Re: (RADIATOR) Problem with Simultaneous-Use and proxying
Can you do: Client proxy.realm.ips StripFromReply Simultaneous-Use /Client or is StripFromReply only for AuthBy? This is just the first thing that popped into my head. / / Jason On Mon, 3 Jul 2000, Joshua M. Thompson wrote: Date: Mon, 3 Jul 2000 23:13:07 -0400 (EDT) From: Joshua M. Thompson [EMAIL PROTECTED] To: Hugh Irvine [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Problem with Simultaneous-Use and proxying On Tue, 4 Jul 2000, Hugh Irvine wrote: This is what it should do, however it is posting a warning to let you know. Is the real question "can I suppress the warning?"? If so, the answer at the moment is no, until we completely re-do the logging subsystem. The logging itself doesn't bother me. "grep -v" is my friend. :) It's just that it really does deny the users access: Sat Jul 1 20:36:35 2000: WARNING: Could not find a Client for NAS 204.146.166.105 to double-check Simultaneous-Use. Perhaps you do not have a reverse DNS for that NAS? Sat Jul 1 20:36:35 2000: INFO: Access rejected for [EMAIL PROTECTED]: I think I'll take a look at the code and see about switching the default behavior and submit the patch. A more detailed fix would be to map all the existing clients to IPs and compare the actual addresses instead of just trying to match via reverse DNS but I think I'll get the customers happy first with the quick fix. I think you may have to do some more investigation to ascertain under what conditions the session database is not being correctly updated. I will. I just need to watch it so my log doesn't overflow before I find the piece of info I need. :) -- Senior Systems Engineer | "Where are we going, and what am I doing in BigNet, Inc. | this handbasket?" Phone: 248-771-1261 | - Paraphrased from various people's .sigs Fax: 248-771-1269 | === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Help with Handler
How can I write a handler like: Handler !Framed-Protocol or Handler Framed-Protocol = // (tried, gets skipped) If I can get Handler to use a negative match, I'll be all set! :) Thanks in advance! Here is what I get from the PM3 when a user dials up as a terminal user. Code: Access-Request Identifier: 137 Authentic: x Attributes: User-Name = "jason" User-Password = NAS-IP-Address = xx.xxx.121.18 NAS-Port = 25 NAS-Port-Type = Async Connect-Info = "48000 LAPM/V42BIS" Called-Station-Id = "848" Calling-Station-Id = "360yyy" Here is what I get when the user connects via PPP/PAP Code: Access-Request Identifier: 137 Authentic: Attributes: User-Name = "jason" User-Password = xxx NAS-IP-Address = xx.xxx.121.18 NAS-Port = 24 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Connect-Info = "50666 LAPM/V42BIS" Called-Station-Id = "848xxx" Calling-Station-Id = "360yyy" / / Jason === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How should I go about this?
