(RADIATOR) unsubscribe
Re: (RADIATOR) cant compile DBD-Oracle on solaris 9
Hi DR, I had the same problem. Easiest thing to do is to download and install the 32-bit Solaris version of Oracle 9i. The problem is that the ld command and probably a lot of other executables on your system are 32-bit versions. The instructions for extracting them are on the download page - a little different from standard Oracle fare - they don't automatically extract into Disk1, Disk2 and Disk3 directories - so read the short instruction on the download page. 92010Sol_Disk1.cpio.gz 92010Sol_Disk2.cpio.gz 92010Sol_Disk3.cpio.gz Regards, Tunde Itayemi. - Original Message - From: Datareactor To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 7:01 PM Subject: (RADIATOR) cant compile DBD-Oracle on solaris 9 Dear all i am facing problem compiling DBD-oracle for radiator2.18 perl Makefile.PL output is OK i get following error when try to " make " ld: fatal: file /u01/lib//libclntsh.so: wrong ELF class: ELFCLASS64ld: fatal: File processing errors. No output written to buildcollect2: ld returned 1 exit status*** Error code 1make: Fatal error: Command failed for target `blib/arch/auto/DBD/Oracle/Oracle.so' i think there is some 64bit vs 32bit issue i try to compile both with 64bit perl and 32bit perl with no luck my system information is as followings 1)E250 Sparc Platform with Solaris 9 and Oracle 9 2)v5.6.1 built for sun4-solaris-64int 3) gcc 3.3 Thanks is Advance Regards ./DR
(RADIATOR) startup script for radiator on solaris sparc
Hi All, Does anyone have a startup script I could use on a Solaris 8 SPARC box? Pls attach instructions for installation :-) Thanks. Regards, Tunde Itayemi.
Re: (RADIATOR) startup script for radiator on solaris sparc
Hi Richard, Hi Roland, Hi All. Thanks. I got it all set up now. Rebooted the box and it came up with radius running. Thanks. Tunde I. - Original Message - From: Richard Grantham [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Sent: Tuesday, August 19, 2003 12:52 PM Subject: Re: (RADIATOR) startup script for radiator on solaris sparc Hello, I use this as /etc/init.d/radiusd. You may find it useful seeing as you are and Oracle person. What you should do is link /etc/rc2.d/S80radiusd and /etc/rc0.d/K80radiusd to this script too. This will start Radiator in run level 2 and stop it in run level 0. Richard -- SNIP -- #!/bin/sh ORACLE_SID=SID ORACLE_HOME=/PATH/TO/ORACLE/HOME LD_LIBRARY_PATH=$ORACLE_HOME/lib PATH=/sbin:/bin:/usr/local/bin export ORACLE_SID ORACLE_HOME LD_LIBRARY_PATH PATH case $1 in 'start') radiusd ;; 'stop') kill `cat /var/run/radiusd.pid` ;; 'restart') kill -HUP `cat /var/run/radiusd.pid` ;; esac === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator on solaris SPARC
Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pmcc -c -xO3 -xdepend -DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS Perl.ccc: unrecognized option `-KPIC'cc: language depend not recognizedcc: Perl.c: linker input file unused since linking not done/usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris -I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend -DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS DBI.ccc: unrecognized option `-KPIC'cc: language depend not recognizedcc: DBI.c: linker input file unused since linking not doneRunning Mkbootstrap for DBI ()chmod 644 DBI.bsLD_RUN_PATH="" cc -o blib/arch/auto/DBI/DBI.so -G DBI.occ: DBI.o: No such file or directorycc: No input filesmake: *** [blib/arch/auto/DBI/DBI.so] Error 1bash-2.03#
(RADIATOR) DBD-Oracle problems on SUN
Hi All, I am having problems installing the DBD-Oracle-1.12 module (tried v 1.14 also)on a Solaris SUN box with specs: NetraX1 (Solaris 8) perl 5.6.1 DBI-1.21 GNU gcc 3.3 GNU libgcc 3.3 Oracle9iR1 install. Below is a sample install run and the errors I got. Thanks. Tunde I. bash-2.03# cd DBD-Oracle-1.12bash-2.03# perl Makefile.PLUsing DBI 1.21 installed in /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/DBI Configuring DBD::Oracle ... Remember to actually *READ* the README file! Especially if you have any problems. Using Oracle in /export/spare/oracle9swFound header files in rdbms/demo.Found /export/spare/oracle9sw/precomp/demo/proc/demo_proc.mkUsing /export/spare/oracle9sw/precomp/demo/proc/demo_proc.mkReading /export/spare/oracle9sw/precomp/demo/proc/demo_proc.mk.Reading /export/spare/oracle9sw/precomp/lib/env_precomp.mk.Deleting ORA_NLS = $(ORACLE_HOME)/ocommon/nls/admin/data/ because it is not already set in the environment and it can cause ORA-01019 errors.Deleting ORA_NLS33 = $(ORACLE_HOME)/ocommon/nls/admin/data/ because it is not already set in the environment and it can cause ORA-01019 errors. Attempting to discover Oracle OCI build rules...gcc -c -o DBD_ORA_OBJ.o DBD_ORA_OBJ.cOracle oci build command: echo -xarch=v9 -o DBD_ORA_EXE DBD_ORA_OBJ.o -L/export/spare/oracle9sw/lib/ -lclntsh `cat /export/spare/oracle9sw/lib/ldflags` `cat /export/spare/oracle9sw/lib/sysliblist` -R/export/spare/oracle9sw/lib -laio -lposix4 -lm -lthread -xarch=v9 -o DBD_ORA_EXE DBD_ORA_OBJ.o -L/export/spare/oracle9sw/lib/ -lclntsh -lnbeq9 -lnhost9 -lnus9 -lnldap9 -lldapclnt9 -lnsslb9 -lnoname9 -lntcp9 -lntcps9 -lnsslb9 -lntcp9 -lntns9 -lnsl -lsocket -lgen -ldl -R/export/spare/oracle9sw/lib -laio -lposix4 -lm -lthreadUnable to interpret Oracle oci build commands. Using fallback approach. System: perl5.006001 sunos solaris 5.8 generic sun4u sparc sunw,ultra-5_10Compiler: gcc -O -fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64Linker: /usr/local/bin/ldSysliblist: -lnsl -lsocket -lgen -ldlOracle makefiles would have used these definitions but we override them: CC: cc CFLAGS: $(GFLAG) $(OPTIMIZE) $(CDEBUG) $(CCFLAGS) $(PFLAGS)\ $(SHARED_CFLAG) $(USRFLAGS) [$(GFLAG) -xO3 $(CDEBUG) -Xa $(PROFILE) -xstrconst -dalign -xF $(XS) $(MR) -xildoff -errtags=yes -v -xarch=v9 -xchip=ultra3 -W2,-AKNR_S -Wd,-xsafe=unboundsym -Wc,-Qiselect-funcalign=32 -xcode=abs44 -Wc,-Qgsched-trace_late=1 -Wc,-Qgsched-T5 -xalias_level=weak -D_REENTRANT -DSS_64BIT_SERVER -DBIT64 -DMACHINE64 -K PIC -DPRECOMP -I. -I/export/spare/oracle9sw/precomp/public -I/export/spare/oracle9sw/rdbms/public -I/export/spare/oracle9sw/rdbms/demo -I/export/spare/oracle9sw/plsql/public -I/export/spare/oracle9sw/network/public -DSLMXMX_ENABLE -DSLTS_ENABLE -D_SVID_GETTOD -D_REENTRANT $(LPFLAGS) $(USRFLAGS)] build: $(DEMO_PROC_BUILD_SHARED_64)Evaluating `cat $(LIBHOME)ldflags` expanded `cat /export/spare/oracle9sw/lib/ldflags` returned '-lnbeq9 -lnhost9 -lnus9 -lnldap9 -lldapclnt9 -lnsslb9 -lnoname9 -lntcp9 -lntcps9 -lnsslb9 -lntcp9 -lntns9'Evaluating `cat $(LIBHOME)sysliblist` expanded `cat /export/spare/oracle9sw/lib/sysliblist` returned '-lnsl -lsocket -lgen -ldl' [ cc -xarch=v9 $(LFLAGS) -o $(EXE) $(OBJS) -L$(LIBHOME) -lclntsh -lnbeq9 -lnhost9 -lnus9 -lnldap9 -lldapclnt9 -lnsslb9 -lnoname9 -lntcp9 -lntcps9 -lnsslb9 -lntcp9 -lntns9 $(EXPDLIBS) $(EXOSLIBS) -lnsl -lsocket -lgen -ldl -R/export/spare/oracle9sw/lib -laio $(THREADLIBS) -lposix4 $(LLIBKSTAT) -lm $(USRLIBS) -lthread] LDFLAGS: -o $@ $(LDPATHFLAG)$(PRODLIBHOME) $(LDPATHFLAG)$(LIBHOME) [-o $@ -L/export/spare/oracle9sw/precomp/lib/ -L$(LIBHOME)] Linking with -L/export/spare/oracle9sw/lib -lclntsh [from $(LIBCLNTSH)] Warning: If you have problems you may need to rebuild perl with -Uusemymalloc. Checking if your kit is complete...Looks goodLD_RUN_PATH=/export/spare/oracle9sw/libUsing DBD::Oracle 1.12.Using DBI 1.21 installed in /usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/DBIWriting Makefile for DBD::Oracle *** If you have problems... read all the log printed above, and the README and README.help files. (Of course, you have read README by now anyway, haven't you?) bash-2.03# makeSkip blib/lib/oraperl.ph (unchanged)Skip blib/lib/DBD/Oracle.pm (unchanged)Skip blib/arch/auto/DBD/Oracle/mk.pm (unchanged)Skip blib/arch/auto/DBD/Oracle/dbdimp.h (unchanged)Skip blib/arch/auto/DBD/Oracle/ocitrace.h (unchanged)Skip blib/arch/auto/DBD/Oracle/Oracle.h (unchanged)Skip blib/lib/Oraperl.pm (unchanged)gcc -c -I. -I/export/spare/oracle9sw/precomp/public -I/export/spare/oracle9sw/rdbms/public -I/export/spare/oracle9sw/rdbms/demo -I/export/spare/oracle9sw/plsql/public -I/export/spare/oracle9sw/network/public -I/export/spare/oracle9sw/rdbms/demo -I/export/spare/oracle9sw/rdbms/demo -I/usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris/auto/DBI -fno-strict-aliasing -I/usr/local/include
Re: (RADIATOR) radiator on solaris SPARC
to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:60: dereferencing pointer to incomplete type Oracle.xs:64: dereferencing pointer to incomplete type Oracle.xs:66: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:85: dereferencing pointer to incomplete type Oracle.xs:87: dereferencing pointer to incomplete type Oracle.xs:87: dereferencing pointer to incomplete type Oracle.xsi: In function `boot_DBD__Oracle': Oracle.xsi:18: sizeof applied to an incomplete type Oracle.xsi:19: sizeof applied to an incomplete type make: *** [Oracle.o] Error 1 # - Original Message - From: Eapen Joseph [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: Elias [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 5:41 AM Subject: Re: (RADIATOR) radiator on solaris SPARC hi, i have radiator working fine without any problem on sun. The compiler i've used is workshop6. All the perl modules installation also went fine. rgds eapen - Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] Date: Tuesday, August 5, 2003 2:06 pm Subject: Re: (RADIATOR) radiator on solaris SPARC Hi Elias, hi Richard, You are both right! To think I spent the whole of yesterday on this! I have started installing the perl modules in less than 30minutes! Ok. I uninstalled perl 5.005 which came with Solaris and installed the GNU perl 5.6.1 instead ( I had done that before reading Richard's reply)I guess I could have kept both. I also installed the GNC gcc 3.3 and libgcc 3.3 soft-linked /usr/ucb/cc to /usr/local/bin/gcc and I am compiling away! Thanks, it goes to show that Knowledge is indeed power! Tunde Itayemi. - Original Message - From: Elias To: Ayotunde Itayemi Sent: Tuesday, August 05, 2003 11:00 AM Subject: Re: (RADIATOR) radiator on solaris SPARC *** Your mail has been scanned by TMnet VirusWall. *** Hi, I'm running my Radiator setup on Solaris 8 with an Oracle DB. I think your problem is more with Perl. The default Perl installation that comes with Solaris is linked to use cc. I normally reinstall Perl to get it to run with gcc. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: Hugh Irvine Sent: Tuesday, August 05, 2003 5:31 PM Subject: (RADIATOR) radiator on solaris SPARC *** This e-mail was scanned by TM Net E-Mail Virus Shield. *** Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pm cc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS Perl.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: Perl.c: linker input file unused since linking not done /usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris - I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS DBI.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: DBI.c: linker input file unused since linking not done Running
Re: (RADIATOR) radiator on solaris SPARC
Hi Eapen, hi All, This is no longer radiator but ... By the way, I couldnt install the DBD-Oracle perl module - it seems anything short of a full Oracle DB install wont work - I installed only the runtime client so now I have to reinstall the whole thing again. Now whenever I start the Oracle installer, it crashes out with a JVM error! Why me! :-( Eapen, what sort of SUN do you have? I also have a Netra X1 here with me that the owner has lost its LOMlite password. I got some info from tech-tips about resetting a jumper on the board (J13) but that was for a larger SUN machine so I couldnt find the jumper on the board. I noticed though that there is a jumper right next to the flash card on the SUN ... :-) Any ideas? Regards, Tunde I. - Original Message - From: Eapen Joseph [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: Elias [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 06, 2003 5:41 AM Subject: Re: (RADIATOR) radiator on solaris SPARC hi, i have radiator working fine without any problem on sun. The compiler i've used is workshop6. All the perl modules installation also went fine. rgds eapen - Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] Date: Tuesday, August 5, 2003 2:06 pm Subject: Re: (RADIATOR) radiator on solaris SPARC Hi Elias, hi Richard, You are both right! To think I spent the whole of yesterday on this! I have started installing the perl modules in less than 30minutes! Ok. I uninstalled perl 5.005 which came with Solaris and installed the GNU perl 5.6.1 instead ( I had done that before reading Richard's reply)I guess I could have kept both. I also installed the GNC gcc 3.3 and libgcc 3.3 soft-linked /usr/ucb/cc to /usr/local/bin/gcc and I am compiling away! Thanks, it goes to show that Knowledge is indeed power! Tunde Itayemi. - Original Message - From: Elias To: Ayotunde Itayemi Sent: Tuesday, August 05, 2003 11:00 AM Subject: Re: (RADIATOR) radiator on solaris SPARC *** Your mail has been scanned by TMnet VirusWall. *** Hi, I'm running my Radiator setup on Solaris 8 with an Oracle DB. I think your problem is more with Perl. The default Perl installation that comes with Solaris is linked to use cc. I normally reinstall Perl to get it to run with gcc. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: Hugh Irvine Sent: Tuesday, August 05, 2003 5:31 PM Subject: (RADIATOR) radiator on solaris SPARC *** This e-mail was scanned by TM Net E-Mail Virus Shield. *** Hi All, I have a Netra X1 (Solaris 8 SPARC) (and also a Sun SureFire v100) and I have tried without sucess to install radiator on them. I can't install most perl modules either, and yes I have seen all the mails on the net about installing GNU gcc and pointing the cc (wrapper) for the inexistent SUN compiler to gcc. perl Makefile.PL works everytime but make always bombs with something similar to (see below). I have tried both the solaris make and the GNU make (v 3.80) someone suggested gcc 2.95.2 which is supposed to be compatible with most OS, I have also tried 3.2.2 and 3.3. Has anyone installed radiator on solaris 8 sparc? and used it with a database? I was able to install the Oracle 9i client by the way on the s. perl version is 5.005_03 Thanks. Regards, Tunde I. = cp Changes blib/lib/DBI/Changes.pm cc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS Perl.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: Perl.c: linker input file unused since linking not done /usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris - I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap /usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c DBI.ccc -c -xO3 -xdepend-DVERSION=\1.21\ - DXS_VERSION=\1.21\ -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE - DDBI_NO_THREADS DBI.c cc: unrecognized option `-KPIC' cc: language depend not recognized cc: DBI.c: linker input file unused since linking not done Running Mkbootstrap for DBI () chmod 644 DBI.bs LD_RUN_PATH= cc -o blicc: DBI.o: No such file or directory cc: No input files make: *** [blibash-2.03# === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
Re: (RADIATOR) radiator on solaris SPARC
Hi Elias, hi Richard,
You are both right! To think I spent the whole of
yesterday on this!
