Re: [RADIATOR] Radiator does not allow LEFT OUTER JOIN in SQL statement? -> Solved -> config typo
Sorry, Just a typo in the radius config file... Sorry to cause this trouble Met vriendelijke groeten/With kind regards, Karel van der Velden [KPN-logo] Ananke Goddess of necessity, inevitability and compulsion Godin van de noodzakelijkheid, onvermijdelijkheid en dwangmatigheid NETCO FO N&SD Service Development Reitemakersrijge 13 9711 HT Groningen Vast: 050 - 5881003 Fax: 050 - 3186347 This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited Van: Velden, Karel van der Verzonden: vrijdag 23 januari 2015 8:05 Aan: 'radiator@open.com.au' Onderwerp: Radiator does not allow LEFT OUTER JOIN in SQL statement? Hello, Today I tried to do an AuthSelect statement including a 'LEFT OUTER JOIN' but it failed with the error message: ERR: Unknown keyword 'LEFT' in The sql statement works perfectly in a db environment. Why doesn't radiator accept it? With kind regards, Karel van der Velden NETCO FO N&SD Service Development This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Radiator does not allow LEFT OUTER JOIN in SQL statement?
Hello, Today I tried to do an AuthSelect statement including a 'LEFT OUTER JOIN' but it failed with the error message: ERR: Unknown keyword 'LEFT' in The sql statement works perfectly in a db environment. Why doesn't radiator accept it? With kind regards, Karel van der Velden NETCO FO N&SD Service Development This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator+Mikrotik
Well! I stand corrected.
-- Nathan
Hugh Irvine wrote:
Hello Sergio -
Yes - have a look at the current packages in the “Radius/Nas/…” directory of
the Radiator-4.14 distribution.
regards
Hugh
> On 23 Jan 2015, at 13:41, sergio wrote:
>
> hello
>
> It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
>
>
>> -Original Message-
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>>
>> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>>
>>> Hello all,
>>>
>>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>>> the hook script will send Disconnect-Request to Mikrotik once the
>>> session
>>> exceeds the quota, here is how i send Disconnect-Request:
>>
>> [snip]
>>
>>> This works fine but the problem is that user can't re-authenticate again
>>> because it reaches Maxsessions although I have this in my config file:
>>
>> [snip]
>>
>>> The user would successfully authenticate again when I manually remove
>>> the
>>> session from RADONLINE by executing the DeleteQuery.
>>
>> It has been a while since I have had to look at/think about this, but as
>> I recall, this is how it works:
>>
>> DeleteQuery doesn't get executed unless the Radiator server receives
>> Accounting-Stop from the MikroTik.
>>
>> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
>> by MikroTik RouterOS; I can't remember and I will have to simulate this
>> later and run a packet capture to see what happens. (Maybe if you are
>> running an older version of RouterOS, try upgrading? It could be a bug
>> that got fixed later, and they have definitely had their share of RADIUS
>> client bugs in the past.)
>>
>> In any case, you can work around a problem where Radiator does not
>> receive Accounting-Stop by having Radiator verify that any active
>> sessions for the user that are recorded in the RADONLINE table are valid
>> at the moment that the user tries to authenticate again. Radiator does
>> this by executing an SNMP query to the NAS that is on record for each
>> session to see if the Session-ID for that row in the table is still
>> valid. If the NAS does not return anything for the OID, then Radiator
>> assumes the session is dead and purges that entry from RADONLINE,
>> reducing MaxSessions count by 1.
>>
>> To enable this functionality, you need to make sure that SNMP is enabled
>> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
>> is installed and configured on the Radiator server, and you need to add
>> these options to your Client clause in your Radiator config file:
>>
>>
>>[...]
>># MikroTik supports this MIB
>>NasType CiscoSessionMIB
>>SNMPCommunity public
>>
>>
>> Replace 'public' with the SNMP community string that you have configured
>> on the MikroTik.
>>
>> We also made a slight change to the Radiator code, because by default, if
>> Radiator does not get a response back from its SNMP "get" to the
>> MikroTik, it gives the benefit of the doubt to RADONLINE. We have found
>> that more often than not, it is better to give the benefit of the doubt
>> to the user. That way, a user is not unfairly punished by problems with
>> our NAS or problems on our network that might make it impossible for
>> Radiator to communicate with our NAS. Here is the patch to make that
>> change in behavior:
>>
>> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
>> Radius-patched/Nas/CiscoSessionMIB.pm
>> --- Radius/Nas/CiscoSessionMIB.pm2009-10-26 15:23:55.0 -0700
>> +++ Radius-patched/Nas/CiscoSessionMIB.pm2014-12-08 05:20:02.0
>> -0800
>> @@ -39,7 +39,7 @@
>> $client->{SNMPCommunity},
>> "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>>
>> -return 1 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Assume still there
>> +return 0 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Give benefit of doubt to user.
>> return 0 if $result =~ /no such variable/i; # Not in the MIB means
>> no such session
>> return uc($1) eq uc($name)
>> if ($result =~ /^.*\"([^"]+)".*$/);
>>
>> Hope this helps,
>>
>> --
>> Nathan Anderson
>> First Step Internet, LLC
>> nath...@fsr.com
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
> Can't remember your password? Do you need a strong and secure password?
> Use Password manager! It stores your passwords & protects your account.
> Check it out at http://mysecurelogon.com/password-manager
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, f
Re: [RADIATOR] Simple update of Radiator
Hi again - Of course you must make sure you have backups of your configuration files and so on before changing anything. I personally prefer to keep all of my Radiator source distributions in individual directories so I can easily change between them. This also makes it very simple to go back to the previous version if there is a problem with the newer version. You should also test fully on a test machine before running new versions in production. regards Hugh > On 23 Jan 2015, at 14:55, Hugh Irvine wrote: > > > Hello Bernhard - > > You just need to install the new version Radiator-4.14 over the top of your > existing installation. > > regards > > Hugh > > >> On 23 Jan 2015, at 01:14, it.netzwerk_firew...@bawagpsk.com wrote: >> >> Hi everyone, >> sorry for the basic question, but i can't find a manual for grading up an >> existing installation for Radiator (just the normal installation). >> Can you tell me the easiest way to do that, please. My actual installation >> is an 4.12.1 on Windows in directory e:\Radiator with Perl 5.16.3 >> >> Locally applied patches: >> ActivePerl Build 1603 [296746] >> Built under MSWin32 >> Compiled at Mar 13 2013 11:29:21 >> @INC: >> E:/software32p/perl/site/lib >> E:/software32p/perl/lib >> . >> Regards, >> Bernhard >> >> >> >> >> >> Diese Information und eventuelle Anhaenge sind vertraulich >> und ausschliesslich zur Kenntnisnahme durch den oder die >> genannten Adressaten bestimmt. Sollten Sie nicht der >> vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich >> zu informieren und die Nachricht zu loeschen. Der Inhalt der >> fehlgeleiteten Nachricht darf weder aufgezeichnet noch >> Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet >> werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher >> Sorgfalt unsererseits aufgrund der technischen Gegebenheiten >> im Internet keine Verantwortung fuer die Existenz von Viren >> uebernommen werden kann. >> >> This message and any attachments are confidential and are >> only intended for the recipient(s) to which they have been >> addressed. If you have received this message in error, please >> notify the sender immediately and delete the message from >> your system. The contents of this misdirected mail may not be >> saved, recorded or used for any purpose whatsoever or made >> available to unauthorised persons. This message has been >> prepared and sent with the greatest possible care, including >> scanning for viruses. In spite of this, we assume no liability >> whatsoever for the existence of any viruses. >> >> Firma: BAWAG P.S.K. Bank fuer Arbeit und Wirtschaft und Oesterreichische >> Postsparkasse Aktiengesellschaft >> Rechtsform: Aktiengesellschaft >> Sitz: politische Gemeinde Wien >> Firmenbuchnummer: 205340x >> Firmenbuchgericht: Handelsgericht Wien >> DVR-Nummer: 1075217 >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Simple update of Radiator
