Re: [RADIATOR] Multiple AuthBy Radius hosts

2012-08-26 Thread eliran shlomo 
Changing the FailureBackoffTime to 0 and adding the
IgnoreAccountingResponse  solved the problem
thanks for the help.


2012/8/26 Heikki Vatiainen 

> The configuration looks fine. It should send the request to two
> destinations: ProxyAccounting and ProxyAccounting71.
>
> You could do the following: Change FailureBackoffTime to 0 to make sure
> the request is always forwarded even if the next hop host is down. Also,
> add IgnoreAccountingResponse to both AuthBys since you have
> AccountingHandled in Handler.
>
> If this does not solve the problem, please describe your requirements in
> more detail.
>
> Thanks,
> Heikki
>
> --
> Heikki Vatiainen 
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
>
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Radiator high Availability

2012-08-26 Thread sergio 
I use Radiator 4.10 and I need to place a second radiator and I use FreeBSD, 
but I need a solution to the sessions (SessionDatabase SQL) is well 
synchronized since I use mysql. A mysql replication via resolves or is there a 
better solution?

I also thought about using FreeBSD with CARP.

Thanks


GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at 
http://www.inbox.com/smileys
Works with AIM®, MSN® Messenger, Yahoo!® Messenger, ICQ®, Google Talk™ and most 
webmails


___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Multiple AuthBy Radius hosts

2012-08-26 Thread Heikki Vatiainen 
The configuration looks fine. It should send the request to two
destinations: ProxyAccounting and ProxyAccounting71.

You could do the following: Change FailureBackoffTime to 0 to make sure
the request is always forwarded even if the next hop host is down. Also,
add IgnoreAccountingResponse to both AuthBys since you have
AccountingHandled in Handler.

If this does not solve the problem, please describe your requirements in
more detail.

Thanks,
Heikki

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Multiple AuthBy Radius hosts

2012-08-26 Thread eliran shlomo 

Identifier ProxyAccounting
Host *
NoForwardAuthentication
AcctPort 1813
FailureBackoffTime 180
Retries 1
RetryTimeout 3
Secret ***



Identifier ProxyAccounting71
Host ***
NoForwardAuthentication
AcctPort 1813
FailureBackoffTime 180
Retries 1
RetryTimeout 3
Secret ***



include %{GlobalVar:CONFIGROOT}/include/RewriteUsername.inc
PreAuthHook file:"%{GlobalVar:CONFIGROOT}/include/proxyhook.pl"
AuthByPolicy ContinueAlways
AuthBy ProxyAccounting
AuthBy ProxyAccounting71
AccountingHandled
SessionDatabase SDB1
AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
AcctLogFileFormat  \
%{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\

%{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
%{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
%{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
%{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\

%{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
%{Acct-Input-Gigawords},%{Acct-Output-Gigawords},\
%{RB-QoS-Metering-Profile-Name},%{Acct-Terminate-Cause},\
%{Acct-Session-Time},%{Event-Timestamp},\
%{Acct-Authentic},%{Acct-Delay-Time},\
%{Acct-Input-Packets},%{Acct-Output-Packets},\
%{Framed-Protocol},%{Service-Type}


AccountingHandled
SessionDatabase SDB_NULL



include %{GlobalVar:CONFIGROOT}/include/RewriteUsername*.inc
PostProcessingHook file:"%{GlobalVar:CONFIGROOT}/include/
write-start-file.pl"
PreAuthHook file:"%{GlobalVar:CONFIGROOT}/include/proxyhook.pl"
AuthByPolicy ContinueAlways
AuthBy ProxyAccounting
AuthBy ProxyAccounting71
SessionDatabase SDB1
AccountingHandled
AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
AcctLogFileFormat  \
%{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\

%{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
%{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
%{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
%{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\

%{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
%{Acct-Input-Gigawords},%{Acct-Output-Gigawords},\
%{RB-QoS-Metering-Profile-Name},%{Acct-Terminate-Cause},\
%{Acct-Session-Time},%{Event-Timestamp},\
%{Acct-Authentic},%{Acct-Delay-Time},\
%{Acct-Input-Packets},%{Acct-Output-Packets},\
%{Framed-Protocol},%{Service-Type}



include %{GlobalVar:CONFIGROOT}/include/RewriteUsername*.inc
PreAuthHook file:"%{GlobalVar:CONFIGROOT}/include/proxyhook.pl"
AuthByPolicy ContinueAlways
AuthBy ProxyAccounting
AuthBy ProxyAccounting71
SessionDatabase NULL
AccountingHandled
AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
AcctLogFileFormat  \
%{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\