I have started installing the perl modules in less
than 30minutes!
Ok. I uninstalled perl 5.005 which came with
Solaris and installed the
GNU perl 5.6.1 instead ( I had done that before
reading Richard's reply)
I guess I could have kept both.
I also installed the GNC gcc 3.3 and libgcc
3.3
soft-linked /usr/ucb/cc to
/usr/local/bin/gcc
and I am compiling away!
Thanks, it goes to show that "Knowledge is indeed
power!"
Tunde Itayemi.
- Original Message -
From:
Elias
To: Ayotunde Itayemi
Sent: Tuesday, August 05, 2003 11:00
AM
Subject: Re: (RADIATOR) radiator on
solaris SPARC
***
Your mail has been scanned by TMnet VirusWall.
***
Hi,
I'm running my Radiator setup on Solaris 8 with
an Oracle DB. I think your problem is more with Perl. The default Perl
installation that comes with Solaris is linked to use cc. I normally reinstall
Perl to get it to run with gcc.
- Original Message -
From:
Ayotunde
Itayemi
To: [EMAIL PROTECTED]
Cc: Hugh Irvine
Sent: Tuesday, August 05, 2003 5:31
PM
Subject: (RADIATOR) radiator on solaris
SPARC
***
This e-mail was scanned by TM Net E-Mail Virus Shield.
***
Hi All,
I have a Netra X1 (Solaris 8 SPARC) (and also a
Sun SureFire v100) and I have tried without
sucess to
install radiator on them.
I can't install most perl modules either, and
yes I have seen all the mails on the net
about
installing GNU gcc and pointing the cc
(wrapper) for the inexistent SUN compiler to
gcc.
perl Makefile.PL works everytime but make
always bombs with something similar
to
(see below). I have tried both the solaris make
and the GNU make (v 3.80)
someone suggested gcc 2.95.2 which is supposed
to be compatible with most OS,
I have also tried 3.2.2 and 3.3.
Has anyone installed radiator on solaris 8
sparc? and used it with a database?
I was able to install the Oracle 9i client by
the way on the s.
perl version is 5.005_03
Thanks.
Regards,
Tunde I.
=
cp Changes blib/lib/DBI/Changes.pmcc
-c -xO3 -xdepend -DVERSION=\"1.21\"
-DXS_VERSION=\"1.21\" -KPIC -I/usr/perl5/5.00503/sun4-solaris/CORE
-DDBI_NO_THREADS Perl.ccc: unrecognized option `-KPIC'cc: language
depend not recognizedcc: Perl.c: linker input file unused since linking
not done/usr/bin/perl -I/usr/perl5/5.00503/sun4-solaris
-I/usr/perl5/5.00503 /usr/perl5/5.00503/ExtUtils/xsubpp -typemap
/usr/perl5/5.00503/ExtUtils/typemap DBI.xs xstmp.c mv xstmp.c
DBI.ccc -c -xO3 -xdepend
-DVERSION=\"1.21\" -DXS_VERSION=\"1.21\" -KPIC
-I/usr/perl5/5.00503/sun4-solaris/CORE -DDBI_NO_THREADS DBI.ccc:
unrecognized option `-KPIC'cc: language depend not recognizedcc:
DBI.c: linker input file unused since linking not doneRunning
Mkbootstrap for DBI ()chmod 644 DBI.bsLD_RUN_PATH="" cc -o
blib/arch/auto/DBI/DBI.so -G DBI.occ: DBI.o: No such file or
directorycc: No input filesmake: *** [blib/arch/auto/DBI/DBI.so]
Error 1bash-2.03#
(RADIATOR) modifying accounting SQL statements
Hi Hugh, Hi All,
I have some SQL accouting statement that inserts
the connect-speeds along with some other
connection parameters into an SQL table. At first
it worked fine then I suddenly noticed
that no new records were being put into the table.
The trace 4 debug logshowed that the
accounting records coming from the RAS (Patton
boxes) sometimes did not contain the
affected fields (Ascend-Data-Rate and Ascend-Xmit-Rate) - not that they are set to zero -
they are not in the
records written to the radius log at all). This causes the SQL insert
statement to fail. Is there someway I can get the insert to succeed even when some fields
are missing?
I was thinking of something like: INSERT
%{Ascend-Xmit-Rate}+0, .
Now I find that ALL the packets from the patton
RASes (model 2966) dont contain the
2 fields at all - and I haven't reconfigured the
boxes at all.
"Radiator looks radiant!"
Regards,
Tunde Itayemi.
The accouting-startinsert statement as it
stands currently (the other one is for accounting-stop)
AcctSQLStatement insert into accessaccounting
values ( \'%{User-Name}', 0,'%{Acct-Status-Type}',
\'%{NAS-Identifier}', \'%{Called-Station-Id}',
'%{Calling-Station-Id}', \%{Ascend-Data-Rate}, %{Ascend-Xmit-Rate},
\'%{Framed-IP-Address}', %{Acct-Delay-Time}, \'%o',
to_date('%o', 'DY MON DD HH24:MI:SS '), \'%o', to_date('%o', 'DY
MON DD HH24:MI:SS ') )
(RADIATOR) time-based access and radiator
Hi All, Hi Hugh,
Seems like I am having a major brain
block.
I am trying to implement a config which allows both
time-based (prepaid) access
and unlimited access (just two options). The
description of my subscribers table is given
below.
I am having problems configuring radiator. Simply
stated what I want it as follows:
a user attempts to connect:
1. radiator checks subscribers table to see if he
is prepaid -in which case it returns a
the amount of time (in secs)
left as the max amount of time the user can stay online
to the NAS/RAS otherwise (the
user is allowed unlimited access)
Of course if the TIMELEFT field
is zero for prepaid client, the user is not allowed to connect.
2. when the user disconnects (if prepaid, his
TIMELEFT field is reduced by the amount
of time he stayed online) - this
does not affect "unlimited" clients or else there would be
negative values in the TIMELEFT
column
I have attached my proposed radius config file
which i am sure is far from being complete or correct.
I think the above should be simple but I cant seem
to get my mind around it.
Other issue is that I have to get the accouting
data back into my accouting package called optigold.
I was thinking of getting the radius parser file
from optigold to parse the radius accounting logfile.
Any suggestions/ideas will be appreciated. Is there
anybody on this list using radiator and optigold
for acccouting etc?
Hope to hear from you very soon.
Thanks.
Tunde Itayemi.
==
USERNAMEvarchar(100) primary key,--
Users login name, including realmPASSWORDvarchar(30),--
Cleartext passwordCHECKATTRvarchar(200),-- Optional check
radius attributesREPLYATTRvarchar(200),-- Optional reply
radius
attributesTIMELEFTint,ISPREPAID
int, -- 0 for unlimited and 1
for
prepaidEMAILATTRvarchar(200),STATUSvarchar(10),
-- Optional (used for enable/disable)FULLNAMEvarchar(60)--
Optional user fullname
==
SessionDatabase SQLIdentifier SDB1DBSource
dbi:Oracle:radius00DBUsername DBAuth
DeleteQuery/SessionDatabase
# === CLIENTs
=Client
x.x.x.x Secret
patt123 DupInterval
0NasType Patton
SNMPCommunity public Identifier
pattonrases/Client
Client b.b.b.b# (surgemail) mail
server Secret [EMAIL PROTECTED]!
DupInterval 0 Identifier
mailserver/Client
# === AUTH BYs
=AuthBy SQLIdentifier
SQLClientauthNoDefaultDBSource
dbi:Oracle:radius11DBUsername DBAuth AuthSelect
select PASSWORD, TIMELEFT*ISPREPAID from SUBSCRIBERS \where
USERNAME='%n' and (TIMELEFT 0 or ISPREPAID=0) and STATUS = 'Enabled'
AuthColumnDef 0, User-Password, checkAuthColumnDef 1,
GENERIC, checkAuthColumnDef 2, GENERIC, checkAutoMPPEKeys
YesDefaultSimultaneousUse 1/AuthAuthBy
SQL Identifier
SQLmailauth
NoDefault
DBSource
dbi:Oracle:radius00
DBUsername
nitelradius
DBAuth
radius4nitel AuthSelect select
PASSWORD, CHECKATTR, EMAILATTR \
from SUBSCRIBERS where USERNAME =
'%n' AuthColumnDef
0, User-Password,
check AuthColumnDef
1,
GENERIC,
check AuthColumnDef
2, Vendor-Specific,
reply DefaultSimultaneousUse
1/Auth
#=== HANDLERs
Handler
Client-Identifier=pattonrases
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([EMAIL PROTECTED]).*/$1/RewriteUsername
tr/A-Z/a-z/ UsernameCharset
[EMAIL PROTECTED]
AcctLogFileName
%L/account.log
PasswordLogFileName
%L/password.log SessionDatabase
SDB1 AuthBy SQLClientauth#
Adjust the time left when they log
outAccountingStopsOnlyAcctSQLStatement update SUBSCRIBERS
set TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \ where
USERNAME='%n' and ISPREPAID = 1/Handler
Handler
Client-Identifier=mailserver
AuthByPolicy ContinueWhileAccept
RewriteUsername tr/A-Z/a-z/
UsernameCharset [EMAIL PROTECTED]
AuthBy SQLmailauth/Handler
(RADIATOR) multiple copies of radiator running?
Hi Hugh, I have the following line in my /etc/rc.d/rc.local # Added for High Availability of the DNS serverORACLE_HOME=/oracle9sw/OraHome1NLS_LANG=AMERICANexport ORACLE_HOME NLS_LANGrestartWrapper -mail [EMAIL PROTECTED] -delay 2 "/usr/bin/radiusd -config_file /etc/radiator/radius.cfg -foreground" Now when I check the running processses by using "ps -ef" I get the two lines below: root 3421 1168 0 11:39 ? 00:00:00 sh -c /usr/bin/radiusd -config_froot 3422 3421 0 11:39 ? 00:00:00 /usr/bin/perl /usr/bin/radiusd - Is it OK? It seems there are two separate copies of radiator running? Also is there any command to use to restart a radiator instance started by restartWrapper? For example, when say an Oracle DB goes down, and radiator backs off for some time and you want to force a radius restart as soon as the database is back up. Regards, Tunde I.
(RADIATOR) radiator and optigold ISP
Hi Hugh, hi all, Please is there anyone on this mailing list using radiator and optigold ISP? I need some advice/help with a new system I am implementing. The system involves time-based billing where radiator decrements the pre-paid online a user has originally everytime the user makes use of the service and stops the user from connecting when the time has reduced to a value of zero. It also requires getting the usage data from radiator back to optigold for preparing customers bills. I know the usage based scenario has been discussed before on the list so I am just about to search the archives but I would still need some help with the other issues above. Regards, Tunde Itayemi.
(RADIATOR) time-based authentication
Hi Hugh, Hi all, Please I need to implement a configuration that involves the following: 1. pre-paid service users (sayd a payment for 100hours for example) 2. regular dial-in users with no time limitatation What would be the best approach to this? Two subscriber tables and a cascaded authby scheme? I have taken a look at the pre-paid exampl in the goodies directory but that only fits part of my requirements. 2. Is there a way to get accouting data back to optigold ISP for the preparation/generation of billing invoices? I intend to integrate optigoldISP and radiator tightly in this installation. My session records and accouting records makes use of an Oracle DB BTW. Thanks. Regards, Tunde I.
(RADIATOR) help with ipass accouting
Hi All, Hi Hugh,
I haven't been active on the list for some time
since Radiator has simple been radiant!
I want to get radiator to log the following values
into an oracle table called IPASSTABLE.
The time the ipass user disconnected ( as contained
in %o) into both a VARCHAR2 and DATE field.
The time the user logged on ( calculated by
subtracting the %{Acct-Session-Time} from the disconnect time) -
this value
would also be stored in aVARCHAR2 and DATE field.
I already have the first, but the second seems a
little tricky. I though of subtracting %{Acct-Session-Time} from
%b,
but the problem is how to convert the resulting
timestamp (in seconds) back to a DATE value (and a CHAR value too)
Currently I have the following AcctSqlStatement in my radius config file.
AcctSQLStatement insert into ipasstable values (
\'%{User-Name}', '%{Acct-Status-Type}',
\'%{NAS-Identifier}', '%{Framed-IP-Address}',
\%{Acct-Session-Time}, \'%o', \to_date('%o', 'DY
MON DD HH24:MI:SS '), \'%o', \to_date('%o', 'DY MON DD
HH24:MI:SS ') )
The first "to_date (..." is supposed to contain the
calculated login time (some variation of "%b - %{Acct-Session-Time}"
?)
while the first %o is supposed to hold the login time in char
format ( to_char(whatever_i_get_from_the_calculation above) ?).
Please see the LOGIN_START_DATE_DATE and
LOGIN_START_DATE_CHAR in the table def below.
HELP
Regards,
Tunde I.
IPASSTABLE table def
Name
Null?
Type-
--USERNAME
VARCHAR2(50)ACCTSTATUSTYPEVARCHAR2(10)NASIDENTIFIERVARCHAR2(20)FRAMEDIPADDRESSVARCHAR2(20)SESSIONTIMENUMBER(38)LOGIN_START_DATE_CHARVARCHAR2(25)LOGIN_START_DATE_DATEDATELOGIN_STOP_DATE_CHARVARCHAR2(25)LOGIN_STOP_DATE_DATEDATE
Re: (RADIATOR) Restartwrapper problems (notification mail)
Hi Hugh, I think the cause of the problem is probably the existence of all the rc scripts which are auto-configured when on uses an RPM install for example coupled with the restartwrapper entry in rc.local Though I haven't tried it but I would guess that one shouldn't (be able to)\ use a restartwrapper entry in rc.local together with rc scripts. Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: neil quiogue [EMAIL PROTECTED] Cc: Ayotunde Itayemi [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, January 28, 2003 1:48 AM Subject: Re: (RADIATOR) Restartwrapper problems (notification mail) Hello Neil, Hello Tunde - Neil is correct. Because you are getting an error when restartWrapper is trying to execute the command specified, restartWrapper is doing what is supposed to do - ie. waiting 2 secdonds and then trying again. You will need to fix the problem (ie. change the port numbers or whatever), and then restartWrapper will successfully start the program and then wait for it to exit (for whatever reason) then it will start the program again. This is the reason that you need the -foreground flag in the command line for radiusd , so that it (radiusd) does not detach from the controlling program (restartWrapper), which would otherwise cause restartWrapper to spin trying to restart radiusd forever. regards Hugh On Monday, Jan 27, 2003, at 20:49 Australia/Melbourne, neil quiogue wrote: This happens when you have a radiusd running already and you tried running the restartWrapper so what's going to happen is that the restartWrapper would see that the program is always dying (due to the already running radiusd) and would restart in 2 seconds. Check first that you don't have radiusd or any program binding on the RADIUS ports then use restartWrapper. Also, why is you radius in foreground mode? Regards, Neil On Monday, January 27, 2003, at 04:38 PM, Ayotunde Itayemi wrote: Hi All, hi Hugh, I forgot to include the sample mail I got from restartwrapper. == Your program /radiatordb/radiatorhttp/radiusd -config_file /radiatordb/radiatorhttp/radius.cfg -foreground exited unexpectedly with exit status 98, signal number 0 and dump indication 0. The STDERR output was Could not bind authentication socket: Address already in use at /radiatordb/radiatorhttp/radiusd line 413. . The program will be restarted again by /usr/bin/restartWrapper in 2 seconds. == Regards, Tunde Itayemi. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Restartwrapper problems
Hi All, hi Hugh, I have tried to use restartwrapper to make radiator "highly" available. It keeps restarting and I got over a thousand mails in my account before I stopped it. The mail it sends to me is as follows. Please note that I tried it some time ago with the same problem (on regular port 1645/1646). Also, I have another radius server running on the same box at ports 1645/1646 but I didn't use restartwrapper for that one. On my radius server (RedHat 7.2) I have the following line in /etc/rc.d/rc.local restartWrapper -mail [EMAIL PROTECTED] -delay 2 "/radiatordb/radiatorhttp/radiusd -config_file /radiatordb/radiatorhttp/radius.cfg -foreground" My radius.cfg file is as follows: Trace 4AuthPort 5118AcctPort 5119LogDir /radiatordb/logDbDir /radiatordb/radiatorhttpLogFile %L/logfileDictionaryFile %D/dictionary Regards, Tunde Itayemi.
(RADIATOR) Restartwrapper problems (notification mail)
Hi All, hi Hugh, I forgot to include the sample mail I got from restartwrapper. == Your program /radiatordb/radiatorhttp/radiusd -config_file /radiatordb/radiatorhttp/radius.cfg -foregroundexited unexpectedly with exit status 98, signal number 0 and dump indication 0. The STDERR output was Could not bind authentication socket: Address already in use at /radiatordb/radiatorhttp/radiusd line 413..The program will be restarted again by /usr/bin/restartWrapper in 2 seconds.== Regards, Tunde Itayemi.
Re: (RADIATOR) Re: IPASS accouting
Hi Hugh,
As always you have been a Hugh help :-)
BTW I was trying to customise the AcctSQLStatement and get the
Acct-Session-Time to be logged
in minutes rather than seconds. I have tried various ways of dividing the
Acct-Session-Time by 60 but
with no luck (e.g., %{Acct-Session-Time}/60 :-)
Finally, I just implemented the division in the cgi script I wrote to fetch
rows from the IPASS accounting
table. The cgi scripts divides the Acct-Session-Time's column's content by
60 before displaying the result
in a webpage. My problem (now) is that I would like to know if it is
possible to restrict the number of decimal
digits in a webpage to say 1,2 or 3. The output at the moment on my HTML
pages have anything between
1 and 16 decimals digits! So Please if there is any HTML guru on the list,
help out!
Alternatively, I could go back to altering that AcctSQLStatement and putting
in the code to generate results
in 2 decimals places to start with :-)
Thanks.
Radiator looks radiant!
Regards,
Tunde Itayemi.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Wednesday, January 22, 2003 1:36 AM
Subject: (RADIATOR) Re: IPASS accouting
Hello Tunde -
The radius accounting stop records should already contain an
Acct-Session-Time attribute containing the duration of the session.
So you just need to add the corresponding column to your database and
alter the AcctColumnDef's accordingly.
AuthBy SQL
Identifier IPASSSQLAccounting
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
HandleAcctStatusTypes Start, Stop
AuthSelect
AccountingTable IPASSACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef TIME, Timestamp, integer-date
AcctColumnDef NASIDENTIFIER, NAS-Identifier
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
AcctColumnDef TIMESTAMP, Timestamp
AcctColumnDef SESSIONTIME, Acct-Session-Time
/AuthBy
regards
Hugh
On Tuesday, Jan 21, 2003, at 19:57 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh,
Thanks for your help.
I have a table that looks like (below) now.
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP
[EMAIL PROTECTED] Start
Jan
21, 2003 07:02 viruse180.247.158.69
1043136137
[EMAIL PROTECTED] Stop
Jan 21,
2003 08:51 viruse180.247.158.69
1043142670
[EMAIL PROTECTED] StartJan
16,
2003 22:58 viruse180.247.158.68
1042761506
[EMAIL PROTECTED] StopJan
16, 2003
23:12 viruse180.247.158.68
1042762372
Now, is there a way I can generate accounting records that show how
long the
particular IPASS user was logged on? I guess such a
record would have to be logged when the accounting stop packet is sent
to
radiator. So that I have a table such as:
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESS
[EMAIL PROTECTED] Stop
30:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop
15:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop17:23
viruse180.247.158.68
[EMAIL PROTECTED] Stop1:12:02
viruse180.247.158.68
where the TIME column is the length of time the user spemt online. (I
don't really need the ACCTSTYPE column)
My config at the moment is as below:
AuthBy SQL
Identifier IPASSSQLAccounting
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
HandleAcctStatusTypes Start, Stop
AuthSelect
AccountingTable IPASSACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef TIME, Timestamp, integer-date
AcctColumnDef NASIDENTIFIER, NAS-Identifier
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
AcctColumnDef TIMESTAMP, Timestamp
/AuthBy
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1,
MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier
Re: (RADIATOR) accounting without authentication can't write data to postgres
Hi,
You may want to check ALL (ALL!) the column names you have defined in
radiator's config file to be sure that they match what you have in your REAL
database.
Also, make sure the column format supports what you intend to put into them.
From my own experience:
I had a column called TIME in an Oracle table and defined the same column in
one of
my AuthBy SQL sections. Later I decided the proper name for the column
should be
SESSIONTIME, so I changed it in the radius config file but forgot to alter
the actual
Oracle table's definition.
I then discovered that radiator wasn't logging my accounting records - to
make matters
worse, radiator was logging accounting-start records which does not containg
a value
for the Acct-Session-Time attribute which is what I intended to put in the
SESSIONTIME
column! But no accounting-stop records were being logged - strange eh? One
would have
thought the SQL statement would fail altogether !
Regards,
Tunde Itayemi.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Dennis Methelev [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, January 23, 2003 11:07 AM
Subject: Re: (RADIATOR) accounting without authentication can't write data
to postgres
Hello Dennis -
Thanks for sending the configuration file and the debug trace.
It looks to me like there is an error occuring with your SQL server due
to the contents of the attributes you are trying to record.
You should check the SQL server log to see what is happening.
regards
Hugh
On Wednesday, Jan 22, 2003, at 20:23 Australia/Melbourne, Dennis
Methelev wrote:
hi, all!
my radiator can't record accounting requests to postgres database.
in Authby SQL AuthSelect sets without 'select' statement (as seen
in reference) - authentication not need.
please help.
radiator 3.5 (test use)
[config fragment]
AuthBy SQL
Identifier SQLVOIPACCOUNTING
DBSourcedbi:Pg:dbname=radius
DBUsername ***
DBAuth ***
AuthSelect
AccountingTable VOIPACCOUNTING
#AccountingStopsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer
AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,Cisco-NAS-Port
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CLID,Calling-Station-Id
/AuthBy
SessionDatabase SQL
Identifier SDBVOIP
DBSourcedbi:Pg:dbname=radius
DBUsername ***
DBAuth ***
AddQuery insert into VOIPONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, \
TIME_STAMP) values ('%{User-Name}', '%N',
'%{Cisco-NAS-Port}', '%{Acct-Session-Id}',\
%{Timestamp} )
DeleteQuery delete from VOIPONLINE where USERNAME='%{User-Name}' and
NASPORT='%{Cisco-NAS-Port}'
/SessionDatabase
Handler NAS-IP-Address=(myvoipdeviceip)
AythBy SQLVOIPACCOUNTING
SessionDatabase SDBVOIP
/Handler
[log fragment]
Wed Jan 22 13:12:58 2003: DEBUG: Packet dump:
*** Received from .. port 1646
Packet length = 237
Code: Accounting-Request
Identifier: 37
Authentic:
29188025215120025141H18819135147197
Attributes:
NAS-IP-Address = ..
Cisco-NAS-Port = CAS 1/0:1:17
NAS-Port-Type = Async
User-Name = 22..
Called-Station-Id = 23..
Calling-Station-Id = 22..
Acct-Status-Type = Start
Service-Type = Login-User
Acct-Session-Id = 36/13:12:43.141 SAMT Wed Jan 22
2003/../F039911C 78DA00C5 0 4F8450F/answer/Telephony/F039911C
78DA00C5 0 4F8450F
Acct-Delay-Time = 15
Wed Jan 22 13:12:58 2003: DEBUG: Handling request with Handler
'NAS-IP-Address=..'
Wed Jan 22 13:12:58 2003: DEBUG: SDBVOIP Adding session for 22..,
.., Wed Jan 22 13:12:58 2003: DEBUG: do query is: delete from
VOIPONLINE where USERNAME='22..' and NASPORT='CAS 1/0:1:17'
Wed Jan 22 13:12:58 2003: DEBUG: do query is: insert into VOIPONLINE
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP) values
('22..', '..', 'CAS 1/0:1:17', '36/13:12:43.141 SAMT Wed Jan
22 2003/../F039911C 78DA00C5 0
4F8450F/answer/Telephony/F039911C 78DA00C5 0 4F8450F',1043226763 )
Wed Jan 22 13:13:00 2003: DEBUG: Packet dump:
*** Received from .. port 1646
Packet length = 528
Code: Accounting-Request
(RADIATOR) IPASS accouting
Hi Hugh,
Thanks for your help.
I have a table that looks like (below) now.
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESSTIMESTAMP
[EMAIL PROTECTED] StartJan
21, 2003 07:02 viruse180.247.158.69
1043136137
[EMAIL PROTECTED] StopJan 21,
2003 08:51 viruse180.247.158.69
1043142670
[EMAIL PROTECTED] StartJan 16,
2003 22:58 viruse180.247.158.68
1042761506
[EMAIL PROTECTED] StopJan 16, 2003
23:12 viruse180.247.158.68
1042762372
Now, is there a way I can generate accounting records that show how long the
particular IPASS user was logged on? I guess such a
record would have to be logged when the accounting stop packet is sent to
radiator. So that I have a table such as:
USERNAME ACCTSTYPETIME
NAS-IDENTIFIERFRAMED-IP-ADDRESS
[EMAIL PROTECTED] Stop30:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop15:00
viruse180.247.158.69
[EMAIL PROTECTED] Stop17:23
viruse180.247.158.68
[EMAIL PROTECTED] Stop1:12:02
viruse180.247.158.68
where the TIME column is the length of time the user spemt online. (I
don't really need the ACCTSTYPE column)
My config at the moment is as below:
AuthBy SQL
Identifier IPASSSQLAccounting
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
HandleAcctStatusTypes Start, Stop
AuthSelect
AccountingTable IPASSACCOUNTING
AcctColumnDef USERNAME, User-Name
AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type
AcctColumnDef TIME, Timestamp, integer-date
AcctColumnDef NASIDENTIFIER, NAS-Identifier
AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address
AcctColumnDef TIMESTAMP, Timestamp
/AuthBy
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier noIPADDRESSauth
Allocator mySQLallocator
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types
= 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
AuthBy DYNADDRESS
Identifier pattonIPADDRESSauth
Allocator mySQLallocator
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
/AuthBy
## proxy radius for IPASS
AuthBy RADIUS
Identifier ipassNetserver
Host63.10.24.21
Secret
AuthPort11812
AcctPort11813
AddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
DefaultSimultaneousUse 1
/AuthBy
#=== HANDLERs
Handler Realm=myipass
RewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
AuthByPolicy ContinueAlways
AuthBy IPASSSQLAccounting
AuthBy ipassNetserver
/Handler
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Fw: (RADIATOR) radwho.cgi disconnect routine
Hi Hugh, Hi All, any takers please? I think any implementation using SNMP should work. What do you think Hugh. Regards, Tunde Itayemi. - Original Message - From: Ayotunde Itayemi To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 14, 2003 8:49 PM Subject: (RADIATOR) radwho.cgi disconnect routine Hi Hugh, Hi all, Please does anyone have a session-disconnect program/script that can be "hooked" to the radwho.cgi script that is compatible with Patton RASes? Any ideas, help etc would be appreciated. Please if you are sending me a program include the instructions for installation. Regards, TUnde Itayemi.
(RADIATOR) logging IPASS accounting records to Database
Hi Hugh, Hi All,
I would like to log only IPASS accounting start and
stop request to a database
tableso as to get some sort of record locally
- how can I implement this?
I want something a little bit "simpler" than the
long detail file generated by
the AcctLogFileName clause (see below pls). One can
more easily peruse
entries in an Oracle table.
Regards,
Tunde Itayemi.
