(RADIATOR) CVX 1800 address assignment
Hi, I was just wondering if anyone on the list has been successful in finding a way to control via access-accept the ip address pool or vpop that is used by a CVX 1800? I am wanting to assign different ip ranges to users based on criteria from my AuthBy. I realize I could use AuthDYNADDRESS, but I was hoping to let the nas's handle allocation. Kevin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) FYI - Looks like list server is on ORBS RBL
Just noticed that messages from the Radiator list are coming in flagged as RBL filtered from input.orbs.org: [logs]# rblcheck 209.61.182.19 not RBL filtered by blackholes.mail-abuse.org not RBL filtered by relays.mail-abuse.org not RBL filtered by dialups.mail-abuse.org RBL filtered by inputs.orbs.org not RBL filtered by outputs.orbs.org [logs]# host 209.61.182.19 19.182.61.209.IN-ADDR.ARPA domain name pointer server1.open.com.au -Original Message- From: Ingvar Berg (EIP) [EMAIL PROTECTED] To: Radiator List [EMAIL PROTECTED] Date: Friday, May 18, 2001 3:09 AM Subject: [UCE RBL] RE: (RADIATOR) CHAP -Original Message- From: Mariano Absatz [mailto:[EMAIL PROTECTED]] Sent: den 16 maj 2001 16:13 To: Ingvar Berg (EIP) Cc: Radiator List Subject: RE: (RADIATOR) CHAP El 16 May 2001, a las 9:08, Ingvar Berg (EIP) escribió: Or rather: you have to be able to decrypt them in Radiator, before using them. I'm not sure if you can do this with a hook, or if you need to hack the basic code in Radiator (i.e. persuade Mike or Hugh to do some fun coding...) or DIY :-)... but the point here is that most of the encryption schemes used for storing passwords are one way hash fucntions (one way beeing the key point here). = You need to have control over this as well! You can't (without a considerable computational effort far beyond an authentication server) get the original password from the encrypted one. If you were to use a two way encryption scheme, it would have to encrypt and decrypt with the same key (if it uses a symmetric algorithm like DES, DES3, or the like) or encrypt with one key and decrypt with another, both generated as a pair (conventionally, one is supposed to be public and the other private). There are several good symmetrical encryption algorithms, yepp. The point is that this way, you should put the (master) decryption key open in the radiator config file, so you just moved the weak point to another place. You could keep the key inside your crypto-accelerator box Now, if you, for instance, keep the passwords in a public open database You should restrict access to it as much as possible anyway, of course. /Ingvar (or LDAP tree or whatever) where anyone can see it and you can keep you radiator configuration file really secure (i.e. mode 400 root owned inside a mode 500 root owned directory and a really controlled set of trustable people knowing the root password), you (or Mike) could do it. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Nortel CVX-1800
Hi all, This question is a little off-topic, but I have seen some CVX-1800 users post to the list before who are using them with radiator as we are. We are having trouble with customers that are assigned static-ips via radiator being able to route to other customers who are just automatically assigned from the pools on the CVX-1800. They are able to reach the world, but can't even ping another dialup ip that's on the same box. Any pointers would be appreciated. Thanks, Kevin === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Nortel CVX-1800
They are actually in two different subnets and we are using static routing. I can ping or traceroute either address from anywhere on the internet, they just can't see each other. Kevin -Original Message- From: Hugh Irvine [EMAIL PROTECTED] To: Kevin Wormington [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Wednesday, March 21, 2001 5:30 PM Subject: Re: (RADIATOR) Nortel CVX-1800 Hello Kevin - On Thursday 22 March 2001 09:42, Kevin Wormington wrote: Hi all, This question is a little off-topic, but I have seen some CVX-1800 users post to the list before who are using them with radiator as we are. We are having trouble with customers that are assigned static-ips via radiator being able to route to other customers who are just automatically assigned from the pools on the CVX-1800. They are able to reach the world, but can't even ping another dialup ip that's on the same box. Any pointers would be appreciated. Some devices have trouble with multiple bits of the same subnet in different places. You will probably need to set up some form of routing (either static or dynamic) to force the device to recognise the different subnet blocks. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ODBC/Platypus/SQL 7 basics
You can use the freetds libraries instead of the Sybase libraries. You can find them at http://www.freetds.org and they are in source form so you should have no problem using them on *BSD. Kevin -Original Message- From: Doug Clements [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Sunday, November 05, 2000 6:44 PM Subject: RE: (RADIATOR) ODBC/Platypus/SQL 7 basics Thanks for the reply. [..] Radius server|Network| SQL Server -|---|- Radiator - DBI - DBD:ODBC - ODBC driver(iODB) - SQL 7 Server [..] You have almost got it - my reading of iODBC is that it still needs an ODBC driver underneath. Have a look at this URL: http://195.153.164.12/wwwboard/messages/176.html You can also do a search on Google (which is what I did - www.google.com). Depending on what platform you are running on, you may find using the DBD-Proxy is a simpler way to go, or alternatively the Sybase client libraries and DBD-Sybase. Ok, that makes sense. It looks like iODBC is out of the picture, since it uses binary drivers (the ones I saw are only for linux), and I'm using OpenBSD. The next choice is DBD:proxy, which I took a short look at. The picture is now this: Radius server|Network| SQL Server -|---|- - Radiator - DBI - DBD:Proxy DBD:Proxy - Windows ODBC - SQL 7 Server Right? If this is correct, is the DBD:Proxy daemon very intensive if I chose to run it on the SQL server, or should it be an install and use forever type of component? The last choice is the Sybase client client librarys. I thougt I could use DBD:Sybase without them, but soon figured out that I couldn't. Again, I'm on OpenBSD, and I didn't see any source distributions for the Sybase librarys, so that looks out of the picture. Looks like I'll be trying to get DBD:Proxy going, regardless of whether it's easy or not. =) Thanks for the time.. --Doug === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Reply-Item sequence
Hi all, I'm running 2.16.1 w/all patches and was wondering if there is a way to control the sequence or order of the reply-items. For example, I have an AddToReplyIfNotExist statement to add a port-limit and it always gets added as the first item in the reply-list, same if I modify the source in the auth module to add a reply. I need to have this inserted last, or after the framed-address, because I have one NAS that won't honor the port-limit if it comes before the framed-address. Thanks, Kevin -Original Message- From: Hugh Irvine [EMAIL PROTECTED] To: Charles Sprickman [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, July 13, 2000 8:49 PM Subject: Re: (RADIATOR) Line Noise and garbled usernames Hello Charles - There are two aspects to what you describe below: the first is to recognise the garbage logins (via regexp) and the second is to avoid passing those logins to the SQL session database. For the first part of the problem, I think I would prefer to recognise the offending usernames and reject them. To do this I would use a Handler with a negative lookahead assertion - section 13.1.20 in the 2.16.1 manual. Note that the example below will match on anything that is not A-Z, a-z, 0-9, and "-", "_" or "@". If your normal usernames include any other characters, you will have to add them to the list. And for the second part of the problem, I would define a second, INTERNAL session database to use for this Handler. Something like this: SessionDabatase INTERNAL Identifier SDB_INTERNAL /SessionDatabase Handler Username = /^(?!A-Za-z0-9-_@)/ SessionDatabase = SDB_INTERNAL AuthBy Reject_User /Handler Obviously with the above, you would also specify an AuthBy FILE with an Identifier of Reject_user to reject everything. Note that the usual caveats regarding not mixing Realms and Handlers apply - change your existing Realms to Handlers like this: Realm . . /Realm becomes Handler Realm = . . /Handler Also note that Handlers are scanned in the order they appear in the configuration file, so the more specific must appear before the more general. hth Hugh On Fri, 14 Jul 2000, Charles Sprickman wrote: Hi, We have the occasional login where all we get garbage characters for a username. I assume this is line noise or our modems not playing well with other modems (we're using USR/3Com TCs) This ends up producing stuff like this: DBD::mysql::st execute failed: You have an error in your SQL syntax near (various control and escape chars here) at line 1 at /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189. and: : You have an error in your SQL syntax near ')'' at line 1 Thu Jul 13 15:45:30 2000: ERR: Execute failed for 'select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='_p/zOC4(Kn)xi=_(I) Both of these seem to be from Radiator doing a select on the session db to see if the garbled username is online. Is there any way to get rid of this? Should I try to make a regex to get rid of these characters in a RewriteUsername (not sure how really, it's all binary junk)? Thanks, Charles | Charles Sprickman | Internet Channel | INCH System Administration Team| (212)243-5200 | [EMAIL PROTECTED] | [EMAIL PROTECTED] === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AuthPLATYPUS and 2.16.1
Hi all, I just upgraded to 2.16.1 (all patches applied) from 2.14.1 on a test machine running Linux. I'm using DBD-Sybase-0.22 and the latest freeTDS snapshot. Everything works fine, but I'm still using realms and have seen a lot on the list lately regarding handlers. Would there be any advantage to using handlers instead? Radius.cfg is included below. Thanks, Kevin --- My radius.cfg --- Foreground #LogStdout Trace 3 LogDir /root/Radiator-2.16.1 LogFile %L/radiator.log DbDir /root/Radiator-2.16.1 AuthPort1812 AcctPort1813 Client DEFAULT Secret shh DupInterval 30 /Client Realm PasswordLogFileName %L/password.log AuthByPolicy ContinueWhileAccept RewriteUsername tr/A-Za-z0-9\-//cd AuthBy PLATYPUS DBSourcedbi:Sybase:server=some.big.server DBUsername x DBAuth x # You can add to or change these if you want. AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer AcctColumnDef NASIdentifier,NAS-Identifier AcctColumnDef NASIdentifier,NAS-IP-Address AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef NASPortType,NAS-Port-Type,integer AcctColumnDef FramedAddress,Framed-IP-Address AccountingStopsOnly /AuthBy AuthBy FILE Filename /path/Radiator-2.16.1/users /AuthBy AddToReplyIfNotExist Port-Limit=1 /Realm === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) evaluator questions...
