Re: [RADIATOR] Radiator does not allow LEFT OUTER JOIN in SQL statement? -> Solved -> config typo

2015-01-22 Thread karel.vandervelden
Sorry,

Just a typo in the radius config file... Sorry to cause this trouble

Met vriendelijke groeten/With kind regards,
   Karel van der Velden

[KPN-logo]
Ananke
Goddess of necessity, inevitability and compulsion
Godin van de noodzakelijkheid, onvermijdelijkheid en dwangmatigheid
NETCO FO N&SD Service Development
Reitemakersrijge 13
9711 HT Groningen
Vast: 050 - 5881003
Fax: 050 - 3186347

This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise private information. If you have received it in 
error, please notify the sender immediately and delete the original. Any other 
use of the email by you is prohibited

Van: Velden, Karel van der
Verzonden: vrijdag 23 januari 2015 8:05
Aan: 'radiator@open.com.au'
Onderwerp: Radiator does not allow LEFT OUTER JOIN in SQL statement?

Hello,

Today I tried to do an AuthSelect statement including a 'LEFT OUTER JOIN' but 
it failed with the error message:
ERR: Unknown keyword 'LEFT' in 

The sql statement works perfectly in a db environment. Why doesn't radiator 
accept it?

With kind regards,
   Karel van der Velden

NETCO FO N&SD Service Development

This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise private information. If you have received it in 
error, please notify the sender immediately and delete the original. Any other 
use of the email by you is prohibited

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

[RADIATOR] Radiator does not allow LEFT OUTER JOIN in SQL statement?

2015-01-22 Thread karel.vandervelden
Hello,

Today I tried to do an AuthSelect statement including a 'LEFT OUTER JOIN' but 
it failed with the error message:
ERR: Unknown keyword 'LEFT' in 

The sql statement works perfectly in a db environment. Why doesn't radiator 
accept it?

With kind regards,
   Karel van der Velden

NETCO FO N&SD Service Development

This message is for the designated recipient only and may contain privileged, 
proprietary, or otherwise private information. If you have received it in 
error, please notify the sender immediately and delete the original. Any other 
use of the email by you is prohibited

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator+Mikrotik

2015-01-22 Thread Nathan Anderson
Well! I stand corrected.

-- Nathan

Hugh Irvine  wrote:


Hello Sergio -

Yes - have a look at the current packages in the “Radius/Nas/…” directory of 
the Radiator-4.14 distribution.

