Re: [RADIATOR] Radiator CoA
Hi Hugh,
I jumped the gun.
Actually when passed zero radpwtst is sending an invalid size
MA(size=03). May be there is a bug in this utility. Please find attached
the logs.
Thanks & Regards,
. . . . Subash
Changing the Way We Live, Work, Play and Learn
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Wednesday, June 23, 2010 12:54 AM
To: Subash Comerica (subashtc)
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator CoA
Hello Subash -
As mentioned in my previous email:
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever Message-Authenticator=x
.
where "." are whatever attributes your NAS equipment expects in this
type of request.
regards
Hugh
On 22 Jun 2010, at 14:38, Subash Comerica (subashtc) wrote:
> Hi Hugh,
>Sure I will get back with some logs for others reference/FAQ.
>How do I make radpwtst utility send the MA attribute?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:52 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> The Message-Authenticator attribute is supported.
>
> If you find any problems let me know and I will get them fixed.
>
> And please let me know the results of your tests - I can add a FAQ
> item with your findings.
>
> regards
>
> Hugh
>
>
> On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
>
>> Hi Hugh,
>> Thanks. Any idea about the MA attribute? I will give this a shot.
>> How do I raise a bug on RADIATOR?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>>
>> -Original Message-
>> From: Hugh Irvine [mailto:h...@open.com.au]
>> Sent: Tuesday, June 22, 2010 11:09 PM
>> To: Subash Comerica (subashtc)
>> Cc: radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator CoA
>>
>>
>> Hello Subash -
>>
>> You can use the radpwtst utulity included with Radiator to generate
>> any RADIUS request, including Disconnect-Request and
> Change-Filter-Request.
>>
>> Something like this (using whatever attributes are required by your
>> NAS
>> equipment):
>>
>>
>> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
>> Change-Filter-Request User-Name=whatever .
>>
>>
>> Note that your NAS equipment must support and be configured for such
>> operation.
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>>
>>
>> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>>
>>> Hi All,
>>> I am trying to send a CoA message using Radiator. I tried
>> searching but couldn't find any documentation on how to do it.
>>> Can somebody please point me to any documentation?
>>> Does Radiator CoA support Message Authenticator as well?
>>>
>>> Thanks & Regards,
>>> . . . . Subash
>>> Changing the Way We Live, Work, Play and Learn
>>> ___
>>> radiator mailing list
>>> radiator@open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
>> translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had
Re: [RADIATOR] Radiator CoA
Hi Hugh,
I just verified and found it to work fine when MA=0 is sent.
Thanks & Regards,
. . . . Subash
Changing the Way We Live, Work, Play and Learn
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Wednesday, June 23, 2010 12:54 AM
To: Subash Comerica (subashtc)
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator CoA
Hello Subash -
As mentioned in my previous email:
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever Message-Authenticator=x
.
where "." are whatever attributes your NAS equipment expects in this
type of request.
regards
Hugh
On 22 Jun 2010, at 14:38, Subash Comerica (subashtc) wrote:
> Hi Hugh,
>Sure I will get back with some logs for others reference/FAQ.
>How do I make radpwtst utility send the MA attribute?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:52 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> The Message-Authenticator attribute is supported.
>
> If you find any problems let me know and I will get them fixed.
>
> And please let me know the results of your tests - I can add a FAQ
> item with your findings.
>
> regards
>
> Hugh
>
>
> On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
>
>> Hi Hugh,
>> Thanks. Any idea about the MA attribute? I will give this a shot.
>> How do I raise a bug on RADIATOR?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>>
>> -Original Message-
>> From: Hugh Irvine [mailto:h...@open.com.au]
>> Sent: Tuesday, June 22, 2010 11:09 PM
>> To: Subash Comerica (subashtc)
>> Cc: radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator CoA
>>
>>
>> Hello Subash -
>>
>> You can use the radpwtst utulity included with Radiator to generate
>> any RADIUS request, including Disconnect-Request and
> Change-Filter-Request.
>>
>> Something like this (using whatever attributes are required by your
>> NAS
>> equipment):
>>
>>
>> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
>> Change-Filter-Request User-Name=whatever .
>>
>>
>> Note that your NAS equipment must support and be configured for such
>> operation.
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>>
>>
>> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>>
>>> Hi All,
>>> I am trying to send a CoA message using Radiator. I tried
>> searching but couldn't find any documentation on how to do it.