Hi, I have been using Radiator, authenticating and accounting via SQL, for about a year now and it works very well. Depending on your perl skills you can have/make radiator do just about anything that you want. In answer to your questions (anyone else on the list, please feel free to correct me ;) 1) I believe the source would have to modified to calculate and add a "Session-Limit" which would cause your NAS to disconnect the user at your end-time, from a quick glance it looks like it would take 3 or 4 lines (ok, I know there is someone out there who can do it in one :) in AuthGeneric.pm. 2) The log files are standard livingston format detailing every attribute sent in the acct packet. Again, I believe you would need to modify the source to only log certain attributes to a flat file, however you can define the attributes to log if you are detailing to an SQL database as we do. 3) We have no regrets about purchasing radiator, it has to be the most flexable auth solution free or commercial, especially if you can modify perl code. Good luck with your project... Kevin Sofnet, Inc. -Original Message- From: Richard Barnes [EMAIL PROTECTED] To: Radiator List [EMAIL PROTECTED] Date: Tuesday, September 21, 1999 10:07 AM Subject: (RADIATOR) evaluator questions... I'm currently evaluating Radiator to be used as our radius server. I like what I see so far, but I do have three questions. 1) I'm trying to figure out if I can set a time limit an account is allowed to be on. I know that I can set "windows" when an account can connect, but suppose I have an account that can connect Mon-Fri 8am-5pm (normal business hours). What happens if that account connects on Wed at 4:55pm. Unless they hang up, there's no way to make them disconnect at 5pm. 2) Is there a way I can control what info gets written out to the detail file? I'm currently using an old version of Livingston radius, and the records written out to the detail file are not as detailed. I like many of the new entries I'm getting in the detail file using Radiator, but I don't really need to know details like: USR-Simplified-MNP-Levels = ccittV42 USR-Simplified-V42bis-Usage = ccittV42bis Acct-Input-Octets = 287 Acct-Output-Octets = 266 Acct-Input-Packets = 13 Acct-Output-Packets = 12 I'm using USR HiperARC chassis (and some older NetServs). I'm doing "AuthBy DBFILE" and have Nocache specified. Also, running on Solaris 2.5.1 (just trying to give as much info upfront ) 3) My final question is "Is there anybody on this list that regrets choosing Radiator". I've read through some of the archives, and I've seen some of the normal complaints I would expect to see with any product. I'm leaning heavily towards purchasing it, but I figure I should ask the community of users who use it everyday, and get their opinion. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) ODBC drivers for linux
I'm out of the office so I don't have access to the url, but if you look through the FreeTDS readme/docs it has the ftp address that you can get the latest version from, from memory it was something like ftp.internetcds.com, anyway that will fix your compile error. Kevin Sofnet, Inc. -Original Message- From: Richard Hawley [EMAIL PROTECTED] To: Kevin Wormington [EMAIL PROTECTED]; Mike McCauley [EMAIL PROTECTED]; [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, June 04, 1999 9:54 AM Subject: Re: (RADIATOR) ODBC drivers for linux What version of perl are you using? I am using 5.00405 and when I tried to run make test, I got a screen full of errors. Here is a few examples. /usr/lib/perl5/i386-linux/5.00405/CORE/scope.h:110: parse error before `bool' /usr/lib/perl5/i386-linux/5.00405/CORE/scope.h:110: warning: no semicolon at end of struct or union In file included from /usr/lib/perl5/site_perl/i386-linux/auto/DBI/DBIXS.h:13, from FreeTDS.h:45, from FreeTDS.xs:35: /usr/lib/perl5/i386-linux/5.00405/CORE/perl.h:1322: parse error before `Perl_nomemok' /usr/lib/perl5/i386-linux/5.00405/CORE/perl.h:1322: warning: data definition has no type or storage class The errors ended in this FreeTDS.c: In function `XS_DBD__FreeTDS__dr_discon_all_': FreeTDS.c:71: warning: unused variable `ix' FreeTDS.c: In function `XS_DBD__FreeTDS__st_fetchrow_arrayref': FreeTDS.c:434: warning: unused variable `ix' FreeTDS.c: In function `XS_DBD__FreeTDS__st_fetchrow_array': FreeTDS.c:451: warning: unused variable `ix' FreeTDS.c: In function `XS_DBD__FreeTDS__st_FETCH_attrib': FreeTDS.c:562: warning: unused variable `ix' make: *** [FreeTDS.o] Error 1 The Sybase option wont work with SQL 7.0 according to the Boardtown DBA who is here. And the Openlink multi-tier distribution is incomplete. The docs mention a udbc.ini file in the bin directory. There is no bin directory in the distribution, no udbc.ini file anywhere. "Our driver looks for a file pointed to by the environment variable UDBCINI, or the file /etc/udbc.ini if the environment variable is not defined. This file is located in the openlink/bin directory." Thanks for any help. ..Rich On Fri, 4 Jun 1999 08:23:27 -0500, Mike McCauley wrote: Hi Kevin On Jun 3, 4:41pm, Kevin Wormington wrote: Subject: Re: (RADIATOR) ODBC drivers for linux The only success that I have had is with DBI and DBD::FreeTDS which works very well connection to MS SQL 6.5 and 7.0 and requires no other client libraries. Thats interesting. we have not used that one. Can you send more details about where to get it and the setup you used, so we can document it for others? Cheers. Kevin Sofnet, Inc. -Original Message- From: Richard Hawley [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, June 03, 1999 4:42 PM Subject: (RADIATOR) ODBC drivers for linux We are switching our billing package to Platypus. I've been going through the Emerald and Platypus sections of the radiator manual and it mentions needing an ODBC driver to connect to MS SQL. I downloaded and installed iODBC. Is that all I need? There was no documentation that came with iODBC, just a so file and the odbc.ini. Can someone who is using a similar setup send me an example of there odbc.ini and a location of any other odbc components I may need besides iODBC? Thanks. ..Rich --- --- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from Kevin Wormington -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. --- --- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL
Re: (RADIATOR) ODBC drivers for linux
The only success that I have had is with DBI and DBD::FreeTDS which works very well connection to MS SQL 6.5 and 7.0 and requires no other client libraries. Kevin Sofnet, Inc. -Original Message- From: Richard Hawley [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Thursday, June 03, 1999 4:42 PM Subject: (RADIATOR) ODBC drivers for linux We are switching our billing package to Platypus. I've been going through the Emerald and Platypus sections of the radiator manual and it mentions needing an ODBC driver to connect to MS SQL. I downloaded and installed iODBC. Is that all I need? There was no documentation that came with iODBC, just a so file and the odbc.ini. Can someone who is using a similar setup send me an example of there odbc.ini and a location of any other odbc components I may need besides iODBC? Thanks. ..Rich --- --- Richard W. Hawley - Network Engineer CyberZone Internet Services [EMAIL PROTECTED] 942 Main Street http://www.cyberzone.net Hartford, CT. 06103 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Assured Access ?
Yes, we have used Radiator with Assured Access X1000's and it works very well. I'm not sure about the Simultaneous Use limit, but the reply item Port-Limit will allow the Assured Access system to limit the number of simultaneous accesses. Ex. if you set Port-Limit = 2, the the user would be able to use two channels at the same time, this is all handled by the Assured Access box. I believe you would only need to use Simultaneous Use if you need to do this across multiple POP's. Kevin Sofnet, Inc. On Sun, 2 May 1999, Michael Steinhart wrote: Hi all Has any one used Radiator with the Assured Access NAS? Also what about the Radiator SimultaneousUse limits with Assured Access gear. Mike __ Michael Steinhart OPCenter [EMAIL PROTECTED] PMH Network Services, Inc. http://www.opcenter.net284 Ackerman Ave Emerson, NJ 07630 === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.