regards

Hugh


> On 23 Jan 2015, at 13:41, sergio  wrote:
>
> hello
>
> It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
>
>
>> -Original Message-
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>>
>> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>>
>>> Hello all,
>>>
>>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>>> the hook script will send Disconnect-Request to Mikrotik once the
>>> session
>>> exceeds the quota, here is how i send Disconnect-Request:
>>
>> [snip]
>>
>>> This works fine but the problem is that user can't re-authenticate again
>>> because it reaches Maxsessions although I have this in my config file:
>>
>> [snip]
>>
>>> The user would successfully authenticate again when I manually remove
>>> the
>>> session from RADONLINE by executing the DeleteQuery.
>>
>> It has been a while since I have had to look at/think about this, but as
>> I recall, this is how it works:
>>
>> DeleteQuery doesn't get executed unless the Radiator server receives
>> Accounting-Stop from the MikroTik.
>>
>> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
>> by MikroTik RouterOS; I can't remember and I will have to simulate this
>> later and run a packet capture to see what happens.  (Maybe if you are
>> running an older version of RouterOS, try upgrading?  It could be a bug
>> that got fixed later, and they have definitely had their share of RADIUS
>> client bugs in the past.)
>>
>> In any case, you can work around a problem where Radiator does not
>> receive Accounting-Stop by having Radiator verify that any active
>> sessions for the user that are recorded in the RADONLINE table are valid
>> at the moment that the user tries to authenticate again.  Radiator does
>> this by executing an SNMP query to the NAS that is on record for each
>> session to see if the Session-ID for that row in the table is still
>> valid.  If the NAS does not return anything for the OID, then Radiator
>> assumes the session is dead and purges that entry from RADONLINE,
>> reducing MaxSessions count by 1.
>>
>> To enable this functionality, you need to make sure that SNMP is enabled
>> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
>> is installed and configured on the Radiator server, and you need to add
>> these options to your Client clause in your Radiator config file:
>>
>> 
>>[...]
>># MikroTik supports this MIB
>>NasType CiscoSessionMIB
>>SNMPCommunity public
>> 
>>
>> Replace 'public' with the SNMP community string that you have configured
>> on the MikroTik.
>>
>> We also made a slight change to the Radiator code, because by default, if
>> Radiator does not get a response back from its SNMP "get" to the
>> MikroTik, it gives the benefit of the doubt to RADONLINE.  We have found
>> that more often than not, it is better to give the benefit of the doubt
>> to the user.  That way, a user is not unfairly punished by problems with
>> our NAS or problems on our network that might make it impossible for
>> Radiator to communicate with our NAS.  Here is the patch to make that
>> change in behavior:
>>
>> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
>> Radius-patched/Nas/CiscoSessionMIB.pm
>> --- Radius/Nas/CiscoSessionMIB.pm2009-10-26 15:23:55.0 -0700
>> +++ Radius-patched/Nas/CiscoSessionMIB.pm2014-12-08 05:20:02.0
>> -0800
>> @@ -39,7 +39,7 @@
>>   $client->{SNMPCommunity},
>>   "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>>
>> -return 1 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Assume still there
>> +return 0 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Give benefit of doubt to user.
>> return 0 if $result =~ /no such variable/i;  # Not in the MIB means
>> no such session
>> return uc($1) eq uc($name)
>>  if ($result =~ /^.*\"([^"]+)".*$/);
>>
>> Hope this helps,
>>
>> --
>> Nathan Anderson
>> First Step Internet, LLC
>> nath...@fsr.com
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
> 
> Can't remember your password? Do you need a strong and secure password?
> Use Password manager! It stores your passwords & protects your account.
> Check it out at http://mysecurelogon.com/password-manager
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, f

Re: [RADIATOR] Simple update of Radiator

2015-01-22 Thread Hugh Irvine

Hi again -

Of course you must make sure you have backups of your configuration files and 
so on before changing anything.

I personally prefer to keep all of my Radiator source distributions in 
individual directories so I can easily change between them.

This also makes it very simple to go back to the previous version if there is a 
problem with the newer version.

You should also test fully on a test machine before running new versions in 
production.

regards

Hugh


> On 23 Jan 2015, at 14:55, Hugh Irvine  wrote:
> 
> 
> Hello Bernhard -
> 
> You just need to install the new version Radiator-4.14 over the top of your 
> existing installation.
> 
> regards
> 
> Hugh
> 
> 
>> On 23 Jan 2015, at 01:14, it.netzwerk_firew...@bawagpsk.com wrote:
>> 
>> Hi everyone, 
>> sorry for the basic question, but i can't  find a manual for grading up an 
>> existing installation for Radiator (just the normal installation). 
>> Can you tell me the easiest way to do that, please. My actual installation 
>> is an 4.12.1 on Windows in directory e:\Radiator with Perl 5.16.3 
>> 
>> Locally applied patches: 
>>   ActivePerl Build 1603 [296746] 
>> Built under MSWin32 
>> Compiled at Mar 13 2013 11:29:21 
>> @INC: 
>>   E:/software32p/perl/site/lib 
>>   E:/software32p/perl/lib 
>>   . 
>> Regards, 
>> Bernhard
>> 
>> 
>> 
>> 
>> 
>> Diese Information und eventuelle Anhaenge sind vertraulich 
>> und ausschliesslich zur Kenntnisnahme durch den oder die 
>> genannten Adressaten bestimmt. Sollten Sie nicht der 
>> vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich 
>> zu informieren und die Nachricht zu loeschen. Der Inhalt der 
>> fehlgeleiteten Nachricht darf weder aufgezeichnet noch 
>> Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet 
>> werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher 
>> Sorgfalt unsererseits aufgrund der technischen Gegebenheiten 
>> im Internet keine Verantwortung fuer die Existenz von Viren 
>> uebernommen werden kann.
>> 
>> This message and any attachments are confidential and are 
>> only intended for the recipient(s) to which they have been 
>> addressed. If you have received this message in error, please 
>> notify the sender immediately and delete the message from 
>> your system. The contents of this misdirected mail may not be 
>> saved, recorded or used for any purpose whatsoever or made 
>> available to unauthorised persons. This message has been 
>> prepared and sent with the greatest possible care, including 
>> scanning for viruses. In spite of this, we assume no liability 
>> whatsoever for the existence of any viruses.
>> 
>> Firma: BAWAG P.S.K. Bank fuer Arbeit und Wirtschaft und Oesterreichische 
>> Postsparkasse Aktiengesellschaft
>> Rechtsform: Aktiengesellschaft
>> Sitz: politische Gemeinde Wien
>> Firmenbuchnummer: 205340x
>> Firmenbuchgericht: Handelsgericht Wien
>> DVR-Nummer: 1075217
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> --
> 
> Hugh Irvine
> h...@open.com.au
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER, SIM, etc. 
> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
> 
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Re: [RADIATOR] Simple update of Radiator

