-Message}:FAILURE LogSuccess 1 LogFailure 1 /AuthLog /Realm The DEFAULT Realm is successfully logging to 'authlog', but the dsl.datafx.com.au Realm is not logging to authlog_dsl. Regards, MB --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) LEAP and AuthBy LDAP2
Dear all, I am trying to configure Radiator as radius server for a Cisco Aironet 340. My userlist is on an OpenLDAP server. It seams that Radiator is unable to interpret SHA password that come from LDAP in conjunction with EAPType LEAP SHA password is correctly interpreted when I use another Handler (without EAPType LEAP). Plaintext passwords are allways working! Radius.cfg: Client 192.168.xxx.xxx Secret mysecret DupInterval 0 DefaultRealm wireless.realm /Client # # Not working Handler # Handler Realm=wireless.realm RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthByPolicy ContinueWhileReject AuthBy LDAP2 Host ldap.mydomain.com Port 389 BaseDN dc=mydomain,dc=com UsernameAttr uid PasswordAttr userPassword ServerChecksPassword EAPType LEAP /AuthBy /Handler # # Working Handler (for other clients - Cisco Access Point) # Handler RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthByPolicy ContinueWhileReject MaxSessions 2 AuthBy SQL DBSo dce dbi:mysql:x:localhost DBUsername x DBAuth xx AuthSelect select password, profile, freezed from dbo_userlist where name='%n' AuthColumnDef 0, User-Password, check AuthColumnDef 1, cisco-avpair, reply AuthColumnDef 2, Prohibit, check AddToReply Service-Type=Framed-User,Framed-Protocol=PPP,Framed-IP-Netmask=255.255.255.0,Framed-Compression=Van-Jacobson- TCP-IP,Framed-MTU=1500,cisco-avpair=ip:dns-servers=193.205.206.23 193.205.195.12,Framed-Routing=None AccountingTable ACCOUNTING AcctColumnDef . AcctColumnDef . . /AuthBy AuthBy LDAP2 Host ldap.mydomain.com Port 389 AuthDN cn=Manager,dc=maydomain,dc=com AuthPassword BaseDN dc=mydomain,dc=it UsernameAttr uid PasswordAttr userPassword HoldServerConnection AddToReply .. /AuthBy /Handler Logfile: # When is used wireless.realm Wed Jul 16 10:18:35 2003: DEBUG: Handling with Radius::AuthLDAP2: Wed Jul 16 10:18:35 2003: DEBUG: Handling with EAP: code 2, 48, 42 Wed Jul 16 10:18:35 2003: DEBUG: Response type 17 Wed Jul 16 10:18:35 2003: INFO: Connecting to ldap.mydomain.com, port 389 Wed Jul 16 10:18:35 2003: INFO: Attempting to bind to LDAP server ldap.mydomain.com:389) Wed Jul 16 10:18:36 2003: DEBUG: LDAP got result for cn=Surname Name,ou=unit1,dc=mydomain,dc=com Wed Jul 16 10:18:36 2003: DEBUG: LDAP got userPassword: {SHA} Wed Jul 16 10:18:36 2003: DEBUG: Radius::AuthLDAP2 looks for match with name.surname Wed Jul 16 10:18:36 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: Wed Jul 16 10:18:36 2003: INFO: Access rejected for name.surname: Bad LEAP Password # When is used default Handler (Access point Cisco - client of this realm) . Mon Jul 14 14:29:50 2003: DEBUG: Handling with Radius::AuthLDAP2: Mon Jul 14 14:29:50 2003: INFO: Connecting to ldap.mydomain.com, port 389 Mon Jul 14 14:29:50 2003: INFO: Attempting to bind to LDAP server ldap.mydomain.com:389) Mon Jul 14 14:29:50 2003: DEBUG: LDAP got result for cn=Surname Name,ou=unit1,dc=mydomain,dc=com Mon Jul 14 14:29:50 2003: DEBUG: LDAP got userPassword: {SHA}xxx Mon Jul 14 14:29:50 2003: DEBUG: Radius::AuthLDAP2 looks for match with name.surname Mon Jul 14 14:29:50 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: Mon Jul 14 14:29:50 2003: DEBUG: Access accepted for name.surname . Thanks in advance for all your responses. PS: sorry for my orrible english Mauro Zago Università degli Studi di Trento ATI Network Via Briamasco, 2 38100 - Trento - Italia * === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) LEAP and AuthBy LDAP2