>>> Can somebody please point me to any documentation?
>>> Does Radiator CoA support Message Authenticator as well?
>>>
>>> Thanks & Regards,
>>> . . . . Subash
>>> Changing the Way We Live, Work, Play and Learn
>>> ___
>>> radiator mailing list
>>> radiator@open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
>> translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets)
Re: [RADIATOR] Radiator CoA
Hi Hugh,
If I pass MA=0 will Radiator compute it for me since I don't want to
compute the hash over the complete packet.
For Eg: Freeradius radclient accepts MA=0 and computes it.
Thanks & Regards,
. . . . Subash
Changing the Way We Live, Work, Play and Learn
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Wednesday, June 23, 2010 12:54 AM
To: Subash Comerica (subashtc)
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator CoA
Hello Subash -
As mentioned in my previous email:
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever Message-Authenticator=x
.
where "." are whatever attributes your NAS equipment expects in this
type of request.
regards
Hugh
On 22 Jun 2010, at 14:38, Subash Comerica (subashtc) wrote:
> Hi Hugh,
>Sure I will get back with some logs for others reference/FAQ.
>How do I make radpwtst utility send the MA attribute?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:52 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> The Message-Authenticator attribute is supported.
>
> If you find any problems let me know and I will get them fixed.
>
> And please let me know the results of your tests - I can add a FAQ
> item with your findings.
>
> regards
>
> Hugh
>
>
> On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
>
>> Hi Hugh,
>> Thanks. Any idea about the MA attribute? I will give this a shot.
>> How do I raise a bug on RADIATOR?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>>
>> -Original Message-
>> From: Hugh Irvine [mailto:h...@open.com.au]
>> Sent: Tuesday, June 22, 2010 11:09 PM
>> To: Subash Comerica (subashtc)
>> Cc: radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator CoA
>>
>>
>> Hello Subash -
>>
>> You can use the radpwtst utulity included with Radiator to generate
>> any RADIUS request, including Disconnect-Request and
> Change-Filter-Request.
>>
>> Something like this (using whatever attributes are required by your
>> NAS
>> equipment):
>>
>>
>> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
>> Change-Filter-Request User-Name=whatever .
>>
>>
>> Note that your NAS equipment must support and be configured for such
>> operation.
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>>
>>
>> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>>
>>> Hi All,
>>> I am trying to send a CoA message using Radiator. I tried
>> searching but couldn't find any documentation on how to do it.
>>> Can somebody please point me to any documentation?
>>> Does Radiator CoA support Message Authenticator as well?
>>>
>>> Thanks & Regards,
>>> . . . . Subash
>>> Changing the Way We Live, Work, Play and Learn
>>> ___
>>> radiator mailing list
>>> radiator@open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
>> translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have
Re: [RADIATOR] Radiator CoA
Hi Soren, Thanks for the details. I am aware of corresponding attributes to be sent in CoA Ack/Nak as per NAS's requirements. My question is mainly due to the fact that Message Authenticator is computed over the complete packet and is Radiator able to compute MA if the input attribute passed on as zero(Like freeradius radclient does) Thanks & Regards, . . . . Subash Changing the Way We Live, Work, Play and Learn -Original Message- From: soeren.schroe...@gmail.com [mailto:soeren.schroe...@gmail.com] On Behalf Of Søren Schrøder Sent: Wednesday, June 23, 2010 12:54 AM To: Subash Comerica (subashtc) Cc: Hugh Irvine; radiator@open.com.au Subject: Re: [RADIATOR] Radiator CoA Hi. I'm using Radiator to do CoA DM Against NAS-boxes from Juniper (BRAS), Errisson (SASN) and Starent (GGSN) They all differ a bit on what AVP's they need for the CoA DM message. For example, the Starent GGSN needs the following AVP's: Acct-Session-Id Event-Timestamp These are available from the Accounting messages (Start/Alive). So I collect the accounting, and stores them in MySQL (using my own AuthBy module, based on AuthTEST). I also store the NAS-IP-Address, so I know which NAS-box is responsible for the actual PPP session. CoA DM can be sent using radpwtest: perl radpwtst -code Disconnect-Request -s $NASIP \ -noauth -noacct -nostart -nostop -auth_port 3799 -acct_port 3799 \ -secret $SECRET -dictionary PATH_TO_DICTIONARY \ Acct-Session-Id=$SESSID Event-Timestamp=$TIMESTAMP sample output: Tue Jun 22 21:17:30 2010: DEBUG: Reading dictionary file '//dictionary' Tue Jun 22 21:17:30 2010: DEBUG: Reading dictionary file '//STARENT.SN.DICT' sending Disconnect-Request... Tue Jun 22 21:17:30 2010: DEBUG: Packet dump: *** Sending to foo.foo.foo.foo port 3799 Packet length = 44 Code: Disconnect-Request Identifier: 195 Authentic: (<31><1blablabba99><174>Yy<161>$<165>z<1>QC Attributes: Acct-Session-Id = "D45848C410B61CA7" Event-Timestamp = 1277234191 OK Hope this guides you a bit into the mystery of CoA DM. -- Søren Schrøder. Obey Gravity - It's the law ! ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator CoA
Hello Subash -
As mentioned in my previous email:
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever Message-Authenticator=x .