2015-01-22 Thread Hugh Irvine

Hello Bernhard -

You just need to install the new version Radiator-4.14 over the top of your 
existing installation.

regards

Hugh


> On 23 Jan 2015, at 01:14, it.netzwerk_firew...@bawagpsk.com wrote:
> 
> Hi everyone, 
> sorry for the basic question, but i can't  find a manual for grading up an 
> existing installation for Radiator (just the normal installation). 
> Can you tell me the easiest way to do that, please. My actual installation is 
> an 4.12.1 on Windows in directory e:\Radiator with Perl 5.16.3 
> 
>  Locally applied patches: 
>ActivePerl Build 1603 [296746] 
>  Built under MSWin32 
>  Compiled at Mar 13 2013 11:29:21 
>  @INC: 
>E:/software32p/perl/site/lib 
>E:/software32p/perl/lib 
>. 
> Regards, 
> Bernhard
> 
> 
> 
> 
> 
> Diese Information und eventuelle Anhaenge sind vertraulich 
> und ausschliesslich zur Kenntnisnahme durch den oder die 
> genannten Adressaten bestimmt. Sollten Sie nicht der 
> vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich 
> zu informieren und die Nachricht zu loeschen. Der Inhalt der 
> fehlgeleiteten Nachricht darf weder aufgezeichnet noch 
> Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet 
> werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher 
> Sorgfalt unsererseits aufgrund der technischen Gegebenheiten 
> im Internet keine Verantwortung fuer die Existenz von Viren 
> uebernommen werden kann.
> 
> This message and any attachments are confidential and are 
> only intended for the recipient(s) to which they have been 
> addressed. If you have received this message in error, please 
> notify the sender immediately and delete the message from 
> your system. The contents of this misdirected mail may not be 
> saved, recorded or used for any purpose whatsoever or made 
> available to unauthorised persons. This message has been 
> prepared and sent with the greatest possible care, including 
> scanning for viruses. In spite of this, we assume no liability 
> whatsoever for the existence of any viruses.
> 
> Firma: BAWAG P.S.K. Bank fuer Arbeit und Wirtschaft und Oesterreichische 
> Postsparkasse Aktiengesellschaft
> Rechtsform: Aktiengesellschaft
> Sitz: politische Gemeinde Wien
> Firmenbuchnummer: 205340x
> Firmenbuchgericht: Handelsgericht Wien
> DVR-Nummer: 1075217
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Re: [RADIATOR] Radiator+Mikrotik

2015-01-22 Thread Hugh Irvine

Hello Sergio -

Yes - have a look at the current packages in the “Radius/Nas/…” directory of 
the Radiator-4.14 distribution.