Hello Mauro - You are correct, you will need to use plaintext passwords with LEAP. regards Hugh On Wednesday, Jul 16, 2003, at 19:04 Australia/Melbourne, ZAGO, Mauro wrote: Dear all, I am trying to configure Radiator as radius server for a Cisco Aironet 340. My userlist is on an OpenLDAP server. It seams that Radiator is unable to interpret SHA password that come from LDAP in conjunction with EAPType LEAP SHA password is correctly interpreted when I use another Handler (without EAPType LEAP). Plaintext passwords are allways working! Radius.cfg: Client 192.168.xxx.xxx Secret mysecret DupInterval 0 DefaultRealm wireless.realm /Client # # Not working Handler # Handler Realm=wireless.realm RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthByPolicy ContinueWhileReject AuthBy LDAP2 Host ldap.mydomain.com Port 389 BaseDN dc=mydomain,dc=com UsernameAttr uid PasswordAttr userPassword ServerChecksPassword EAPType LEAP /AuthBy /Handler # # Working Handler (for other clients - Cisco Access Point) # Handler RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ AuthByPolicy ContinueWhileReject MaxSessions 2 AuthBy SQL DBSo dce dbi:mysql:x:localhost DBUsername x DBAuth xx AuthSelect select password, profile, freezed from dbo_userlist where name='%n' AuthColumnDef 0, User-Password, check AuthColumnDef 1, cisco-avpair, reply AuthColumnDef 2, Prohibit, check AddToReply Service-Type=Framed-User,Framed-Protocol=PPP,Framed-IP- Netmask=255.255.255.0,Framed-Compression=Van-Jacobson- TCP-IP,Framed-MTU=1500,cisco-avpair=ip:dns-servers=193.205.206.23 193.205.195.12,Framed-Routing=None AccountingTable ACCOUNTING AcctColumnDef . AcctColumnDef . . /AuthBy AuthBy LDAP2 Host ldap.mydomain.com Port 389 AuthDN cn=Manager,dc=maydomain,dc=com AuthPassword BaseDN dc=mydomain,dc=it UsernameAttr uid PasswordAttr userPassword HoldServerConnection AddToReply .. /AuthBy /Handler Logfile: # When is used wireless.realm Wed Jul 16 10:18:35 2003: DEBUG: Handling with Radius::AuthLDAP2: Wed Jul 16 10:18:35 2003: DEBUG: Handling with EAP: code 2, 48, 42 Wed Jul 16 10:18:35 2003: DEBUG: Response type 17 Wed Jul 16 10:18:35 2003: INFO: Connecting to ldap.mydomain.com, port 389 Wed Jul 16 10:18:35 2003: INFO: Attempting to bind to LDAP server ldap.mydomain.com:389) Wed Jul 16 10:18:36 2003: DEBUG: LDAP got result for cn=Surname Name,ou=unit1,dc=mydomain,dc=com Wed Jul 16 10:18:36 2003: DEBUG: LDAP got userPassword: {SHA} Wed Jul 16 10:18:36 2003: DEBUG: Radius::AuthLDAP2 looks for match with name.surname Wed Jul 16 10:18:36 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: Wed Jul 16 10:18:36 2003: INFO: Access rejected for name.surname: Bad LEAP Password # When is used default Handler (Access point Cisco - client of this realm) . Mon Jul 14 14:29:50 2003: DEBUG: Handling with Radius::AuthLDAP2: Mon Jul 14 14:29:50 2003: INFO: Connecting to ldap.mydomain.com, port 389 Mon Jul 14 14:29:50 2003: INFO: Attempting to bind to LDAP server ldap.mydomain.com:389) Mon Jul 14 14:29:50 2003: DEBUG: LDAP got result for cn=Surname Name,ou=unit1,dc=mydomain,dc=com Mon Jul 14 14:29:50 2003: DEBUG: LDAP got userPassword: {SHA}xxx Mon Jul 14 14:29:50 2003: DEBUG: Radius::AuthLDAP2 looks for match with name.surname Mon Jul 14 14:29:50 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: Mon Jul 14 14:29:50 2003: DEBUG: Access accepted for name.surname . Thanks in advance for all your responses. PS: sorry for my orrible english Mauro Zago Università degli Studi di Trento ATI Network Via Briamasco, 2 38100 - Trento - Italia * === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems upgrading
Hi Hugh all, I have installed Radiator 3.6 (with patches), and when trying to test with radpwtst (/usr/local/radius/bin/radpwtst -secret foobar -user pp -password bleh -auth_port 1812 -acct_port 1813 -nas_ip_address 192.168.0.9 -nas_port_type=2), not only do I get a lot of messages like: Attribute number 1 is not defined in your dictionary Attribute number 6 is not defined in your dictionary Attribute number 4 is not defined in your dictionary Attribute number 5 is not defined in your dictionary Attribute number 30 is not defined in your dictionary Attribute number 31 is not defined in your dictionary Attribute number 61 is not defined in your dictionary Attribute number 2 is not defined in your dictionary No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown But I also get the old (ERR: do failed for 'delete from online where NASID='127.0.0.1' and