Re: (RADIATOR) Authentication result codes list?
Hello John - You will find everything you need in the source code. Here are the return values that are defined in "Radius/AuthGeneric.pm": # Return codes for handle_request $main::ACCEPT = 0; # Issue an accept for us $main::REJECT = 1; # Issue a reject for us $main::IGNORE = 2; # Dont reply at all $main::CHALLENGE = 3; # Issue a challenge $main::REJECT_IMMEDIATE = 4; # Reject, and dont fall through To understand more about the LDAP return codes you should check the source code for the Perl LDAP module that you are using - and of course don't forget to look at the code in "Radius/AuthLDAP2.pm". There are also a number of example hooks in the file "goodies/hooks.txt". regards Hugh ps - "may the source be with you..." On Wednesday, Aug 20, 2003, at 05:28 Australia/Melbourne, John McFadden wrote: I fairly green to Radius and Radiator so please excuse my ignorance. I'm writing a post auth hook and want to make sure I cover all the various conditions. ie: I'll want to check and act on the result an AuthBy LDAP2. I understand it can be ACCEPT or REJECT but I'm wondering if I need to handle other results such as IGNORE? If so where do I get the full list of possible results? Any pointers are appreciated? Thanks in advance John McFadden === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) prepaid customers
Hello Rosario - Yes Radiator can be used in a prepaid environment. This topic has been discussed many times on the Radiator mailing list: www.open.com.au/archives/radiator And you will find an example configuration file in "goodies/prepaid.cfg". Basically you will need to keep your user records in an SQL database so you can keep track of the time left for each user. Note that your wireless access points will need to generate radius accounting records and they will also need to honour the radius attribute "Session-Timeout ...". regards Hugh On Tuesday, Aug 19, 2003, at 20:22 Australia/Melbourne, Rosario Pingaro wrote: I'm newbie and I'd like to know if radiator can support the prepaid account. We are a new wisp and sell in the public spaces access to the internet for 1 hour using some cards. Can radius disconnect the client after the hour is expired? can you give my a logial explanation af all processes? Thanks in advance. Rosario NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
(RADIATOR) AuthBY URL problem on https
Dear support, My customer is using Radiator 3.6 and AuthBY URL and running via https. I have installed 1.Install MD5 2.Install module openssl-0.9.7b 3. ./config --openssldir=/usr/local/openssl 4. Install Crypt-SSLeay-0.51 5. Install module uri-1.24 6. Install MIME BASE64 7. Install IO-Socket-SSL 8. Install Net-SSLeay 9. Install module libwww-perl-5.69 My url.cfg: = # This clause identifies the URL that will be used to authenticate the username and passw ord. # the request wil be POSTed to www.mysite.com/test.cgi # The username will be bassed in a tag named 'u'. The password will be MD5 encrypted # and passed in the tag called 'c'. # IF the page returned by the web server contains the words 'all ok' then the # authentication succeeds. Identifier AURL Debug 4 AuthUrl https://mms1.hkcsl.com/servlet/iPass.UserAuth Timeout 60 UserParam mrt PasswordParam pwd UrlMethod POST BadPasswordKeyword "2" BadUserKeyword "5" AuthOKKeyword "0" PasswordEncryption Clear # This clause specifies to handle all authentication request with the AuthBy URL above AuthBy AURL == When i run #./radiusd -config_file url.cfg, then run the radpwtst The output from radiusd - bash-2.03# ./radiusd -config_file config/url.cfg Wed Aug 20 11:53:24 2003: DEBUG: AuthUrl loaded Wed Aug 20 11:53:24 2003: DEBUG: New Radius::AuthURL constructed Wed Aug 20 11:53:24 2003: DEBUG: Finished reading configuration file 'config/url.cfg' Wed Aug 20 11:53:24 2003: DEBUG: Reading dictionary file './dictionary' Wed Aug 20 11:53:24 2003: DEBUG: Creating authentication port 0.0.0.0:1645 Wed Aug 20 11:53:24 2003: DEBUG: Creating accounting port 0.0.0.0:1646 Wed Aug 20 11:53:24 2003: NOTICE: Server started: Radiator 3.6 on IDRSA Wed Aug 20 11:53:28 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 34119 Code: Access-Request Identifier: 43 Authentic: 1234567890123456 Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "90227544" NAS-Port-Type = Async User-Password = "<192><187>m<159><152>i6<194><188>8<9><160><216>}x<153>" Wed Aug 20 11:53:28 2003: DEBUG: Handling request with Handler 'Realm=' Wed Aug 20 11:53:28 2003: DEBUG: Deleting session for 90227544, 203.63.154.1, 1234 Code: Access-Request Identifier: 43 Authentic: 1234567890123456 Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "90227544" NAS-Port-Type = Async User-Password = "<192><187>m<159><152>i6<194><188>8<9><160><216>}x<153>" Wed Aug 20 11:53:43 2003: DEBUG: AuthUrl HTTP Bad Request for 90227544 Wed Aug 20 11:53:43 2003: INFO: Access rejected for 90227544: HTTP Bad Request