where "….." are whatever attributes your NAS equipment expects in this type of
request.
regards
Hugh
On 22 Jun 2010, at 14:38, Subash Comerica (subashtc) wrote:
> Hi Hugh,
>Sure I will get back with some logs for others reference/FAQ.
>How do I make radpwtst utility send the MA attribute?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:52 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> The Message-Authenticator attribute is supported.
>
> If you find any problems let me know and I will get them fixed.
>
> And please let me know the results of your tests - I can add a FAQ item
> with your findings.
>
> regards
>
> Hugh
>
>
> On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
>
>> Hi Hugh,
>> Thanks. Any idea about the MA attribute? I will give this a shot.
>> How do I raise a bug on RADIATOR?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>>
>> -Original Message-
>> From: Hugh Irvine [mailto:h...@open.com.au]
>> Sent: Tuesday, June 22, 2010 11:09 PM
>> To: Subash Comerica (subashtc)
>> Cc: radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator CoA
>>
>>
>> Hello Subash -
>>
>> You can use the radpwtst utulity included with Radiator to generate
>> any RADIUS request, including Disconnect-Request and
> Change-Filter-Request.
>>
>> Something like this (using whatever attributes are required by your
>> NAS
>> equipment):
>>
>>
>> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
>> Change-Filter-Request User-Name=whatever .
>>
>>
>> Note that your NAS equipment must support and be configured for such
>> operation.
>>
>> hope that helps
>>
>> regards
>>
>> Hugh
>>
>>
>>
>>
>> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>>
>>> Hi All,
>>> I am trying to send a CoA message using Radiator. I tried
>> searching but couldn't find any documentation on how to do it.
>>> Can somebody please point me to any documentation?
>>> Does Radiator CoA support Message Authenticator as well?
>>>
>>> Thanks & Regards,
>>> . . . . Subash
>>> Changing the Way We Live, Work, Play and Learn
>>> ___
>>> radiator mailing list
>>> radiator@open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
>> translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardwar
Re: [RADIATOR] Radiator CoA
Hi. I'm using Radiator to do CoA DM Against NAS-boxes from Juniper (BRAS), Errisson (SASN) and Starent (GGSN) They all differ a bit on what AVP's they need for the CoA DM message. For example, the Starent GGSN needs the following AVP's: Acct-Session-Id Event-Timestamp These are available from the Accounting messages (Start/Alive). So I collect the accounting, and stores them in MySQL (using my own AuthBy module, based on AuthTEST). I also store the NAS-IP-Address, so I know which NAS-box is responsible for the actual PPP session. CoA DM can be sent using radpwtest: perl radpwtst -code Disconnect-Request -s $NASIP \ -noauth -noacct -nostart -nostop -auth_port 3799 -acct_port 3799 \ -secret $SECRET -dictionary PATH_TO_DICTIONARY \ Acct-Session-Id=$SESSID Event-Timestamp=$TIMESTAMP sample output: Tue Jun 22 21:17:30 2010: DEBUG: Reading dictionary file '//dictionary' Tue Jun 22 21:17:30 2010: DEBUG: Reading dictionary file '//STARENT.SN.DICT' sending Disconnect-Request... Tue Jun 22 21:17:30 2010: DEBUG: Packet dump: *** Sending to foo.foo.foo.foo port 3799 Packet length = 44 Code: Disconnect-Request Identifier: 195 Authentic: (<31><1blablabba99><174>Yy<161>$<165>z<1>QC Attributes: Acct-Session-Id = "D45848C410B61CA7" Event-Timestamp = 1277234191 OK Hope this guides you a bit into the mystery of CoA DM. -- Søren Schrøder. Obey Gravity - It's the law ! ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL result: IGNORE, User database access error
Hello Adam -
The error message you show below indicates your database is not running (or is
unreachable for some reason).
regards
Hugh
On 22 Jun 2010, at 15:03, Adam Gerson wrote:
> Well, nothing has changed in my config file and my database is still up
> and working. I have not used Radiator for a week or two. I started it
> today to test it and now it cannot contact the database. I got an email
> saying my trail had experienced, but at startup Radiator reports its
> good until 2011 or 1000 connections.