NASPort=0': MySQL server has gone away) in the radius' logfile. Any ideas why the dictionary makes problems (yes, I am using the new dictionary shipped with Radiator 3.6 file -- I even specify the file on the radiusd's command line), and also what could be wrong with the MySQL connection? Again, only the first test results in this mysql has gone away error, the following tests are allright. Thank you, bogdan On Wed, 16 Jul 2003, Hugh Irvine wrote: Hello Bogdan - I suggest you upgrade to the latest version - Radiator 3.6 (plus patches). There have been many improvements to the SQL code since 2.19. regards Hugh On Tuesday, Jul 15, 2003, at 20:44 Australia/Melbourne, Bogdan TARU wrote: Hi everyone, I have some problems when trying to install Radiator-2.19 with MySQL 3.23.55 and Perl 5.6.1. Radiator starts ok, but when I try to make a test I get the following message: DBD::mysql::db do failed: MySQL server has gone away at /usr/local/lib/perl5/site_perl/5.6.1/Radius/SqlDb.pm line 232 It seems that I get this message only when trying a first test, afterwards everything works smoothly. Any ideas what could cause this? I have googled around, but found nothing interesting. The mysql daemon doesn't die (checked the logs), so this is NOT the problem. Thank you for your support, bogdan === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiusd Dos Command works great....but service is intermittent
Hello, Everyone. In the past few weeks of my radius 3.6 implementation it been working very well. There are moments when the service would stall and I would start to receive complaints from users. If I use the DOS command, it works great...but I don't want to use this all the time. Dos command: c:\perl\bin perl radiusd -config_file path to config file trace -4. I was thinking about creating my own service and just placing this command in the service. Has anyone seen any problems like this? I was going to use the Microsoft knowledge base to create the service. http://support.microsoft.com/default.aspx?scid=http://support.microsoft. com:80/support/kb/articles/q137/8/90.aspNoWebContent=1 Thank you, Robert Torres Rutgers Business School - Unit Computing Manager Rutgers Business School - MBA Candidate Rutgers University 973-353-1821 http://torres.rutgers.edu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bogdan TARU Sent: Wednesday, July 16, 2003 7:19 AM To: Hugh Irvine Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Problems upgrading Hi Hugh all, I have installed Radiator 3.6 (with patches), and when trying to test with radpwtst (/usr/local/radius/bin/radpwtst -secret foobar -user pp -password bleh -auth_port 1812 -acct_port 1813 -nas_ip_address 192.168.0.9 -nas_port_type=2), not only do I get a lot of messages like: Attribute number 1 is not defined in your dictionary Attribute number 6 is not defined in your dictionary Attribute number 4 is not defined in your dictionary Attribute number 5 is not defined in your dictionary Attribute number 30 is not defined in your dictionary Attribute number 31 is not defined in your dictionary Attribute number 61 is not defined in your dictionary Attribute number 2 is not defined in your dictionary No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown But I also get the old (ERR: do failed for 'delete from online where NASID='127.0.0.1' and NASPort=0': MySQL server has gone away) in the radius' logfile. Any ideas why the dictionary makes problems (yes, I am using the new dictionary shipped with Radiator 3.6 file -- I even specify the file on the radiusd's command line), and also what could be wrong with the MySQL connection? Again, only the first test results in this mysql has gone away error, the following tests are allright. Thank you, bogdan On Wed, 16 Jul 2003, Hugh Irvine wrote: Hello Bogdan - I suggest you upgrade to the latest version - Radiator 3.6 (plus patches). There have been many improvements to the SQL code since 2.19. regards Hugh On Tuesday, Jul 15, 2003, at 20:44 Australia/Melbourne, Bogdan TARU wrote: Hi everyone, I have some problems when trying to