Re: (RADIATOR) Authentication result codes list?
Hello John - You will find everything you need in the source code. Here are the return values that are defined in "Radius/AuthGeneric.pm": # Return codes for handle_request $main::ACCEPT = 0; # Issue an accept for us $main::REJECT = 1; # Issue a reject for us $main::IGNORE = 2; # Dont reply at all $main::CHALLENGE = 3; # Issue a challenge $main::REJECT_IMMEDIATE = 4; # Reject, and dont fall through To understand more about the LDAP return codes you should check the source code for the Perl LDAP module that you are using - and of course don't forget to look at the code in "Radius/AuthLDAP2.pm". There are also a number of example hooks in the file "goodies/hooks.txt". regards Hugh ps - "may the source be with you..." On Wednesday, Aug 20, 2003, at 05:28 Australia/Melbourne, John McFadden wrote: I fairly green to Radius and Radiator so please excuse my ignorance. I'm writing a post auth hook and want to make sure I cover all the various conditions. ie: I'll want to check and act on the result an AuthBy LDAP2. I understand it can be ACCEPT or REJECT but I'm wondering if I need to handle other results such as IGNORE? If so where do I get the full list of possible results? Any pointers are appreciated? Thanks in advance John McFadden === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) prepaid customers
Hello Rosario - Yes Radiator can be used in a prepaid environment. This topic has been discussed many times on the Radiator mailing list: www.open.com.au/archives/radiator And you will find an example configuration file in "goodies/prepaid.cfg". Basically you will need to keep your user records in an SQL database so you can keep track of the time left for each user. Note that your wireless access points will need to generate radius accounting records and they will also need to honour the radius attribute "Session-Timeout ...". regards Hugh On Tuesday, Aug 19, 2003, at 20:22 Australia/Melbourne, Rosario Pingaro wrote: I'm newbie and I'd like to know if radiator can support the prepaid account. We are a new wisp and sell in the public spaces access to the internet for 1 hour using some cards. Can radius disconnect the client after the hour is expired? can you give my a logial explanation af all processes? Thanks in advance. Rosario NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) AuthBY URL problem on https
Dear support, My customer is using Radiator 3.6 and AuthBY URL and running via https. I have installed 1.Install MD5 2.Install module openssl-0.9.7b 3. ./config --openssldir=/usr/local/openssl 4. Install Crypt-SSLeay-0.51 5. Install module uri-1.24 6. Install MIME BASE64 7. Install IO-Socket-SSL 8. Install Net-SSLeay 9. Install module libwww-perl-5.69 My url.cfg: = # This clause identifies the URL that will be used to authenticate the username and passw ord. # the request wil be POSTed to www.mysite.com/test.cgi # The username will be bassed in a tag named 'u'. The password will be MD5 encrypted # and passed in the tag called 'c'. # IF the page returned by the web server contains the words 'all ok' then the # authentication succeeds. Identifier AURL Debug 4 AuthUrl https://mms1.hkcsl.com/servlet/iPass.UserAuth Timeout 60 UserParam mrt PasswordParam pwd UrlMethod POST BadPasswordKeyword "2" BadUserKeyword "5" AuthOKKeyword "0" PasswordEncryption Clear # This clause specifies to handle all authentication request with the AuthBy URL above AuthBy AURL == When i run #./radiusd -config_file url.cfg, then run the radpwtst The output from radiusd - bash-2.03# ./radiusd -config_file config/url.cfg Wed Aug 20 11:53:24 2003: DEBUG: AuthUrl loaded Wed Aug 20 11:53:24 2003: DEBUG: New Radius::AuthURL constructed Wed Aug 20 11:53:24 2003: DEBUG: Finished reading configuration file 'config/url.cfg' Wed Aug 20 11:53:24 2003: DEBUG: Reading dictionary file './dictionary' Wed Aug 20 11:53:24 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Wed Aug 20 11:53:24 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Wed Aug 20 11:53:24 2003: NOTICE: Server started: Radiator 3.6 on IDRSA Wed Aug 20 11:53:28 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 34119 Code: Access-Request Identifier: 43 Authentic: 1234567890123456 Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "90227544" NAS-Port-Type = Async User-Password = "<192><187>m<159><152>i6<194><188>8<9><160><216>}x<153>" Wed Aug 20 11:53:28 2003: DEBUG: Handling request with Handler 'Realm=' Wed Aug 20 11:53:28 2003: DEBUG: Deleting session for 90227544, 203.63.154.1, 1234 Code: Access-Request Identifier: 43 Authentic: 1234567890123456 Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "90227544" NAS-Port-Type = Async User-Password = "<192><187>m<159><152>i6<194><188>8<9><160><216>}x<153>" Wed Aug 20 11:53:43 2003: DEBUG: AuthUrl HTTP Bad Request for 90227544 Wed Aug 20 11:53:43 2003: INFO: Access rejected for 90227544: HTTP Bad Request for 90227544 Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 34119 Code: Access-Reject Identifier: 43 Authentic: 1234567890123456 Attributes: Reply-Message = "Request Denied" Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 34119 Code: Accounting-Request Identifier: 44 Authentic: <144><164><19>@d<164>t2<1><154><3>wq<152>E<15> Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "90227544" Acct-Delay-Time = 0 Wed Aug 20 11:53:43 2003: DEBUG: Handling request with Handler 'Realm=' Wed Aug 20 11:53:43 2003: DEBUG: Adding session for 90227544, 203.63.154.1, 1234 Code: Accounting-Request Identifier: 44 Authentic: <144><164><19>@d<164>t2<1><154><3>wq<152>E<15> Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "90227544" Acct-Delay-Time = 0 Timestamp = 1061351623 Wed Aug 20 11:53:43 2003: DEBUG: Accounting accepted Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 34119 Code: Accounting-Response Identifier: 44 Authentic: <144><164><19>@d<164>t2<1><154><3>wq<152>E<15> Attributes: Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 34119 Code: Accounting-Request Identifier: 45 Authentic: #<216>:<150><156><149>i'<130><217><178><249><232><192><160><132> Attributes: User-Name = "90227544" Service-Type =
Re: (RADIATOR) Hook in different language other than Perl
Hello Ganbold - Yes you can do as you show below, but you will probably need to use an AuthByPolicy to control the execution of the AuthBy clauses. See section 6.23.1 in the Radiator 3.6 reference manual. regards Hugh On Wednesday, Aug 20, 2003, at 13:22 Australia/Melbourne, Ganbold wrote: Hi Hugh, So it means that I can use external program instead of hooks? I attached 2 config files, one uses hooks and another on supposed to use external program. Is the new config that uses external program suppose to do same thing as previous config with hooks? Below is new config file that suppose to use external program: --- --- Foreground Trace 4 AuthPort1645 AcctPort1646 LogDir /var/log/radius LogFile %L/logfilevoice DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary Secret xxx NasType Cisco SNMPCommunity xxx StatusServerShowClientDetails # authby clause for ACCOUNTING DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier VoipSQLAcctOnly AuthSelect AccountingTable voip_accounting AccountingStopsOnly AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef card_number,User-Name # authby clause for credit_time DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier CreditTime AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return- code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null AuthColumnDef 0, Password, check AuthColumnDef 2, cisco-h323-return-code, reply AccountingTable DefaultSimultaneousUse 1 RejectEmptyPassword # authby clause for first second authorizarion DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier CreditAmount AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return- code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null AuthColumnDef 0, Password, check AuthColumnDef 1, cisco-h323-credit-amount, reply AuthColumnDef 2, cisco-h323-return-code, reply AuthColumnDef 3, cisco-h323-preferred-lang, reply AuthColumnDef 4, cisco-h323-billing-model, reply AccountingTable DefaultSimultaneousUse 1 RejectEmptyPassword # authby clause for transfer balance DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier SqlTransferBal AuthSelect select concat('h323-credit-amount=',creditamount),'h323-return-code=0' from cards where locate(cardnumber,'%n')=1 and creditamount >= trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323- credit-amount}')+1)) and status='Active' AuthColumnDef 0, cisco-h323-credit-amount, reply AuthColumnDef 1, cisco-h323-return-code, reply AccountingTable DefaultSimultaneousUse 1 RejectEmptyPassword Identifier CalculateCreditAmountUsed Command /usr/local/bin/CalculateCreditAmountUsed Identifier CalculateCreditTime Command /usr/local/bin/CalculateCreditTime Identifier TransferBalance Command /usr/local/bin/TransferBalance Identifier ChangePin Command /usr/local/bin/ChangePin Identifier CheckPrepaidVoip Command /usr/local/bin/CheckPrepaidVoip AuthBy CalculateCreditAmountUsed AuthBy VoipSQLAcctOnly RejectHasReason AccountingHandled AuthBy SqlTransferBal AuthBy TransferBalance RejectHasReason AccountingHandled AuthBy CreditTime AuthBy CalculateCreditTime AuthBy ChangePin RejectHasReason AccountingHandled SessionDatabase SQL1 AuthBy CreditAmount AuthBy CheckPrepaidVoip DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier SQL1 AddQuery DeleteQuery ClearNasQuery delete from voip_online where NASIDENTIFIER='%N' CountQuery --- --- Below is the original config file with hooks --- Foreground Trace 4 AuthPort1645 AcctPort1646 L