Hello Bernhard - You just need to install the new version Radiator-4.14 over the top of your existing installation. regards Hugh > On 23 Jan 2015, at 01:14, it.netzwerk_firew...@bawagpsk.com wrote: > > Hi everyone, > sorry for the basic question, but i can't find a manual for grading up an > existing installation for Radiator (just the normal installation). > Can you tell me the easiest way to do that, please. My actual installation is > an 4.12.1 on Windows in directory e:\Radiator with Perl 5.16.3 > > Locally applied patches: >ActivePerl Build 1603 [296746] > Built under MSWin32 > Compiled at Mar 13 2013 11:29:21 > @INC: >E:/software32p/perl/site/lib >E:/software32p/perl/lib >. > Regards, > Bernhard > > > > > > Diese Information und eventuelle Anhaenge sind vertraulich > und ausschliesslich zur Kenntnisnahme durch den oder die > genannten Adressaten bestimmt. Sollten Sie nicht der > vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich > zu informieren und die Nachricht zu loeschen. Der Inhalt der > fehlgeleiteten Nachricht darf weder aufgezeichnet noch > Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet > werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher > Sorgfalt unsererseits aufgrund der technischen Gegebenheiten > im Internet keine Verantwortung fuer die Existenz von Viren > uebernommen werden kann. > > This message and any attachments are confidential and are > only intended for the recipient(s) to which they have been > addressed. If you have received this message in error, please > notify the sender immediately and delete the message from > your system. The contents of this misdirected mail may not be > saved, recorded or used for any purpose whatsoever or made > available to unauthorised persons. This message has been > prepared and sent with the greatest possible care, including > scanning for viruses. In spite of this, we assume no liability > whatsoever for the existence of any viruses. > > Firma: BAWAG P.S.K. Bank fuer Arbeit und Wirtschaft und Oesterreichische > Postsparkasse Aktiengesellschaft > Rechtsform: Aktiengesellschaft > Sitz: politische Gemeinde Wien > Firmenbuchnummer: 205340x > Firmenbuchgericht: Handelsgericht Wien > DVR-Nummer: 1075217 > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Radiator+Mikrotik
Hello Sergio -
Yes - have a look at the current packages in the “Radius/Nas/…” directory of
the Radiator-4.14 distribution.
regards
Hugh
> On 23 Jan 2015, at 13:41, sergio wrote:
>
> hello
>
> It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
>
>
>> -Original Message-
>> From: nath...@fsr.com
>> Sent: Mon, 8 Dec 2014 05:30:26 -0800
>> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
>> Subject: Re: [RADIATOR] Radiator+Mikrotik
>>
>> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>>
>>> Hello all,
>>>
>>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>>> the hook script will send Disconnect-Request to Mikrotik once the
>>> session
>>> exceeds the quota, here is how i send Disconnect-Request:
>>
>> [snip]
>>
>>> This works fine but the problem is that user can't re-authenticate again
>>> because it reaches Maxsessions although I have this in my config file:
>>
>> [snip]
>>
>>> The user would successfully authenticate again when I manually remove
>>> the
>>> session from RADONLINE by executing the DeleteQuery.
>>
>> It has been a while since I have had to look at/think about this, but as
>> I recall, this is how it works:
>>
>> DeleteQuery doesn't get executed unless the Radiator server receives
>> Accounting-Stop from the MikroTik.
>>
>> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
>> by MikroTik RouterOS; I can't remember and I will have to simulate this
>> later and run a packet capture to see what happens. (Maybe if you are
>> running an older version of RouterOS, try upgrading? It could be a bug
>> that got fixed later, and they have definitely had their share of RADIUS
>> client bugs in the past.)
>>
>> In any case, you can work around a problem where Radiator does not
>> receive Accounting-Stop by having Radiator verify that any active
>> sessions for the user that are recorded in the RADONLINE table are valid
>> at the moment that the user tries to authenticate again. Radiator does
>> this by executing an SNMP query to the NAS that is on record for each
>> session to see if the Session-ID for that row in the table is still
>> valid. If the NAS does not return anything for the OID, then Radiator
>> assumes the session is dead and purges that entry from RADONLINE,
>> reducing MaxSessions count by 1.