>
>
>
>
>
> Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file
> '/etc/radiator/radius.cfg'
> This Radiator license will expire on 2011-02-01
> This Radiator license will stop operating after 1000 requests
> To purchase an unlimited full source version of Radiator, see
> http://www.open.com.au/ordering.html
> To extend your license period, contact ad...@open.com.au
>
> Tue Jun 22 14:59:47 2010: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Tue Jun 22 14:59:47 2010: DEBUG: Creating authentication port 0.0.0.0:1645
> Tue Jun 22 14:59:47 2010: DEBUG: Creating accounting port 0.0.0.0:1646
> Tue Jun 22 14:59:47 2010: NOTICE: Server started: Radiator 4.6 on
> sidekick.cgps.org (LOCKED)
> Tue Jun 22 14:59:54 2010: DEBUG: Packet dump:
> *** Received from 192.168.1.92 port 52380
> Code: Access-Request
> Identifier: 144
> Authentic: -e<204><0><155>W<174><163>g<227><181><149><134>sP<148>
> Attributes:
> User-Name = "adam"
> User-Password = <175><244>t<214>bP0<25>+6c?<237><196><137>K
> NAS-IP-Address = 192.168.1.92
> Service-Type = Login-User
> Framed-IP-Address = 10.93.3.23
> Called-Station-Id = "00:19:92:02:B4:3A"
> Calling-Station-Id = ""
> NAS-Identifier = "Bluesocket"
> Acct-Session-Id = "00:19:92:02:B4:3A:1277233194"
> NAS-Port-Type = Wireless-IEEE-802-11
>
> Tue Jun 22 14:59:54 2010: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Tue Jun 22 14:59:54 2010: DEBUG: Deleting session for adam, 192.168.1.92,
> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL:
> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL:
> Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with
> DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***:
> Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database.
> Request is ignored. Backing off for 600 seconds
> Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User
> database access error
> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL:
> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL:
> Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with
> DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***:
> Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database.
> Request is ignored. Backing off for 600 seconds
> Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User
> database access error
> ^C
>
> --
> Adam Gerson
> Assistant Director of Technology
> Columbia Grammar and Prep School
> phone. 212-749-6200 ex. 321
> fax. 212-428-6806
> ager...@cgps.org
> http://www.cgps.org
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] AuthBy SQL result: IGNORE, User database access error
Well, nothing has changed in my config file and my database is still up and working. I have not used Radiator for a week or two. I started it today to test it and now it cannot contact the database. I got an email saying my trail had experienced, but at startup Radiator reports its good until 2011 or 1000 connections. Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg' This Radiator license will expire on 2011-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your license period, contact ad...@open.com.au Tue Jun 22 14:59:47 2010: DEBUG: Reading dictionary file '/etc/radiator/dictionary' Tue Jun 22 14:59:47 2010: DEBUG: Creating authentication port 0.0.0.0:1645 Tue Jun 22 14:59:47 2010: DEBUG: Creating accounting port 0.0.0.0:1646 Tue Jun 22 14:59:47 2010: NOTICE: Server started: Radiator 4.6 on sidekick.cgps.org (LOCKED) Tue Jun 22 14:59:54 2010: DEBUG: Packet dump: *** Received from 192.168.1.92 port 52380 Code: Access-Request Identifier: 144 Authentic: -e<204><0><155>W<174><163>g<227><181><149><134>sP<148> Attributes: User-Name = "adam" User-Password = <175><244>t<214>bP0<25>+6c?<237><196><137>K NAS-IP-Address = 192.168.1.92 Service-Type = Login-User Framed-IP-Address = 10.93.3.23 Called-Station-Id = "00:19:92:02:B4:3A" Calling-Station-Id = "" NAS-Identifier = "Bluesocket" Acct-Session-Id = "00:19:92:02:B4:3A:1277233194" NAS-Port-Type = Wireless-IEEE-802-11 Tue Jun 22 14:59:54 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Jun 22 14:59:54 2010: DEBUG: Deleting session for adam, 192.168.1.92, Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User database access error Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User database access error ^C -- Adam Gerson Assistant Director of Technology Columbia Grammar and Prep School phone. 212-749-6200 ex. 321 fax. 212-428-6806 ager...@cgps.org http://www.cgps.org ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator CoA
Hi Hugh,
Sure I will get back with some logs for others reference/FAQ.
How do I make radpwtst utility send the MA attribute?
Thanks & Regards,
. . . . Subash
Changing the Way We Live, Work, Play and Learn
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Tuesday, June 22, 2010 11:52 PM
To: Subash Comerica (subashtc)
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator CoA
Hello Subash -
The Message-Authenticator attribute is supported.
If you find any problems let me know and I will get them fixed.
And please let me know the results of your tests - I can add a FAQ item
with your findings.
regards
Hugh
On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
> Hi Hugh,
>Thanks. Any idea about the MA attribute? I will give this a shot.
>How do I raise a bug on RADIATOR?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:09 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> You can use the radpwtst utulity included with Radiator to generate
> any RADIUS request, including Disconnect-Request and
Change-Filter-Request.
>
> Something like this (using whatever attributes are required by your
> NAS
> equipment):
>
>
> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
> Change-Filter-Request User-Name=whatever .
>
>
> Note that your NAS equipment must support and be configured for such
> operation.
>
> hope that helps
>
> regards
>
> Hugh
>
>
>
>
> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>
>> Hi All,
>>I am trying to send a CoA message using Radiator. I tried
> searching but couldn't find any documentation on how to do it.
>>Can somebody please point me to any documentation?
>>Does Radiator CoA support Message Authenticator as well?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER
translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator CoA
Hello Subash -
The Message-Authenticator attribute is supported.
If you find any problems let me know and I will get them fixed.
And please let me know the results of your tests - I can add a FAQ item with
your findings.
regards
Hugh
On 22 Jun 2010, at 13:57, Subash Comerica (subashtc) wrote:
> Hi Hugh,
>Thanks. Any idea about the MA attribute? I will give this a shot.
>How do I raise a bug on RADIATOR?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
>
> -Original Message-
> From: Hugh Irvine [mailto:h...@open.com.au]
> Sent: Tuesday, June 22, 2010 11:09 PM
> To: Subash Comerica (subashtc)
> Cc: radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator CoA
>
>
> Hello Subash -
>
> You can use the radpwtst utulity included with Radiator to generate any
> RADIUS request, including Disconnect-Request and Change-Filter-Request.
>
> Something like this (using whatever attributes are required by your NAS
> equipment):
>
>
> perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
> Change-Filter-Request User-Name=whatever .
>
>
> Note that your NAS equipment must support and be configured for such
> operation.
>
> hope that helps
>
> regards
>
> Hugh
>
>
>
>
> On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
>
>> Hi All,
>>I am trying to send a CoA message using Radiator. I tried
> searching but couldn't find any documentation on how to do it.
>>Can somebody please point me to any documentation?
>>Does Radiator CoA support Message Authenticator as well?
>>
>> Thanks & Regards,
>> . . . . Subash
>> Changing the Way We Live, Work, Play and Learn
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec), and DIAMETER
> translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator CoA
Hi Hugh,
Thanks. Any idea about the MA attribute? I will give this a shot.
How do I raise a bug on RADIATOR?
Thanks & Regards,
. . . . Subash
Changing the Way We Live, Work, Play and Learn
-Original Message-
From: Hugh Irvine [mailto:h...@open.com.au]
Sent: Tuesday, June 22, 2010 11:09 PM
To: Subash Comerica (subashtc)
Cc: radiator@open.com.au
Subject: Re: [RADIATOR] Radiator CoA
Hello Subash -
You can use the radpwtst utulity included with Radiator to generate any
RADIUS request, including Disconnect-Request and Change-Filter-Request.
Something like this (using whatever attributes are required by your NAS
equipment):
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever .
Note that your NAS equipment must support and be configured for such
operation.
hope that helps
regards
Hugh
On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
> Hi All,
> I am trying to send a CoA message using Radiator. I tried
searching but couldn't find any documentation on how to do it.