Relevant parts of my config :
Client localhost #
ipass client for VNAS (incoming metrong
roamers)
Secret Identifier
ipassclient IdenticalClients
63.10.10.212 RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//Client
AuthBy
RADIUS
Identifier
ipassNetserver
Host
63.10.10.211
Secret
AuthPort
11812
AcctPort
11813 AddToRequest
Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
DefaultSimultaneousUse 1/AuthBy
Handler
Realm=myipass
AcctLogFileName
%L/ipass/detail
RewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
AuthBy ipassNetserver/Handler
Handler
Client-Identifier=ipassclient
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName
%L/account.log
PasswordLogFileName
%L/password.log SessionDatabase
SDB1 AuthBy
SQLClientauth StripFromReply
Framed-IP-Address/Handler
Re: (RADIATOR) Re: website access / ipass authentication
Hi Hugh, I have managed to solve the problem. What I did was to 1. create a soft link called radiusdhttp to radiusd file in my second install directory. 2. I edited the /etc/init.d/radiatorhttp file and changed the following lines from: RADIUSD=/usr/bin/radiusd RADIATOR_CONFIG=/etc/radiator/radius.cfg (under the stop( ) subroutine) killproc radiusd TO: RADIUSD=/radiatordb/radiatorhttp/radiusdhttp RADIATOR_CONFIG=/radiatordb/radiatorhttp/radius.cfg (under the stop( ) subroutine) killproc radiusdhttp So, now I have two servers running perfectly and can be controlled with the Linux service command. NB: It seems the killproc command uses the name used to start the process rather than the process id etc. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, January 13, 2003 11:45 PM Subject: Re: (RADIATOR) Re: website access / ipass authentication Hello Tunde - I am afraid I can't help you with questions about service as I don't use it. I generally use the restartWrapper utility included in the goodies directory. regards Hugh On Monday, Jan 13, 2003, at 23:38 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, OK. I have manually installed a second copy of radiator in /radiatordb/radiatorhttp directory. I have changed the port accordingly. I made a copy of the /etc/init.d/radiator file and save it as /etc/init.d/radiatorhttp I edited radiatorhttp to reflect the config of my new radiator install and used the RH chkconfig to add the service to the system. The problem I noticed now is that when I use the service command on radiatorhttp it appears to work on my original radiator installation! service (start/stop/restart/status) radiatorhttp actuallly works on my radiator service and not radiatorhttp. Any ideas? Please find attached my /etc/init.d/radiator /etc/init.d/radiatorhttp files. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 5:25 AM Subject: Re: website access / ipass authentication Hello Tunde - If you want to use different port numbers, why not just use two instances of Radiator? Otherwise, have a look at a trace 4 debug to see what attributes are included in the radius requests that you can use. regards Hugh On Saturday, Jan 11, 2003, at 04:02 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I have the ipass netserver installed on my RADIUS server. I also want to use radiator to authenticate access to some webpages on the same server. The problem is that the config for ipass netserver and webserver authentication both use the localhost client designation. The only way out I see it to change the port that the webserver uses for radius authentication and configure radiator to also listen on (this) extra port. The issue now is how do I differentiate requests from the two ports and process the requests accordingly using two different Realm clauses - or cascaded AuthBys? Please advice? Regards, Tunde Itayemi. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. radiatorhttp.txtradiator.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radwho.cgi disconnect routine
Hi Hugh, Hi all, Please does anyone have a session-disconnect program/script that can be "hooked" to the radwho.cgi script that is compatible with Patton RASes? Any ideas, help etc would be appreciated. Please if you are sending me a program include the instructions for installation. Regards, TUnde Itayemi.
(RADIATOR) Re: website access / ipass authentication
Hi Hugh,
OK. I have manually installed a second copy of radiator in
/radiatordb/radiatorhttp directory.
I have changed the port accordingly.
I made a copy of the /etc/init.d/radiator file and save it as
/etc/init.d/radiatorhttp
I edited radiatorhttp to reflect the config of my new radiator install and
used the
RH chkconfig to add the service to the system.
The problem I noticed now is that when I use the service command on
radiatorhttp
it appears to work on my original radiator installation!
service (start/stop/restart/status) radiatorhttp actuallly works on my
radiator service
and not radiatorhttp. Any ideas?
Please find attached my /etc/init.d/radiator /etc/init.d/radiatorhttp
files.
Regards,
Tunde Itayemi.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, January 11, 2003 5:25 AM
Subject: Re: website access / ipass authentication
Hello Tunde -
If you want to use different port numbers, why not just use two
instances of Radiator?
Otherwise, have a look at a trace 4 debug to see what attributes are
included in the radius requests that you can use.
regards
Hugh
On Saturday, Jan 11, 2003, at 04:02 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh, Hi All,
I have the ipass netserver installed on my RADIUS server. I also want
to use radiator to
authenticate access to some webpages on the same server. The problem
is that the
config for ipass netserver and webserver authentication both use the
localhost client
designation. The only way out I see it to change the port that the
webserver uses for
radius authentication and configure radiator to also listen on (this)
extra port.
The issue now is how do I differentiate requests from the two ports
and process the
requests accordingly using two different Realm clauses - or cascaded
AuthBys?
Please advice?
Regards,
Tunde Itayemi.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
#!/bin/sh
#
# radiator This shell script takes care of starting and stopping \
# Radiator (radius daemon).
#
# chkconfig: 2345 90 15
# description: radiator is the radius daemon required for RAS AAA.
# processname: /usr/bin/radiusd
#
# Startup script for Radiator on Linux. Install this as
# /etc/init.d/radiator. If you have chkconfig, you can use
# chkconfig -add radiator
# to generate the required start asnd stop entries in /etc/rc[2345].d/
# Otherwise, you need to add symlinks to /etc/rc[2345].d/
#
# config: /etc/radiator/radius.cfg
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 2000 Open System Consultants
# $Id: linux-radiator.init,v 1.4 2002/08/20 00:56:30 mikem Exp $
# Source 'em up
. /etc/init.d/functions
RADIUSD=/radiatordb/radiatorhttp/radiusd
RADIATOR_CONFIG=/radiatordb/radiatorhttp/radius.cfg
RADIATOR_ARGS=
# Source additional OPTIONS if we have them.
if [ -f /etc/sysconfig/radiator ] ; then
. /etc/sysconfig/radiator
fi
if [ ! -x $RADIUSD ]; then
exit 0
fi
start() {
# don't do squat if we don't have the config file
if [ -f $RADIATOR_CONFIG ]; then
echo -n Starting Radiator:
daemon $RADIUSD -config_file $RADIATOR_CONFIG $RADIATOR_ARGS
RETVAL=$?
echo
else
echo Unable to find config file $RADIATOR_CONFIG!
fi
return $RETVAL
}
stop() {
echo -n Shutting down Radiator:
killproc /radiatordb/radiatorhttp/radiusd
RETVAL=$?
echo
return $RETVAL
}
case $1 in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
status)
status /radiatordb/radiatorhttp/radiusd
RETVAL=$?
;;
*)
echo Usage: $0 {start|stop|restart|status}
exit 1
esac
exit $RETVAL
#!/bin/sh
#
# radiator This shell script takes care of starting and stopping \
# Radiator (radius daemon).
#
# chkconfig: 2345 90 15
# description: radiator is the radius daemon required for RAS AAA.
# processname: /usr/bin/radiusd
#
# Startup script for Radiator on Linux. Install this as
# /etc/init.d/radiator. If you have chkconfig, you can use
# chkconfig -add radiator
# to generate the required start asnd stop entries in /etc/rc[2345].d/
# Otherwise, you need to add symlinks to /etc/rc[2345].d/
#
# config: /etc/radiator/radius.cfg
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 2000 Open System Consultants
# $Id: linux-radiator.init,v 1.4 2002/08/20 00:56:30 mikem Exp $
# Source 'em up
. /etc/init.d/functions
RADIUSD=/usr/bin/radiusd
RADIATOR_CONFIG=/etc/radiator/radius.cfg
RADIATOR_ARGS=
# Source additional OPTIONS if we have them.
if [ -f /etc/sysconfig/radiator ] ; then
. /etc/sysconfig/radiator
fi
if [ ! -x $RADIUSD ]; then
exit 0
fi
start() {
# don't do squat if we don't have
Re: (RADIATOR) NAS subnet problem
Hi Hugh, I know the cause of the problem now. I just remembered some issues on the mailing list about radiator listening on different IPs etc. My radiator box has two IP addresses on the same network card: primary ip of 4.10.10.212 and a secondary ip of 6.4.4.12 (not my original IPs :-) By disabling the secondary interface (eth0:1) and changing the ip address of the primary interface on the radius server (RH 7.2) to the one on the secondary interface - which is what I normally use to reference my radius installation, I got the set up to work. Actually I could move the secondary IP address to a second NIC that is available on the Linux box but I am short of ports on the switch that I have the box on at the moment :-) I don't know if reversing the order of the IP address with respect to the network interfaces (pri sec) will have any positive effect. On the other hand the box is my backup DNS server (listens on pri interface/IP) so I am not sure re-arranging the IPs won't interfere with my DNS. Any ideas about this? Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 09, 2003 11:59 PM Subject: Re: (RADIATOR) NAS subnet problem Hello Tunde - Thanks for sending the files. It sounds to me like you have a routing problem on the Windows box when it is on a different subnet. I suspect you will need to add a default gateway or perhaps a static route so that the radius requests are sent to the correct place. regards Hugh On Thursday, Jan 9, 2003, at 21:31 Australia/Melbourne, Ayotunde Itayemi wrote: Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfglogfile.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS subnet problem + extra info
Hi Hugh, Rejoinder to my last mail pls. Just remembered that I tested the setup with anothet Linux box with the two IP addresses on different NICs and got the same problem. So I am back at the same problem - the radius server is not behaving properly on my multi-homed RH 7.2 linux servers - at least with respect to windows 2K? Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, January 09, 2003 11:59 PM Subject: Re: (RADIATOR) NAS subnet problem Hello Tunde - Thanks for sending the files. It sounds to me like you have a routing problem on the Windows box when it is on a different subnet. I suspect you will need to add a default gateway or perhaps a static route so that the radius requests are sent to the correct place. regards Hugh On Thursday, Jan 9, 2003, at 21:31 Australia/Melbourne, Ayotunde Itayemi wrote: Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfglogfile.txt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) website access / ipass authentication
Hi Hugh, Hi All, I have the ipass netserver installed on my RADIUS server. I also want to use radiator to authenticate access to some webpages on the same server. The problem is that the config for ipass netserver and webserver authentication both use the "localhost" client designation. The only way out I see it to change the port that the webserver uses for radius authentication and configure radiator to also listen on (this) extra port. The issue now is how do I differentiate requests from the two ports and process the requests accordingly using two different "Realm" clauses - or cascaded AuthBys? Please advice? Regards, Tunde Itayemi.
(RADIATOR) NAS subnet problem
Hi All, Hi Hugh, Happy new year. I seem to be having problems with configuring a NAS on a different subnet from the radius server. If I put the NAS on the same subnet as radiator, it works fine, but once I put it on another subnet, it complains that the radius server cannot be located. The NAS is a Windows 2000 server/advanced server box. Please find attached my radius.cfg and extract from the radius logfile (trace 4 :-) showing that at least some packets are reaching the radius server. The ip address of the NAS box when it is not working is 80.247.159.98. When it is working the ip address is 80.247.140.51 I have some other boxes on different subnets (from the radius server) authenticating users against the same radius server but these NASes are patton RAS boxes. I have re-installed the Windows box many times but still no luck. Regards, Tunde Itayemi. radius.cfg Description: Binary data Thu Jan 9 10:35:49 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 4 Thu Jan 9 10:35:49 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:49 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:49 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:49 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:49 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:49 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:49 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:49 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Thu Jan 9 10:35:54 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 4 Thu Jan 9 10:35:54 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:54 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:54 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:54 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:54 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:54 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:54 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:54 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Thu Jan 9 10:35:55 2003: DEBUG: Packet dump: *** Received from 80.247.158.2 port 513 Code: Access-Request Identifier: 4 Authentic: 2157Js!J1222125124430f229220[ Attributes: User-Name = sashton User-Password = Pz22167u188202}+17012188_190244q NAS-Port = 6 NAS-Port-Type = Async NAS-Identifier = NitelPat1 Called-Station-Id = Calling-Station-Id = 1 Service-Type = Framed-User Framed-Protocol = PPP Thu Jan 9 10:35:59 2003: DEBUG: Packet dump: *** Received from 80.247.159.98 port 1176 Code: Accounting-Request Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Acct-Status-Type = Accounting-Off NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 4 Thu Jan 9 10:35:59 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:35:59 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:35:59 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:35:59 2003: DEBUG: Handling with Radius::AuthSQL Thu Jan 9 10:35:59 2003: DEBUG: Handling accounting with Radius::AuthSQL Thu Jan 9 10:35:59 2003: DEBUG: Handling with Radius::AuthDYNADDRESS Thu Jan 9 10:35:59 2003: DEBUG: Accounting accepted Thu Jan 9 10:35:59 2003: DEBUG: Packet dump: *** Sending to 80.247.159.98 port 1176 Code: Accounting-Response Identifier: 0 Authentic: 248203aK239149154OG158169$150,15229 Attributes: Thu Jan 9 10:39:14 2003: DEBUG: Packet dump: *** Received from 80.247.140.51 port 1198 Code: Accounting-Request Identifier: 0 Authentic: 1223?198e233198K?205s245149@174P Attributes: Acct-Status-Type = Accounting-On NAS-IP-Address = 80.247.140.51 Acct-Session-Id = 34 Thu Jan 9 10:39:14 2003: DEBUG: Handling request with Handler 'Client-Identifier=viruse3' Thu Jan 9 10:39:14 2003: DEBUG: SDB1 Deleting all sessions for 80.247.140.51 Thu Jan 9 10:39:14 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='80.247.140.51' Thu Jan 9 10:39:14 2003: DEBUG: Handling with
(RADIATOR) radiator 3.5 problems
Hi All, I installed Radiator version 3.5 and it refused to start. (I had 3.4 running prior to the upgrade attempt). I stopped the radiator service, performed the upgrade and tried to start the radiator service again. My config is RedHat 7.2 with radiator and oracle etc running. I got the following error message. Any ideas? Happy New Year in advance. Regards, Tunde Itayemi. == Dec 24 12:33:41 atreus radiusd: Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/bin/radiusd line 25.Dec 24 12:33:41 atreus radiusd: BEGIN failed--compilation aborted at /usr/bin/radiusd line 25.Dec 24 12:33:41 atreus radiator: radiusd startup failedDec 24 12:33:51 atreus radiusd: Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/lib/perl5/5.6.0/i386-linux /usr/lib/perl5/5.6.0 /usr/lib/perl5/site_perl/5.6.0/i386-linux /usr/lib/perl5/site_perl/5.6.0 /usr/lib/perl5/site_perl .) at /usr/bin/radiusd line 25.Dec 24 12:33:51 atreus radiusd: BEGIN failed--compilation aborted at /usr/bin/radiusd line 25.Dec 24 12:33:51 atreus radiator: radiusd startup failed
Re: (RADIATOR) ipass problem
Hi Hugh,
Finally getting near UHURU!
I found out from IPASS that they don't support chap and all the while my
test NAS (a patton) was set to use text or pap or chap!
So, the test worked after changing the NAS to textORchap
OK. New problem. Given my radius config file which I sent to you in
my last mail.
HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS
roaming client dials into?
At the moment, radiator is allocating IPs to my Windows NASes and the
patton boxes are configured to allocate IPs from pools defined on them.
How can I get the pattons to still allocate IPs (not minding whether the
client is
local or a IPASS client) and still allow radiator to allocate IPs if the
IPASS client
dials into one of my Windows servers?
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Sent: Saturday, November 30, 2002 12:16 AM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
Thanks for sending the files.
The Radiator log file shows that you are sending the access request to
IPASS, but that you are getting an access reject back from them. You
will need to check with IPASS to see what is happening at their end.
regards
Hugh
On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh,
Please find attached the following files:
radius.cfg (my full config file with no passwords)
cmdtest.txt (test carried out with test credentials from ipass using
the
command line tester that comes with ipass
netserver)
logfile.txt (radius logfile after attempting access twice via the NAS
80.247.140.30)
Hope to hear from you soon.
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, November 28, 2002 11:28 PM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
I will need to see a trace 4 debug from Radiator showing what happens
in both cases.
regards
Hugh
On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi
wrote:
Hi Hugh, Hi All,
I am testing my config for ipass. I have used ipass' own config
checker
from the prompt of my radiator server, and I was able to authenticate
the
username/password given to me by ipass.
But dialing into one of the NASes on my network with the same
credentials
results in a request denied . Any help would be appreciated.
My config:
===Client 80.4.4.30
Secret asecret
DupInterval 0
NasType Patton
SNMPCommunity patt222
Identifier viruse1
IdenticalClients 80.4.4.61 80.4.4.92
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
/Client
Client localhost
# ipass client for VNAS (incoming roamers)
Secret asecret
Identifier ipassclient
IdenticalClients 63.4.4.212
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
/Client
# === AUTH BYs =
## proxy radius for IPASS
AuthBy RADIUS
Identifier ipassNetserver
Host 63.4.4.212
Secret asecret
AuthPort 11812
AcctPort 11813
# AddToRequest NAS-IP-Address=%N
AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N
/AuthBy
#=== HANDLERs
Handler Realm=myipass
AcctLogFileName %L/ipass/detail
RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
# MaxSessions 1
AuthBy ipassNetserver
/Handler
Handler Client-Identifier=ipassclient
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
/Handler
Handler Client-Identifier=viruse1
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
# MaxSessions 1
# Show rejection reason to users
RejectHasReason
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
# AuthBy pattonIPADDRESSauth
/Handler
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
radius.cfgcmdtest.txtlogfile.txt
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX
(RADIATOR) ipass problem
Hi Hugh, Hi All,
I am testing my config for ipass. I have used
ipass' own config checker
from the prompt of my radiator server, and I was
able to authenticate the
username/password given to me by
ipass.
But dialing into one of the NASes on my network
with the same credentials
results in a "request denied" . Any help would be
appreciated.
My config:
===Client
80.4.4.30 Secret
asecret DupInterval
0NasType PattonSNMPCommunity
patt222 Identifier
viruse1IdenticalClients 80.4.4.61 80.4.4.92RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//ClientClient
localhost# ipass client for VNAS (incoming roamers)Secret
asecretIdentifier ipassclientIdenticalClients
63.4.4.212RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//Client#
=== AUTH BYs =## proxy
radius for IPASSAuthBy
RADIUS
Identifier
ipassNetserver
Host
63.4.4.212
Secret
asecret
AuthPort
11812
AcctPort
11813# AddToRequest
NAS-IP-Address=%NAddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N/AuthBy#===
HANDLERs Handler
Realm=myipassAcctLogFileName
%L/ipass/detailRewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/# MaxSessions
1AuthBy ipassNetserver/HandlerHandler
Client-Identifier=ipassclient
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName
%L/account.log
PasswordLogFileName
%L/password.log SessionDatabase
SDB1 AuthBy
SQLClientauthStripFromReply
Framed-IP-Address/HandlerHandler
Client-Identifier=viruse1
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/RewriteUsername
tr/A-Z/a-z/ UsernameCharset
a-zA-Z0-9\._@-# MaxSessions 1#
Show rejection reason to users
RejectHasReason
AcctLogFileName
%L/account.log
PasswordLogFileName
%L/password.log SessionDatabase
SDB1 AuthBy SQLClientauth#
AuthBy pattonIPADDRESSauth/Handler
Re: (RADIATOR) little help required ...
Hi Muhammad, Why not upgrade to version 3.3.1 ? Regards, Tunde I. - Original Message - From: Muhammad Mushtaque [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 26, 2002 9:29 AM Subject: (RADIATOR) little help required ... Dear All, We are facing a problem due to which radiator session hangs. Actually i m executing few AcctSqlStatement for inserting some values in Database. When calculation goes to infinity like (2/3 or 1/3) ... radiator gives over flow error ... the other thing is that we are facing this error in Radiator-3.0 not in Radiator 2.17 ... I m attaching the error and our config file with this mail. waiting for replies Mushtaque. ___ This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to which they are addressed. This communication represents the originator's personal views and opinions, which do not necessarily reflect those of eWorld (Pvt) Ltd. If you are not the original / intended recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you have received this email in error, we regret the inconvenience and request you to please immediately notify at [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Troubles with getting MPPE Keys in Access-Accept
Hi Philipp,
You might need to set the key first. For example:
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
# policy = 4 (40bit), 2 (128bit), 6 (any)
AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
DefaultSimultaneousUse 1
/AuthBy
The snippet above is from my own config. Also I don't think the AutoMPPEKeys
takes any parameter. In my config I have it on a line itself as just
AutoMPPEKeys
and not AutoMPPEKeys Yes
Regards,
Tunde Itayemi.
- Original Message -
From: Philipp Kolmann [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, October 11, 2002 1:34 PM
Subject: (RADIATOR) Troubles with getting MPPE Keys in Access-Accept
Hi!
We use Radiator v3.3 and have troubles getting MPPE Keys back in
Access Accept;
We use Microsoft (2000,XP) VPN Clients to connect to a cisco VPN3030
Concentrator and want to use MPPE Encryption.
Our Problem is, the in the radiator reply packet there are no MPPE Keys
(we use MS-CHAPv1)
Here is the part of our radiator config file:
snip
## VPN Service
Handler Realm=vpn.tuwien.ac.at,
Client-Identifier=/(terminator|sisko|localhost)/
AuthByPolicy ContinueAlways
AuthBy account-sql
AuthBy GROUP
AutoMPPEKeysYes
AuthBy radius-sql
AddToReply MS-MPPE-Encryption-Policy =
Encryption-Allowed, \
MS-MPPE-Encryption-Types = Encryption-Any
/Authby
/Handler
snip
any ideas?
Kind Regards
Philipp Kolmann
Technical University of Vienna
--
To err is human;
to really screw things up requires the root password.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) radiator and ipass
Hi, You didn't say anything about the other parts of your config - special entries in your client clauses, special client clause for ipass, username character set definition, format you receive ipass client username requests etc. Regards, Tunde I. - Original Message - From: Mike Blancas [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, October 01, 2002 2:29 AM Subject: Re: (RADIATOR) radiator and ipass Our setup is to proxy all iPass request to our iPass netserver using the AuthBy RADIUS and Realm DEFAULT. My local accounts are handled by different Realm and AuthBy clauses. This setup has been working for more than 1 yr without any problems. In the bottom of my radius.cfg, I have the following lines: Realm DEFAULT AuthBy RADIUS Host ipass.netserver.ip Secret AuthPort 11812 AcctPort 11813 /AuthBy /Realm Mike Blancas [EMAIL PROTECTED] Mosaic Communications, Inc. On Mon, 30 Sep 2002, Ayotunde Itayemi wrote: Hi All, Is there anybody on the list running ipass netserver and radiator? I am having problems with my config. I have installed both software but in order to get it to work properly, ipass specifies that the following lines should be added to all client clauses in the radiator config file: RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ After having added the line above, I (assume) then need to add the character / to the UsernameCharset set in radiator so as to allow names of the form IPASS/username ? Default of ( a-zA-Z0-9\._@- ). I have tried ( UsernameCharset a-zA-Z0-9\._@-/) and ( UsernameCharset a-zA-Z0-9\._@-\/ ) But I noticed that when I do so, a request with the name of the form IPASS/username kills radiator. It just stops and even there is nothing in the log with a trace 4 option. Please I would liek someone to provide me with a working config and if possible a brief explanation of any area that is not too clear or standard. Regards, Tunde I. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radiator and ipass
Hi All, Is there anybody on the list running ipass netserver and radiator? I am having problems with my config. I have installed both software but in order to get it to work properly, ipass specifies that the following lines should be added to all client clauses in the radiator config file: RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ After having added the line above, I (assume) then need to add the character / to the UsernameCharset set in radiator so as to allow names of the form IPASS/username ? Default of ( a-zA-Z0-9\._@- ). I have tried ( UsernameCharset a-zA-Z0-9\._@-/) and ( UsernameCharset a-zA-Z0-9\._@-\/ ) But I noticed that when I do so, a request with the name of the form IPASS/username kills radiator. It just stops and even there is nothing in the log with a trace 4 option. Please I would liek someone to provide me with a working config and if possible a brief explanation of any area that is not too clear or standard. Regards, Tunde I.
Re: (RADIATOR) users database format
Hi TDN,
You can use AddToRequestIfNotExist or AddToRequest parameter in your
Handler or Realm clause.
For example,
Handler
AddToRequestIfNotExist Service-Type = Framed-User
AuthBy ...
/AuthBy
/Handler
See section 6.16.19 and 6.16.20 of the reference manual (version 3.0)
formore details.
Regards,
Tunde Itayemi.
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 20, 2002 3:26 PM
Subject: (RADIATOR) users database format
Hello,
I have a flat file users database, which has the format below:
user1 Password = {crypt}*
Framed-Protocol=PPP
The configuration of one of our new Nases requres that the users database
be of this format:
user1 Password = {crypt}*
Service-Type = Framed-User,
Framed-Protocol=PPP
How can achieve this without having to change each and every entry i.e,
set
Service-Type = Framed-User as a default entry.
Rgds
TDN
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: Antwort: (RADIATOR) Re: *GhostSessions Problem
- Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 9:51 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hi Hugh, I know you have said before that there is no way to query windows for online clients using SNMP. This is just to the house in general. Is there anyone out there with workable solutions for windows? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Christian Rautscher [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 8:34 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hello Christian - As I discussed in a previous mail, Radiator can use the NasType parameter in the Client clause(s) to enforce strict session limit checking with the NAS equipement being used, as long as the NAS can be queried successfully. Unfortunately, we cannot provide solutions for all types of NAS and all versions of NAS software, so it becomes a matter of trial and error for Radiator users to work out how to make things work in their own environment. We have provided a number of NasType modules and the source code for all of them is in the Radius/Nas directory. The only thing I can suggest is that you test the query that Radiator tries to run by hand to see what result you get, and if it is not correct then you will need to verify what is wrong in the code and correct it. It may also be the case that you need a different version of the SNMP code for example, or that your NAS needs to be configured to respond correctly to the query that Radiator tries to send. Note that we do not have any NAS equipment ourselves and we rely on customers to do their own testing. Many customers have done exactly this and contributed their code, most of which is what is found in the Radiator distribution. This is a vexing problem, I know, but there is little I can do to help you. regards Hugh On Tuesday, September 10, 2002, at 04:22 PM, Christian Rautscher wrote: Hello Hugh, i did post it already in the Mailing List last week, but i got no reply. That's why i thought, as we did buy a 7-station-licence of Radiator i could send it to the support list, and hope that somebody will response me there :) You cannot help me or? I mean can you give me at least a little hint, how the problem could be resolved. ;) Happy working, regards, Christian Hugh Irvine [EMAIL PROTECTED]@open.com.au am 10.09.2002 03:58:06 Gesendet von: [EMAIL PROTECTED] An:Christian Rautscher [EMAIL PROTECTED] Kopie: [EMAIL PROTECTED] (Blindkopie: Christian Rautscher/RUN/RAIFF) Thema: (RADIATOR) Re: *GhostSessions Problem Hello Christian - I have posted this to the Radiator mailing ([EMAIL PROTECTED]) list for you. You should post these questions to the Radiator list, not the support list. regards Hugh On Monday, September 9, 2002, at 07:30 PM, Christian Rautscher wrote: Hello Hugh, hi everybody, i'd like to ask if some1 could help me with the quite famous Problem of the ghost-sessions in Radiator-DB. P.es. AccessServer works fine. Connecting clients will be registered in the Radonline-DB of Radiator with their SessionStart-Entry. Now lets assume that at a certain point, due to networking failure or other reason Radiator and AccessServer aren't able to comunicate to each other anymore. Now we assume that Client A and B are disconnecting themselves right at this moment. PROBLEM:NAS doesn't send Stop-Session-Entry to Radiator, so for Radiator that client is still online. Now let's assume that the communication Problem between Radiator and NAS has been solved, and client A would like to re-enter. But isn't able, because of the configuration of Radiator the client exceeds the its allowed simulateous Permission of 1. As i've already tried with the Nas-Type Attribute but somehow it won't work as it should. As i noticed that this kind of problem appeared quite often in this mailing-list i hope that someone may be able to help me. Thank you just in advance, Christian -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible
Re: Antwort: (RADIATOR) Re: *GhostSessions Problem
Thanks, I have just changed the NasType for my windows clients to Ping - at least it is better than nothing :-) Regards, Tunde I. - Original Message - From: Andreas Stollar [EMAIL PROTECTED] To: Ayotunde Itayemi [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 4:37 PM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hello, I was having a similar problem using DefaultSimultaneousUse 1 in my config. I mostly blame our outsourced dial up vendor, who uses a chaotic mess of different NAS devices, so stop records did not always get received, and using either snmp or finger only worked for half of the NAS's out there. We were having a support nightmare with users not being allowed to dial up because Radiator had an active session. As a last resort I started using NasType Ping under my DEFAULT client. This has turned out almost perfect. Ok, so someone with a firewall that blocks icmp traffic will be able to get multiple sessions now, but this is minor compared to the amount of happy customers now no longer calling tech support. Andreas Stollar Speakeasy, Inc. Sr. System Administrator On Tue, 10 Sep 2002, Ayotunde Itayemi wrote: Date: Tue, 10 Sep 2002 09:51:35 +0100 From: Ayotunde Itayemi [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem - Original Message - From: Ayotunde Itayemi [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 9:51 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hi Hugh, I know you have said before that there is no way to query windows for online clients using SNMP. This is just to the house in general. Is there anyone out there with workable solutions for windows? Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: Christian Rautscher [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, September 10, 2002 8:34 AM Subject: Re: Antwort: (RADIATOR) Re: *GhostSessions Problem Hello Christian - As I discussed in a previous mail, Radiator can use the NasType parameter in the Client clause(s) to enforce strict session limit checking with the NAS equipement being used, as long as the NAS can be queried successfully. Unfortunately, we cannot provide solutions for all types of NAS and all versions of NAS software, so it becomes a matter of trial and error for Radiator users to work out how to make things work in their own environment. We have provided a number of NasType modules and the source code for all of them is in the Radius/Nas directory. The only thing I can suggest is that you test the query that Radiator tries to run by hand to see what result you get, and if it is not correct then you will need to verify what is wrong in the code and correct it. It may also be the case that you need a different version of the SNMP code for example, or that your NAS needs to be configured to respond correctly to the query that Radiator tries to send. Note that we do not have any NAS equipment ourselves and we rely on customers to do their own testing. Many customers have done exactly this and contributed their code, most of which is what is found in the Radiator distribution. This is a vexing problem, I know, but there is little I can do to help you. regards Hugh On Tuesday, September 10, 2002, at 04:22 PM, Christian Rautscher wrote: Hello Hugh, i did post it already in the Mailing List last week, but i got no reply. That's why i thought, as we did buy a 7-station-licence of Radiator i could send it to the support list, and hope that somebody will response me there :) You cannot help me or? I mean can you give me at least a little hint, how the problem could be resolved. ;) Happy working, regards, Christian Hugh Irvine [EMAIL PROTECTED]@open.com.au am 10.09.2002 03:58:06 Gesendet von: [EMAIL PROTECTED] An:Christian Rautscher [EMAIL PROTECTED] Kopie: [EMAIL PROTECTED] (Blindkopie: Christian Rautscher/RUN/RAIFF) Thema: (RADIATOR) Re: *GhostSessions Problem Hello Christian - I have posted this to the Radiator mailing ([EMAIL PROTECTED]) list for you. You should post these questions to the Radiator list, not the support list. regards Hugh On Monday, September 9, 2002, at 07:30 PM, Christian Rautscher wrote: Hello Hugh, hi everybody, i'd like to ask if some1 could help me with the quite famous Problem of the ghost-sessions in Radiator-DB. P.es. AccessServer works fine. Connecting clients
(RADIATOR) ipass Config Question
Hi All, Hi hugh,
My config is as below. In the past when "we"
discussed about the state column of the
RADONLINE
database not being reset appropriately resulting in
IP-address pool being exhausted, you told me to
add the following lines to my config:
DeleteQuery update RADPOOL set
STATE=0,TIME_STAMP=%twhere YIADDR='%0' or
YIADDR='%{Class}'
to the AdressAllocator SQL clause and the following
line to AuthBy DYNAADDRESS clause
AddToReply Class =
%{Reply:Framed-IP-Address}
Okay, I removed them later when things seemed to
have "stabilised" but I am thinking of reintroducing them again
- please let me have your views based on the config
file below.