Re: (RADIATOR) Hook in different language other than Perl
Hi Hugh, So it means that I can use external program instead of hooks? I attached 2 config files, one uses hooks and another on supposed to use external program. Is the new config that uses external program suppose to do same thing as previous config with hooks? Below is new config file that suppose to use external program: -- Foreground Trace 4 AuthPort1645 AcctPort1646 LogDir /var/log/radius LogFile %L/logfilevoice DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary Secret xxx NasType Cisco SNMPCommunity xxx StatusServerShowClientDetails # authby clause for ACCOUNTING DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier VoipSQLAcctOnly AuthSelect AccountingTable voip_accounting AccountingStopsOnly AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef card_number,User-Name # authby clause for credit_time DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier CreditTime AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return-code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null AuthColumnDef 0, Password, check AuthColumnDef 2, cisco-h323-return-code, reply AccountingTable DefaultSimultaneousUse 1 RejectEmptyPassword # authby clause for first second authorizarion DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier CreditAmount AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return-code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null AuthColumnDef 0, Password, check AuthColumnDef 1, cisco-h323-credit-amount, reply AuthColumnDef 2, cisco-h323-return-code, reply AuthColumnDef 3, cisco-h323-preferred-lang, reply AuthColumnDef 4, cisco-h323-billing-model, reply AccountingTable DefaultSimultaneousUse 1 RejectEmptyPassword # authby clause for transfer balance DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier SqlTransferBal AuthSelect select concat('h323-credit-amount=',creditamount),'h323-return-code=0' from cards where locate(cardnumber,'%n')=1 and creditamount >= trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323-credit-amount}')+1)) and status='Active' AuthColumnDef 0, cisco-h323-credit-amount, reply AuthColumnDef 1, cisco-h323-return-code, reply AccountingTable DefaultSimultaneousUse 1 RejectEmptyPassword Identifier CalculateCreditAmountUsed Command /usr/local/bin/CalculateCreditAmountUsed Identifier CalculateCreditTime Command /usr/local/bin/CalculateCreditTime Identifier TransferBalance Command /usr/local/bin/TransferBalance Identifier ChangePin Command /usr/local/bin/ChangePin Identifier CheckPrepaidVoip Command /usr/local/bin/CheckPrepaidVoip AuthBy CalculateCreditAmountUsed AuthBy VoipSQLAcctOnly RejectHasReason AccountingHandled AuthBy SqlTransferBal AuthBy TransferBalance RejectHasReason AccountingHandled AuthBy CreditTime AuthBy CalculateCreditTime AuthBy ChangePin RejectHasReason AccountingHandled SessionDatabase SQL1 AuthBy CreditAmount AuthBy CheckPrepaidVoip DBSourcedbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass Identifier SQL1 AddQuery DeleteQuery ClearNasQuery delete from voip_online where NASIDENTIFIER='%N' CountQuery -- Below is the original config file with hooks --- Foreground Trace 4 AuthPort1645 AcctPort1646 LogDir /var/log/radius LogFile %L/logfilevoice DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary Secret xxx NasType Cisco SNMPCommunity xxx StatusServerShowClientDetails # authby clause for ACCOUNTING DBSourcedbi:mysql:db:localhost DBUsername d
Re: (RADIATOR) Authentication result codes list?
Hi, You will find all the information in RFC 2865. This document will help you to understand the protocol. Don't forget to take a look at rfc 2866 (RADIUS Accounting). Regards. Geoffrey -Message d'origine- De : John McFadden [mailto:[EMAIL PROTECTED] Envoyé : mardi 19 août 2003 21:29 À : [EMAIL PROTECTED] Objet : (RADIATOR) Authentication result codes list? I fairly green to Radius and Radiator so please excuse my ignorance. I'm writing a post auth hook and want to make sure I cover all the various conditions. ie: I'll want to check and act on the result an AuthBy LDAP2. I understand it can be ACCEPT or REJECT but I'm wondering if I need to handle other results such as IGNORE? If so where do I get the full list of possible results? Any pointers are appreciated? Thanks in advance John McFadden === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authentication result codes list?
I fairly green to Radius and Radiator so please excuse my ignorance. I'm writing a post auth hook and want to make sure I cover all the various conditions. ie: I'll want to check and act on the result an AuthBy LDAP2. I understand it can be ACCEPT or REJECT but I'm wondering if I need to handle other results such as IGNORE? If so where do I get the full list of possible results? Any pointers are appreciated? Thanks in advance John McFadden === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) startup script for radiator on solaris sparc
Hi Richard, Hi Roland, Hi All. Thanks. I got it all set up now. Rebooted the box and it came up with radius running. Thanks. Tunde I. - Original Message - From: "Richard Grantham" <[EMAIL PROTECTED]> To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 12:52 PM Subject: Re: (RADIATOR) startup script for radiator on solaris sparc > Hello, > > I use this as /etc/init.d/radiusd. You may find it useful seeing as you > are and Oracle person. What you should do is link /etc/rc2.d/S80radiusd > and /etc/rc0.d/K80radiusd to this script too. This will start Radiator > in run level 2 and stop it in run level 0. > > Richard > > -- SNIP -- > #!/bin/sh > > ORACLE_SID=SID > ORACLE_HOME=/PATH/TO/ORACLE/HOME > LD_LIBRARY_PATH=$ORACLE_HOME/lib > PATH=/sbin:/bin:/usr/local/bin > > export ORACLE_SID ORACLE_HOME LD_LIBRARY_PATH PATH > > case "$1" in > 'start') > radiusd > ;; > 'stop') > kill `cat /var/run/radiusd.pid` > ;; > 'restart') > kill -HUP `cat /var/run/radiusd.pid` > ;; > esac === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: startup script for radiator on solaris sparc
Hi Ayotunde! On Tue, 19 Aug 2003, Ayotunde Itayemi wrote: > Does anyone have a startup script I could use on a Solaris 8 SPARC box? > Pls attach instructions for installation :-) I use the attached one (in different variants for several radiator instances). Tscho Roland #!/bin/sh # # Radiator Start/Stop Skript # # (c) 2002-2003 Roland Rosenfeld <[EMAIL PROTECTED]> # # $Id$ SERVICE="radiator LAN-DSL Cisco authentisierung" RADIATOR=/usr/local/bin/radiusd CONFIG=/usr/local/radiator/radius_clandsl_auth.cfg PIDFILE=`grep -i '^PidFile' $CONFIG | sed 's/^PidFile[ ]*//'` case "$1" in start) echo "starting $SERVICE ..." $RADIATOR -config_file $CONFIG >/dev/null & ;; stop) echo "stopping $SERVICE ..." kill -15 `cat $PIDFILE` ;; restart) echo "restarting $SERVICE ..." kill -1 `cat $PIDFILE` ;; *) echo "`basename $0`: $SERVICE" echo "Usage: $0 { start | stop | restart }" exit 1 ;; esac exit 0
(RADIATOR) startup script for radiator on solaris sparc
Hi All, Does anyone have a startup script I could use on a Solaris 8 SPARC box? Pls attach instructions for installation :-) Thanks. Regards, Tunde Itayemi.
(RADIATOR) prepaid customers
I'm newbie and I'd like to know if radiator can support the prepaid account. We are a new wisp and sell in the public spaces access to the internet for 1 hour using some cards. Can radius disconnect the client after the hour is expired? can you give my a logial explanation af all processes? Thanks in advance. Rosario
Re: (RADIATOR) Hook in different language other than Perl
Hello Ganbold - You can always use the AuthBy EXTERNAL clause to call an external program in whatever language you prefer. What do you mean by "compile or decrypt the hook codes"? Note that the hooks in Radiator *are* compiled at run time, as is the rest of Radiator. regards Hugh On Tuesday, Aug 19, 2003, at 16:00 Australia/Melbourne, Ganbold wrote: Hi, Is it possible to write various hooks in language other than perl (for example in C)? Or is there anyway to compile or decrypt the hook codes? tia, Ganbold Micom Co., Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.