%{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
%{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
%{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
%{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\

%{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
%{Acct-Input-Gigawords},%{Acct-Output-Gigawords},\
%{RB-QoS-Metering-Profile-Name},%{Acct-Terminate-Cause},\
%{Acct-Session-Time},%{Event-Timestamp},\
%{Acct-Authentic},%{Acct-Delay-Time},\
%{Acct-Input-Packets},%{Acct-Output-Packets},\
%{Framed-Protocol},%{Service-Type}



include %{GlobalVar:CONFIGROOT}/include/RewriteUsername.inc
PostProcessingHook file:"%{GlobalVar:CONFIGROOT}/include/
write-start-file.pl"
PreAuthHook file:"%{GlobalVar:CONFIGROOT}/include/proxyhook.pl"
AuthByPolicy ContinueAlways
AuthBy ProxyAccounting
AuthBy ProxyAccounting71
SessionDatabase SDB1
AccountingHandled
AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
AcctLogFileFormat  \
%{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\

%{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
%{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
%{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
%{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\

%{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
%{Acct-I

Re: [RADIATOR] Multiple AuthBy Radius hosts

2012-08-26 Thread Heikki Vatiainen 
On 08/26/2012 09:59 AM, eliran shlomo wrote:

> Hi, i tried it and it send the first packet to both of the AuthBy server
> and then it sends it to the authby1 only.

Can you reply with your current configuration. You need one AuthBy
clause for each server you want to forward the request to. Within
AuthBy, the hosts are for failure recovery only and you can not force
forwarding to multiple hosts within one AuthBy.

Thanks,
Heikki


> I need that the packet will send to the both server with no condition
> that the first one is down or not responding...
>
> B.w
> thanks for the help, really appreciate the time you spend to help :)
> 
> 2012/8/23 Heikki Vatiainen mailto:h...@open.com.au>>
> 
> On 08/23/2012 04:54 PM, eliran shlomo wrote:
> 
> > Is there another way to do it?
> > because we got 6 different Handlers,and i wish to save lines
> inside the
> > configuration file...
> 
> Yes, here is an alternative:
> 
> 
>   Identifier authby1
>   Secret mysecret2
>   Host 127.0.0.1
>   AuthPort 1812
>   AcctPort 1813
> 
> 
>   Identifier authby2
>   Secret mysecret2
>   Host 127.0.0.2
>   AuthPort 1812
>   AcctPort 1813
> 
> 
> 
> AuthBy authby1
> AuthBy authby2
> 
> 
> 
> AuthBy authby1
> AuthBy authby2
> 
> 
> Thanks,
> Ḧeikki
> 
> 
> --
> Heikki Vatiainen mailto:h...@open.com.au>>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> ___
> radiator mailing list
> radiator@open.com.au 
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Random AuthBy LDAP2 "Undefined subroutine &main::" connect failures

2012-08-26 Thread Heikki Vatiainen 
On 08/25/2012 02:34 AM, Kevin Schmidt wrote:

> I've been using Radiator in support of a variety of services for years, 
> but I just ran into a really strange bug.  If someone has an idea of 
> what's happening, or a particularly good debugging technique to find the 
> root cause, I'm all ears.

There was one similar case recently. The problem occurred when radiusd
was sent HUP after configuration change.

> Briefly stated, at some apparently-random point the radius server 
> attempts to reconnect to the back-end ldap server, but the connection 
> fails with "Undefined subroutine &main:: called at 
> /usr/share/perl5/IO/Socket/SSL.pm line 391."

Yes, this was the same line where the problem occurred previously. We
got the same backtrace.

This line in IO::Socket::SSL 1.53 as shipped with Ubuntu 12.04 tries to
call Net::SSLeay::connect() but fails. During debugging IO::Socket::SSL
was updated to the latest version, but the problem persisted. I think
the solution was to use restart instead of HUP after reconfiguration.

The problem was seen on RedHat 6.2 with locally compiled Perl 5.14.2.
When I tried to reproduce the problem I could not do it successfully. I
also tried Ubuntu 12.04 but that did not help.

Do you see the problem when radiusd is HUPed or does it happen when
there's a need to reconnect to LDAP server for some other reason?

Also, one idea we discussed here is to try upgrading Net::SSLeay. Can
you try compiling Net::SSLeay locally and try the latest version?

It does not look like a Radiator problem and with IO::Socket:SSL the
problem was seen always when Net::SSLeay::connect() was called. It would
be a good idea to see if upgrading Net::SSLeay helps.

Thanks,
Heikki

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator