[RADIATOR] reference manual - date stamps
Hey Guys, Correct me if I'm wrong, but in the reference material, in multiple locations (for instance page 110) an example is given on how to insert into oracle. It says: AcctColumnDefTIME_STAMP,Timestamp,formatted-date,to_date\ ('%e %m %Y %H:%M:%S', 'DD MM HH24:MI:SS') This will result in a an insert statement something like this: insert into ACCOUNTING(TIME_STAMP, ..) values (to_date('16 02 1999 16:40:02', 'DD MM HH24:MI:SS'), ) According to further down in the manual %e is actually the two digits of the year. %i is the day of the month. %i The Timestamp day of the month (2 digits) Thanks Martin. Martin Edge Software Development, Business Analysis, Product Management and Design [cid:image001.jpg@01CB2A67.87FE9E40] Emersion Software Systems Pty Ltd Phone: .. 1300 793 310 Fax: .. 1300 793 320 Address: L7, 313 LaTrobe Street, Melbourne VIC 3000 Website: http://www.emersion.com.auhttp://www.emersion.com.au/ General Enquiries: .. i...@emersion.com.aumailto:i...@emersion.com.au This communication may contain CONFIDENTIAL or copyright information of Emersion Software Systems Pty Ltd (ABN 28 119 061 791). If you are not an intended recipient, you MUST NOT read, print, keep, forward, copy, use, save, retransmit or rely on this communication or any attachments, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this e-mail to notify the sender of its incorrect delivery, and then delete both it and your reply. Emersion does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of Emersion. Thank you. inline: image001.jpg___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] reference manual - date stamps
Actually, %d, is the right one, it seems. Thanks Martin. From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On Behalf Of Martin Edge Sent: Friday, 23 July 2010 1:04 PM To: radiator@open.com.au Subject: [RADIATOR] reference manual - date stamps Hey Guys, Correct me if I'm wrong, but in the reference material, in multiple locations (for instance page 110) an example is given on how to insert into oracle. It says: AcctColumnDefTIME_STAMP,Timestamp,formatted-date,to_date\ ('%e %m %Y %H:%M:%S', 'DD MM HH24:MI:SS') This will result in a an insert statement something like this: insert into ACCOUNTING(TIME_STAMP, ..) values (to_date('16 02 1999 16:40:02', 'DD MM HH24:MI:SS'), ) According to further down in the manual %e is actually the two digits of the year. %i is the day of the month. %i The Timestamp day of the month (2 digits) Thanks Martin. Martin Edge Software Development, Business Analysis, Product Management and Design [cid:image001.jpg@01CB2A68.9FB70C10] Emersion Software Systems Pty Ltd Phone: .. 1300 793 310 Fax: .. 1300 793 320 Address: L7, 313 LaTrobe Street, Melbourne VIC 3000 Website: http://www.emersion.com.auhttp://www.emersion.com.au/ General Enquiries: .. i...@emersion.com.aumailto:i...@emersion.com.au This communication may contain CONFIDENTIAL or copyright information of Emersion Software Systems Pty Ltd (ABN 28 119 061 791). If you are not an intended recipient, you MUST NOT read, print, keep, forward, copy, use, save, retransmit or rely on this communication or any attachments, and any such action is unauthorised and prohibited. If you have received this communication in error, please reply to this e-mail to notify the sender of its incorrect delivery, and then delete both it and your reply. Emersion does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of Emersion. Thank you. inline: image001.jpg___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
(RADIATOR) Retries - Could be a silly question
Hey Guys, Retries 0 , AuthRADIUS Retry never, or retry forever? Martin
(RADIATOR) Using UseExtendedId
Title: Message Hey Guys, Having a few issues after implementing UseExtendedId in ournetwork, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? ThanksMartin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda RdMelbourne VIC 3004NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify.
RE: (RADIATOR) Using UseExtendedId
Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Thanks, I'll give it a bash.. Martin -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:57 PM To: Hugh Irvine; Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Hi guys, Looks like it doesn't work as expected. Not seeing any Proxy-State values being implemented when relying on SQL RADIUS, have confirmed my database is coming up with a '1' to say use it, as soon as I readd 'UseExtendedIds' to the AuthBy the stuff below sits, it works fine again. Within SQLRADIUS : HostColumnDef 0, Host HostColumnDef 1, Secret HostColumnDef 2, AuthPort HostColumnDef 3, AcctPort HostColumnDef 4, Retries HostColumnDef 5, RetryTimeout HostColumnDef 6, FailureBackoffTime HostColumnDef 7, FailurePolicy HostColumnDef 8, AddToReply HostColumnDef 9, StripFromReply HostColumnDef 10, AllowInReply HostColumnDef 11, AddToReplyIfNotExist HostColumnDef 12, DefaultReply HostColumnDef 13, AddToRequest HostColumnDef 14, StripFromRequset HostColumnDef 15, AddToRequestIfNotExist HostColumnDef 16, UseOldAscendPasswords HostColumnDef 17, ServerHasBrokenPortNumbers HostColumnDef 18, ServerHasBrokenAddresses HostColumnDef 19, IgnoreReplySignature HostColumnDef 20, UseExtendedIds Is this because I am still using depreciated fields, UseOldAs.. And ServerHasBr.. ? Thanks Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:02 PM To: 'Mike McCauley'; 'Hugh Irvine' Cc: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId Thanks, I'll give it a bash.. Martin -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:57 PM To: Hugh Irvine; Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
I'll see I can find out which products these customers are using.. (pretty sure it's not Radiator) Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Thursday, 19 June 2003 5:12 PM To: Martin Edge Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned
RE: (RADIATOR) Using UseExtendedId
Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1 which I've never heard of. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:31 PM To: 'Hugh Irvine' Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId I'll see I can find out which products these customers are using.. (pretty sure it's not Radiator) Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Irvine Sent: Thursday, 19 June 2003 5:12 PM To: Martin Edge Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - Not returning a Proxy-State attribute is quite broken behaviour. regards Hugh On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge wrote: Hi Hugh, It appears they are not responding with the Proxy-State attribute, therefore our RADIUS system is coming up unknown reply to packet. For instance: Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 239 from 203.30.19.248:1846 Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS for request 240 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 203.30.19.248:1846 Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS for request 241 from 202.71.168.62:1846 Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 202.71.168.62:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 242 from 203.30.19.248:1846 Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 202.71.168.62:1846 Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS for request 243 from 203.30.19.248:1846 Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS for request 244 from 203.30.19.248:1846 *** Sending to 202.4.30.2 port 1646 Code: Accounting-Request Identifier: 74 Authentic: Attributes: Acct-Session-Id = 2F85 Framed-Protocol = PPP Framed-IP-Address = 203.194.16.52 Ascend-Connect-Progress = prLanSessionUp Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = XXX Called-Station-Id = XXX NAS-Port-Type = Async NAS-Port = 7393 Service-Type = Framed-User NAS-IP-Address = 203.194.30.8 Ascend-Session-Svr-Key = XXX NAS-Identifier = ACC08-XX Acct-Delay-Time = 0 User-Name = X Timestamp = 1056005873 Proxy-State = OSC-Extended-Id=330 Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted Thu Jun 19 16:57:53 2003: DEBUG: Packet dump: *** Received from 202.4.30.2 port 1646 Code: Accounting-Response Identifier: 74 Authentic: 181156NP130;{`21226+{U1331406 Attributes: Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS for request 74 from 202.4.30.2:1646 Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda Rd Melbourne VIC 3004 NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:38 PM To: Martin Edge; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. regards Hugh On Thursday, Jun
(RADIATOR) Handler for capturing 151 at the end of the Called-Station-Id
Title: Message Hey Guys, Just a quick check.. How would I write a handler to capture all numbers ending in a particular suffix? Handler Called-Station-Id=/151$/ ? Obviously 151 is quite small and likely to appear in the middle of parts of other numbers... Thus has to be matched on the end of the line. Thanks Martin Edge Martin EdgeSystems/Applications EngineerKBS InternetPh: 1300 727 205Web: http://www.kbs.net.au/Wholesale: http://xray.kbs.net.au/Email: [EMAIL PROTECTED]
(RADIATOR) Question on FailurePolicy within SQLRADIUS
Hey Guys, Quick question (well, it might not be ;)), I have a feeling I might have asked something along the same lines before.. But I'm trying to test the FailurePolicy settings within SQLRADIUS. Having a look.. Now, within the code, it's saying if HostColumnDef exists, then use getHostColumns in order to set the current configuration for the next host to proxy to. When the failurepolicy is set from retrieving the server, I'm trying to confirm whether it would be assigning the FailurePolicy to that one server, just for that request, or to a group of packets to the same destination server port pair. $fp is used within the code here, but I'm not sure what that is referencing .. Appears to be the current packet instance ? Technically, if there is no host to proxy to, (which I guessing is quite possible as there is no single identifier for a destination proxy, This is that NumHosts debarkle again), then it will fall back to the superclass to fall back to any hardwired hosts. At which point does it honor the failurepolicy ? Is the expectation that a FailurePolicy will only be used when the hosts that are avaliable are being ignored? Not when HostSelect returns no results on the second attempt for those downstreams with an additional RADIUS server (as defined by the limitations of NumHosts) that don't exist? I guess the global issue appears to be that a downstream proxy customer isn't identified as anyone in particular within the RADIUS code. Is there any plans for development within the SQLRADIUS module to create an pseudo-identifier, to give the ability to configuring information about the downstream and setting statistics etc. for each Downstream Identifier within the SQLRADIUS results.. ? Or is this too specific and would be best hiding in it's own AuthBy Module ? Hope I'm not being too confusing :-) Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) using the already connected DB refs
Hey Guys, Little curious, I need to perform an Extra SQL query while processing RADIUS requests, and set the value to an internal Radiator variable, it comes from the same database, so I was wondering how one would utilise the existing DB connection easily, without having to spawn an additional one using DBI. Below is the code I'm using.. # find the POP id sub { my $p = ${$_[0]}; my $nasip; my $db; $nasip = $p-get_attr('NAS-IP-Address'); # If there is a NAS at all.. if ($nasip) { use DBI; my $user = xx; my $password = x; my $database = xx; my $dsn = DBI:mysql:database=$database;host=192.168.3.21; $db = DBI-connect($dsn, $user, $password); if (!$db) { main::log($main::LOG_DEBUG,Failed Bringin Up Second DB\n.DBI::errstr); return; } # get the popid my $popidquery = select popid from nascache where nasidentifier = '$nasip'; my $sth = $db-prepare($popidquery); $sth-execute; my $popid = ($sth-fetchrow())[0]; if ($popid) { main::setVariable(popid, $popid); main::log($main::LOG_DEBUG,Resolved Packet to POPid $popid); } else { main::log($main::LOG_DEBUG,No POPid for NASIP $nasip); main::setVariable(popid, 0); } } Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Bug
Hey Guys, Believe I have tripped across somewhere which could do with a bit more error checking I am able to reproduce it, but I'd prefer not to ;-) A previous configuration file that I upgraded to the new version of radiator was using formatted-date in an AcctColumnDef We use Oracle, and therefore have a to_date function that we call on Oracle, in order to conform to the Oracle date standards. The issue was, once running this on the new version of Radiator (because we were lacking the TimeDate perl module), the authentications were successful, and the accounting packets caused the Radiator server to restart (even on Trace5) by displaying: Wed Oct 23 09:57:02 2002: DEBUG: Handling with Radius::AuthSQL Wed Oct 23 09:57:02 2002: DEBUG: Reading users file /usr/local/etc/radiator//reject.users Wed Oct 23 09:57:02 2002: INFO: Server started: Radiator 3.3.1 on radius01 Just a note as there is no debugging to hint at what the problem was. As soon as TimeDate was installed, it was successful. Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Problem with SNMP communities
Hey Ganbold, Try this - Usage: snmpget [-Cf] [options...] hostname {community} [objectID ...] My SNMPGet is from UCD-SNMP version 4.2.4 Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike McCauley Sent: Wednesday, October 09, 2002 2:06 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Problem with SNMP communities -- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Ganbold [EMAIL PROTECTED]] Date: Tue, 8 Oct 2002 17:59:47 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] From [EMAIL PROTECTED] Tue Oct 8 17:59:46 2002 Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g98MxhC30280 for [EMAIL PROTECTED]; Tue, 8 Oct 2002 17:59:44 -0500 Received: (from root@localhost) by publica.ub.mng.net (8.12.5/8.12.2) id g993lBFp059231 for [EMAIL PROTECTED]; Wed, 9 Oct 2002 11:47:11 +0800 (ULAT) (envelope-from [EMAIL PROTECTED]) Received: from ganbold.publica.ub.mng.net (external.micom.mng.net [202.179.0.164]) (authenticated bits=0) by publica.ub.mng.net (8.12.5/8.12.3) with ESMTP id g993lANC059221 for [EMAIL PROTECTED]; Wed, 9 Oct 2002 11:47:10 +0800 (ULAT) (envelope-from [EMAIL PROTECTED]) Message-Id: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Date: Wed, 09 Oct 2002 11:56:14 +0900 To: [EMAIL PROTECTED] From: Ganbold [EMAIL PROTECTED] Subject: Problem with SNMP communities Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Hi, We have problem with snmpget. We put SNMP community in client config part but when snmpget runs it uses 'public' to get info. How can I make snmpget to use MN-2008? snmpget Version is 5.0.1. tia, Ganbold Following is the part of config file and debug ouput. -- --- -- Client 202.179.0.130 Secret xxx DupInterval 60 NasType Cisco SNMPCommunity MN-2008 StatusServerShowClientDetails /Client Client 202.179.0.135 Secret xxx DupInterval 60 NasType Cisco SNMPCommunity MN-2008 StatusServerShowClientDetails /Client Client 202.179.1.2 Secret xxx DupInterval 60 NasType Cisco SNMPCommunity MN-2008 StatusServerShowClientDetails /Client Client 202.179.0.133 Secret xxx DupInterval 60 NasType AscendSNMP SNMPCommunity MN-2008 StatusServerShowClientDetails /Client -- --- -- --- debug --- Tue Oct 8 20:41:01 2002: DEBUG: Handling with Radius::AuthSQL Tue Oct 8 20:41:01 2002: DEBUG: Handling with Radius::AuthSQL: CiscoAdjustAuthOnly Tue Oct 8 20:41:01 2002: DEBUG: Query is: select ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,if(PREPAID=YES,TIMELEFT,NIGHT) as TIME, class from SUBSCRIBERS where USERNAME='koicamgl' and STATUS='Active' Tue Oct 8 20:41:01 2002: DEBUG: Radius::AuthSQL looks for match with koicamgl Tue Oct 8 20:41:01 2002: DEBUG: Query is: select NASIDENTIFIER,NASPORT,ACCTSESSIONID from RADONLINE where USERNAME='koicamgl' Tue Oct 8 20:41:01 2002: DEBUG: Checking if user is still online: Cisco, koicamgl, 202.179.0.135, 274, 0001F0F2 Tue Oct 8 20:41:01 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 202.179.0.135 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.274` Tue Oct 8 20:41:07 2002: NOTICE: SQL1 Session for koicamgl at 202.179.0.135:274 has gone away Tue Oct 8 20:41:07 2002: DEBUG: SQL1 Deleting session for koicamgl, 202.179.0.135, 274 Tue Oct 8 20:41:07 2002: DEBUG: do query is: delete from RADONLINE where USERNAME='koicamgl' and NASIDENTIFIER='202.179.0.130' and NASPORT='77' Tue Oct 8 20:41:07 2002: DEBUG: Checking if user is still online: Cisco, koicamgl, 202.179.0.130, 93, 0291 Tue Oct 8 20:41:07 2002: DEBUG: Running command `/usr/local/bin/snmpget -c 'public' 202.179.0.130 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.93` --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at
RE: (RADIATOR) hostslect FAILUREPOLICY bug!
Yeah, this is the similar effect I have seen as well. For instance, it was falling back to the default defined AuthBy RADIUS within SQL RADIUS, after NumHosts was reached, instead of adhering to the selected Failure Policy. If there was not one defined, it simply ignored. This is what made me nervous about just letting NumHosts be static. Oh, the other reason my NumHostSelect query was so important, what about when there isn't as many authentication servers as there is accounting servers? This is the extract from AuthSQLRADIUS that speaks of failurepolicy : # # Called when no reply is received fromn any of the attempted # hosts. # Look at the failure policy we recorded from the database # and maybe implement it sub noreply { my ($self, $fp, $p) = @_; # Call the NoReply hook if there is one, you could adjust the pending reply here $self-SUPER::noreply($fp, $p, $p-{rp}); if (defined $fp-{failurePolicy}) { # The database told us how to deal with failure $self-adjustReply($p); $p-{Handler}-handlerResult ($p, $fp-{failurePolicy}, 'SQLRADIUS Proxy failed'); } return; } However, in adjustReply there is no mention of FailurePolicy.. I couldn't find anything in handlerResult either.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mohamed Majdoubi Sent: Wednesday, September 11, 2002 10:53 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) hostslect FAILUREPOLICY bug! Hi i am trying to use FAILUREPOLICY field in the hostselect statement. The value FAILUREPOLICY is set to 1 (see the database output), this should result in a reject to NAS if the host radius does not respond. unfortunatly this is not happening, the NAS gets still no answer from the proxy radius. i can conclude that the proxy radius does use the failure policy to send a reject instead of a ignore. below you can find configuration and the output with kind regards Mohamed Majdoubi KPN Telecom # radius setup # |||| || | NAS | - proxy | radius |||| || # Configuration # AuthBy SQLRADIUS Identifier ProxyToOffice FailureBackoffTime 60 DBSource dbi:mysql:ProxyDB DBUsername root DBAuth HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from \ RADSQLRADIUS where TARGETNAME='%R' StripFromRequest Cisco-NAS-Port, \ NAS-Port, \ NAS-Port-Type, \ NAS-IP-Address, \ Called-Station-Id, \ Calling-Station-Id AddToRequest Service-Class = %{Reply:Service-Class} AllowInReply Service-Type, \ Framed-Protocol, \ Framed-IP-Netmask, \ Framed-IP-Address, \ Ascend-Client-Primary-DNS, \ Ascend-Client-Secondary-DNS, \ Loopback-Tag, \ Release-Name, \ VRF-Tag ReplyHook file:%D/reply.pl /AuthBy # Database output # mysql select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1'; +---++--+--+-+--+--- + | HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT | FAILUREPOLICY | +---++--+--+-+--+--- + | 127.0.0.1 | kpn| 1812 | 1813 | 2 |5 | 1 | +---++--+--+-+--+--- + 1 row in set (0.00 sec) # Debug # Code: Access-Request Identifier: 2 Authentic: 1234567890123456 Attributes: User-Name = mohamed@office1 Service-Type = Framed-User User-Password = 166186H1By%222155151153171216!U133 Service-Class = office2-1.1.1.1- Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting Wed Sep 11 11:03:22 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1812 Packet length = 83 01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32 33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66 66 69 63 65 31 06 06 00 00 00 02
(RADIATOR) FW: As requested.
Hey Guys, On what conditions does a packet appear to Radiator as Duplicate? Below I attach two RADIUS packets I received, within 1 second of each other. Of course, the second packet was said to be duplicated, but the packets themselves would show they are completely different.. Thanks, Martin :-) -- FIRST PACKET IN Thu Sep 5 00:14:46 2002: DEBUG: Packet dump: *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 167 Authentic: h254]166V243.18245V2480Y236211v Attributes: NAS-IP-Address = 203.220.252.241 NAS-Port = 7204 NAS-Port-Type = Async Called-Station-Id = 142330886300424 Calling-Station-Id = 886324356 Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 0009E3D8 Framed-Protocol = PPP Ascend-Session-Svr-Key = AA9D6ABD Acct-Link-Count = 1 Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = 25972 Framed-IP-Address = 203.220.230.249 Ascend-PreSession-Time = 24 Ascend-Pre-Input-Octets = 157 Ascend-Pre-Output-Octets = 113 Ascend-Pre-Input-Packets = 5 Ascend-Pre-Output-Packets = 4 Acct-Input-Octets = 706094 Acct-Output-Octets = 2766801 Acct-Input-Packets = 5904 Acct-Output-Packets = 5436 Acct-Session-Time = 2286 Ascend-Multilink-ID = 25972 Acct-Delay-Time = 0 User-Name = andym Proxy-State = BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0 3488D35E66BCBA8CADB716F56D71F9EC12 430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81 Thu Sep 5 00:14:46 2002: DEBUG: Handling request with Handler '' Thu Sep 5 00:14:46 2002: DEBUG: mysessiondb Adding session for andym, 203.220.252.241, 7204 Thu Sep 5 00:14:46 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.220.252.241' and NASPORT=07204 --- FIRST PACKET END --- --- FIRST PACKET RESPONSE START Thu Sep 5 00:14:46 2002: DEBUG: Accounting accepted Thu Sep 5 00:14:46 2002: DEBUG: Packet dump: *** Sending to 203.194.56.121 port 1813 Code: Accounting-Response Identifier: 167 Authentic: h254]166V243.18245V2480Y236211v Attributes: Proxy-State = BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0 3488D35E66BCBA8CADB716F56D71F9EC12 430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81 --- FIRST PACKET RESPONSE STOP - --- SECOND PACKET START- Thu Sep 5 00:14:47 2002: DEBUG: Packet dump: *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 167 Authentic: 2I136PA3s244{30k191143hN196 Attributes: Acct-Session-Id = 3541 Framed-Protocol = PPP Framed-IP-Address = 203.220.218.5 Ascend-Connect-Progress = prLanSessionUp Ascend-PreSession-Time = 36 Ascend-Xmit-Rate = 33600 Ascend-Data-Rate = 33600 Acct-Session-Time = 12200 Connect-Info = 33600 V34+/V42bis/LAPM Acct-Input-Octets = 817119 Acct-Output-Octets = 4990544 Ascend-Pre-Input-Octets = 122 Ascend-Pre-Output-Octets = 114 Acct-Input-Packets = 9177 Acct-Output-Packets = 11655 Ascend-Pre-Input-Packets = 5 Ascend-Pre-Output-Packets = 5 Acct-Terminate-Cause = Session-Timeout Ascend-Disconnect-Cause = sessTimeOut Acct-Authentic = RADIUS Acct-Status-Type = Stop NAS-Port = 7241 Called-Station-Id = 142320198333414 Calling-Station-Id = 891881736 NAS-Port-Type = Async Service-Type = Framed-User NAS-IP-Address = 203.220.251.113 Ascend-Session-Svr-Key = EE3451F2 Event-Timestamp = 103114 Acct-Delay-Time = 0 User-Name = noseeds Proxy-State = BSP2ims01-syd/7685C184EE7199F2CBEA363B011E321B84656D6D2109E1F70235F83144 1D0F6D91616D6D21E52A2BF9E7FE5F5856 C4B14B386D7F2682D08476F99E081003485CE249020B18CAB6B06CF98B543D307C Thu Sep 5 00:14:47 2002: INFO: Duplicate request id 167 received from 203.194.56.121(1813): ignored --- SECOND PACKET STOP - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) FW: As requested.
Hey Hugh, This is the reply from my supplier :- The ID of a RADIUS packet is a 1 byte field, range 1-255. It's set by the NAS so it's likely that different NAS's will set the same ID at the same time. When proxying, the proxy-state attribute is added and this becomes the new unique ID of the packet from the Proxy - Customer RADIUS perspective. If decoding the proxy-state you would see info like NAS IP, RADIUS packet ID, Username, DNIS and a few other fields that make the packet unique (perhaps a little excessive). So I guess my next question is, would it be more effective for the Proxy-State attribute to become the new identifier, and how would I go about implementing it as the unique identifier in a packet. (Given the range of the standard Identifier being so small) Thanks, Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Friday, September 06, 2002 10:13 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) FW: As requested. Hello Martin - As Toomas mentioned (thanks Toomas), it is the Identifier 167 that is used to detect duplicates during the DupInterval that is defined for this Client. The DupInterval is a sliding window in time within which identical Identifiers are considered to be duplicates. Note that this is the definition from the RFC. regards Hugh On Thursday, September 5, 2002, at 05:16 PM, Martin Edge wrote: Hey Guys, On what conditions does a packet appear to Radiator as Duplicate? Below I attach two RADIUS packets I received, within 1 second of each other. Of course, the second packet was said to be duplicated, but the packets themselves would show they are completely different.. Thanks, Martin :-) -- FIRST PACKET IN Thu Sep 5 00:14:46 2002: DEBUG: Packet dump: *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 167 Authentic: h254]166V243.18245V2480Y236211v Attributes: NAS-IP-Address = 203.220.252.241 NAS-Port = 7204 NAS-Port-Type = Async Called-Station-Id = 142330886300424 Calling-Station-Id = 886324356 Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 0009E3D8 Framed-Protocol = PPP Ascend-Session-Svr-Key = AA9D6ABD Acct-Link-Count = 1 Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = 25972 Framed-IP-Address = 203.220.230.249 Ascend-PreSession-Time = 24 Ascend-Pre-Input-Octets = 157 Ascend-Pre-Output-Octets = 113 Ascend-Pre-Input-Packets = 5 Ascend-Pre-Output-Packets = 4 Acct-Input-Octets = 706094 Acct-Output-Octets = 2766801 Acct-Input-Packets = 5904 Acct-Output-Packets = 5436 Acct-Session-Time = 2286 Ascend-Multilink-ID = 25972 Acct-Delay-Time = 0 User-Name = andym Proxy-State = BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0 3488D35E66BCBA8CADB716F56D71F9EC12 430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81 Thu Sep 5 00:14:46 2002: DEBUG: Handling request with Handler '' Thu Sep 5 00:14:46 2002: DEBUG: mysessiondb Adding session for andym, 203.220.252.241, 7204 Thu Sep 5 00:14:46 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.220.252.241' and NASPORT=07204 --- FIRST PACKET END --- --- FIRST PACKET RESPONSE START Thu Sep 5 00:14:46 2002: DEBUG: Accounting accepted Thu Sep 5 00:14:46 2002: DEBUG: Packet dump: *** Sending to 203.194.56.121 port 1813 Code: Accounting-Response Identifier: 167 Authentic: h254]166V243.18245V2480Y236211v Attributes: Proxy-State = BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0 3488D35E66BCBA8CADB716F56D71F9EC12 430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81 --- FIRST PACKET RESPONSE STOP - --- SECOND PACKET START- Thu Sep 5 00:14:47 2002: DEBUG: Packet dump: *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 167 Authentic: 2I136PA3s244{30k191143hN196 Attributes: Acct-Session-Id = 3541 Framed-Protocol = PPP Framed-IP-Address = 203.220.218.5 Ascend-Connect-Progress = prLanSessionUp Ascend-PreSession-Time = 36 Ascend-Xmit-Rate = 33600 Ascend-Data-Rate = 33600 Acct-Session-Time = 12200 Connect-Info = 33600 V34+/V42bis/LAPM Acct-Input-Octets = 817119 Acct-Output-Octets = 4990544 Ascend-Pre-Input-Octets = 122 Ascend-Pre-Output-Octets = 114 Acct-Input-Packets = 9177 Acct-Output-Packets = 11655 Ascend
RE: (RADIATOR) FW: As requested.
And another query.. You said the Identifier 'cache' persay is kept for each Client Does that mean, if I use IdenticalClients, the cache is for the collection of RADIUS boxes? And therefore does that mean under high load it would be preferable to not use IdenticalClients, and use a separate Client for each RADIUS box that the Supplier has? Thanks, Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hugh Irvine Sent: Friday, September 06, 2002 10:35 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) FW: As requested. Hello Martin - RFC 2865 (and possibly others). (doc/rfc2865.txt). regards Hugh On Friday, September 6, 2002, at 10:16 AM, Martin Edge wrote: Thanks Hugh, It's what I thought, just thought I'd confirm before raising a ticket request with my supplier.. Which RFC does it talk about duplication in ? Thanks, Martin -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Friday, September 06, 2002 10:13 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) FW: As requested. Hello Martin - As Toomas mentioned (thanks Toomas), it is the Identifier 167 that is used to detect duplicates during the DupInterval that is defined for this Client. The DupInterval is a sliding window in time within which identical Identifiers are considered to be duplicates. Note that this is the definition from the RFC. regards Hugh On Thursday, September 5, 2002, at 05:16 PM, Martin Edge wrote: Hey Guys, On what conditions does a packet appear to Radiator as Duplicate? Below I attach two RADIUS packets I received, within 1 second of each other. Of course, the second packet was said to be duplicated, but the packets themselves would show they are completely different.. Thanks, Martin :-) -- FIRST PACKET IN Thu Sep 5 00:14:46 2002: DEBUG: Packet dump: *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 167 Authentic: h254]166V243.18245V2480Y236211v Attributes: NAS-IP-Address = 203.220.252.241 NAS-Port = 7204 NAS-Port-Type = Async Called-Station-Id = 142330886300424 Calling-Station-Id = 886324356 Acct-Status-Type = Alive Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 0009E3D8 Framed-Protocol = PPP Ascend-Session-Svr-Key = AA9D6ABD Acct-Link-Count = 1 Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = 25972 Framed-IP-Address = 203.220.230.249 Ascend-PreSession-Time = 24 Ascend-Pre-Input-Octets = 157 Ascend-Pre-Output-Octets = 113 Ascend-Pre-Input-Packets = 5 Ascend-Pre-Output-Packets = 4 Acct-Input-Octets = 706094 Acct-Output-Octets = 2766801 Acct-Input-Packets = 5904 Acct-Output-Packets = 5436 Acct-Session-Time = 2286 Ascend-Multilink-ID = 25972 Acct-Delay-Time = 0 User-Name = andym Proxy-State = BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0 3488D35E66BCBA8CADB716F56D71F9EC12 430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81 Thu Sep 5 00:14:46 2002: DEBUG: Handling request with Handler '' Thu Sep 5 00:14:46 2002: DEBUG: mysessiondb Adding session for andym, 203.220.252.241, 7204 Thu Sep 5 00:14:46 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.220.252.241' and NASPORT=07204 --- FIRST PACKET END --- --- FIRST PACKET RESPONSE START Thu Sep 5 00:14:46 2002: DEBUG: Accounting accepted Thu Sep 5 00:14:46 2002: DEBUG: Packet dump: *** Sending to 203.194.56.121 port 1813 Code: Accounting-Response Identifier: 167 Authentic: h254]166V243.18245V2480Y236211v Attributes: Proxy-State = BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0 3488D35E66BCBA8CADB716F56D71F9EC12 430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81 --- FIRST PACKET RESPONSE STOP - --- SECOND PACKET START- Thu Sep 5 00:14:47 2002: DEBUG: Packet dump: *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 167 Authentic: 2I136PA3s244{30k191143hN196 Attributes: Acct-Session-Id = 3541 Framed-Protocol = PPP Framed-IP-Address = 203.220.218.5 Ascend-Connect-Progress = prLanSessionUp Ascend-PreSession-Time = 36 Ascend-Xmit-Rate = 33600 Ascend-Data-Rate = 33600 Acct-Session-Time = 12200 Connect-Info = 33600 V34+/V42bis/LAPM Acct-Input-Octets = 817119 Acct-Output-Octets = 4990544 Ascend-Pre-Input-Octets = 122 Ascend-Pre-Output-Octets
RE: (RADIATOR) Hacking around an upstream issue.
Kinda, it's a load issue. The policy from our upstream RADIUS is to pound the primary until it fails, and then failover. They have no RR or Load Balance functionality. We get enough load on that one server that you'd expect it to timeout occasionally.. I may just whack another proxy inbetween my supplier and myself and do RR or LB there.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ingvar Berg (EAB) Sent: Wednesday, September 04, 2002 10:09 PM To: Radiator Subject: RE: (RADIATOR) Hacking around an upstream issue. Sounds like a broken NAS, sending alive packets for a terminated session... /Ingvar The NAS's appear to be sending an Alive packet for a Session after we have received the Stop packet for the _same_ Session. This is due to the first attempt to send the Alive packet failing, the NAS waits 10 seconds for a retry. During this ten seconds, the user disconnects, the NAS sends a stop record. The NAS then sends off the second attempt for the Alive packet. Consequently, the session is 'reopened' in my SessionTable, as the Alive packet triggers a delete/insert .. for all intensive purposes I see a dead session, which was actually already closed off. Thanks Martin -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 9:50 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) Hacking around an upstream issue. Hello Martin - What exactly is the problem? If you just want special processing for Alives, do something like this: Handler Acct-Status-Type = Alive /Handler regards Hugh On Wednesday, September 4, 2002, at 09:23 AM, Martin Edge wrote: Hey Guys, Want to see if anyone has any ideas of how I should deal with this situation. We are currently getting the following for the 'occasional' user session from our Upstream RADIUS.. Order Amount Type - 1 1 Start 2 ManyAlive's (every 15 min) 3 1 Stop (0 sec, Acct-Delay-Time) 4 1 Alive (9 seconds afterwards, Acct-Delay-Time=10) We are told that what is happening, is the first attempt is made to send the first Alive packet. By coincendence, the user disconnects between these retries, and the Stop packet is fired off. The Retry Alive packet is sent after the Stop packet for that session has arrived. Until they can come up with a network-fix for the problem (to prevent Additional Packets for the Same Session to be sent before completely failing the current packet (until $x times tried), I'm going to have to develop a hack around to work out on what basis to ignore these extra Alives. I was thinking I have two options 1:- Make Radiator see whether the SessionID is still active for an Alive packet (could be costly on DB work each instance) 2:- Make Radiator store recent sessionIDs it has closed off in a DB or DBM file, and check incoming Alive packet -isn't- in the recently expired list. Which would be the best? Where should I start? :) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Creating an Identifier for StatsLogSQL within SQLRADIUS
Hey Guys, Can one of my columns i define in HostColumnDef in SQLRADIUS be: - Identifier ? (preferably) - Realm ? (And therefore, would Radiator keep Statistics on each of those identifiers/realms?) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Hacking around an upstream issue.
Hey Guys, Want to see if anyone has any ideas of how I should deal with this situation. We are currently getting the following for the 'occasional' user session from our Upstream RADIUS.. Order Amount Type - 1 1 Start 2 ManyAlive's (every 15 min) 3 1 Stop (0 sec, Acct-Delay-Time) 4 1 Alive (9 seconds afterwards, Acct-Delay-Time=10) We are told that what is happening, is the first attempt is made to send the first Alive packet. By coincendence, the user disconnects between these retries, and the Stop packet is fired off. The Retry Alive packet is sent after the Stop packet for that session has arrived. Until they can come up with a network-fix for the problem (to prevent Additional Packets for the Same Session to be sent before completely failing the current packet (until $x times tried), I'm going to have to develop a hack around to work out on what basis to ignore these extra Alives. I was thinking I have two options 1:- Make Radiator see whether the SessionID is still active for an Alive packet (could be costly on DB work each instance) 2:- Make Radiator store recent sessionIDs it has closed off in a DB or DBM file, and check incoming Alive packet -isn't- in the recently expired list. Which would be the best? Where should I start? :) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Hacking around an upstream issue.
Hi Hugh, The normal processing of Alives is fine. The fact we get Alives ensures I can check the sanity of the SessionTable. Each time an Alive record comes in, it updates the SessionTable for each user's session The NAS's appear to be sending an Alive packet for a Session after we have received the Stop packet for the _same_ Session. This is due to the first attempt to send the Alive packet failing, the NAS waits 10 seconds for a retry. During this ten seconds, the user disconnects, the NAS sends a stop record. The NAS then sends off the second attempt for the Alive packet. Consequently, the session is 'reopened' in my SessionTable, as the Alive packet triggers a delete/insert .. for all intensive purposes I see a dead session, which was actually already closed off. Thanks Martin -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 9:50 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) Hacking around an upstream issue. Hello Martin - What exactly is the problem? If you just want special processing for Alives, do something like this: Handler Acct-Status-Type = Alive /Handler regards Hugh On Wednesday, September 4, 2002, at 09:23 AM, Martin Edge wrote: Hey Guys, Want to see if anyone has any ideas of how I should deal with this situation. We are currently getting the following for the 'occasional' user session from our Upstream RADIUS.. Order Amount Type - 1 1 Start 2 ManyAlive's (every 15 min) 3 1 Stop (0 sec, Acct-Delay-Time) 4 1 Alive (9 seconds afterwards, Acct-Delay-Time=10) We are told that what is happening, is the first attempt is made to send the first Alive packet. By coincendence, the user disconnects between these retries, and the Stop packet is fired off. The Retry Alive packet is sent after the Stop packet for that session has arrived. Until they can come up with a network-fix for the problem (to prevent Additional Packets for the Same Session to be sent before completely failing the current packet (until $x times tried), I'm going to have to develop a hack around to work out on what basis to ignore these extra Alives. I was thinking I have two options 1:- Make Radiator see whether the SessionID is still active for an Alive packet (could be costly on DB work each instance) 2:- Make Radiator store recent sessionIDs it has closed off in a DB or DBM file, and check incoming Alive packet -isn't- in the recently expired list. Which would be the best? Where should I start? :) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: (RADIATOR) NumHosts in SQLRadius
Information on extending the functionality of SQLRADIUS You may remember in a previous email I was asking about how to get NumHosts to not be a fixed value. NumHosts defines the amount of hosts avaliable for the downstream configuration we are currently proxy RADIUS'ing to. Reason being, that the amount of avaliable hosts is completely different for each proxy-radius downstream. I have modified my version of SQLRADIUS to fix this problem, and here's what to do if anyone else is interested: First part is the modification of the configuration keywords in the AuthSQLRADIUS.pm module. I added NumHostQuery, as a string. %Radius::AuthSQLRADIUS::ConfigKeywords = ( 'HostSelect'= 'string', 'NumHosts' = 'integer', 'NumHostQuery' = 'string', # Define NumHostQuery for the Config 'HostColumnDef' = 'stringhash', ); The NumHostQuery I use: NumHostQuery select count(*) from downstream_host downh, downstream_dnis ddnis \ where ddnis.target_id = downh.target_id and ddnis.dnis = '%{Called-Station-Id}' Below, is the changes I made to the chooseHost method. Denoted by the meriads of ---'s. Thanks, Martin sub chooseHost { my ($self, $fp, $p) = @_; # If they have already tried to send this too many times, and there # are no more hosts to send to take the policy from the database # This standard table has space for 2 hosts. Adjust this if necessary return if ($fp-{hostCounter} = $self-{NumHosts}); - my bit # However, the first time we try to find a host for this # instance, we should check whether there is a NumHostQuery (to # confirm the amount of hosts) # Added by Martin Edge [EMAIL PROTECTED] if (defined $self-{NumHostQuery}) # If there is a NumHostQuery defined if (!defined $self-{NumHostQueryRan}) { # If we haven't checked NumHostQuery result # Format the Query with special character results my $sth = $self-prepareAndExecute( Radius::Util::format_special ($self-{NumHostQuery}, $p, undef, undef, undef) ); # fetch results my @results = $sth-fetchrow(); # If there is results, update NumHosts, and set a flag in the object so we know # we have run a check if (@results) { $self-log($main::LOG_DEBUG, ADJUSTING NUMHOSTS TO .$results[0]); $self-{NumHosts} = $results[0]; } $self-{NumHostQueryRan} = 1; # Mark the Object with a 'we have checked it' } } - /my bit $fp-{hostCounter}++; my $q = Radius::Util::format_special ($self-{HostSelect}, $p, undef, $fp-{hostCounter}); my $sth = $self-prepareAndExecute($q); return unless $sth; my (@row, $host); if (@row = $self-getOneRow($sth)) { # If there is no host (maybe no secondary?) return return if $row[0] eq ''; if (defined $self-{HostColumnDef}) { $host = $self-getHostColumns($fp, @row); } else { # If certain columns are present, use them to # initialise the Radius::Host object that tells # AuthRADIUS where to proxy to. $fp-{failurePolicy} = $row[10] if defined $row[10]; $host = Radius::Host-new (undef, $row[0], defined $row[1] ? (Secret = $row[1]) : (), defined $row[2] ? (AuthPort = $row[2]) : (), defined $row[3] ? (AcctPort = $row[3]) : (), defined $row[4] ? (Retries= $row[4]) : (), defined $row[5] ? (RetryTimeout = $row[5]) : (), defined $row[6] ? (UseOldAscendPasswords = $row[6]) : (), defined $row[7] ? (ServerHasBrokenPortNumbers = $row[7]) : (), defined $row[8] ? (ServerHasBrokenAddresses = $row[8]) : (), defined $row[9] ? (IgnoreReplySignature = $row[9]) : (), ); } } else { # Call the superclass to fall back to any hardwired # hosts. return $self-SUPER::chooseHost($fp, $p, $p-{rp}); } return $host; } === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) FW: Comindico DialIP Ports
Hi Skeeve, What you may notice, is these packets also contain the attribute Tunnel-Id These attributes will match the two packets, perhaps you could use that in order to collect the two packets correctly. I have to battle that one myself in a few days, I have suggested to COMindico engineers that perhaps they could attempt to combine the packets from their end, as their response in regards to handling StaticIP Accounting was to simply ignore the second packet. I don't believe this is going to happen :-) The reason for the packet is the startpoint and endpoint sections from the L2TP tunnel formed.. I guess the question, do you require any of the information that is only held in one of the packets? For instance, the packets below are two example start packets for the same user.. The first packet is generated from the NAS, the second from the LNS Server. As you'll notice, most of the information here is duplicated, besides the important things like Session-Id's and the like. The LNS Server Packet seems to have little useful information. I also noticed, from the Alive packets, we only get Alive packets for the NAS Record (SessionId: F316). With this, I would say, as much as it's throwing away information, ignore the second packet, perhaps with: Handler NAS-Port-Type=/Virtual/ AuthBy SOMETHING ... /AuthBy /Handler (However, if you resell Request, make sure ignoring NAS-Port-Type doesn't affect billing there too.. as NAS-Port-Type = Virtual is used there too I think) Thanks Martin *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 114 Authentic: ho-199128k159]306139165i|x26 Attributes: NAS-IP-Address = 203.220.251.113 NAS-Port = 6204 NAS-Port-Type = Async Called-Station-Id = 142320198333401 Calling-Station-Id = 891751477 Acct-Status-Type = Start Acct-Authentic = Local Service-Type = Framed-User Acct-Session-Id = F316 Framed-Protocol = PPP Tunnel-Server-Endpoint = 50:03.194.30.244 Tunnel-Client-Endpoint = 50:03.220.251.65 Tunnel-Client-Auth-ID = 65:CC01-WARA-KTA Tunnel-Server-Auth-ID = 76:NS01-KENT-SYD Tunnel-ID = 49:44176 Ascend-Session-Svr-Key = xx Acct-Delay-Time = 0 User-Name = eastpilb Proxy-State = BSP2ims01-syd/E084B8A3558A933FC21E351925257349AAEAD1F20F70D16B8156A80724198C 3F9780E2B10F70D3474A8A53D522 7794019780E2ED0F62DB2EB025DCCB4220DC54D0B191996016EA66D611CDC5576DE46AFBE2 - TUNNEL PACKET - Pros: Nothing. Appears most of the information below is duplicated above. Cons: Doesn't tell you where the user dialed up (the NAS-IP-Address is COMindico's LNS Server) *** Received from 203.194.28.132 port 1813 Code: Accounting-Request Identifier: 43 Authentic: 133T0155154156P129204144235181w176153V Attributes: Acct-Session-Id = 000138E8 Tunnel-Server-Endpoint = 0:203.194.29.248 Tunnel-Client-Endpoint = 0:203.220.251.65 Tunnel-Assignment-ID = 0:1 Tunnel-ID = 49:44176 Tunnel-Client-Auth-ID = 0:ACC01-WARA-KTA Tunnel-Server-Auth-ID = 0:LNS01-KENT-SYD Framed-Protocol = PPP Ascend-Connect-Progress = prCallUp Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port = 33 NAS-Port-Type = Virtual Calling-Station-Id = 891751477 Called-Station-Id = 142320198333401 Service-Type = Framed-User NAS-IP-Address = 203.194.30.244 Event-Timestamp = 1030370079 Acct-Delay-Time = 0 User-Name = eastpilb Proxy-State = BSP2ims01-syd/1977AAFCDD88DD49DA1DAA988803EF58DDBF6595956F445CA5DF21F972F4CD C1E0D556D6956F460C6E1D3FCF74 9ACDE2E0D5568A957D4E1994AC555414CD85B7A7E425FEFA097F51F298445A0180BD898CB7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Skeeve Stevens Sent: Monday, August 26, 2002 11:03 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) FW: Comindico DialIP Ports Anyone here have any experience doing the radius accounting with Comindico DialIP Ports? (Australia) I am not sure how to deal with their double accounting radius records. If they had the same session ID this would not be a problem... but they come from 2 sources with different id's maybe a second or two apart and I am really unsure how to differentiate them Anyone dealt with this that can help? ...Skeeve ___ Skeeve Stevens, RHCE Email: [EMAIL PROTECTED] Website: www.skeeve.org - Telephone: (0414) 753 383 Address: P.O Box 1035, Epping, NSW, 1710, Australia eIntellego - [EMAIL PROTECTED] - www.eintellego.net ___ Si vis pacem, para bellum === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
RE: (RADIATOR) Determine IP address request came to
I think %c.. Check the docco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Timothy G. Wells Sent: Sunday, August 25, 2002 10:29 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Determine IP address request came to Greetings, Has there been anything added to radiator to allow me to determine which IP a request came into radiator with? This is needed for a server with multiple IP's and one radiator process binding to all addresses. I brought this up maybe a year ago but no such attribute existed. I think it would be very helpful in general. Thanks, -- Tim -- This message has been scanned for viruses and dangerous content by IntelliBlock MailScanner (www.intelliblock.net), and is believed to be clean. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Determine IP address request came to
Ah, re-reading, I now understand your query .. Not in the list I have of attributes, anyhow.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Martin Edge Sent: Monday, August 26, 2002 9:07 AM To: Timothy G. Wells; [EMAIL PROTECTED] Subject: RE: (RADIATOR) Determine IP address request came to I think %c.. Check the docco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Timothy G. Wells Sent: Sunday, August 25, 2002 10:29 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Determine IP address request came to Greetings, Has there been anything added to radiator to allow me to determine which IP a request came into radiator with? This is needed for a server with multiple IP's and one radiator process binding to all addresses. I brought this up maybe a year ago but no such attribute existed. I think it would be very helpful in general. Thanks, -- Tim -- This message has been scanned for viruses and dangerous content by IntelliBlock MailScanner (www.intelliblock.net), and is believed to be clean. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) NumHosts in SQLRadius
Yeah, the issue is that SQLRadius works around the default of a maximum 2 within the object code.. (or whatever I manually set it to). Technically perhaps I could make the value so 'large' that it would hit no-rows first, and have to bail to the Host Failover settings.. The difference is, the way I have setup SQLRADIUS, I'm not limited by a set of hosts, for instance, in the configuration you supply within the goodies directory.. ... HostSelect select R.HOST%0, R.SECRET, R.AUTHPORT, \ R.ACCTPORT, R.RETRIES, R.RETRYTIMEOUT, \ R.USEOLDASCENDPASSWORDS, R.SERVERHASBROKENPORTNUMBERS, \ R.SERVERHASBROKENADDRESSES, R.IGNOREREPLYSIGNATURE, \ R.FAILUREPOLICY from RADSQLRADIUS R, RADSQLRADIUSINDIRECT I \ where I.SOURCENAME='%{Called-Station-Id}' and I.TARGETNAME=R.TARGETNAME ... In this example, NumHosts 2 is fine, because if we exceed this, It's designed to fallover to the default host config, the database structure has limited any further hosts being configurd. My issue is, there can be any number of RADIUS hosts, and I'd like to design the system so that it's happy to figure out how many hosts it has to choose from. My HostSelect: HostSelect SELECT downh.ip_address, downh.secret, downh.authport, downh.acctport, downh.retries, downh.retrytimeout, downh.failurebackofftime, down.failurepolicy, down.addtoreply, down.stripfromreply, down.allowinreply, down.addtoreplyifnotexist, down.defaultreply, down.addtorequest, down.stripfromrequest, down.addtorequestifnotexist, down.useoldascendpasswords, down.serverhasbrokenportnumbers, down.serverhasbrokenaddresses, down.ignorereplysignature FROM downstream_host downh, downstream_dnis ddnis, downstream down, downstream_host_preference downhp WHERE ddnis.dnis = '%{Called-Station-Id}' and ddnis.target_id = downhp.target_id and downhp.hostid = downh.hostid and ddnis.target_id = down.target_id and downhp.preftype = '%{Packet-Type}' and downhp.priority = '%0'; Perhaps the NumHosts flag could be rewrite to accept an SQL Query as well that allowed Radiator to figure out how many RADIUS targets maximum it had to deal with.. ? Stats: Yeah Cool :) Thanks, Martin -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 5:27 PM To: Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) NumHosts in SQLRadius Hello Martin - For the first point, no you cannot specify the number of hosts in the database, but I don't believe you need to have the number specified in any case as the query will just fail and fall back to the local Host definition. For the StatsLog, I suggest yo try some experiments to see what you get (and have a look at Radar). regards Hugh On Tuesday, August 20, 2002, at 02:52 AM, Martin Edge wrote: Hey Guys, Is there anyway to set NumHosts dynamically? Say perhaps via the first SQLRADIUS lookup, it returns the NumHosts variable? I'd prefer to not have to hard set this, as I'm trying to design the system around a dynamic number of destination RADIUS servers.. also.. What type of detail can I expect with trying to run StatsLogSQL with SQLRADIUS, as I would like to be able to scalably count the request/responses along with the number of downstream ISPs I am supporting. From what I read in the documentation, statistics are kept for each Identifier, the SQLRADIUS itself as an Identifier, but each downstream within the database, I would expect does not have it's own unique Identifier.. Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NumHosts in SQLRadius