for 90227544 Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 34119 Code: Access-Reject Identifier: 43 Authentic: 1234567890123456 Attributes: Reply-Message = "Request Denied" Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 34119 Code: Accounting-Request Identifier: 44 Authentic: <144><164><19>@d<164>t2<1><154><3>wq<152>E<15> Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "90227544" Acct-Delay-Time = 0 Wed Aug 20 11:53:43 2003: DEBUG: Handling request with Handler 'Realm=' Wed Aug 20 11:53:43 2003: DEBUG: Adding session for 90227544, 203.63.154.1, 1234 Code: Accounting-Request Identifier: 44 Authentic: <144><164><19>@d<164>t2<1><154><3>wq<152>E<15> Attributes: User-Name = "90227544" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "90227544" Acct-Delay-Time = 0 Timestamp = 1061351623 Wed Aug 20 11:53:43 2003: DEBUG: Accounting accepted Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 34119 Code: Accounting-Response Identifier: 44 Authentic: <144><164><19>@d<164>t2<1><154><3>wq<152>E<15> Attributes: Wed Aug 20 11:53:43 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 34119 Code: Accounting-Request Identifier: 45 Authentic: #<216>:<150><156><149>i'<130><217><178><249><232><192><160><132> Attributes: User-Name = "90227544" Service-Type =
Re: (RADIATOR) Hook in different language other than Perl
Hello Ganbold -
Yes you can do as you show below, but you will probably need to use an
AuthByPolicy to control the execution of the AuthBy clauses. See
section 6.23.1 in the Radiator 3.6 reference manual.
regards
Hugh
On Wednesday, Aug 20, 2003, at 13:22 Australia/Melbourne, Ganbold wrote:
Hi Hugh,
So it means that I can use external program instead of hooks?
I attached 2 config files, one uses hooks and another on supposed to
use external program.
Is the new config that uses external program suppose to do same thing
as previous config with hooks?
Below is new config file that suppose to use external program:
---
---
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir /var/log/radius
LogFile %L/logfilevoice
DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
Secret xxx
NasType Cisco
SNMPCommunity xxx
StatusServerShowClientDetails
# authby clause for ACCOUNTING
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier VoipSQLAcctOnly
AuthSelect
AccountingTable voip_accounting
AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef cisco_nas_port,Cisco-NAS-Port
AcctColumnDef card_number,User-Name
# authby clause for credit_time
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier CreditTime
AuthSelect select
pin,concat('h323-credit-amount=',creditamount),'h323-return-
code=0','h323-preferred-lang=en','h323-billing-model=1' from cards
where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check
AuthColumnDef 2, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
# authby clause for first second authorizarion
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier CreditAmount
AuthSelect select
pin,concat('h323-credit-amount=',creditamount),'h323-return-
code=0','h323-preferred-lang=en','h323-billing-model=1' from cards
where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check
AuthColumnDef 1, cisco-h323-credit-amount, reply
AuthColumnDef 2, cisco-h323-return-code, reply
AuthColumnDef 3, cisco-h323-preferred-lang, reply
AuthColumnDef 4, cisco-h323-billing-model, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
# authby clause for transfer balance
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier SqlTransferBal
AuthSelect select
concat('h323-credit-amount=',creditamount),'h323-return-code=0' from
cards where locate(cardnumber,'%n')=1 and creditamount >=
trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323-
credit-amount}')+1)) and status='Active'
AuthColumnDef 0, cisco-h323-credit-amount, reply
AuthColumnDef 1, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
Identifier CalculateCreditAmountUsed
Command /usr/local/bin/CalculateCreditAmountUsed
Identifier CalculateCreditTime
Command /usr/local/bin/CalculateCreditTime
Identifier TransferBalance
Command /usr/local/bin/TransferBalance
Identifier ChangePin
Command /usr/local/bin/ChangePin
Identifier CheckPrepaidVoip
Command /usr/local/bin/CheckPrepaidVoip
AuthBy CalculateCreditAmountUsed
AuthBy VoipSQLAcctOnly
RejectHasReason
AccountingHandled
AuthBy SqlTransferBal
AuthBy TransferBalance
RejectHasReason
AccountingHandled
AuthBy CreditTime
AuthBy CalculateCreditTime
AuthBy ChangePin
RejectHasReason
AccountingHandled
SessionDatabase SQL1
AuthBy CreditAmount
AuthBy CheckPrepaidVoip
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier SQL1
AddQuery
DeleteQuery
ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
CountQuery
---
---
Below is the original config file with hooks
---
Foreground
Trace 4
AuthPort1645
AcctPort1646
L
Re: (RADIATOR) Hook in different language other than Perl
Hi Hugh,
So it means that I can use external program instead of hooks?