>>
>> To enable this functionality, you need to make sure that SNMP is enabled
>> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
>> is installed and configured on the Radiator server, and you need to add
>> these options to your Client clause in your Radiator config file:
>>
>>
>>[...]
>># MikroTik supports this MIB
>>NasType CiscoSessionMIB
>>SNMPCommunity public
>>
>>
>> Replace 'public' with the SNMP community string that you have configured
>> on the MikroTik.
>>
>> We also made a slight change to the Radiator code, because by default, if
>> Radiator does not get a response back from its SNMP "get" to the
>> MikroTik, it gives the benefit of the doubt to RADONLINE. We have found
>> that more often than not, it is better to give the benefit of the doubt
>> to the user. That way, a user is not unfairly punished by problems with
>> our NAS or problems on our network that might make it impossible for
>> Radiator to communicate with our NAS. Here is the patch to make that
>> change in behavior:
>>
>> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
>> Radius-patched/Nas/CiscoSessionMIB.pm
>> --- Radius/Nas/CiscoSessionMIB.pm2009-10-26 15:23:55.0 -0700
>> +++ Radius-patched/Nas/CiscoSessionMIB.pm2014-12-08 05:20:02.0
>> -0800
>> @@ -39,7 +39,7 @@
>> $client->{SNMPCommunity},
>> "$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>>
>> -return 1 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Assume still there
>> +return 0 if (!$result || $result =~ /no response/i); # Could not
>> SNMP. Give benefit of doubt to user.
>> return 0 if $result =~ /no such variable/i; # Not in the MIB means
>> no such session
>> return uc($1) eq uc($name)
>> if ($result =~ /^.*\"([^"]+)".*$/);
>>
>> Hope this helps,
>>
>> --
>> Nathan Anderson
>> First Step Internet, LLC
>> nath...@fsr.com
>> ___
>> radiator mailing list
>> radiator@open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
> Can't remember your password? Do you need a strong and secure password?
> Use Password manager! It stores your passwords & protects your account.
> Check it out at http://mysecurelogon.com/password-manager
>
>
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS
Re: [RADIATOR] Radiator+Mikrotik
I'm not sure that I see what the point of that would be. RouterOS uses the same
MIB as Cisco does, so having to keep 2 nearly-identical modules in sync with
each other would be silly.
To be clear, the modification I made to the CiscoSessionMIB wasn't for the sake
of compatibility with RouterOS. It was to change Radiator's behavior in the
event that it got no SNMP response from the NAS. This modification would be
equally valuable to someone using a Cisco NAS who wanted the same behavior. If
anything, it would be nice to have this as a configurable option in Radiator.
--
Nathan Anderson
First Step Internet, LLC
nath...@fsr.com
sergio wrote:
hello
It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
> -Original Message-
> From: nath...@fsr.com
> Sent: Mon, 8 Dec 2014 05:30:26 -0800
> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
>
> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>
>> Hello all,
>>
>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>> the hook script will send Disconnect-Request to Mikrotik once the
>> session
>> exceeds the quota, here is how i send Disconnect-Request:
>
> [snip]
>
>> This works fine but the problem is that user can't re-authenticate again
>> because it reaches Maxsessions although I have this in my config file:
>
> [snip]
>
>> The user would successfully authenticate again when I manually remove
>> the
>> session from RADONLINE by executing the DeleteQuery.
>
> It has been a while since I have had to look at/think about this, but as
> I recall, this is how it works:
>
> DeleteQuery doesn't get executed unless the Radiator server receives
> Accounting-Stop from the MikroTik.
>
> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
> by MikroTik RouterOS; I can't remember and I will have to simulate this
> later and run a packet capture to see what happens. (Maybe if you are
> running an older version of RouterOS, try upgrading? It could be a bug
> that got fixed later, and they have definitely had their share of RADIUS
> client bugs in the past.)
