Re: (RADIATOR) Trouble with SessionDatabase SQL
Hugh Irvine wrote: > Salut Fred - > > Comment va la vie? Je suis desole qu'on s'est pas vu lors de ma derniere > visite a Paris - mais peut-etre la prochaine fois? > J'espere bien ! Depuis le temps... > > On Thursday 22 March 2001 04:50, Frederic Gargula wrote: > >> Hi all, >> >> >> I write again to this list to report a strange behavior : >> >> I want to limit simultaneous logins : Each user can be logged on once at >> a time. >> >> [In the bottom, you can find interesting parts of my config file.] >> > I agree with you - it looks quite strange. Could you tell me what version of > Radiator you are running? And could you also try to remove the AuthByPolicy > from the Handler? As you only have a single AuthBy you shouldn't need the > AuthByPolicy anyway. Oh, Sorry. I'm using Radiator 2.17.1 ;) I've removed the AuthByPolicy that is useless as you said. (I've put it because I hoped Radiator will not send an Access-Accept after the Acces-Reject generated by the MaxSessions Exceeded state) without the authByPolicy Clause, the result is the same : two answers (An Access-Reject due to MaxSessions, and then an Access-Accept due to the correct LDAP lookup). I will be very glad if I could find the way to have only one answer... Regards, -- Frederic Gargula Systems Design Engineer Easynet France === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Trouble with SessionDatabase SQL
x AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID, Acct-Session-Id AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE, Acct_Terminate-Cause,integer AcctColumnDef NASIDENTIFIER, NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address AcctColumnDef CALLERID,Caller-Id RewriteUsername s/^([^@]+)$/$1\@easynet.fr/ RejectHasReason SessionDatabase SDB1 AuthByPolicy ContinueUntilReject MaxSessions 1 AuthBy Auth_ldap_dialup RewriteUsername s/^([^@]+)$/$1\@easynet.fr/ AuthByPolicy ContinueAlways AuthBy Accounting1 DBSource dbi:mysql:x:x DBUsername x DBAuth x Identifier SDB1 -- Frederic Gargula Systems Design Engineer Easynet France === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) LDAP with MIMEBASE64 and MD5 trouble
Hi all, I'm testing authentication with Radiator 2.17.1 on OpenLDAP 1.2.11 (each on a separate sever, both on a private testing network), and I have trouble with MD5 encryption. On the LDAP server, passwords are stored in the form : {MD5}ZviHb9U7k5r2YaTNG6QuTA== [this format is known as MD5 with MIME] Following the documentation, and particulary the sections 13.1.1 and 13.1.2, Radiator supports this encrypted format for both 'User-Password' and 'Encrypted-Password' check items. I've tried both, and I have : -using 'User-Password' : > > Tue Feb 6 10:19:12 2001: DEBUG: Handling with Radius::AuthLDAP2 > Tue Feb 6 10:19:12 2001: DEBUG: Connecting to 192.168.100.10, port 389 > Tue Feb 6 10:19:12 2001: DEBUG: LDAP got result for > [EMAIL PROTECTED],ou=users,domain=easynet.fr,vip=easynet-fr,o=easynet.net > Tue Feb 6 10:19:12 2001: DEBUG: LDAP got userpassword: {MD5}ZviHb9U7k5r2YaTNG6QuTA== > Tue Feb 6 10:19:12 2001: DEBUG: LDAP got idletime: 0 > Tue Feb 6 10:19:12 2001: DEBUG: LDAP got ippool: 1 > Tue Feb 6 10:19:12 2001: DEBUG: LDAP got ipnetmask: 255.255.255.255 > Tue Feb 6 10:19:12 2001: DEBUG: LDAP got iproutemetric: 2 > Tue Feb 6 10:19:12 2001: DEBUG: Radius::AuthLDAP2 looks for match with >[EMAIL PROTECTED] > Tue Feb 6 10:19:12 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password -using 'Encrypted-Password' : > Tue Feb 6 10:50:25 2001: DEBUG: Handling with Radius::AuthLDAP2 > Tue Feb 6 10:50:25 2001: DEBUG: Connecting to 192.168.100.10, port 389 > Tue Feb 6 10:50:25 2001: DEBUG: LDAP got result for > [EMAIL PROTECTED],ou=users,domain=easynet.fr,vip=easynet-fr,o=easynet.net > Tue Feb 6 10:50:25 2001: DEBUG: LDAP got userpassword:{MD5}ZviHb9U7k5r2YaTNG6QuTA== > Tue Feb 6 10:50:25 2001: DEBUG: LDAP got idletime: 0 > Tue Feb 6 10:50:25 2001: DEBUG: LDAP got ippool: 1 > Tue Feb 6 10:50:25 