date:20031103

(RADIATOR) Restricted logins.

2003-11-03 Thread Wesley Hof

Hi List,

How can I setup radiator to accept only 1 authentication / user?

For example: User with username abc123 is already connected (Start-record recieved), 
at that time when a other customer tries connecting with that user to, he should get a 
deny. So no multiple logins.

I already searched the lists, and to the radiator reference manual sections:
- 6.17.15
- 13.1.14
- 6.16.3

The only problem I have is that I can't rely on my accounting data.

I also found something called a ping check ? Can someone explain this ?

Are there any other ways to do it without relying on the accounting data?

Thanks in advance!
W.
Wesley

--
(o_  Wesley Hof
//\  UNIX System Engineer
V_/_ UNInet ))) A Scarlet Company
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) MSSQL connection failure

2003-11-03 Thread Alan Murrell

Hello,

We use Platypus for our billing and dialup authentication.  Over the weekend, we had a 
failure of Radiator (version 2.18.2 running on a Linux server) connecting to the 
Platypus database.  The erros recorded in the log are:

---
Sun Nov  2 07:05:36 2003: ERR: Could not connect to SQL database with DBI-connect 
dbi:ODBC:dbserver, dbuser, dbpass:  Could not find Database parameter (SQL-08001)(DBD: 
db_login/SQLConnect err=-1)
---

Note: in the above, 'dbserver', 'dbuser', and 'dbpass' are stand-ins for the actual 
values for the purposes of this posting, but rest assured, the true values are correct.

I ran a script I have, 'restartradius', which kills the radiusd process and restarts 
it (via inetd), and runs 'radpwtest' to test logins.  This worked, and brought RADIUS 
back to life.

I was wondering if anyone had any ideas as to the cause of this error?

TIA,

Alan Murrell [EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Restricted logins.

2003-11-03 Thread Andrew Stevenson

On Mon, 3 Nov 2003, Wesley Hof wrote:

 How can I setup radiator to accept only 1 authentication / user?

Use a SessionDatabase and make sure your NAS has the correct type
specified.

When the user tries to authenticate your authentication system (such as
AuthSQL) can return the number of simultaneous logins allowed. If the
session DB tells radiator that the user is already logged on radiator can
use the NAS type to find a way to query the NAS to confirm that.

Andrew
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Restricted logins.

2003-11-03 Thread Hugh Irvine

Hello Wesley -

What you are describing is a session database with simultaneous use 
checking.

Unfortunately the accounting data is used to add and remove records to 
the session database (starts add and stops remove), so if you cannot 
rely on the accounting data there is not much you can do.

If you specify a NasType in a Client clause then the NAS will be 
queried when a simultaneous use exception is detected. There are 
various types of NAS query supported, one of which is Ping. This 
tells Radiator to ping the IP address of the connected session to 
ascertain whether it is still up or not. Note however that this is only 
useful in very limited situations and only when you have accurate 
entires in the session database.

regards

Hugh

On 03/11/2003, at 7:18 PM, Wesley Hof wrote:

Hi List,

How can I setup radiator to accept only 1 authentication / user?

For example: User with username abc123 is already connected 
(Start-record recieved), at that time when a other customer tries 
connecting with that user to, he should get a deny. So no multiple 
logins.

I already searched the lists, and to the radiator reference manual 
sections:
- 6.17.15
- 13.1.14
- 6.16.3

The only problem I have is that I can't rely on my accounting data.

I also found something called a ping check ? Can someone explain 
this ?

Are there any other ways to do it without relying on the accounting 
data?

Thanks in advance!
W.
Wesley
--
(o_  Wesley Hof
//\  UNIX System Engineer
V_/_ UNInet ))) A Scarlet Company
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Hook Between AuthBy

2003-11-03 Thread Harrison Ng

Title: Hook Between AuthBy





Hi,


My problem is adding country code (ie. 852) to Calling-Station-Id attribute after LDAP query,
and _before_ forward to another radius server (see below config). How can I do this?


Regards,
Harrison




AuthBy LDAP2


 Identifier GUP_Dipping


 AuthenticateAccounting


 Host x.x.x.x
 Port 389


 AuthDN uid=xxx,ou=xxx,o=xxx
 AuthPassword xxx


 BaseDN ou=xxx,ou=xxx,o=xxx
 Scope one


 SearchFilter (smcAMSISDN=%{Class})


 AuthAttrDef smcSubscriberNumber,Calling-Station-Id,request



/AuthBy LDAP2



AuthBy RADIUS


 Identifier test_forwarding


 NoForwardAuthentication
 IgnoreAccountingResponse


 Host x.x.x.x
 Secret xxx


 StripFromRequest Ericsson-Juniper,Class


 AuthPort
 AcctPort 1646


 Retries 0
 RetryTimeout 2
 FailureBackoffTime 30


/AuthBy



Handler Client-Id=localhost,Request-Type=Accounting-Request,Calling-Station-Id=852192507893


 RejectHasReason


 AccountingHandled


 PreAuthHook file:%D/MakeClassForGUP


 AuthByPolicy ContinueAlways


 AuthBy GUP_Dipping


 ### Remark:-
 ### I need to add country code to Calling-Station-Id before doing next AuthBy
 ### How can I add hook here?


 AuthBy test_forwarding


 AcctLogFileName /%L/%c/%{GlobalVar:servername}.%c.detail.%Y%m%d
 PasswordLogFileName /%L/%{GlobalVar:servername}.password.%Y%m%d


/Handler



** This Email is virus-scanned and identified clean.

Re: (RADIATOR) Hook Between AuthBy

2003-11-03 Thread Hugh Irvine

Hello Harrison -

You should use an AuthBy GROUP and an AuthBy INTERNAL:

AuthBy GROUP
AuthByPolicy ContinueWhileAccept
AuthBy LDAP2
.
/AuthBy
AuthBy INTERNAL
DefaultResult ACCEPT
AuthHook .
/Authby
AuthBy RADIUS
.
/AuthBy
/AuthBy
regards

Hugh

On 04/11/2003, at 1:58 PM, Harrison Ng wrote:

Hi,

My problem is adding country code (ie. 852) to Calling-Station-Id  
attribute after LDAP query,
and _before_ forward to another radius server (see below config). How  
can I do this?

Regards,
Harrison


AuthBy LDAP2

    Identifier GUP_Dipping

    AuthenticateAccounting

    Host x.x.x.x
    Port 389
    AuthDN uid=xxx,ou=xxx,o=xxx
    AuthPassword xxx
    BaseDN ou=xxx,ou=xxx,o=xxx
    Scope one
    SearchFilter (smcAMSISDN=%{Class})

    AuthAttrDef smcSubscriberNumber,Calling-Station-Id,request



/AuthBy LDAP2



AuthBy RADIUS

    Identifier test_forwarding

    NoForwardAuthentication
    IgnoreAccountingResponse
    Host x.x.x.x
    Secret xxx
    StripFromRequest Ericsson-Juniper,Class

    AuthPort
    AcctPort 1646
    Retries 0
    RetryTimeout 2
    FailureBackoffTime 30
/AuthBy



Handler  
Client-Id=localhost,Request-Type=Accounting-Request,Calling-Station- 
Id=852192507893

    RejectHasReason

    AccountingHandled

    PreAuthHook file:%D/MakeClassForGUP

    AuthByPolicy ContinueAlways

    AuthBy GUP_Dipping

    ### Remark:-
    ### I need to add country code to Calling-Station-Id before  
doing next AuthBy
    ### How can I add hook here?

    AuthBy test_forwarding

    AcctLogFileName /%L/%c/%{GlobalVar:servername}.%c.detail.%Y%m%d
    PasswordLogFileName /%L/%{GlobalVar:servername}.password.%Y%m%d
/Handler
InterScan_Disclaimer.txt
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Restricted logins.

(RADIATOR) MSSQL connection failure

Re: (RADIATOR) Restricted logins.

Re: (RADIATOR) Restricted logins.

(RADIATOR) Hook Between AuthBy

Re: (RADIATOR) Hook Between AuthBy

6 matches

Site Navigation

Mail list logo

Footer information