>
> In any case, you can work around a problem where Radiator does not
> receive Accounting-Stop by having Radiator verify that any active
> sessions for the user that are recorded in the RADONLINE table are valid
> at the moment that the user tries to authenticate again. Radiator does
> this by executing an SNMP query to the NAS that is on record for each
> session to see if the Session-ID for that row in the table is still
> valid. If the NAS does not return anything for the OID, then Radiator
> assumes the session is dead and purges that entry from RADONLINE,
> reducing MaxSessions count by 1.
>
> To enable this functionality, you need to make sure that SNMP is enabled
> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
> is installed and configured on the Radiator server, and you need to add
> these options to your Client clause in your Radiator config file:
>
>
> [...]
> # MikroTik supports this MIB
> NasType CiscoSessionMIB
> SNMPCommunity public
>
>
> Replace 'public' with the SNMP community string that you have configured
> on the MikroTik.
>
> We also made a slight change to the Radiator code, because by default, if
> Radiator does not get a response back from its SNMP "get" to the
> MikroTik, it gives the benefit of the doubt to RADONLINE. We have found
> that more often than not, it is better to give the benefit of the doubt
> to the user. That way, a user is not unfairly punished by problems with
> our NAS or problems on our network that might make it impossible for
> Radiator to communicate with our NAS. Here is the patch to make that
> change in behavior:
>
> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
> Radius-patched/Nas/CiscoSessionMIB.pm
> --- Radius/Nas/CiscoSessionMIB.pm 2009-10-26 15:23:55.0 -0700
> +++ Radius-patched/Nas/CiscoSessionMIB.pm 2014-12-08 05:20:02.0
> -0800
> @@ -39,7 +39,7 @@
>$client->{SNMPCommunity},
>"$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>
> -return 1 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Assume still there
> +return 0 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Give benefit of doubt to user.
> return 0 if $result =~ /no such variable/i; # Not in the MIB means
> no such session
> return uc($1) eq uc($name)
> if ($result =~ /^.*\"([^"]+)".*$/);
>
> Hope this helps,
>
> --
> Nathan Anderson
> First Step Internet, LLC
> nath...@fsr.com
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your pass
Re: [RADIATOR] Radiator+Mikrotik
hello
It is possible to create a package for the Mikrotik? MikrotikSessionMIB.pm
> -Original Message-
> From: nath...@fsr.com
> Sent: Mon, 8 Dec 2014 05:30:26 -0800
> To: m.abdelsa...@wimd.com.kw, radiator@open.com.au
> Subject: Re: [RADIATOR] Radiator+Mikrotik
>
> On Monday, December 08, 2014 12:16 AM, Mahmoud Abdelsalam wrote:
>
>> Hello all,
>>
>> As Mikrotik doesn't support COA for PPPoE, so I used Disconnect-Request,
>> the hook script will send Disconnect-Request to Mikrotik once the
>> session
>> exceeds the quota, here is how i send Disconnect-Request:
>
> [snip]
>
>> This works fine but the problem is that user can't re-authenticate again
>> because it reaches Maxsessions although I have this in my config file:
>
> [snip]
>
>> The user would successfully authenticate again when I manually remove
>> the
>> session from RADONLINE by executing the DeleteQuery.
>
> It has been a while since I have had to look at/think about this, but as
> I recall, this is how it works:
>
> DeleteQuery doesn't get executed unless the Radiator server receives
> Accounting-Stop from the MikroTik.
>
> PoD/Disconnect-Request may or may not cause Accounting-Stop to be issued
> by MikroTik RouterOS; I can't remember and I will have to simulate this
> later and run a packet capture to see what happens. (Maybe if you are
> running an older version of RouterOS, try upgrading? It could be a bug
> that got fixed later, and they have definitely had their share of RADIUS
> client bugs in the past.)
>
> In any case, you can work around a problem where Radiator does not
> receive Accounting-Stop by having Radiator verify that any active
> sessions for the user that are recorded in the RADONLINE table are valid
> at the moment that the user tries to authenticate again. Radiator does
> this by executing an SNMP query to the NAS that is on record for each
> session to see if the Session-ID for that row in the table is still
> valid. If the NAS does not return anything for the OID, then Radiator
> assumes the session is dead and purges that entry from RADONLINE,
> reducing MaxSessions count by 1.