2001: DEBUG: LDAP got ipnetmask: 255.255.255.255 > Tue Feb 6 10:50:25 2001: DEBUG: LDAP got iproutemetric: 2 > Tue Feb 6 10:50:25 2001: DEBUG: Radius::AuthLDAP2 looks for match with > [EMAIL PROTECTED] > Tue Feb 6 10:50:25 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted password I'm sure of my password, and I don't understand why Radiator still rejects my requests. I've seen many past posts in this mailing list, and I remember Robin Gruyters's one, on Jun 13 2000 : > hi, > > Because we use in our LDAP for password md5 with MIME64 > (userpassword={MD5}qP0OV/oViFka8YbFMWEWeg==) > We had to make some changes in the Radius.pm file. Here is a patch: > > --- Radius.pm Tue Jun 13 10:25:10 2000 > +++ Radiusmd5.pmTue Jun 13 10:26:12 2000 > @@ -708,6 +708,18 @@ > # via Apache::AuthenRadius or similar > $result = &check_digest_password($user, $submitted_pw, > $pw); > } > +elsif ($pw =~ /^{MD5}/) > +{ > +require MIME::Base64; > +require Digest::MD5; > +my $context = new MD5; > +$context->reset(); > +$context->add("$submitted_pw"); > + > +my $tmppw = "{MD5}" . > MIME::Base64::encode_base64($context->digest()); > +chomp($tmppw); > +$result = ($tmppw eq $pw); > +} > else > { > # Just ordinary old plaintext, look for an exact match > I don't understand why he has to patch Radius.pm, because following the Class Hierarchy on section 17.5, the AuthLDAP2 inherits from AuthGeneric. Nowhere else the {MD5} encryption appears : morrison:/usr/local/src/Radiator-2.17.1/Radius$ grep "{MD5}" * AuthGeneric.pm:elsif ($pw =~ /^{MD5}/) AuthGeneric.pm: $cmp_pass = '{MD5}' . MIME::Base64::encode_base64($md5->digest()); AuthGeneric.pm: $cmp_pass = "{MD5}" . $md5->hexdigest(); I've put my config file in attachment. Is the inheritance working ? Does anyone have any idea for my trouble ? -- Frederic Gargula Systems Designer Easynet France radius.cfg_ldap
(RADIATOR) Authentication trouble
Hi, I have a trouble on my radiator proxy servers. Sometimes, an accept-request that sould invoke an Access-Reject receives an Access-Accept instead. I have noticed that when a fake Access-Accept is received, it's the same reply that few times ago. The two request/replies uses the same Identifier and Authenticator.. The two Access-Accept are exactly the same : Let's see an example : > Tue Feb 15 10:25:28 2000: DEBUG: Packet dump: > *** Sending to 195.114.64.Y port 1645 > Code: Access-Request > Identifier: 55 > Authentic: <29><18>y<165>|<140>Azb<7>=++<250>U<136> > Attributes: > Proxy-Action = "AUTHENTICATE" > NAS-Identifier = "xxx" > NAS-IP-Address = 192.168.xxx.xxx > User-Name = "[EMAIL PROTECTED]" > CHAP-Password = "" > Called-Station-Id = "" > Acct-Session-Id = "3e8d38a91b76e32c6047" > NAS-Port-Type = Async > NAS-Port = 20109 > User-Id = "hdantin" > CHAP-Challenge = "" > User-Realm = "easynet.fr" > Service-Type = Framed-User > Tunnel-Type = L2F > Tunnel-Medium-Type = IP > Proxy-State = 0 > Vendor-Specific = "Siris" > Tue Feb 15 10:25:28 2000: DEBUG: Packet dump: > *** Received from 195.114.64.Y port 1645 > Code: Access-Accept > Identifier: 55 > Authentic: s<4>l1><194><177><146>{<136>*<143>'7<237><240> > Attributes: > Service-Type = Framed-User > Ascend-Idle-Limit = 0 > Maximum-Time = 1 > Framed-IP-Netmask = 255.255.255.255 > Ascend-Metric = 2 > Framed-Routing = None > Framed-Protocol = PPP > Reply-Message = "EASYSTART" Ok, a dialup user was accepted. 7 seconds later in the logfile, I found : > *** Sending to 195.114.64.Y port 1645 > Code: Access-Request > Identifier: 55 > Authentic: ]}<185>~<210><230><26><12><163>s42<160><22><163>. > Attributes: > User-Name = "totocom-user" > Service-Type = Without-Password > NAS-IP-Address = 195.114.64.Z > NAS-Port = 0 > Vendor-Specific = "Mail" > > Tue Feb 15 10:25:35 2000: DEBUG: Packet dump: > *** Received from 195.114.64.Y port 1645 > Code: Access-Accept > Identifier: 55 > Authentic: s<4>l1><194><177><146>{<136>*<143>'7<237><240> > Attributes: > Service-Type = Framed-User > Ascend-Idle-Limit = 0 > Maximum-Time = 1 > Framed-IP-Netmask = 