MAIN PROBLEMS.
I installed ipass NetServer 3.9 as stated in the
instructions and also configured radiator (below) based on ipass
instruction for configuring radiator.
The problem is that somehow, radiator is still
using the handler for my client rather than thespecial handler for
ipass
- Handler Realm=myipass which should
cause it to proxy the request to the local ipass NetServer running on
same
system.
Please note that the IP address I have radiator
running on is e.d.f.211 .
I have also disabled the apache client I had
running before because I guess there would be a conflict between apache
authentication and ipass NetServer since they both
use localhost (127.0.0.1) in the client definitions for them?
Regards,
Tunde I.
# --- RADAR
-MonitorUsername
radarPassword mypassword/Monitor# Programs for
Simultaneous-UseSnmpgetProg/usr/bin/snmpget# SNMP access to
radiatorSNMPAgentROCommunity
mysnmpRADsecretPort162Managers127.0.0.1,
192.168.10.8/SNMPAgent# Online usersSessionDatabase
SQLIdentifier
SDB1DBSourcedbi:Oracle:radius00DBUsername
radiusDBAuth
radius# DeleteQuery
update RADPOOL set STATE=0,TIME_STAMP=%t
\#
where YIADDR='%0' or YIADDR='%{Class}'/SessionDatabase#
===AddressAllocator
SQL Identifier
mySQLallocator
DBSource
dbi:Oracle:radius00
DBUsername
radiusgold
DBAuth
radiusgold#DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t
\#where YIADDR='%0' or YIADDR='%{Class}'
DefaultLeasePeriod
172800# LeaseReclaimInterval
86400
# POOL ALLOCATION
RULES AddressPool
viruse1
Subnetmask
255.255.255.255
Range a.b.e.31 a.b.e.60Range a.b.e.62
a.b.e.91
/AddressPool
AddressPool
viruse2
Subnetmask
255.255.255.255
Range a.b.c.52 a.b.c.100Rangea.b.c.110
a.b.c.139Rangea.b.c.150
a.b.c.200Range a.b.c.225 a.b.c.250
/AddressPool/AddressAllocator
# === CLIENTs
=Client
a.b.c.3 Secret
mypassword DupInterval
0 SNMPCommunity
public Identifier
viruse2IdenticalClients a.b.c.4 a.b.c.5 a.b.c.6
\172.31.1.6 172.31.1.4 172.31.1.8
192.168.10.5RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//ClientClient
a.b.c.30# pattonRAS Secret
mypassword DupInterval
0NasType PattonSNMPCommunity
patt123mon Identifier
viruse1IdenticalClients a.b.c.61 a.b.c.92RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//ClientClient
localhost# ipass client for VNAS (incoming roamers)Secret
mypasswordIdentifier ipassclientIdenticalClients
d.e.f.212RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass//Client#Client
127.0.0.1# web server on this box#Secret
apache!:123#DupInterval 0#Identifier
apache#/Client# === AUTH BYs
=AuthBy
SQL Identifier
SQLStaffauth
NoDefault
DBSource
dbi:Oracle:radius00
DBUsername
radius
DBAuth
radius AuthSelect select PASSWORD,
CHECKATTR from STAFF
\
where USERNAME = '%n' and STATUS = 'Enabled'/AuthAuthBy
SQLIdentifier
SQLClientauthNoDefaultDBSourcedbi:Oracle:radius00DBUsernameradiusDBAuthradiusAuthSelect
select PASSWORD, CHECKATTR, REPLYATTR \from SUBSCRIBERS where
USERNAME = '%n'\and STATUS =
'Enabled'AutoMPPEKeys/AuthAuthBy
DYNADDRESSIdentifier myIPADDRESSauthAllocator
mySQLallocator#AddToReply Class =
%{Reply:Framed-IP-Address}#PoolHint
%{Reply:PoolHint}PoolHint
%{Client:Identifier}MapAttribute yiaddr,
Framed-IP-AddressMapAttribute subnetmask,
Framed-IP-NetmaskStripFromReply PoolHint# policy = 4 (40bit), 2
(128bit), 6 (any)AddToReply MS-MPPE-Encryption-Policy = 1,
MS-MPPE-Encryption-Types = 6AddToReply MS-MPPE-Send-Key,
MS-MPPE-Recv-Key/AuthByAuthBy
DYNADDRESS Identifier
pattonIPADDRESSauth Allocator
mySQLallocatorPoolHint
%{Client:Identifier}# PoolHint
%{Reply:PoolHint}
MapAttribute yiaddr,
Framed-IP-Address
MapAttribute subnetmask,
Framed-IP-Netmask StripFromReply
PoolHint/AuthBy## proxy radius for IPASSAuthBy
RADIUS
Identifier
ipassNetserver
Host
d.e.f.211
Secret
mypassword
AuthPort
11812
AcctPort
11813/AuthBy#=== HANDLERs
Handler
Realm=myipassAcctLogFileName
%L/ipass/detailRewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/AuthBy
ipassNetserver/HandlerHandler
(RADIATOR) Final word on DefaultLeasePeriod
Hi All, Hi Hugh,Hi Mike, Hi ... :-) Okay. Final question on IP leases with radiator. What happens when the DefaultLeasePeriod expires? More importantly, is the IP reclaimed when the DefaultLeasePeriod expires AND the client to which it was allocated is still online? Also,are IPs reclaimed when clients log off (for one reason or the other) before DefaultLeasePeriod expires? (- just wanted a confirmation on this last question) What is the max value I can set the DefaultLeasePeriod too - a year (in seconds format)? Regards, Tunde I.
(RADIATOR) Telnet, SMTP and port 25
Hi Hugh, Hi all, Okay this is not a RADIUSquestion, but excuse me anyway. I have a RedHat 6.2 Linux system that has been configured asa mail server for a real Internet domain. Users can receive their mails but nothing (mails) can be sent out. After a lot of troubleshooting I made out the following: 1. The system can't send mails out because you cannot initiate a telnet session from it toany other system on port 25 e.g., [root@mail itayemi]# telnet10.0.4.4 25Trying 10.0.4.4...telnet: Unable to connect to remote host: No route to host This is the same message that keeps being written to the mail log (/var/log/maillog) by sendmail. Any ideas? You can telnet to it on port 25 from other systems. I have looked at all the common causes I can think of (DNS, inetd, routing, sendmail etc) Nothing seems to work. The system is not configured as a firewall and the port is not blocked by the router or any other device. Regards, Tunde I.
Re: (RADIATOR) postcard from Switzerland
Hi Hugh, Enjoy! I hope I will be able to find my way out of Nigeria soon! Seriously, I need a long break. So, anyone know a good school where I can do my Masters in Computer Science as a very good pretence for bailing out for a while? Okay, don't forget the expense and the exhange rates for the Naira! :-) Thanks for offering great support. I don't think there is any other software with a mailing list and support as responsive as radiator! RADIATOR IS RADIANT! Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Joanne Davis [EMAIL PROTECTED] Sent: Tuesday, August 20, 2002 7:16 AM Subject: (RADIATOR) postcard from Switzerland Hello Everyone - How lovely - I have brought summer with me to Switzerland! I arrived in Bern on Sunday (via Singapore, Dubai and Zurich), to find that the temperature was 35 degrees (C) and everyone was saying it was the first real day of summer! As you can imagine people were taking advantage of the break from the rain (there haven't been floods here, but it has been very cold and wet), and spending the day outdoors. Anyway, Switzerland is very much as you imagine it and see it portrayed in movies and so on, but still it is quite delightful to look towards the horizon pretty much anywhere and see snow-capped mountains in the distance. The country is neat and tidy and very clean and everyone is very friendly (even though it is the height of the tourist season). Hopefully I will get to do some tourist things this week, and I will be heading back to Melbourne on Saturday. As usual, I will try to keep up with the email, but if I miss anything please send it to me again next week. cheers Hugh NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Fw: (RADIATOR) Telnet, SMTP and port 25
- Original Message - From: Ayotunde Itayemi To: Hugh Irvine Sent: Wednesday, August 21, 2002 6:23 PM Subject: Re: (RADIATOR) Telnet, SMTP and port 25 Hi Hugh, Traceroute gets to the destination. Pings are replied (reaches destination). Also telnet to myself (mail server) on port 25 (from the same box) works i.e, telnet 127.0.0.1 25 This alsoworks: telnet mail 25 BUT this does not: telnet any-internet-mailserver 25 Regards, Tunde I. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Wednesday, August 21, 2002 5:37 PM Subject: Re: (RADIATOR) Telnet, SMTP and port 25 Hello Tunde -The error message clearly states "No route to host".Try a traceroute to see what is amiss.regardsHughOn Wednesday, August 21, 2002, at 06:12 PM, Ayotunde Itayemi wrote: Hi Hugh, Hi all,Okay this is not a RADIUSquestion, but excuse me anyway.I have a RedHat 6.2 Linux system that has been configured asa mail serverfor a real Internet domain. Users can receive their mails but nothing (mails) can be sent out.After a lot of troubleshooting I made out the following:1. The system can't send mails out because you cannot initiate a telnet session from it toany other system on port 25 e.g.,[root@mail itayemi]# telnet10.0.4.4 25Trying 10.0.4.4...telnet: Unable to connect to remote host: No route to hostThis is the same message that keeps being written to the mail log (/var/log/maillog)by sendmail. Any ideas?You can telnet to it on port 25 from other systems.I have looked at all the common causes I can think of (DNS, inetd, routing, sendmail etc)Nothing seems to work. The system is not configured as a firewall and the port is not blockedby the router or any other device.Regards,Tunde I.NB: I am travelling this week, so there may be delays in our correspondence.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
(RADIATOR) DefaultLeasePeriod
Hi Hugh, Hi All, What happens when the DefaultLeasePeriod(say 86400 = 1 day) expires? Does the user get disconnected and the IP allocated to him/her reclaimed? Or is the user (correctly) allowed to stay connected? Let's assume that the checkattribute of the clients specifies that he/she can stay on for the whole day (Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1) Regards, Tunde I.
Re: (RADIATOR) Re: DefaultLeasePeriod
Hi Hugh, One, I assume the checkattribute ( Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1) implies "always-on 24-7-365" access for the user? My aim is to allow clients with DSL access (alwayson-24-7-365)to remain on without radiatiorreclaiming the IP address allocated to themwhile they are still connected. What combination of attributes do you think can handle clients with DSL access (alwayson-24-7-365) and dial-up access so that the IP address is not reclaimed for the DSL clients while they are still connected - and still reclaim the IP addresses allocated to the dial-up/DSL clients when they disconnect by themselves from the NASes? Would setting the Defaultleaseperiod to "infinity" ( :-) or say a year, and leaving the LeaseReclaimInterval set to (say) a day handle the kind of configuration I mentioned above? That is, correctly reclaim the IPaddresses for clients when they are disconnected (by NAS, attributes, etc) and also not reclaim the IP addresses allocated to clients that are still online. Regards, Tunde Itayemi. - Original Message - From: Hugh Irvine To: Ayotunde Itayemi Cc: [EMAIL PROTECTED] Sent: Monday, August 19, 2002 12:31 PM Subject: (RADIATOR) Re: DefaultLeasePeriod Hello Tunde -The IP address in the address pool is marked as available when the DefaultLeasePeriod expires.There is no relationship between the Session-Timeout on the NAS and the DefaultLeasePeriod for the IP address allocation. You will have to manage any relationship that you wish to have with your configuration.regardsHughOn Monday, August 19, 2002, at 06:09 PM, Ayotunde Itayemi wrote: Hi Hugh, Hi All,What happens when the DefaultLeasePeriod(say 86400 = 1 day) expires?Does the user get disconnected and the IP allocated to him/her reclaimed?Or is the user (correctly) allowed to stay connected?Let's assume that the checkattribute of the clients specifies that he/shecan stay on for the whole day (Service-Type = Framed-User,Time ="Al-2400",Simultaneous-Use = 1)Regards,Tunde I.-- Radiator: the most portable, flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.
Re: (RADIATOR) Re: DefaultLeasePeriod
Hi Hugh,
Okay you are right. But what if I would like to
ensure that the max time a client can stay
on is a day? That is, even the "always-on" clients
get disconnected at least once everyday?
In such a case, what would my checkattributes and
replyattributes be?
Regards,
Tunde I.
- Original Message -
From:
Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Monday, August 19, 2002 2:48
PM
Subject: Re: (RADIATOR) Re:
DefaultLeasePeriod
Hello Tunde -By
definition a customer with a permanent connection would not use a dynamic
address.You should allocate such users static addresses
instead.regardsHughOn Monday, August 19, 2002, at
10:10 PM, Ayotunde Itayemi wrote:
Hi Hugh,One,
I assume the checkattribute ( Service-Type = Framed-User,Time
="Al-2400",Simultaneous-Use = 1)implies
"always-on 24-7-365" access for the
user?My
aim is to allow clients with DSL access (alwayson-24-7-365)to remain
on without radiatiorreclaiming theIP
address allocated to themwhile they are still connected.What
combination of attributes do you think can handle clients with DSL access
(alwayson-24-7-365) and dial-upaccess
so that the IP address is not reclaimed for the DSL clients while they are
still connected - and still reclaimthe
IP addresses allocated to the dial-up/DSL clients when they disconnect by
themselves from the NASes?Would
setting the Defaultleaseperiod to "infinity" ( :-) or say a year, and
leaving the LeaseReclaimInterval set to(say) a
day handle the kind of configuration I mentioned above? That is, correctly
reclaim the IPaddresses for clientswhen
they are disconnected (by NAS, attributes, etc) and also not reclaim the IP
addresses allocated to clientsthat
are still online.Regards,Tunde
Itayemi.- Original Message
-From: Hugh
IrvineTo: Ayotunde
ItayemiCc:
[EMAIL PROTECTED]Sent:
Monday, August 19, 2002 12:31 PMSubject: (RADIATOR) Re:
DefaultLeasePeriodHello Tunde -The IP address in the address
pool is marked as available when the DefaultLeasePeriod
expires.There is no relationship between the Session-Timeout on the
NAS and the DefaultLeasePeriod for the IP address allocation. You will have
to manage any relationship that you wish to have with your
configuration.regardsHughOn Monday, August
19, 2002, at 06:09 PM, Ayotunde Itayemi wrote:Hi Hugh, Hi
All,What happens when the DefaultLeasePeriod(say
86400 = 1 day) expires?Does the user get disconnected and the IP
allocated to him/her reclaimed?Or is the user (correctly) allowed to
stay connected?Let's assume that the checkattribute of the
clients specifies that he/shecan stay on for the whole day (Service-Type
= Framed-User,Time ="Al-2400",Simultaneous-Use =
1)Regards,Tunde I.--Radiator: the
most portable, flexible and configurable RADIUS serveranywhere.
Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets:
internetwork inventory and management - graphical, extensible,flexible
with hardware, software, platform and database
independence.-- Radiator: the most portable,
flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD,
Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and
management - graphical, extensible,flexible with hardware, software,
platform and database independence.
Re: (RADIATOR) hardware specs
Hi Hugh, Hi All, I wonder what the best config for primary/backup radius server is I have (almost :-) two radius servers, each with an oracle database. Do I set it up so that my primary radius server use two Oracle databases in every SQL access clause in its config; AND also set up the secondary to use both Oracle DBs? Or what is my best config? RADIUS server1 + Oracle DB1 RADIUS server2 + Oracle DB2 Radius server1 points to OracleDB1 and 2 Radius server2 points to OracleDB2 and 1 OR Radius server1 points to OracleDB1 and 2 Radius server1 points to OracleDB1 and 2 Regards, Tunde I. - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, August 15, 2002 6:04 AM Subject: Re: (RADIATOR) hardware specs Hello Ray - This sort of machine is in use at many of our customer sites. Keep in mind that you should have a primary and a secondary for redundancy purposes. regards Hugh On Thursday, August 15, 2002, at 02:27 PM, [EMAIL PROTECTED] wrote: Hello, Can I ask if a Sun Netra T1 server with 512 memory sufficient for large installation using radiator? Ray === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh,
Somehow the Session-Id field on the patton was set
to zero - could have been me
or one of the two or three other people with access
to the NAS.
Thanks.
Tunde I.
- Original Message -
From:
Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 10:57
PM
Subject: Re: (RADIATOR) Re: Multiple
Calling-Station-Id
Hello Tunde -As always, the only way I can see what is
going on is by looking at the configuration file and the trace 4
debug.regardsHughOn Thursday, August 15, 2002, at
06:14 AM, Ayotunde Itayemi wrote:
Hi Hugh,Thanks
for the replies. I noticed a curious thing though I am not sure of exactly
when it happened.I
changed one of the IP address pools defined in my AddressAllocator
SQL to the same nameasthe
identifier for a NAS. Below is the DYNAADDRESS clause I used for the Handler
for the NAS.The
thing is that I suddenly noticed tonight that the
Acct-Session-Idcolumn
for all the online usersare
blank (from the radwho.cgi)?Any
idea what is wrong?It's
9.15 P.M. here and I am getting out :-) Talk to you laterRegards,Tunde
I.AuthBy
DYNADDRESS Identifier
pattonIPADDRESSauth Allocator
mySQLallocator
PoolHint %{Client:Identifier}#
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr,
Framed-IP-Address
MapAttribute subnetmask,
Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse
1/AuthBy--
Radiator: the most portable, flexible and configurable RADIUS
serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS
X.-Nets: internetwork inventory and management - graphical,
extensible,flexible with hardware, software, platform and database
independence.
(RADIATOR) Multiple Calling-Station-Id
Hi All, I have a similar problem to Micheal's (see inquiry) If my understanding is correct, that user cannot connect under any circumstance to any other NAS on the network? I require a little more flexibility in that the user should ONLY be restricted to a particular NAS if he uses a special (GSM) number. The numbers are of the form 0802xxx OR 0803xxx OR 0804xxx (where xxx is any sequence of 7 digits) I was thinking of aspecial HANDLER clause for them. I guess I would need something like HANDLER Client-Identifier = specialNAS,Calling-Station-Id=/0802xxx|0803xxx|0804xxx/ /HANDLER Would this work? Also, how can I associate a pool of IPs with a particular NAS. The purpose is to allow me to leave out the poolhint attribute from the record of each user in my database. This should allow the allocation of IPs based on the NAS rather than the user. Regards, Tunde Itayemi.
(RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh,
I assume I can have multiple PoolHint
%{Client:Identifier} in a single AuthBy DYNADDRESS clause?
Secondly, how do I restrict the special NAS to ONLY
answer requests from clients with the mobile phone addresses
I have mentioned?
I thought of using Calling-Station-Id =/^080[234]/ but what stops
the client from dialing into some of
my other NASes?
Is there some way to negate the HANDLER attributes? Something
like:
Handler Client-Identifier = specialNAS, (NOT)Calling-Station-Id
=/^080[234]/
Regards,
Tunde I.
- Original Message -
From:
Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 12:36
PM
Subject: Re: Multiple
Calling-Station-Id
Hello Tunde -For your
second point, you would do something like this:# define Clients with
IdentifiersClient 1.2.3.4Identifier
PoolTag/Client.# define AuthBy
DYNADDRESSAuthBy DYNADDRESSIdentifier
AllocateIPAddressPoolHint
%{Client:Identifier}./AuthBy...For
your first point, you could also use something like this:Handler
Client-Identifier = specialNAS, Calling-Station-Id =/^080[234]/The
above says "080" at the start of the string, followed by 2 or 3 or 4, followed
by anything.As always, you should test such Handlers and regular
expressions thoroughly.regardsHughOn Wednesday,
August 14, 2002, at 07:31 PM, Ayotunde Itayemi wrote:
Hi All,I
have a similar problem to Micheal's (see
inquiry)If
my understanding is correct, that user cannot connect under any circumstanceto
any other NAS on the network?I
require a little more flexibility in that the user should ONLY be restricted
to a particularNAS
if he uses a special (GSM) number. The numbers are of the form 0802xxx
OR0803xxx
OR 0804xxx (where xxx is any sequence of 7 digits)I
was thinking of aspecial HANDLER clause for them. I guess I
would need something likeHANDLER
Client-Identifier
=
specialNAS,Calling-Station-Id=/0802xxx|0803xxx|0804xxx/
/HANDLERWould
this work?Also,
how can I associate a pool of IPs with a particular NAS. The purpose is to
allow me toleave
out the poolhint attribute from the record of each user in my database. This
shouldallow
the allocation of IPs based on the NAS rather than the user.Regards,Tunde
Itayemi.-- Radiator: the
most portable, flexible and configurable RADIUS serveranywhere. Available
on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork
inventory and management - graphical, extensible,flexible with hardware,
software, platform and database independence.
Re: (RADIATOR) Re: Multiple Calling-Station-Id
Hi Hugh,
Thanks for the replies. I noticed a curious thing
though I am not sure of exactly when it happened.
I changed one of the IP address pools defined in my
AddressAllocator SQL to the same name
asthe identifier for a NAS. Below is the
DYNAADDRESS clause I used for the Handler for the NAS.
The thing is that I suddenly noticed tonight that
the Acct-Session-Idcolumn for all the
online users
are blank (from the radwho.cgi)?
Any idea what is wrong?
It's 9.15 P.M. here and I am getting out :-) Talk
to you later
Regards,
Tunde I.
AuthBy
DYNADDRESS Identifier
pattonIPADDRESSauth Allocator
mySQLallocator
PoolHint
%{Client:Identifier}
#
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr,
Framed-IP-Address
MapAttribute subnetmask,
Framed-IP-Netmask StripFromReply
PoolHint DefaultSimultaneousUse
1/AuthBy
- Original Message -
From:
Hugh Irvine
To: Ayotunde Itayemi
Cc: [EMAIL PROTECTED]
Sent: Wednesday, August 14, 2002 6:04
PM
Subject: (RADIATOR) Re: Multiple
Calling-Station-Id
Hello Tunde -No - you can only have a single PoolHint -
why do you want more?For your second question, you would do something
like this:Handler Client-Identifier = specialNAS,
Calling-Station-Id = /^080[234]/# deal with the
requests../HandlerHandler Calling-Station-Id =
/^080[234]/# reject calls to other NAS'sAuthBy
INTERNALDefaultResult
REJECT/AuthBy../HandlerregardsHughOn
Thursday, August 15, 2002, at 02:50 AM, Ayotunde Itayemi wrote:
Hi Hugh,I
assume I can have multiple PoolHint
%{Client:Identifier} in a single AuthBy DYNADDRESS clause?Secondly, how do I restrict
the special NAS to ONLY answer requests from clients with the mobile phone
addressesI
have mentioned?I
thought of using Calling-Station-Id
=/^080[234]/ but what stops the client from dialing
into some ofmy other
NASes? Is there some way to negate the HANDLER attributes? Something like:Handler Client-Identifier = specialNAS,
(NOT)Calling-Station-Id =/^080[234]/Regards,Tunde
I.- Original Message
-From: Hugh
IrvineTo: Ayotunde
ItayemiCc:
[EMAIL PROTECTED]Sent:
Wednesday, August 14, 2002 12:36 PMSubject: Re: Multiple
Calling-Station-IdHello Tunde -For your second point, you
would do something like this:# define Clients with
IdentifiersClient 1.2.3.4Identifier
PoolTag/Client.# define AuthBy
DYNADDRESSAuthBy DYNADDRESSIdentifier
AllocateIPAddressPoolHint
%{Client:Identifier}./AuthBy...For
your first point, you could also use something like this:Handler
Client-Identifier = specialNAS, Calling-Station-Id
=/^080[234]/The above says "080" at the start of the string,
followed by 2 or 3 or 4, followed by anything.As always, you should
test such Handlers and regular expressions
thoroughly.regardsHughOn Wednesday, August 14,
2002, at 07:31 PM, Ayotunde Itayemi wrote:Hi All,I
have a similar problem to Micheal's (see inquiry)If my understanding is
correct, that user cannot connect under any circumstanceto any other NAS
on the network?I require a little more flexibility in that the user
should ONLY be restricted to a particularNAS if he uses a special (GSM)
number. The numbers are of the form 0802xxx OR0803xxx OR
0804xxx (where xxx is any sequence of 7
digits)I was thinking of aspecial HANDLER
clause for them.I guess I would need something
likeHANDLER Client-Identifier =
specialNAS,Calling-Station-Id=/0802xxx|0803xxx|0804xxx/
/HANDLERWould this
work?Also, how can I associate a pool of IPs with a particular
NAS. The purpose is to allow me toleave out the poolhint attribute from
the record of each user in my database. This shouldallow the allocation
of IPs based on the NAS rather than the
user.Regards,Tunde
Itayemi.--Radiator: the most portable, flexible and configurable
RADIUS serveranywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT,
MacOS X.-Nets: internetwork inventory and management - graphical,
extensible,flexible with hardware, software, platform and database
independence.-- Radiator: the most portable,
flexible and configurable RADIUS serveranywhere. Available on *NIX, *BSD,
Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and
management - graphical, extensible,flexible with hardware, software,
platform and database independence.
Re: (RADIATOR) Re: Radiator and Windows Encryption
Hi Hugh,
Thanks a million! I moved the AutoMPPEkeys to the Authby SQL clause
and left the AddToReply clause for the Encryption types in the AuthBy
DYNADDRESS
clause.
I will check out the hooks next week (I don't know much Perl though).
Regards,
Tunde I.
- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Ayotunde Itayemi [EMAIL PROTECTED]
Cc: Mike McCauley [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, August 03, 2002 1:49 AM
Subject: Re: (RADIATOR) Re: Radiator and Windows Encryption
Hello Tunde -
I will let Mike deal with the first part of your message.
For the second part, you will need to write a PostAuthHook to do what
you describe.
You will find some example hooks in the file goodies/hooks.txt.
regards
Hugh
On Saturday, August 3, 2002, at 03:34 AM, Ayotunde Itayemi wrote:
Hi Mike,
I have given the 3.1 patch a shot but to no effect. The relevant part
of my
config file is:
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
AddToReply Class = %{Reply:Framed-IP-Address}
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
AutoMPPEKeys
# policy = 4 (40bit), 2 (128bit), 6 (any)
AddToReply MS-MPPE-Encryption-Policy = 2,
MS-MPPE-Encryption-Types =
4
/AuthBy
I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the
AddToReply
clause above with various combinations of MS-MPPE-Encryption-Policy and
MS-MPPE-Encryption-Types.
Okay, is there anyone on the list that has got this to work please :-)
Also, about my other problem, is there anyway to conditionally remove a
Reply attribute from the access acccept
packet before it is sent? The functional word is conditionally
Simply stated, after selecting the users record from the database,
checking
the passwords etc, stripping say the
Framed-IP-Address attribute off if it is from say the 192.168.10.x
block.
OR alternatively, dynanically changing the
PoolHint attribute based on the NAS sending the request?
Regards,
Tunde I.
- Original Message -
From: Mike McCauley [EMAIL PROTECTED]
To: Hugh Irvine [EMAIL PROTECTED]; Ayotunde Itayemi
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, August 02, 2002 1:43 AM
Subject: Re: Radiator and Windows Encryption
Hello Tunde,
On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote:
Hello Tunde -
We have many customers using Windows 2000 and we have many customers
using Patton RAS, however I don't know if anyone is using both
together.
As for the MPPE questions, I have copied Mike on this mail for his
comments.
There are some recent patches to the AutoMPPEKeys feature in the
Radiator
3.1
area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an
interoperability problem. These have been tested to be working
correctly
now
by a number of people.
Cheers.
regards
Hugh
On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote:
Hi Hugh, Hi All,
Please, a straight forward question to everybody:
1. Is there anyone on this mailing list using Radiator and Windows
2000
servers?
2. Is there anyone on this mailing list using Radiator and Patton
NASes?
If yes to any of the questions above, has anyone implemented RADIUS
authentication
with MPPE encryption (or any other encryption)?
(Hugh) Also, someone I mailed suggested that it is likely radiator
isn't sending the proper
MPPE keys to the Windows box (reason for not doing encryption or
being
able to connect
when client requires encryption)
Regards,
Tunde Itayemi.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL
(RADIATOR) Re: Radiator and Windows Encryption
Hi Mike,
I have given the 3.1 patch a shot but to no effect. The relevant part of my
config file is:
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
AddToReply Class = %{Reply:Framed-IP-Address}
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
AutoMPPEKeys
# policy = 4 (40bit), 2 (128bit), 6 (any)
AddToReply MS-MPPE-Encryption-Policy = 2, MS-MPPE-Encryption-Types =
4
/AuthBy
I have also tried adding MS-MPPE-Send-Key and MS-MPPE-Recv-Key to the
AddToReply
clause above with various combinations of MS-MPPE-Encryption-Policy and
MS-MPPE-Encryption-Types.
Okay, is there anyone on the list that has got this to work please :-)
Also, about my other problem, is there anyway to conditionally remove a
Reply attribute from the access acccept
packet before it is sent? The functional word is conditionally
Simply stated, after selecting the users record from the database, checking
the passwords etc, stripping say the
Framed-IP-Address attribute off if it is from say the 192.168.10.x block.