install Radiator-2.19 with MySQL 3.23.55 and Perl 5.6.1. Radiator starts ok, but when I try to make a test I get the following message: DBD::mysql::db do failed: MySQL server has gone away at /usr/local/lib/perl5/site_perl/5.6.1/Radius/SqlDb.pm line 232 It seems that I get this message only when trying a first test, afterwards everything works smoothly. Any ideas what could cause this? I have googled around, but found nothing interesting. The mysql daemon doesn't die (checked the logs), so this is NOT the problem. Thank you for your support, bogdan === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about configuration
Hi. I'm installing radiator by first time, and can't get it start. I don't know was wrong. Here is the configuration file. // Foreground LogStdout AuthPort1645 AcctPort1646 LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator Client 192.168.1.1 Secret cisco DupInterval 0 /Client Client DEFAULT Secret cisco DupInterval 0 /Client ClientListSQL DBSourcedbi:mysql:radius DBUsername root DBAuth admin2003 /ClientListSQL Realm DEFAULT AuthBy SQL DBSourcedbi:mysql:radius DBUsername root DBAuth admin2003 AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctFailedLogFileName missedaccounting /AuthBy /Realm // I want to authenticate users from and router. The router has the ip address 192.168.1.1, I'm usng the database shema included in the radiator distruibution. When i tell radius to start , get the following message : This Radiator license will expire on 2003-10-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED] And don't get any more messages. Can some body tell me was wrong. Thanks. William Palencia Ingeniero de Operaciones Colombiatel S.A. Tel: 6743080 - 6743026 Cel: 315 3626346 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RADIATOR
HOW DO I ADD ANOTHER FIELD IN THE CISCO DICTIONARY - WE ARE USING FILE FOR AUTHENTICATION AND I WOULD LIKE TO HAVE THE USERS 'REALNAME' IN THE FILE EXAMPLE jdoe User-Password = abc123 RealName = doe, john Karen Thomas Orange County Gov't Security Analyst Tel: 407-836-8115 Fax: 407-836-8108 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Radmin and DSL.
Hello Michael - If your DSL users are going to be authenticated from a different realm, then what you describe will work fine. Otherwise you could use Handlers, or you could use Identifiers in your Client clauses and use the Client-Identifier as the PoolHint for the AuthBy DYNADDRESS. This topic has been discussed on the mailing list, so check the archives. www.open.com.au/archives/radiator For anyone that is setting up DSL Auth. On Radiator, sitting behind a Cisco LNS - You must have the following: ! interface Virtual-Template1 description Connect L2TP termination ip unnumbered gateway interface for DSL users --- Important! ip policy route-map unlimited-traffic ppp authentication pap chap callin ppp authorization l2tp ppp accounting l2tp ! I originally had 'no ip address' which did not work: ! interface Virtual-Template1 description Connect L2TP termination no ip address ppp authentication pap chap callin ppp authorization l2tp ppp accounting l2tp ! Hope this helps someone. Regards, MB regards Hugh On Thursday, Jun 26, 2003, at 13:50 Australia/Melbourne, Michael Bellears wrote: Client of ours is running Radmin-1.7, Radiator 3.5 for dialup clients (Modem+ISDN). They want to now also Authenticate for DSL users - NAS will be a Cisco 7200. I have added a new Client (Via Radmin), with a NAS Type of CiscoVPDN. Would I need to add a new realm to the config with AuthBy RADMIN and also containing an AuthBy DYNADDRESS to allocate a different pool(To the modem dialup users) of dynamic adddresses? Has anyone setup something similar to the above that would like to share there experiences? Thanks in advance. Regards, MB === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AcctLogFileFormat