Hugh, the problem is I don't have a configuration file to support what I want to do, which is; Allow customer Jason Godsey, with user name jason to connect with any modem program such as hyperterminal and type Login: jason and be ushered to the rlogin host. At the same time, I'd like to allow jason to also use the username jason as his login in Dialup Networking for a PPP connection. We currently solve this by having PPP customers use a capitol P before their username Pjason. This is causing alot of problems for customers as we get more and more computer novice people who can't figure out why they need Pjason to use dialup and just jason for email etc.. I would like to find some sort of hook I can use in my Handler clauses to identify the session as PPP or Login-User transparently to the customer based on what the portmaster sends in the auth packet. If it helps, I beleve all of our PPP customers support PAP. One way I've tried this is trying Sjason for Shell, radiator works great catching it, strips the S and checks the user/pass just fine and hands the portmasters the Login-IP-Address etc.. The ONLY problem is that the portmaster then hands the Rlogin host Sjason instead of just jason. If I create a user on the shell system as Sjason it works great. If there is no easy way to distinguish between a PPP and User-Login based on what the portmaster feeds radius in the auth packet, I have the option of patching my Rlogin daemon to strip s/^S//; but I was hoping for a more elegant solution :) / / Jason On Thu, 29 Jun 2000, Hugh Irvine wrote: Date: Thu, 29 Jun 2000 09:41:41 +1000 From: Hugh Irvine [EMAIL PROTECTED] To: Jason Godsey [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) How should I go about this? Hello Jason - I think I will need to see a more complete configuration file, together with a more complete description of what you are trying to do. The information below appears to be incomplete. thanks Hugh On Thu, 29 Jun 2000, Jason Godsey wrote: This is basically how I'm setup now: Handler Called-Station-Id=/(848|383)/ # auth by . /Handler Handler Called-Station-Id=/(424)/ # auth by . /Handler Handler Called-Station-Id=/(383)/ /Handler Handler # auth by . /Handler We currently have users using "Pjason" as their PPP login, and jason as shell, however we would like to change this to allow jason to allow for PPP session and Sjason to work as shell since we don't offer SLIP. The problem I've run into is that after radiator does it's thing: Wed Jun 28 10:16:21 2000: DEBUG: Check if Handler User-Name=/^S/ should be used to handle this request Wed Jun 28 10:16:21 2000: DEBUG: Handling request with Handler 'User-Name=/^S/' Wed Jun 28 10:16:21 2000: DEBUG: Rewrote user name to jason which is good, however it passes back to the pm3's to use a Rlogin host, even though radiator strips off the S, the pm3 retains it and passes it to the rlogin daemon on the login host. Has anyone faced this before? I've thought of: Handler Service-Type = /!Framed-User/, but I'm not sure if this would work either. Thank you for any help! / / Jason === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How should I go about this?
How do you tell the difference as far as radius is concerned weather to return: DEFAULT Auth-Type = System Service-Type = Login-User, Login-Service = Rlogin, Login-IP-Host = 206.129.xxx.xxx or DEFAULT Auth-Type = System Framed-Protocol = PPP, Framed-MTU = 1500, Session-Timeout = 10800, Idle-Timeout = 600, Port-Limit = 1 This is where I have the problem. I hope there is an easy solution such as Handler Service-Type = /PPP/ :) however, from looking at trace 4, I don't see anything I can do to check if it's a ppp or login-user request. / / Jason On Thu, 29 Jun 2000, Andy Dills wrote: Date: Thu, 29 Jun 2000 13:23:08 -0400 (EDT) From: Andy Dills [EMAIL PROTECTED] To: Jason Godsey [EMAIL PROTECTED] Cc: Hugh Irvine [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) How should I go about this? On Thu, 29 Jun 2000, Jason Godsey wrote: Hugh, the problem is I don't have a configuration file to support what I want to do, which is; Allow customer Jason Godsey, with user name jason to connect with any modem program such as hyperterminal and type Login: jason and be ushered to the rlogin host. At the same time, I'd like to allow jason to also use the username jason as his login in Dialup Networking for a PPP connection. We currently solve this by having PPP customers use a capitol P before their username Pjason. This is causing alot of problems for customers as we get more and more computer novice people who can't figure out why they need Pjason to use dialup and just jason for email etc.. I would like to find some sort of hook I can use in my Handler clauses to identify the session as PPP or Login-User transparently to the customer based on what the portmaster sends in the auth packet. If it helps, I beleve all of our PPP customers support PAP. One way I've tried this is trying Sjason for Shell, radiator works great catching it, strips the S and checks the user/pass just fine and hands the portmasters the Login-IP-Address etc.. The ONLY problem is that the portmaster then hands the Rlogin host Sjason instead of just jason. If I create a user on the shell system as Sjason it works great. If there is no easy way to distinguish between a PPP and User-Login based on what the portmaster feeds radius in the auth packet, I have the option of patching my Rlogin daemon to strip s/^S//; but I was hoping for a more elegant solution :) Jason, the portmaster should autodetect the difference. I know that Ascend, Assured Access, and Cisco NASes do. You shouldn't have to have a capital P in front of their usernames. For instance, with us, if you dialup to us, we wait for you to start PAP. If we don't see PAP after a couple of seconds, it drops you into the Login-User mode. Same usernames for either connection method. Doesn't get more elegant than that : Andy Andy Dills 301-682-9972 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) How should I go about this?