255.255.255.255 > Ascend-Metric = 2 > Framed-Routing = None > Framed-Protocol = PPP > Reply-Message = "EASYSTART" > > Tue Feb 15 10:25:35 2000: DEBUG: Received reply in AuthRADIUS for req 55 from 19 > 5.114.64.Y:1645 > Tue Feb 15 10:25:35 2000: WARNING: Bad authenticator received in reply to ID 55 And 195.114.64.Y never replied such an Access-Accept. The user "totocom-user" doesn't exist in the database on 195.114.64.Y (this server uses a patched Livingston Radius, and the users database is a flat file hierarchy and a old password file. I'm sure that 195.114.64.Y didn't send an Access-Accept for "totocom-user". I'm now trying to use DupInterval, to refuse a second Access-Accept with the same Identifier, but I don't know if this is really the solution. Does anyone have any idea about my problem ? Thanks a lot for help. Regards, -- Frederic GARGULA Ingenieur Reseaux & Systemes EASYNET France === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) without password authentication trouble
hi, I want to be able to test that a user exists in an MSSQL 7 database, but I don't want to check his password. In fact that authentication is made by a qmail mail server that wants to know if a user exist or not (simply to know if the mailbox exist, to deliver an incoming mail) I have wrote an Handler : RewriteUsername s/^([^@]+).*/$1/ DBSource dbi:ODBC:domain1 DBUsername username DBAuth password AuthSelect select * from T_LOGIN where LOGIN='%n' and LOGINTYPE=0 AuthColumnDef 0, User-Name, check # AuthColumnDef 1, Service-Type, reply when I want to check if my handler works, I use an home-made program to simulate an incoming mail : Code: Access-Request Identifier: 200 Authentic: !9<183><30>F<145><241>w<7>_BN4<200><160>Q Attributes: User-Name = "[EMAIL PROTECTED]" Service-Type = Without-Password NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Port = 0 and Radiator says : Fri Dec 3 19:03:42 1999: DEBUG: Handling request with Handler 'Realm=domain1. com,Service-Type=Without-Password' Fri Dec 3 19:03:42 1999: DEBUG: Rewrote user name to toto11 Fri Dec 3 19:03:42 1999: DEBUG: Deleting session for [EMAIL PROTECTED], xxx. xxx.xxx.xxx, 0 Fri Dec 3 19:03:42 1999: DEBUG: Handling with Radius::AuthSQL Fri Dec 3 19:03:43 1999: DEBUG: Handling with Radius::AuthSQL Fri Dec 3 19:03:43 1999: DEBUG: Query is: select * from T_LOGIN where LOGIN='to to11' and LOGINTYPE=0 Fri Dec 3 19:03:43 1999: ERR: Bad attribute=value pair: toto11 Fri Dec 3 19:03:43 1999: ERR: Bad attribute=value pair: toto9 Fri Dec 3 19:03:43 1999: DEBUG: Radius::AuthSQL looks for match with toto11 Fri Dec 3 19:03:43 1999: WARNING: No CHAP-Password or User-Password in request: does your dictionary have User-Password in it? Fri Dec 3 19:03:43 1999: DEBUG: Radius::AuthSQL REJECT: Bad Password Fri Dec 3 19:03:43 1999: DEBUG: Query is: select * from T_LOGIN where LOGIN='DE FAULT' and LOGINTYPE=0 Fri Dec 3 19:03:43 1999: INFO: Access rejected for toto11: Bad Password Fri Dec 3 19:03:43 1999: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 1993 Code: Access-Reject Identifier: 200 Authentic: !9<183><30>F<145><241>w<7>_BN4<200><160>Q Attributes: Reply-Message = "Request Denied" I don't want to check the password, but I want to know if there such a user in the database... Do you have any ideas ? Thank you for help... Best Regards, -- Frederic GARGULA Ingenieur Reseaux & Systemes EASYNET France === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ODBC drivers for linux
Mike McCauley wrote: > > Hi Kevin > > On Jun 3, 4:41pm, Kevin Wormington wrote: > > Subject: Re: (RADIATOR) ODBC drivers for linux > > The only success that I have had is with DBI and DBD::FreeTDS which works > > very well connection to MS SQL 6.5 and 7.0 and requires no other client > > libraries. > I have installed Openlink's multi-tier ODBC drivers and DBD::ODBC, which works fine with MS SQL 7. -- Frederic GARGULA Ingenieur Reseaux & Systemes EASYNET France Tel.: +33 1 44 54 70 55 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.