> Can somebody please point me to any documentation?
> Does Radiator CoA support Message Authenticator as well?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec), and DIAMETER
translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator CoA
Hello Subash -
You can use the radpwtst utulity included with Radiator to generate any RADIUS
request, including Disconnect-Request and Change-Filter-Request.
Something like this (using whatever attributes are required by your NAS
equipment):
perl radpwtst -noauth -noacct -s n.n.n.n -secret blah -code
Change-Filter-Request User-Name=whatever …..
Note that your NAS equipment must support and be configured for such operation.
hope that helps
regards
Hugh
On 22 Jun 2010, at 12:56, Subash Comerica (subashtc) wrote:
> Hi All,
> I am trying to send a CoA message using Radiator. I tried searching but
> couldn't find any documentation on how to do it.
> Can somebody please point me to any documentation?
> Does Radiator CoA support Message Authenticator as well?
>
> Thanks & Regards,
> . . . . Subash
> Changing the Way We Live, Work, Play and Learn
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator CoA
Hi All, I am trying to send a CoA message using Radiator. I tried searching but couldn't find any documentation on how to do it. Can somebody please point me to any documentation? Does Radiator CoA support Message Authenticator as well? Thanks & Regards, . . . . Subash Changing the Way We Live, Work, Play and Learn ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Mac Startup
Hello Adam -
I always suggest using the fully qualified pathnames so you know what is going
on.
Ie:
/usr/bin/perl -I ….. …../radiusd -config_file /etc/radiator/radius.cfg
where "….." is the path to your Radiator source directory.
On my machine here I would do something like this:
/usr/bin/perl -I /Local/src/Radiator/Radiator-4.6
/Local/src/Radiator/Radiator-4.6./radiusd -config_file /etc/radiator/radius.cfg
hope that helps
regards
Hugh
On 22 Jun 2010, at 11:12, Adam Gerson wrote:
> I am following the instructions in INSTALL.MacOSX. That startup item
> uses /usr/bin/radiusd which I believe conflicts with the default
> installation of FreeRadius on Mac Server 10.4.6.
>
>
> sidekick:~ sadmin$ /Library/StartupItems/Radiator/Radiator start
> Starting Radiator RADIUS server
> /Library/StartupItems/Radiator/Radiator: line 15: /usr/bin/radiusd: No
> such file or directory
>
> To get arround this during testing you had me start the process manually
> with:
>
> sudo perl radiusd -foreground -log_stdout -trace 4 -config_file
> /etc/radiator/radius.cfg
>
> How should I modify StartService to give it the right command to start
> in my environment?
>
>
> StartService ()
> {
> if [ "${RADIUS:=-NO-}" = "-YES-" ]; then
> if ! pid=$(GetPID radiusd); then
> ConsoleMessage "Starting Radiator RADIUS server"
> /usr/bin/radiusd -config_file /etc/radiator/radius.cfg \
> -pid_file /var/run/radiusd.pid
> fi
> fi
> }
>
>
> --
> Adam Gerson
> Assistant Director of Technology
> Columbia Grammar and Prep School
> phone. 212-749-6200 ex. 321
> fax. 212-428-6806
> ager...@cgps.org
> http://www.cgps.org
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Mac Startup
I am following the instructions in INSTALL.MacOSX. That startup item
uses /usr/bin/radiusd which I believe conflicts with the default
installation of FreeRadius on Mac Server 10.4.6.
sidekick:~ sadmin$ /Library/StartupItems/Radiator/Radiator start
Starting Radiator RADIUS server
/Library/StartupItems/Radiator/Radiator: line 15: /usr/bin/radiusd: No
such file or directory
To get arround this during testing you had me start the process manually
with:
sudo perl radiusd -foreground -log_stdout -trace 4 -config_file
/etc/radiator/radius.cfg
How should I modify StartService to give it the right command to start
in my environment?
StartService ()
{
if [ "${RADIUS:=-NO-}" = "-YES-" ]; then
if ! pid=$(GetPID radiusd); then
ConsoleMessage "Starting Radiator RADIUS server"
/usr/bin/radiusd -config_file /etc/radiator/radius.cfg \
-pid_file /var/run/radiusd.pid
fi
fi
}
--
Adam Gerson
Assistant Director of Technology
Columbia Grammar and Prep School
phone. 212-749-6200 ex. 321
fax. 212-428-6806
ager...@cgps.org
http://www.cgps.org
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