>
> To enable this functionality, you need to make sure that SNMP is enabled
> and configured on each MikroTik NAS, you need to make sure that Net-SNMP
> is installed and configured on the Radiator server, and you need to add
> these options to your Client clause in your Radiator config file:
>
>
> [...]
> # MikroTik supports this MIB
> NasType CiscoSessionMIB
> SNMPCommunity public
>
>
> Replace 'public' with the SNMP community string that you have configured
> on the MikroTik.
>
> We also made a slight change to the Radiator code, because by default, if
> Radiator does not get a response back from its SNMP "get" to the
> MikroTik, it gives the benefit of the doubt to RADONLINE. We have found
> that more often than not, it is better to give the benefit of the doubt
> to the user. That way, a user is not unfairly punished by problems with
> our NAS or problems on our network that might make it impossible for
> Radiator to communicate with our NAS. Here is the patch to make that
> change in behavior:
>
> diff -r -d -u -N Radius/Nas/CiscoSessionMIB.pm
> Radius-patched/Nas/CiscoSessionMIB.pm
> --- Radius/Nas/CiscoSessionMIB.pm 2009-10-26 15:23:55.0 -0700
> +++ Radius-patched/Nas/CiscoSessionMIB.pm 2014-12-08 05:20:02.0
> -0800
> @@ -39,7 +39,7 @@
>$client->{SNMPCommunity},
>"$Radius::Nas::CiscoMIB.9.150.1.1.3.1.2.$session_id");
>
> -return 1 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Assume still there
> +return 0 if (!$result || $result =~ /no response/i); # Could not
> SNMP. Give benefit of doubt to user.
> return 0 if $result =~ /no such variable/i; # Not in the MIB means
> no such session
> return uc($1) eq uc($name)
> if ($result =~ /^.*\"([^"]+)".*$/);
>
> Hope this helps,
>
> --
> Nathan Anderson
> First Step Internet, LLC
> nath...@fsr.com
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
Can't remember your password? Do you need a strong and secure password?
Use Password manager! It stores your passwords & protects your account.
Check it out at http://mysecurelogon.com/password-manager
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
[RADIATOR] Simple update of Radiator
Hi everyone, sorry for the basic question, but i can't find a manual for grading up an existing installation for Radiator (just the normal installation). Can you tell me the easiest way to do that, please. My actual installation is an 4.12.1 on Windows in directory e:\Radiator with Perl 5.16.3 Locally applied patches: ActivePerl Build 1603 [296746] Built under MSWin32 Compiled at Mar 13 2013 11:29:21 @INC: E:/software32p/perl/site/lib E:/software32p/perl/lib . Regards, Bernhard Diese Information und eventuelle Anhaenge sind vertraulich und ausschliesslich zur Kenntnisnahme durch den oder die genannten Adressaten bestimmt. Sollten Sie nicht der vorgesehene Adressat sein, ersuchen wir Sie, uns unverzueglich zu informieren und die Nachricht zu loeschen. Der Inhalt der fehlgeleiteten Nachricht darf weder aufgezeichnet noch Unbefugten mitgeteilt oder fuer irgendwelche Zwecke verwertet werden. Bitte beachten Sie weiters, dass trotz hoechstmoeglicher Sorgfalt unsererseits aufgrund der technischen Gegebenheiten im Internet keine Verantwortung fuer die Existenz von Viren uebernommen werden kann. This message and any attachments are confidential and are only intended for the recipient(s) to which they have been addressed. If you have received this message in error, please notify the sender immediately and delete the message from your system. The contents of this misdirected mail may not be saved, recorded or used for any purpose whatsoever or made available to unauthorised persons. This message has been prepared and sent with the greatest possible care, including scanning for viruses. In spite of this, we assume no liability whatsoever for the existence of any viruses. Firma: BAWAG P.S.K. Bank fuer Arbeit und Wirtschaft und Oesterreichische Postsparkasse Aktiengesellschaft Rechtsform: Aktiengesellschaft Sitz: politische Gemeinde Wien Firmenbuchnummer: 205340x Firmenbuchgericht: Handelsgericht Wien DVR-Nummer: 1075217 ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