regards

Hugh


> On 23 Jan 2015, at 13:41, sergio  wrote:
> 
> hello
> 
> It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
> 
> 
>> -Original Message-
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>> 
>> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>> 
>>> Hello all,
>>> 
>>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>>> the hook script will send Disconnect-Request to Mikrotik once the
>>> session
>>> exceeds the quota, here is how i send Disconnect-Request:
>> 
>> [snip]
>> 
>>> This works fine but the problem is that user can't re-authenticate again
>>> because it reaches Maxsessions although I have this in my config file:
>> 
>> [snip]
>> 
>>> The user would successfully authenticate again when I manually remove
>>> the
>>> session from RADONLINE by executing the DeleteQuery.
>> 
>> It has been a while since I have had to look at/think about this, but as
>> I recall, this is how it works:
>> 
>> DeleteQuery doesn't get executed unless the Radiator server receives
>> Accounting-Stop from the MikroTik.
>> 
>> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
>> by MikroTik RouterOS; I can't remember and I will have to simulate this
>> later and run a packet capture to see what happens.  (Maybe if you are
>> running an older version of RouterOS, try upgrading?  It could be a bug
>> that got fixed later, and they have definitely had their share of RADIUS
>> client bugs in the past.)
>> 
>> In any case, you can work around a problem where Radiator does not
>> receive Accounting-Stop by having Radiator verify that any active
>> sessions for the user that are recorded in the RADONLINE table are valid
>> at the moment that the user tries to authenticate again.  Radiator does
>> this by executing an SNMP query to the NAS that is on record for each
>> session to see if the Session-ID for that row in the table is still
>> valid.  If the NAS does not return anything for the OID, then Radiator
>> assumes the session is dead and purges that entry from RADONLINE,
>> reducing MaxSessions count by 1.
>> 
>> To enable this functionality, you need to make sure that SNMP is enabled
>> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
>> is installed and configured on the Radiator server, and you need to add
>> these options to your Client clause in your Radiator config file:
>> 
>> 
>>[...]
>># MikroTik supports this MIB
>>NasType CiscoSessionMIB
>>SNMPCommunity public
>> 
>> 
>> Replace 'public' with the SNMP community string that you have configured
>> on the MikroTik.
>> 
>> We also made a slight change to the Radiator code, because by default, if
>> Radiator does not get a response back from its SNMP "get" to the
>> MikroTik, it gives the benefit of the doubt to RADONLINE.  We have found
>> that more often than not, it is better to give the benefit of the doubt
>> to the user.  That way, a user is not unfairly punished by problems with
>> our NAS or problems on our network that might make it impossible for
>> Radiator to communicate with our NAS.  Here is the patch to make that
>> change in behavior:
>> 
>> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
>> Radius-patched/Nas/CiscoSessionMIB.pm
>> --- Radius/Nas/CiscoSessionMIB.pm2009-10-26 15:23:55.0 -0700
>> +++ Radius-patched/Nas/CiscoSessionMIB.pm2014-12-08 05:20:02.0
>> -0800
>> @@ -39,7 +39,7 @@
>>   $client->{SNMPCommunity},
>>   "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>> 
>> -return 1 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Assume still there
>> +return 0 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Give benefit of doubt to user.
>> return 0 if $result =~ /no such variable/i;  # Not in the MIB means
>> no such session
>> return uc($1) eq uc($name)
>>  if ($result =~ /^.*\"([^"]+)".*$/);
>> 
>> Hope this helps,
>> 
>> --
>> Nathan Anderson
>> First Step Internet, LLC
>> nath...@fsr.com
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> Can't remember your password? Do you need a strong and secure password?
> Use Password manager! It stores your passwords & protects your account.
> Check it out at http://mysecurelogon.com/password-manager
> 
> 
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS 

Re: [RADIATOR] Radiator+Mikrotik

2015-01-22 Thread Nathan Anderson
I'm not sure that I see what the point of that would be. RouterOS uses the same 
MIB as Cisco does, so having to keep 2 nearly-identical modules in sync with 
each other would be silly.

To be clear, the modification I made to the CiscoSessionMIB wasn't for the sake 
of compatibility with RouterOS. It was to change Radiator's behavior in the 
event that it got no SNMP response from the NAS. This modification would be 
equally valuable to someone using a Cisco NAS who wanted the same behavior. If 
anything, it would be nice to have this as a configurable option in Radiator.