hi! i noticed that there is no format string which gives the time from the current packet in 0-padded format (for the packet timestamp radiator supports %j; %k; %p, vs. %H; %M and %S for the current time, which are 0-padded). we need the 0-padded behaviour in order to maintain compatibility with the details generated by a very old and hacked merit server, which we are phasing out. since i didn't find a way to do this in the config file, i modified Util.pm: bash-2.05a$ diff Util.pm Util-pfig.pm 93,95c93,95 'j', sub { return unless $ptime; @ptime = localtime($ptime); $ptime[2] }, 'k', sub { return unless $ptime; @ptime = localtime($ptime); $ptime[1] }, 'p', sub { return unless $ptime; @ptime = localtime($ptime); $ptime[0] }, --- 'j', sub { return unless $ptime; @ptime = localtime($ptime); sprintf(%02d, $ptime[2]) }, 'k', sub { return unless $ptime; @ptime = localtime($ptime); sprintf(%02d, $ptime[1]) }, 'p', sub { return unless $ptime; @ptime = localtime($ptime); sprintf(%02d, $ptime[0]) }, i'd rather do this via a hook, but i can't find out how. am i overlooking something? our customer id is ptm.pt. cheers, Pedro Figueiredo ([EMAIL PROTECTED]) http://sapo.pt/ pgp0.pgp Description: PGP signature
(RADIATOR) Radiator IPTables integraton
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Francisco Contreiras [EMAIL PROTECTED]] Date: Thu, 17 Jul 2003 12:23 am From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Wed Jul 16 09:22:34 2003 Received: from b52.scdeec.ist.utl.pt (b52.ist.utl.pt [193.136.143.128]) by server1.open.com.au (8.11.6/8.11.0) with ESMTP id h6GEMX820715; Wed, 16 Jul 2003 09:22:33 -0500 Received: from FUJITSUS ([193.136.166.125]) by b52.scdeec.ist.utl.pt with Microsoft SMTPSVC(5.0.2195.5329); Wed, 16 Jul 2003 15:11:11 +0100 From: Francisco Contreiras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Radiator IPTables integraton Date: Wed, 16 Jul 2003 15:11:12 +0100 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal X-OriginalArrivalTime: 16 Jul 2003 14:11:11.0529 (UTC) FILETIME=[1C232190:01C34BA4] Is it possible to add a dynamic rule to Iptables allowing the authenticated user IP to be able to use NAT. How do I get the client information (IP assigned by DHCP or by Radiator) from Radiator. Thank's Francisco Contreiras --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator IPTables integraton
Hello Francisco - You can use a PostAuthHook to do whatever is required to add a dynamic rule to iptables. There are some example hooks in the file goodies/hooks.txt in the Radiator distribution. regards Hugh Is it possible to add a dynamic rule to Iptables allowing the authenticated user IP to be able to use NAT. How do I get the client information (IP assigned by DHCP or by Radiator) from Radiator. Thank's Francisco Contreiras --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AcctLogFileFormat
Hello Pedro - You could add a pseudo-attribute to the current request which would contain the time string in whatever format you require. There are some example hooks in the file goodies/hooks.txt in the Radiator distribution. regards Hugh On Thursday, Jul 17, 2003, at 08:23 Australia/Melbourne, [EMAIL PROTECTED] wrote: hi! i noticed that there is no format string which gives the time from the current packet in 0-padded format (for the packet timestamp radiator supports %j; %k; %p, vs. %H; %M and %S for the current time, which are 0-padded). we need the 0-padded behaviour in order to maintain compatibility with the details generated by a very old and hacked merit server, which we are phasing out. since i didn't find a way to do this in the config file, i modified Util.pm: bash-2.05a$ diff Util.pm Util-pfig.pm 93,95c93,95 'j', sub { return unless $ptime; @ptime = localtime($ptime); $ptime[2] }, 'k', sub { return unless $ptime; @ptime = localtime($ptime); $ptime[1] }, 'p', sub { return unless $ptime; @ptime = localtime($ptime); $ptime[0] }, --- 'j', sub { return unless $ptime; @ptime = localtime($ptime); sprintf(%02d, $ptime[2]) }, 'k', sub { return unless $ptime; @ptime = localtime($ptime); sprintf(%02d, $ptime[1]) }, 'p', sub { return unless $ptime; @ptime = localtime($ptime); sprintf(%02d, $ptime[0]) }, i'd rather do this via a hook, but i can't find out how. am i overlooking something? our customer id is ptm.pt. cheers, Pedro Figueiredo ([EMAIL PROTECTED]) http://sapo.pt/mime-attachment NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RADIATOR
Hello Karen - My apologies, but I don't quite understand your question. The Radiator dictionary file contains the radius protocol attribute definitions, together with a number of vendor specific attribute definitions and the enumerated values for those attributes that use them. There are a number of Cisco vendor specifics defined in the dictionary already, which you can check simply by editing the dictionary file with your favourite text editor (the file is called dictionary in the main Radiator directory). The dictionary is used to encode/decode radius packets at the network layer - the packet is decoded when it is received by Radiator (radiusd) and the reply packet is encoded just before it is sent back to the radius client. In addition, there are a number of Radiator internal attributes that are used internally by the server which you will find near the end of the Radiator 3.6 dictionary file after the OSC (9048) section. Note however that these pseudo-attributes are never used on the wire. Could you give me a bit more detail on what you want to do? regards Hugh On Thursday, Jul 17, 2003, at 03:47 Australia/Melbourne, [EMAIL PROTECTED] wrote: HOW DO I ADD ANOTHER FIELD IN THE CISCO DICTIONARY - WE ARE USING FILE FOR AUTHENTICATION AND I WOULD LIKE TO HAVE THE USERS 'REALNAME' IN THE FILE EXAMPLE jdoe User-Password = abc123 RealName = doe, john Karen Thomas Orange County Gov't Security Analyst Tel: 407-836-8115 Fax: 407-836-8108 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question about configuration
Hello William - Thanks for your mail. As far as I can see from what you show below, Radiator is running correctly. When you start the radiusd process, it prints out the messages as shown and then it waits until it receives a radius request from a client device. It looks like radiusd is starting correctly, but it is not receiving any requests. You will need to configure the router to do radius authentication and accounting, so you should check with your router vendor to find out what configuration is required. regards Hugh On Thursday, Jul 17, 2003, at 00:38 Australia/Melbourne, William Palencia wrote: Hi. I'm installing radiator by first time, and can't get it start. I don't know was wrong. Here is the configuration file. / *** */ Foreground LogStdout AuthPort1645 AcctPort1646 LogDir c:/Program Files/Radiator DbDir c:/Program Files/Radiator Client 192.168.1.1 Secret cisco DupInterval 0 /Client Client DEFAULT Secret cisco DupInterval 0 /Client ClientListSQL DBSourcedbi:mysql:radius DBUsername root DBAuth admin2003 /ClientListSQL Realm DEFAULT AuthBy SQL DBSourcedbi:mysql:radius DBUsername root DBAuth admin2003 AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctFailedLogFileName missedaccounting /AuthBy /Realm / *** */ I want to authenticate users from and router. The router has the ip address 192.168.1.1, I'm usng the database shema included in the radiator distruibution. When i tell radius to start , get the following message : This Radiator license will expire on 2003-10-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your evaluation period, contact [EMAIL PROTECTED] And don't get any more messages. Can some body tell me was wrong. Thanks. William Palencia Ingeniero de Operaciones Colombiatel S.A. Tel: 6743080 - 6743026 Cel: 315 3626346 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: radiusd Dos Command works great....but service is intermittent