I've tried: Handler Service-Type = /Login-User/ which doesn't get used since the auth packet doesn't contain a service-type for some reason.. I'm going to try seeing if it's the radius proxy handing me the requests stripping them or the pm3 not sending them to begin with. / / Jason On Thu, 29 Jun 2000, Andy Dills wrote: Date: Thu, 29 Jun 2000 16:16:53 -0400 (EDT) From: Andy Dills [EMAIL PROTECTED] To: Jason Godsey [EMAIL PROTECTED] Cc: Hugh Irvine [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) How should I go about this? On Thu, 29 Jun 2000, Jason Godsey wrote: How do you tell the difference as far as radius is concerned weather to return: DEFAULT Auth-Type = System Service-Type = Login-User, Login-Service = Rlogin, Login-IP-Host = 206.129.xxx.xxx or DEFAULT Auth-Type = System Framed-Protocol = PPP, Framed-MTU = 1500, Session-Timeout = 10800, Idle-Timeout = 600, Port-Limit = 1 This is where I have the problem. I hope there is an easy solution such as Handler Service-Type = /PPP/ :) however, from looking at trace 4, I don't see anything I can do to check if it's a ppp or login-user request. You make the Service-Type a check item (as opposed to a reply item, as you have above). Like this: DEFAULT Auth-Type = System, Service-Type = Login-User, Simultaneous-Use = 1 Login-Service = Rlogin, Login-IP-Host = shell.xecu.net Andy Andy Dills 301-682-9972 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) How should I go about this?
This is basically how I'm setup now: Handler Called-Station-Id=/(848|383)/ # auth by . /Handler Handler Called-Station-Id=/(424)/ # auth by . /Handler Handler Called-Station-Id=/(383)/ /Handler Handler # auth by . /Handler We currently have users using "Pjason" as their PPP login, and jason as shell, however we would like to change this to allow jason to allow for PPP session and Sjason to work as shell since we don't offer SLIP. The problem I've run into is that after radiator does it's thing: Wed Jun 28 10:16:21 2000: DEBUG: Check if Handler User-Name=/^S/ should be used to handle this request Wed Jun 28 10:16:21 2000: DEBUG: Handling request with Handler 'User-Name=/^S/' Wed Jun 28 10:16:21 2000: DEBUG: Rewrote user name to jason which is good, however it passes back to the pm3's to use a Rlogin host, even though radiator strips off the S, the pm3 retains it and passes it to the rlogin daemon on the login host. Has anyone faced this before? I've thought of: Handler Service-Type = /!Framed-User/, but I'm not sure if this would work either. Thank you for any help! / / Jason === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) mysql and I'm lazy.
I have read the goodies, however we would like to log EVERYTHING not just the limited entries in the example. one thing I'm having trouble with is I need to migrate our detail files from 1997+ into the database also. This gives me the problem of not knowing the int value of le-terminate-detail etc.. Thanks! On Tue, 21 Mar 2000, Hugh Irvine wrote: Date: Tue, 21 Mar 2000 14:44:22 +1100 From: Hugh Irvine [EMAIL PROTECTED] To: Jason Godsey [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) mysql and I'm lazy. Hello Jason - On Tue, 21 Mar 2000, Jason Godsey wrote: Hello again, I've discovered I'm quite lazy and am looking for a simple way to setup SQL tables for all the records I want out of the detail file. Are there any utils to parse a detail file and generate a proper sql dump to hold all the information contained in the detail file? Other wise, do I just look up the attribute I want in the detail file to see if it is text/int? Is there a simply way to tell how long the field is? There is a sample SQL creation script in goodies/mysqlCreate.sql. And really the simplest way to write the database is with Radiator and an AuthBy SQL. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) mysql and I'm lazy.
Hello again, I've discovered I'm quite lazy and am looking for a simple way to setup SQL tables for all the records I want out of the detail file. Are there any utils to parse a detail file and generate a proper sql dump to hold all the information contained in the detail file? Other wise, do I just look up the attribute I want in the detail file to see if it is text/int? Is there a simply way to tell how long the field is? Jason === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Manual?
The url in the manual for Shadowf (for perl) package is not correct. I was able to find it searching the list but it would be nice to have a working url in the manual. Thanks! -- Jason Godsey === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Different logfiles for different groups?
I will give it a try, however I'm fairly sure we have tried. In my case there is a bit of a problem, I am generating/maintaining the password files on our mail server. There are 2 seperate radius servers who I rsync the files over ssh to every change. The radius server also act as backup MX servers for us so I didn't want any local accounts on the machines. In my case I'm actually pointing to /usr/local/etc/shadow,passwd,group. Will auth by system work in this way? This is why I said I just whiped up a little perl program to make the user:pass:uid:gid file in the mix. On the mail server I use PAM which matches primary and secondary just fine. Jason On Sat, 30 Oct 1999, Hugh Irvine wrote: Date: Sat, 30 Oct 1999 10:00:35 +1000 From: Hugh Irvine [EMAIL PROTECTED] To: Jason Godsey [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Different logfiles for different groups? Hello Jason - On Sat, 30 Oct 1999, Jason Godsey wrote: I'm having a problem getting the users primary group, I'm running radiator on linux and have the passwordfile pointed to /etc/shadow, it is able to check the crypted password just fine, however linux's shadow file does not contain the users primary group (however the freebsd box's master.passwd does). Is there an easier fix that my current solution? Perhaps try AuthBy SYSTEM rather than AuthBy UNIX. Please let me know how it works. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Different logfiles for different groups?
This is the exact same problem I have. It can be fixed using PAM, however
I don't like pam, it's much slower in my tests than using the password
files. If you peek in /etc/shadow you'll notice no groups are listed.
This is why I asked to have ShadowFile directive added to Radiator so you
can point to PasswordFile /etc/passwd, GroupFile /etc/group, and
ShadowFile /etc/shadow. This would fix this problem for me anyway :)
On Fri, 29 Oct 1999, Dawn Lovell wrote:
Date: Fri, 29 Oct 1999 08:31:04 -0500
From: Dawn Lovell [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Different logfiles for different groups?
Hi, Hugh! We are running 2.14.1; the note in the revision history was
part of why we thought it should work. We had not explicitly specified
GroupFilename, so we added that option and tried again. It still seems
to be ignoring our primary groups; maybe we're missing something else?
Here's the relevant portion of our config file:
AuthBy UNIX
Identifier System
Filename /etc/shadow
GroupFilename /etc/group
DefaultSimultaneousUse 1
/AuthBy
Handler
AuthBy FILE
# The filename defaults to %D/users
Filename %D/users.trial
/AuthBy
## Trial userids will have a Class of "trial" and
## all others will have no Class attribute set.
AcctLogFileName %L/%N/detail%{Class}
/Handler
From the users.trial file:
DEFAULT Auth-Type = System, Group = trial, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Reply-Message="choice: ",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Class = trial
DEFAULT Auth-Type = System, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Reply-Message="choice: ",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800
This works great for userids that are explicitly listed in the groups
file, but doesn't seem to work if they are not. We are running nscd,
just in case that may be related to our problem. This is a Solaris 7
box. Passwd and group are both set to files in nsswitch.conf.
Here's an example user and the debug output for it.
In /etc/passwd:
testuser:x:12268:2000:Test User:/tmp:/bin/noshell
In /etc/group:
trial::2000:user1,user2
Debug output:
Fri Oct 29 08:09:59 1999: DEBUG: Check if Handler should be used to handle
this request
Fri Oct 29 08:09:59 1999: DEBUG: Handling request with Handler ''
Fri Oct 29 08:09:59 1999: DEBUG: Deleting session for testuser, 209.142.178.4,
0
Fri Oct 29 08:09:59 1999: DEBUG: Handling with Radius::AuthFILE
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE looks for match with testuser
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Oct 29 08:09:59 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX looks for match with testuser
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX REJECT: User testuser is not
in Group trial
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE REJECT: User testuser is not
in Group trial
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1
Fri Oct 29 08:09:59 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX looks for match with testuser
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthUNIX ACCEPT:
Fri Oct 29 08:09:59 1999: DEBUG: Radius::AuthFILE ACCEPT:
Fri Oct 29 08:09:59 1999: DEBUG: Access accepted for testuser
Thanks again for your help!