--
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com


sergio  wrote:


hello

It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm


> -Original Message-
> From: nath...@fsr.com
> Sent: Mon, 8 Dec 2014 05:30:26 -0800
> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
>
> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>
>> Hello all,
>>
>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>> the hook script will send Disconnect-Request to Mikrotik once the
>> session
>> exceeds the quota, here is how i send Disconnect-Request:
>
> [snip]
>
>> This works fine but the problem is that user can't re-authenticate again
>> because it reaches Maxsessions although I have this in my config file:
>
> [snip]
>
>> The user would successfully authenticate again when I manually remove
>> the
>> session from RADONLINE by executing the DeleteQuery.
>
> It has been a while since I have had to look at/think about this, but as
> I recall, this is how it works:
>
> DeleteQuery doesn't get executed unless the Radiator server receives
> Accounting-Stop from the MikroTik.
>
> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
> by MikroTik RouterOS; I can't remember and I will have to simulate this
> later and run a packet capture to see what happens.  (Maybe if you are
> running an older version of RouterOS, try upgrading?  It could be a bug
> that got fixed later, and they have definitely had their share of RADIUS
> client bugs in the past.)
>
> In any case, you can work around a problem where Radiator does not
> receive Accounting-Stop by having Radiator verify that any active
> sessions for the user that are recorded in the RADONLINE table are valid
> at the moment that the user tries to authenticate again.  Radiator does
> this by executing an SNMP query to the NAS that is on record for each
> session to see if the Session-ID for that row in the table is still
> valid.  If the NAS does not return anything for the OID, then Radiator
> assumes the session is dead and purges that entry from RADONLINE,
> reducing MaxSessions count by 1.
>
> To enable this functionality, you need to make sure that SNMP is enabled
> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
> is installed and configured on the Radiator server, and you need to add
> these options to your Client clause in your Radiator config file:
>
> 
> [...]
> # MikroTik supports this MIB
> NasType CiscoSessionMIB
> SNMPCommunity public
> 
>
> Replace 'public' with the SNMP community string that you have configured
> on the MikroTik.
>
> We also made a slight change to the Radiator code, because by default, if
> Radiator does not get a response back from its SNMP "get" to the
> MikroTik, it gives the benefit of the doubt to RADONLINE.  We have found
> that more often than not, it is better to give the benefit of the doubt
> to the user.  That way, a user is not unfairly punished by problems with
> our NAS or problems on our network that might make it impossible for
> Radiator to communicate with our NAS.  Here is the patch to make that
> change in behavior:
>
> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
> Radius-patched/Nas/CiscoSessionMIB.pm
> --- Radius/Nas/CiscoSessionMIB.pm 2009-10-26 15:23:55.0 -0700
> +++ Radius-patched/Nas/CiscoSessionMIB.pm 2014-12-08 05:20:02.0
> -0800
> @@ -39,7 +39,7 @@
>$client->{SNMPCommunity},
>"$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>
> -return 1 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Assume still there
> +return 0 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Give benefit of doubt to user.
>  return 0 if $result =~ /no such variable/i;  # Not in the MIB means
> no such session
>  return uc($1) eq uc($name)
>   if ($result =~ /^.*\"([^"]+)".*$/);
>
> Hope this helps,
>
> --
> Nathan Anderson
> First Step Internet, LLC
> nath...@fsr.com
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your pass