I attached 2 config files, one uses hooks and another on supposed to use
external program.
Is the new config that uses external program suppose to do same thing as
previous config with hooks?
Below is new config file that suppose to use external program:
--
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir /var/log/radius
LogFile %L/logfilevoice
DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
Secret xxx
NasType Cisco
SNMPCommunity xxx
StatusServerShowClientDetails
# authby clause for ACCOUNTING
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier VoipSQLAcctOnly
AuthSelect
AccountingTable voip_accounting
AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef cisco_nas_port,Cisco-NAS-Port
AcctColumnDef card_number,User-Name
# authby clause for credit_time
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier CreditTime
AuthSelect select
pin,concat('h323-credit-amount=',creditamount),'h323-return-code=0','h323-preferred-lang=en','h323-billing-model=1'
from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check
AuthColumnDef 2, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
# authby clause for first second authorizarion
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier CreditAmount
AuthSelect select
pin,concat('h323-credit-amount=',creditamount),'h323-return-code=0','h323-preferred-lang=en','h323-billing-model=1'
from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check
AuthColumnDef 1, cisco-h323-credit-amount, reply
AuthColumnDef 2, cisco-h323-return-code, reply
AuthColumnDef 3, cisco-h323-preferred-lang, reply
AuthColumnDef 4, cisco-h323-billing-model, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
# authby clause for transfer balance
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier SqlTransferBal
AuthSelect select
concat('h323-credit-amount=',creditamount),'h323-return-code=0' from cards
where locate(cardnumber,'%n')=1 and creditamount >=
trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323-credit-amount}')+1))
and status='Active'
AuthColumnDef 0, cisco-h323-credit-amount, reply
AuthColumnDef 1, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
Identifier CalculateCreditAmountUsed
Command /usr/local/bin/CalculateCreditAmountUsed
Identifier CalculateCreditTime
Command /usr/local/bin/CalculateCreditTime
Identifier TransferBalance
Command /usr/local/bin/TransferBalance
Identifier ChangePin
Command /usr/local/bin/ChangePin
Identifier CheckPrepaidVoip
Command /usr/local/bin/CheckPrepaidVoip
AuthBy CalculateCreditAmountUsed
AuthBy VoipSQLAcctOnly
RejectHasReason
AccountingHandled
AuthBy SqlTransferBal
AuthBy TransferBalance
RejectHasReason
AccountingHandled
AuthBy CreditTime
AuthBy CalculateCreditTime
AuthBy ChangePin
RejectHasReason
AccountingHandled
SessionDatabase SQL1
AuthBy CreditAmount
AuthBy CheckPrepaidVoip
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier SQL1
AddQuery
DeleteQuery
ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
CountQuery
--
Below is the original config file with hooks
---
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir /var/log/radius
LogFile %L/logfilevoice
DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
Secret xxx
NasType Cisco
SNMPCommunity xxx
StatusServerShowClientDetails
# authby clause for ACCOUNTING
DBSourcedbi:mysql:db:localhost
DBUsername d
Re: (RADIATOR) Authentication result codes list?
Hi, You will find all the information in RFC 2865. This document will help you to understand the protocol. Don't forget to take a look at rfc 2866 (RADIUS Accounting). Regards. Geoffrey -Message d'origine- De : John McFadden [mailto:[EMAIL PROTECTED] Envoyé : mardi 19 août 2003 21:29 À : [EMAIL PROTECTED] Objet : (RADIATOR) Authentication result codes list? I fairly green to Radius and Radiator so please excuse my ignorance. I'm writing a post auth hook and want to make sure I cover all the various conditions. ie: I'll want to check and act on the result an AuthBy LDAP2. I understand it can be ACCEPT or REJECT but I'm wondering if I need to handle other results such as IGNORE? If so where do I get the full list of possible results? Any pointers are appreciated? Thanks in advance John McFadden === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authentication result codes list?
I fairly green to Radius and Radiator so please excuse my ignorance. I'm writing a post auth hook and want to make sure I cover all the various conditions. ie: I'll want to check and act on the result an AuthBy LDAP2. I understand it can be ACCEPT or REJECT but I'm wondering if I need to handle other results such as IGNORE? If so where do I get the full list of possible results? Any pointers are appreciated? Thanks in advance John McFadden === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) startup script for radiator on solaris sparc
Hi Richard, Hi Roland, Hi All. Thanks. I got it all set up now. Rebooted the box and it came up with radius running. Thanks. Tunde I. - Original Message - From: "Richard Grantham" <[EMAIL PROTECTED]> To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 12:52 PM Subject: Re: (RADIATOR) startup script for radiator on solaris sparc > Hello, > > I use this as /etc/init.d/radiusd. You may find it useful seeing as you > are and Oracle person. What you should do is link /etc/rc2.d/S80radiusd > and /etc/rc0.d/K80radiusd to this script too. This will start Radiator > in run level 2 and stop it in run level 0. > > Richard > > -- SNIP -- > #!/bin/sh > > ORACLE_SID=SID > ORACLE_HOME=/PATH/TO/ORACLE/HOME > LD_LIBRARY_PATH=$ORACLE_HOME/lib > PATH=/sbin:/bin:/usr/local/bin > > export ORACLE_SID ORACLE_HOME LD_LIBRARY_PATH PATH > > case "$1" in > 'start') > radiusd > ;; > 'stop') > kill `cat /var/run/radiusd.pid` > ;; > 'restart') > kill -HUP `cat /var/run/radiusd.pid` > ;; > esac === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: startup script for radiator on solaris sparc
Hi Ayotunde!
On Tue, 19 Aug 2003, Ayotunde Itayemi wrote:
> Does anyone have a startup script I could use on a Solaris 8 SPARC box?
> Pls attach instructions for installation :-)
I use the attached one (in different variants for several radiator
instances).
Tscho
Roland
#!/bin/sh
#
# Radiator Start/Stop Skript
#
# (c) 2002-2003 Roland Rosenfeld <[EMAIL PROTECTED]>
#
# $Id$
SERVICE="radiator LAN-DSL Cisco authentisierung"
RADIATOR=/usr/local/bin/radiusd
CONFIG=/usr/local/radiator/radius_clandsl_auth.cfg
PIDFILE=`grep -i '^PidFile' $CONFIG | sed 's/^PidFile[ ]*//'`
case "$1" in
start)
echo "starting $SERVICE ..."
$RADIATOR -config_file $CONFIG >/dev/null &
;;
stop)
echo "stopping $SERVICE ..."
kill -15 `cat $PIDFILE`
;;
restart)
echo "restarting $SERVICE ..."
kill -1 `cat $PIDFILE`
;;
*)
echo "`basename $0`: $SERVICE"
echo "Usage: $0 { start | stop | restart }"
exit 1
;;
esac
exit 0
(RADIATOR) startup script for radiator on solaris sparc
Hi All, Does anyone have a startup script I could use on a Solaris 8 SPARC box? Pls attach instructions for installation :-) Thanks. Regards, Tunde Itayemi.
(RADIATOR) prepaid customers
I'm newbie and I'd like to know if radiator can support the prepaid account. We are a new wisp and sell in the public spaces access to the internet for 1 hour using some cards. Can radius disconnect the client after the hour is expired? can you give my a logial explanation af all processes? Thanks in advance. Rosario
Re: (RADIATOR) Hook in different language other than Perl
Hello Ganbold - You can always use the AuthBy EXTERNAL clause to call an external program in whatever language you prefer. What do you mean by "compile or decrypt the hook codes"? Note that the hooks in Radiator *are* compiled at run time, as is the rest of Radiator. regards Hugh On Tuesday, Aug 19, 2003, at 16:00 Australia/Melbourne, Ganbold wrote: Hi, Is it possible to write various hooks in language other than perl (for example in C)? Or is there anyway to compile or decrypt the hook codes? tia, Ganbold Micom Co., Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