Dawn
At 12:26 PM 10/29/99 +1000, Hugh Irvine wrote:
This was fixed in Radiator 2.14. The following is from the revision history on
the web page (http://www.open.com.au/radiator/history.html):
AuthBy SYSTEM now checks the primary group as well as
the secondary groups. It used only to do the secondaries.
You will also need to use the GroupFilename parameter in your AuthBy.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe
Re: (RADIATOR) Authenticate users from BSDI password file
A quick fix is to change your radius.cfg file to point to
/etc/master.passwd I think.
I'm having a similar problem w/ linux (however I just started using PAM)..
Where if I point to /etc/shadow it doesn't get the users primary group.
I'd sure like to see radiator support PasswordFile /etc/passwd and
ShadowFile /etc/shadow etc... :)
Jason
On Mon, 11 Oct 1999, S.K.D. Lakmin Premnath wrote:
Date: Mon, 11 Oct 1999 18:22:40 +
From: S.K.D. Lakmin Premnath [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Authenticate users from BSDI password file
hi mikem
I'm running Radiator 2.14.1(single CPU Licence) on bsdi 4.0 machine. I need
to authenticate users from UNIX password file. when I try to do this it
says following
lakmin is my user abc123 is my password.
radiator: {2} % perl radpwtst -user lakmin -password abc123
sending Access-Request...
Rejected
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
radiator: {3} %
following is output of password log file
Mon Oct 11 18:05:17 1999:939643517:lakmin:abc123:ENCRYPTED:FAIL
In radius.cfg file
Realm DEFAULT
AuthBy UNIX
Identifier System
Filename /etc/passwd
GroupFilename /etc/group
/AuthBy UNIX
Realm
In users file
#DEFAULT Auth-Type = System, Group = group1, Auth-Type=Radius
DEFAULT Auth-Type = System, Group = wheel
# Reply-Message = you are in group 1
thankx
lakmin
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) static ip customers
would tere be an easy way to setup some way to check for a user's ip and netmask from a db? %static = ( "godsey" = "192.168.1.128/25"; "jason" = "192.168.1.1/32"; "joe" = "192.168.1.2/32"; ); - Jason === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Logfile size
-rw-r- 1 root wheel 15470156 Feb 28 23:59 detail.1999.02.gz -rw-r- 1 root wheel 17094556 Mar 31 23:59 detail.1999.03.gz -rw-r- 1 root wheel 17061311 Apr 30 23:59 detail.1999.04.gz -rw-r- 1 root wheel 257358389 May 31 23:59 detail.1999.05 -rw-r- 1 root wheel 14702947 Jun 2 16:46 detail.1999.06 We have 2.5k dialup users. Looks like about 8megs/day. Looks like you'll need much more than 2 20gig drives to keep a years worth :) (you'll need that for just 2 months) Each month will eat nearly 30megs if our numbers scale. - Jason Godsey On Wed, 2 Jun 1999, ryanm wrote: Hello everyone, I am curious what size my daily logfiles will be with 1+ logins a day. I am doing some capicity planning and want to add a couple disks to store logging info on. I would appreciate any average sizes you have. I have looked at the entries in the detail log and 1 login/logout is roughyl 800 bytes. I multiplies this out by 1 and got 8,000,000 so I am assuming roughly 10 Megs a day?? I plan on archiving these for up to a year for various reasons so was hoping to get 2 20 gig Disks to do this. I also plan on using some form of compression scheme. Thanks for any info anyone can get back to me, Thanks again, Ryan === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