OR alternatively, dynanically changing the
PoolHint attribute based on the NAS sending the request?
Regards,
Tunde I.
- Original Message -
From: Mike McCauley [EMAIL PROTECTED]
To: Hugh Irvine [EMAIL PROTECTED]; Ayotunde Itayemi
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Friday, August 02, 2002 1:43 AM
Subject: Re: Radiator and Windows Encryption
Hello Tunde,
On Fri, 2 Aug 2002 10:15, Hugh Irvine wrote:
Hello Tunde -
We have many customers using Windows 2000 and we have many customers
using Patton RAS, however I don't know if anyone is using both together.
As for the MPPE questions, I have copied Mike on this mail for his
comments.
There are some recent patches to the AutoMPPEKeys feature in the Radiator
3.1
area. They extend AputoMPPEKeys to MSCHAP V2, and also fix an
interoperability problem. These have been tested to be working correctly
now
by a number of people.
Cheers.
regards
Hugh
On Friday, August 2, 2002, at 12:48 AM, Ayotunde Itayemi wrote:
Hi Hugh, Hi All,
Please, a straight forward question to everybody:
1. Is there anyone on this mailing list using Radiator and Windows
2000
servers?
2. Is there anyone on this mailing list using Radiator and Patton
NASes?
If yes to any of the questions above, has anyone implemented RADIUS
authentication
with MPPE encryption (or any other encryption)?
(Hugh) Also, someone I mailed suggested that it is likely radiator
isn't sending the proper
MPPE keys to the Windows box (reason for not doing encryption or being
able to connect
when client requires encryption)
Regards,
Tunde Itayemi.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator and Windows Encryption
Hi Hugh, Hi All, Please, a straight forward question to everybody: 1. Is there anyone on this mailing list using Radiator and Windows 2000 servers? 2.Is there anyone on this mailing list using Radiator and Patton NASes? If yes to any of the questions above, has anyone implemented RADIUS authentication with MPPE encryption (or any other encryption)? (Hugh) Also, "someone" I mailed suggested that it is likely radiator isn't sending the proper MPPE keys to the Windows box (reason for not doing encryption or being able to connect when client requires encryption) Regards, Tunde Itayemi.
(RADIATOR) Complex config?
Hi Hugh, Hi All, I am some "twisted" requirements. Mysetup is as follows. 1. 3 Windows 2000 servers and 3 pattons at location A 2. 1 patton at location B 3. All NASes authenticate against radiator at location A 4. IPs allocated/used at location A different from IPs used at location B (routers inbetween) 5. Clients fall into two categories (full access can browse) and email-only (192.168.x.x ips) 6. Email-only clients MUST be able to reach DNS server and Email server. 7. ALLclients can log in from any NAS I need a config to do this. I have tried allocating IPs to email-only clients from a single 192.168.x.x IP block via radiator, and using "weighted static routes" on the mail and DNS servers to implement connections to email-only clients by trying out each NAS server in turn to see if the client can be reached by that server. I suspect this would degrade performance with large email-only client base? The main problem is with the fact that there are two locations and a client's record in the database can only contain one poolhint. Because I need to allocate IPs differently (different pools) based on the location to which client is connected (also whether email-only or full access). So how do I implement a config that enforces simultaneous connection rules; allow clients to connect from any of the two locations while using radiator to allocate IPs? I have nearly beat my brains out on this one - all the config options I can think of seem to have one problem or the other. Regards, Tunde Itayemi.
(RADIATOR) Handler clause attributes
Hi Hugh, Hi All, Please it there somewhere i can get a list of all the attributes that can go into the Handler clause ( Handler attributes= ) and their proper name and format of their values? Regards, Tunde Itayemi.
(RADIATOR) addition to complex config?
Hi All, Just an addition to my previous mail. Since I guess the static routes I mentioned in my original mail would probably work, what I desire now is some way to: strip the Framed-IP-address (which is set to 192.168.x.x for email-only clients)off the access-accept packet IF 1. the NAS is the Patton NAS at locationB (I could do the same for all Patton NASes) so that the NAS would then allocate a public IP from the static pool defined on it. Can I do this though one of the Hooks? Maybe a little script that checks the NAS's identifier and if it is a particular one(s), then strips off the Frame-IP-Address and Framed-IP-Netmask? Can I hear someone volunteer to write this script :-) (seriously) Regards, Tunde Itayemi.
(RADIATOR) Allocating IPs
Hi Hugh, Thanks for the replies. I would like to know if there is anyway to strip or ignore the pool hint attribute for certain clients. The reason: We have NASes at two different locations. Most of the time clients would be dialing in at a particular location and should get a certain range of IPs, but for the second group of NASes, I have decided it would be simpler to just allocate a block of static IPs to the NASes as each one has a single E1 connected to it (30 dial-in lines). So if for example, client A dials into one of the E1 NASes, I would like the NAS to allocate the IP from a pool defined on it, on the other hand if client A dials-in to our "regular" NASes, (Windows 2000 server), I would like radiator to allocate the IP. The problem is that I am validating requests against the same database which has to contain pool hints for each client for the second scenario to work. Regards, Tunde I.
(RADIATOR) Radiator not emptying RADPOOL
Hi All, Hi Hugh,
Radiator is not deleting entries in the RADPOOL
table when users log off, hence it runs
out of IP addresses after about 30 successful
logons based on a particular pool of 30 IP addresses.
I have tried both from a Patton RAS and also a
windows 2K server
I have also tried it withcommenting out theDefaultLeasePeriodand
LeaseReclaimInterval
config options - no
difference.
My config is as below (I have deleted a few
sections):
Another question - I am authenticating my web
server againstradiator on the same box (separate
database table though) - anything I should know?
Any problems?
# Auth Acct ports
AuthPort 1645
AcctPort 1646
# --- RADAR -
Monitor
Username radpasswd
Password radpasswd
/Monitor
# Online users
SessionDatabase SQL
Identifier SDB1
DBSource dbi:Oracle:myOraDB
DBUsername orauser
DBAuth orauser
/SessionDatabase
# ===
AddressAllocator SQL
Identifier mySQLallocator
DBSource dbi:Oracle:myOraDB
DBUsername orauser
DBAuth orauser
DefaultLeasePeriod 86400
# LeaseReclaimInterval 86400
AddressPool pool1
Subnetmask 255.255.255.0
Range a.b.c.d a.b.c.z
/AddressPool
AddressPool pool2
Subnetmask 255.255.255.0
Range 192.168.10.21 192.168.10.50
/AddressPool
AddressPool pool3
Subnetmask 255.255.255.0
Range a.b.e.a a.b.e.u
/AddressPool
/AddressAllocator
# === CLIENTs =
Client a.b.c.a
Secret asecret
DupInterval 0
Identifier myras
IdenticalClients a.b.c.c a.b.a.b a.b.k.c b.b.c.d c.d.a.c
/Client
Client a.d.d.a
Secret another
DupInterval 0
Identifier myras
/Client
Client 127.0.0.1
# web server on this box
Secret myapache
DupInterval 0
Identifier anapache
/Client
# === AUTH BYs =
AuthBy SQL
Identifier SQLStaffauth
NoDefault
DBSource dbi:Oracle:myOraDB
DBUsername orauser
DBAuth orauser
AuthSelect select PASSWORD, CHECKATTR from STAFF \
where USERNAME = '%n' and STATUS = 'Enabled'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC,check
AuthColumnDef 2, GENERIC,reply
/Auth
AuthBy SQL
Identifier SQLClientauth
NoDefault
DBSource dbi:Oracle:myOraDB
DBUsername orauser
DBAuth orauser
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME = '%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
/Auth
AuthBy DYNADDRESS
Identifier myIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
DefaultSimultaneousUse 1
/AuthBy
#=== HANDLERs
Handler Client-Identifier=viruse2
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
UsernameCharset a-zA-Z0-9\._@-
MaxSessions 1
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
AuthBy myIPADDRESSauth
/Handler
Handler Client-Identifier=apache
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
UsernameCharset a-zA-Z0-9\._@-
MaxSessions 1
AuthBy SQLStaffauth
/Handler
Handler
# default handler
AuthBy RADIUS
# Default values for all hosts. You can change them for a
# single host in a Host clause
Secret mysecret
RetryTimeout 1
Retries 3
# Hosts to send to are listed below
Host 203.63.154.2
/Host
Host 203.63.154.3
BogoMips 2
/Host
# This host has non-standard ports
Host 203.63.154.4
AuthPort 1647
AcctPort 1648
/Host
/AuthBy
/Handler
(RADIATOR) Windows 2000, Radiator and Encryption
Hi All, Hi Hugh, Okay, I am back with my encryption questions :-) From the accouting request below, I noticed thatMS-MPPE-Encryption-Typesis set to0 Anybody know how to setthe value ofMS-MPPE-Encryption-Types to 1 or 2 on a Windows 2000 server. On the windows 2000 client, it goes as far as "registering your computer on remote network" then it immediately comes up with "the remote comuter does not support the required encryption type" - when I configure the VPN client to require encryption. I noticed that Radiator actually send an access-accept packet to the windows RAS and also that the windows RAS immediately send another accounting request packet back to radiator stating that the user was disconnected at "user's request". Any ideas? Acct-Output-Packets = 13 Acct-Input-Packets = 12 Acct-Terminate-Cause = User-Request The original access-request is below: Sat May 18 08:51:04 2002: DEBUG: Packet dump:*** Received from 80.247.140.4 port 1109 Code: Accounting-RequestIdentifier: 3Authentic: 219145210146203226\12185;248171tEO230Attributes: Acct-Status-Type = Start Acct-Delay-Time = 0 NAS-IP-Address = 80.247.140.4 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 5 MS-RAS-Vendor = 311 MS-RAS-Version = "MSRASV5.00" NAS-Port-Type = Virtual Tunnel-Type = 0:PPTP Tunnel-Medium-Type = 0:IP Calling-Station-Id = "172.31.1.18" Tunnel-Client-Endpoint = 49:72.31.1.18 Acct-Session-Id = "133" User-Name = "kdavid" Framed-IP-Address = 80.247.156.36 Framed-MTU = 1500 Session-Timeout = 54596 Acct-Multi-Session-Id = "3" Acct-Link-Count = 1 Event-Timestamp = 1027622370 Acct-Authentic = RADIUS MS-MPPE-Encryption-Types = 0
(RADIATOR) Windows RAS server and Encryption
Hi Hugh, Hi All, Has anyone configured a Windows 2000 server/advanced server to authenticate via radiator AND use encryption - between server and clients? If yes, please send me a copy of your config file (no passwords please :-) Also a Windows 2000 server/advanced server to authenticate via radiator AND use MSCHAP v1 or 2? If yes, please send me a copy of your config file (no passwords please :-) I have downloaded the patches in the radiator 3.1 area of your site but no luck. Regards, Tunde Itayemi.
Re: (RADIATOR) LDAP and CHAP
Hi, Depending on your patience, number of clients and time, you could get Mobius Freeware's w32crack - run it continuously for a few days after extracting the username and encrypted passwords from the windows 2K server or NT using pwdump2 or pwdump3 and hey presto! All passwords in cleartext! Regards, Tunde Itayemi. - Original Message - From: Dan Melomedman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 16, 2002 4:13 PM Subject: Re: (RADIATOR) LDAP and CHAP Hugh Irvine writes: Hello Dan - You can use CHAP with any database, however the password stored therein *must* be in cleartext, as you can only use cleartext passwords with CHAP. regards Hugh The problem is all our dial-ups have hashed passwords, and returning them to clear text would be impossible. The problem is Broadwing now requires CHAP for some of the POPs, and doesn't for others. Are there any work-arounds for this? Thanks. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Name rewrites
Hi Hugh, I know nothing about Perl even though I wouldn't mind having one with an "a" after the "e" :-) The following is from my radius.cfg Handler Client-Identifier=viruse2 AuthByPolicy ContinueWhileAccept# remove @domain-name RewriteUsername s/^([^@]+).*/$1/ UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 RewriteUsername tr/A-Z/a-z/ Would the "above" allow in a user with say wole.james as the user name? Please note the fullstop in the name. What exaclty does the Rewrite statement above do - just remove the part after the @ sign? The UsernameCharset above will allow names with periods? Regards, Tunde Itayemi.
(RADIATOR) MS Encryption attributes
Hi Hugh, I extracted the following from the dictionary file that came with radiator 3.0 Please can you have Mike take a look at it? Is it correct? I have tried to implement encryption on a Windows 2000 RAS server but I have had no success - I sent a mail to the mailing list some time ago. Please it would be nice if you can check the attribute values, and the data type also. #VALUE MS-MPPE-Encryption-Policy Encryption-Allowed 1#VALUE MS-MPPE-Encryption-Policy Encryption-Required 2# Is this correct?:#VALUE MS-MPPE-Encryption-Types Encryption-40 4#VALUE MS-MPPE-Encryption-Types Encryption-128 2#VALUE MS-MPPE-Encryption-Types Encryption-Any 6# RcryptKey Regards, Tunde I.
Re: (RADIATOR) Radiusd crashes with strange error
Hi, I had the same problem. A new notification (mail) kept popping into my mailbox almost every 2 seconds. I had to turn of the restartWrapper. I got the same problem when I tried to use the restartWrapper with BIND 9.2 on my (same) RedHat 7.2 server. I am interested in the solution. Regards, Tunde I. - Original Message - From: Leon Oosterwijk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 09, 2002 5:58 PM Subject: (RADIATOR) Radiusd crashes with strange error I've recently upgraded two machines to 3.0. I'm now getting the following error sporadically: our program /usr/bin/radiusd -config_file /etc/radiator/radius.cfg -dictionary_file /etc/radiator/dictionary exited unexpectedly with exit status 0, signal number 0 and dump indication 0. The STDERR output was Error: creating socket: Address already in use Undefined subroutine Radius::Util::get_port called at /usr/bin/radiusd line 328. . The program will be restarted again by /usr/local/sbin/restartWrapper in 600 seconds. == This mail message was automatically generated by restartWrapper, part of the OSC Radiator package. == What could be causing this? The Util.pm under the Radius dir have the routine called get_port all the way at the bottom of the file. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RestartWrapper for DNS server
Hi Hugh, Hi all, Okay I am being extremely lazy - I haven't even taken a look at the restartwrapper code - I know approximately zero perl anyway. I am wondering if I could use the restartwrapper for say a BIND 9 DNS server running on the same machine as radiator. The main question is does restartwrapper support apps written in other languages? Secondly, am I breaking any software agreements if I decide to use it this way? Regards, Tunde Itayemi (Metrong Internet Services)
Re: (RADIATOR) Time Check Item format.
Hi Griff, Use: Time=Wk1000-1800,SaSu-2400 Regards, Tunde Itayemi. - Original Message - From: Griff Hamlin, III [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 05, 2002 5:41 PM Subject: (RADIATOR) Time Check Item format. Hello all, If I wanted the time restriction to be Monday-Friday from 10am to 6pm, and weekends unlimited, how is the best way to specify that the weekends are to be unlimited? I can do Time=Wk1000-1800 for the weekdays, but how do I handle unlimited weekends? thanks, Griff Hamlin, III Quik International === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