Re: [RADIATOR] Radiator+Mikrotik

2015-01-22 Thread sergio
hello

It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm


> -Original Message-
> From: nath...@fsr.com
> Sent: Mon, 8 Dec 2014 05:30:26 -0800
> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
> 
> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
> 
>> Hello all,
>> 
>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>> the hook script will send Disconnect-Request to Mikrotik once the
>> session
>> exceeds the quota, here is how i send Disconnect-Request:
> 
> [snip]
> 
>> This works fine but the problem is that user can't re-authenticate again
>> because it reaches Maxsessions although I have this in my config file:
> 
> [snip]
> 
>> The user would successfully authenticate again when I manually remove
>> the
>> session from RADONLINE by executing the DeleteQuery.
> 
> It has been a while since I have had to look at/think about this, but as
> I recall, this is how it works:
> 
> DeleteQuery doesn't get executed unless the Radiator server receives
> Accounting-Stop from the MikroTik.
> 
> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
> by MikroTik RouterOS; I can't remember and I will have to simulate this
> later and run a packet capture to see what happens.  (Maybe if you are
> running an older version of RouterOS, try upgrading?  It could be a bug
> that got fixed later, and they have definitely had their share of RADIUS
> client bugs in the past.)
> 
> In any case, you can work around a problem where Radiator does not
> receive Accounting-Stop by having Radiator verify that any active
> sessions for the user that are recorded in the RADONLINE table are valid
> at the moment that the user tries to authenticate again.  Radiator does
> this by executing an SNMP query to the NAS that is on record for each
> session to see if the Session-ID for that row in the table is still
> valid.  If the NAS does not return anything for the OID, then Radiator
> assumes the session is dead and purges that entry from RADONLINE,
> reducing MaxSessions count by 1.
> 
> To enable this functionality, you need to make sure that SNMP is enabled
> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
> is installed and configured on the Radiator server, and you need to add
> these options to your Client clause in your Radiator config file:
> 
> 
> [...]
> # MikroTik supports this MIB
> NasType CiscoSessionMIB
> SNMPCommunity public
> 
> 
> Replace 'public' with the SNMP community string that you have configured
> on the MikroTik.
> 
> We also made a slight change to the Radiator code, because by default, if
> Radiator does not get a response back from its SNMP "get" to the
> MikroTik, it gives the benefit of the doubt to RADONLINE.  We have found
> that more often than not, it is better to give the benefit of the doubt
> to the user.  That way, a user is not unfairly punished by problems with
> our NAS or problems on our network that might make it impossible for
> Radiator to communicate with our NAS.  Here is the patch to make that
> change in behavior:
> 
> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
> Radius-patched/Nas/CiscoSessionMIB.pm
> --- Radius/Nas/CiscoSessionMIB.pm 2009-10-26 15:23:55.0 -0700
> +++ Radius-patched/Nas/CiscoSessionMIB.pm 2014-12-08 05:20:02.0
> -0800
> @@ -39,7 +39,7 @@
>$client->{SNMPCommunity},
>"$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
> 
> -return 1 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Assume still there
> +return 0 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Give benefit of doubt to user.
>  return 0 if $result =~ /no such variable/i;  # Not in the MIB means
> no such session
>  return uc($1) eq uc($name)
>   if ($result =~ /^.*\"([^"]+)".*$/);
> 
> Hope this helps,
> 
> --
> Nathan Anderson
> First Step Internet, LLC
> nath...@fsr.com
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager


___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


[RADIATOR] Simple update of Radiator

2015-01-22 Thread it . netzwerk_firewall
Hi everyone,
sorry for the basic question, but i can't  find a manual for grading up an 
existing installation for Radiator (just the normal installation).
Can you tell me the easiest way to do that, please. My actual installation 
is an 4.12.1 on Windows in directory e:\Radiator with Perl 5.16.3

 Locally applied patches:
   ActivePerl Build 1603 [296746]
 Built under MSWin32
 Compiled at Mar 13 2013 11:29:21
 @INC:
   E:/software32p/perl/site/lib
   E:/software32p/perl/lib
   .
Regards,
Bernhard


Diese Information und eventuelle Anhaenge sind vertraulich 
und ausschliesslich zur Kenntnisnahme durch den oder die 
genannten Adressaten bestimmt. Sollten Sie nicht der 
vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich 
zu informieren und die Nachricht zu loeschen. Der Inhalt der 
fehlgeleiteten Nachricht darf weder aufgezeichnet noch 
Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet 
werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher 
Sorgfalt unsererseits aufgrund der technischen Gegebenheiten 
im Internet keine Verantwortung fuer die Existenz von Viren 
uebernommen werden kann.

This message and any attachments are confidential and are 
only intended for the recipient(s) to which they have been 
addressed. If you have received this message in error, please 
notify the sender immediately and delete the message from 
your system. The contents of this misdirected mail may not be 
saved, recorded or used for any purpose whatsoever or made 
available to unauthorised persons. This message has been 
prepared and sent with the greatest possible care, including 
scanning for viruses. In spite of this, we assume no liability 
whatsoever for the existence of any viruses.


Firma: BAWAG P.S.K. Bank fuer Arbeit und Wirtschaft und Oesterreichische 
Postsparkasse Aktiengesellschaft
Rechtsform: Aktiengesellschaft
Sitz: politische Gemeinde Wien
Firmenbuchnummer: 205340x
Firmenbuchgericht: Handelsgericht Wien
DVR-Nummer: 1075217
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator