(RADIATOR) Restricted logins.
Hi List, How can I setup radiator to accept only 1 authentication / user? For example: User with username abc123 is already connected (Start-record recieved), at that time when a other customer tries connecting with that user to, he should get a deny. So no multiple logins. I already searched the lists, and to the radiator reference manual sections: - 6.17.15 - 13.1.14 - 6.16.3 The only problem I have is that I can't rely on my accounting data. I also found something called a ping check ? Can someone explain this ? Are there any other ways to do it without relying on the accounting data? Thanks in advance! W. Wesley -- (o_ Wesley Hof //\ UNIX System Engineer V_/_ UNInet ))) A Scarlet Company === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MSSQL connection failure
Hello, We use Platypus for our billing and dialup authentication. Over the weekend, we had a failure of Radiator (version 2.18.2 running on a Linux server) connecting to the Platypus database. The erros recorded in the log are: --- Sun Nov 2 07:05:36 2003: ERR: Could not connect to SQL database with DBI-connect dbi:ODBC:dbserver, dbuser, dbpass: Could not find Database parameter (SQL-08001)(DBD: db_login/SQLConnect err=-1) --- Note: in the above, 'dbserver', 'dbuser', and 'dbpass' are stand-ins for the actual values for the purposes of this posting, but rest assured, the true values are correct. I ran a script I have, 'restartradius', which kills the radiusd process and restarts it (via inetd), and runs 'radpwtest' to test logins. This worked, and brought RADIUS back to life. I was wondering if anyone had any ideas as to the cause of this error? TIA, Alan Murrell [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Restricted logins.
On Mon, 3 Nov 2003, Wesley Hof wrote: How can I setup radiator to accept only 1 authentication / user? Use a SessionDatabase and make sure your NAS has the correct type specified. When the user tries to authenticate your authentication system (such as AuthSQL) can return the number of simultaneous logins allowed. If the session DB tells radiator that the user is already logged on radiator can use the NAS type to find a way to query the NAS to confirm that. Andrew === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Restricted logins.
Hello Wesley - What you are describing is a session database with simultaneous use checking. Unfortunately the accounting data is used to add and remove records to the session database (starts add and stops remove), so if you cannot rely on the accounting data there is not much you can do. If you specify a NasType in a Client clause then the NAS will be queried when a simultaneous use exception is detected. There are various types of NAS query supported, one of which is Ping. This tells Radiator to ping the IP address of the connected session to ascertain whether it is still up or not. Note however that this is only useful in very limited situations and only when you have accurate entires in the session database. regards Hugh On 03/11/2003, at 7:18 PM, Wesley Hof wrote: Hi List, How can I setup radiator to accept only 1 authentication / user? For example: User with username abc123 is already connected (Start-record recieved), at that time when a other customer tries connecting with that user to, he should get a deny. So no multiple logins. I already searched the lists, and to the radiator reference manual sections: - 6.17.15 - 13.1.14 - 6.16.3 The only problem I have is that I can't rely on my accounting data. I also found something called a ping check ? Can someone explain this ? Are there any other ways to do it without relying on the accounting data? Thanks in advance! W. Wesley -- (o_ Wesley Hof //\ UNIX System Engineer V_/_ UNInet ))) A Scarlet Company === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Hook Between AuthBy
Title: Hook Between AuthBy Hi, My problem is adding country code (ie. 852) to Calling-Station-Id attribute after LDAP query, and _before_ forward to another radius server (see below config). How can I do this? Regards, Harrison AuthBy LDAP2 Identifier GUP_Dipping AuthenticateAccounting Host x.x.x.x Port 389 AuthDN uid=xxx,ou=xxx,o=xxx AuthPassword xxx BaseDN ou=xxx,ou=xxx,o=xxx Scope one SearchFilter (smcAMSISDN=%{Class}) AuthAttrDef smcSubscriberNumber,Calling-Station-Id,request /AuthBy LDAP2 AuthBy RADIUS Identifier test_forwarding NoForwardAuthentication IgnoreAccountingResponse Host x.x.x.x Secret xxx StripFromRequest Ericsson-Juniper,Class AuthPort AcctPort 1646 Retries 0 RetryTimeout 2 FailureBackoffTime 30 /AuthBy Handler Client-Id=localhost,Request-Type=Accounting-Request,Calling-Station-Id=852192507893 RejectHasReason AccountingHandled PreAuthHook file:%D/MakeClassForGUP AuthByPolicy ContinueAlways AuthBy GUP_Dipping ### Remark:- ### I need to add country code to Calling-Station-Id before doing next AuthBy ### How can I add hook here? AuthBy test_forwarding AcctLogFileName /%L/%c/%{GlobalVar:servername}.%c.detail.%Y%m%d PasswordLogFileName /%L/%{GlobalVar:servername}.password.%Y%m%d /Handler ** This Email is virus-scanned and identified clean.
Re: (RADIATOR) Hook Between AuthBy
Hello Harrison - You should use an AuthBy GROUP and an AuthBy INTERNAL: AuthBy GROUP AuthByPolicy ContinueWhileAccept AuthBy LDAP2 . /AuthBy AuthBy INTERNAL DefaultResult ACCEPT AuthHook . /Authby AuthBy RADIUS . /AuthBy /AuthBy regards Hugh On 04/11/2003, at 1:58 PM, Harrison Ng wrote: Hi, My problem is adding country code (ie. 852) to Calling-Station-Id attribute after LDAP query, and _before_ forward to another radius server (see below config). How can I do this? Regards, Harrison AuthBy LDAP2 Identifier GUP_Dipping AuthenticateAccounting Host x.x.x.x Port 389 AuthDN uid=xxx,ou=xxx,o=xxx AuthPassword xxx BaseDN ou=xxx,ou=xxx,o=xxx Scope one SearchFilter (smcAMSISDN=%{Class}) AuthAttrDef smcSubscriberNumber,Calling-Station-Id,request /AuthBy LDAP2 AuthBy RADIUS Identifier test_forwarding NoForwardAuthentication IgnoreAccountingResponse Host x.x.x.x Secret xxx StripFromRequest Ericsson-Juniper,Class AuthPort AcctPort 1646 Retries 0 RetryTimeout 2 FailureBackoffTime 30 /AuthBy Handler Client-Id=localhost,Request-Type=Accounting-Request,Calling-Station- Id=852192507893 RejectHasReason AccountingHandled PreAuthHook file:%D/MakeClassForGUP AuthByPolicy ContinueAlways AuthBy GUP_Dipping ### Remark:- ### I need to add country code to Calling-Station-Id before doing next AuthBy ### How can I add hook here? AuthBy test_forwarding AcctLogFileName /%L/%c/%{GlobalVar:servername}.%c.detail.%Y%m%d PasswordLogFileName /%L/%{GlobalVar:servername}.password.%Y%m%d /Handler InterScan_Disclaimer.txt NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.