Hello Robert - You will find some information on this in section 16.4 of the Radiator 3.6 reference manual (doc/ref.html). regards Hugh On Wednesday, Jul 16, 2003, at 22:53 Australia/Melbourne, Robert Torres wrote: Hello, Everyone. In the past few weeks of my radius 3.6 implementation it been working very well. There are moments when the service would stall and I would start to receive complaints from users. If I use the DOS command, it works great...but I don't want to use this all the time. Dos command: c:\perl\bin perl radiusd -config_file path to config file trace -4. I was thinking about creating my own service and just placing this command in the service. Has anyone seen any problems like this? I was going to use the Microsoft knowledge base to create the service. http://support.microsoft.com/default.aspx?scid=http:// support.microsoft. com:80/support/kb/articles/q137/8/90.aspNoWebContent=1 Thank you, Robert Torres Rutgers Business School - Unit Computing Manager Rutgers Business School - MBA Candidate Rutgers University 973-353-1821 http://torres.rutgers.edu NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problems upgrading
Hello Bogdan - The first problem is because radpwtst cannot find the dictionary file. You should specify where to find it with radpwtst -dictionary -secret . Here is the help from radpwtst: bash-2.05a$ perl radpwtst -h usage: radpwtst [-h] [-time] [-iterations n] [-trace [level]] [-s server] [-secret secret] [-noauth] [-noacct][-nostart] [-nostop] [-status] [-chap] [-mschap] [-mschapv2] [-eapmd5] [-accton] [-acctoff] [-framed_ip_address address] [-auth_port port] [-acct_port port] [-identifier n] [-user username] [-password password] [-nas_ip_address address] [-nas_port port] [-nas_port_type type] [-service_type service] [-calling_station_id string] [-called_station_id string] [-session_id string] [-interactive] [-delay_time n] [-session_time n] [-input_octets n] [-output_octets n] [-timeout n] [-dictionary file,file] [-gui] [-class string] [-useoldascendpasswords] [-code requestcode] [-raw data] [-rawfile filename] [attribute=value]... For the second issue, it sounds like a problem with DBI and/or DBD. What hardware/software platform are you using? And what versions of Perl, DBI, DBD, etc.? regards Hugh On Wednesday, Jul 16, 2003, at 21:19 Australia/Melbourne, Bogdan TARU wrote: Hi Hugh all, I have installed Radiator 3.6 (with patches), and when trying to test with radpwtst (/usr/local/radius/bin/radpwtst -secret foobar -user pp -password bleh -auth_port 1812 -acct_port 1813 -nas_ip_address 192.168.0.9 -nas_port_type=2), not only do I get a lot of messages like: Attribute number 1 is not defined in your dictionary Attribute number 6 is not defined in your dictionary Attribute number 4 is not defined in your dictionary Attribute number 5 is not defined in your dictionary Attribute number 30 is not defined in your dictionary Attribute number 31 is not defined in your dictionary Attribute number 61 is not defined in your dictionary Attribute number 2 is not defined in your dictionary No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown No such attribute Unknown But I also get the old (ERR: do failed for 'delete from online where NASID='127.0.0.1' and NASPort=0': MySQL server has gone away) in the radius' logfile. Any ideas why the dictionary makes problems (yes, I am using the new dictionary shipped with Radiator 3.6 file -- I even specify the file on the radiusd's command line), and also what could be wrong with the MySQL connection? Again, only the first test results in this mysql has gone away error, the following tests are allright. Thank you, bogdan On Wed, 16 Jul 2003, Hugh Irvine wrote: Hello Bogdan - I suggest you upgrade to the latest version - Radiator 3.6 (plus patches). There have been many improvements to the SQL code since 2.19. regards Hugh On Tuesday, Jul 15, 2003, at 20:44 Australia/Melbourne, Bogdan TARU wrote: Hi everyone, I have some problems when trying to install Radiator-2.19 with MySQL 3.23.55 and Perl 5.6.1. Radiator starts ok, but when I try to make a test I get the following message: DBD::mysql::db do failed: MySQL server has gone away at /usr/local/lib/perl5/site_perl/5.6.1/Radius/SqlDb.pm line 232 It seems that I get this message only when trying a first test, afterwards everything works smoothly. Any ideas what could cause this? I have googled around, but found nothing interesting. The mysql daemon doesn't die (checked the logs), so this is NOT the problem. Thank you for your support, bogdan === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.