Hey Guys, Is there anyway to set NumHosts dynamically? Say perhaps via the first SQLRADIUS lookup, it returns the NumHosts variable? I'd prefer to not have to hard set this, as I'm trying to design the system around a dynamic number of destination RADIUS servers.. also.. What type of detail can I expect with trying to run StatsLogSQL with SQLRADIUS, as I would like to be able to scalably count the request/responses along with the number of downstream ISPs I am supporting. From what I read in the documentation, statistics are kept for each Identifier, the SQLRADIUS itself as an Identifier, but each downstream within the database, I would expect does not have it's own unique Identifier.. Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about Radius and SQL
Hey Guys, Having a few issues, as we are unable to easily find out where the cause of the slowdown's we get when a "avalanche" scenario occurs. (where the amount of requests coming in, is faster than the processing power to complete them..) Is this necessarily an SQL timeout, or could there be other attributing factors to these errors: If so, how would we go about finding these out.. I tried LogMicroseconds in a Log FILE routine, and this is the output below.. (although I dont see any milliseconds results..) Thanks for your help, Martin snip Fri Jan 25 17:42:13 2002 32431: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:42:28 2002 911157: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:42:32 2002 481065: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:42:36 2002 960943: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:42:36 2002 982364: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:42:50 2002 371277: ERR: Execute failed for 'Sp_fetchUserPassword 'office'': SQL TimeoutFri Jan 25 17:42:52 2002 391393: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:42:52 2002 421577: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:43:07 2002 361641: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:43:07 2002 411189: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:43:21 2002 671671: ERR: Execute failed for 'Sp_fetchUserPassword 'simona'': SQL TimeoutFri Jan 25 17:43:23 2002 691896: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:43:23 2002 716376: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:43:39 2002 561994: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:42 2002 501985: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:45 2002 382053: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:43:47 2002 972065: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:43:50 2002 742074: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:53 2002 321952: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:55 2002 722314: ERR: Execute failed for 'Sp_fetchUserPassword 'shields'': SQL TimeoutFri Jan 25 17:43:58 2002 32217: ERR: Execute failed for 'Sp_fetchUserPassword 'shields'': SQL TimeoutFri Jan 25 17:44:00 2002 532429: ERR: Execute failed for 'Sp_fetchUserPassword 'blp04395'': SQL TimeoutFri Jan 25 17:44:02 2002 832373: ERR: Execute failed for 'Sp_fetchUserPassw ---------Martin Edge Technical Services Co-ordinator Phoneware Online eMail: [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 "In the end, it's speed, price and customer service." -
RE: (RADIATOR) (Radiator) SNMPAgent on NT4?
Believe you need SNMP_Session-0.90 Should be avaliable from CPAN Martin -Original Message- From: Kent, Ashley [mailto:[EMAIL PROTECTED]] Sent: Thursday, 24 January 2002 11:32 AM To: '[EMAIL PROTECTED]' Subject: (RADIATOR) (Radiator) SNMPAgent on NT4? Guys, I want to start doing mrtg monitoring of radius authentication requests on my NT4 radiator boxes. I'm having trouble getting hold of the correct snmp package. I've downloaded and installed net-snmp from http://www.activestate.com/PPMPackages/zips/6xx-builds-only, but this must be the wrong package since when I start radiator I get Thu Jan 24 10:14:15 2002: ERR: Could not load module Radius::SNMPAgent: Can't locate SNMP_util.pm in @INC (@INC contains: . d:/Perl/lib d:/Perl/site/lib .) at d:/Perl/site/lib/Radius/SNMPAgent.pm line 14, FILE line 189. BEGIN failed--compilation aborted at d:/Perl/site/lib/Radius/SNMPAgent.pm line 14, FILE line 189. Compilation failed in require at (eval 37) line 3, FILE line 189. From the mailing archives I see that the net-snmp package at sourceforge needs to be installed, but this looks to be for unix boxes only. What am I missing? Thanks, Ash. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Odd Issue with SNMPAgent
Hey Guys, Something I noticed last night while playing ... I have a radius server which runs two copies of Radiator Both copies run on separate bound IP's on the machine.. When running SNMPAgent using : # enable SNMP handlingSNMPAgent Portxx ROCommunityxxx BindAddress 202.160.128.46/SNMPAgent and # enable SNMP handlingSNMPAgent Portx ROCommunityx BindAddress 202.160.128.43/SNMPAgent The first one loads, but when loading the second, I get an error saying it is unable to bind to the IP, assuming that the first one is binding to everything, instead of the IP it was told to bind too.. Using SNMP_Session-0.90 + Radiator 2.19 Has this been seen before? Martin -Martin Edge Technical Services Co-ordinator Phoneware Online eMail: [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 "In the end, it's speed, price and customer service." -
(RADIATOR) Stopping processing on Invalid radius requests
Hey Guys, Is there a way to stop processing some radius packets depending on information? Like, for instance.. the radius stop record below is sent via a USR Nas who hasn't been able to authenticate a user, but it still sends the stop/start record because of the connection itself. There are other Ascend NAS's that react the same way for us. If I can possibly build a hook to just say drop this request, then I would save filling up logs with unnecessary SQL errors (Framed-IP-Address is required in all SQL entries, and where they aren't allocated one..) I'm not sure the syntax required in the hooks to say ACCEPT or REJECT user, or to just say stop processing User-Name = unauthenticated NAS-IP-Address = 202.160.140.3 Acct-Status-Type = Stop Acct-Session-Id = 51576937 Acct-Delay-Time = 0 Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 788 USR-Interface-Index = 2044 USR-Chassis-Call-Slot = 4 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 20 USR-Unauthenticated-Time = 2 USR-Modem-Training-Time = 18 Calling-Station-Id = 0298073422 Called-Station-Id = 0282053301 USR-Modulation-Type = v90Digital USR-Simplified-MNP-Levels = ccittV42 USR-Simplified-V42bis-Usage = ccittV42bis USR-Connect-Speed = 44000_BPS Framed-Protocol = PPP Acct-Session-Time = 20 Acct-Terminate-Cause = User-Request Disconnect-Reason = 8 Acct-Input-Octets = 127 Acct-Output-Octets = 215 Acct-Input-Packets = 5 Acct-Output-Packets = 7 Call-Arrived-time = 183605368 Call-Lost-time = 183605388 Thanks, Martin - Martin Edge Network Engineer Phoneware Online eMail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 Creating the structure necessary for your business internet requirements - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Rewriting Usernames on the Fly
Hey, I'm having a few issues working with hooks within Radiator. I'm trying to use a PreProcessing Hook, to modify the username of a user as they come in. It appears to grab the right data, but when I change the attribute, it doesn't appear to affect the username that is used to process. Is there another attribute or command I have to use to change the username of a user? The basic jist is, we are moving customers from they old usernames, to new ones, in a new billing system, and I want to be able to detect that they aren't using a normal username, use the one they entered to look for a new one, and then set the new one, to it. Any help would be appreciated, but I feel I'm probably just missing something and this is simpler than it looks.. My code is below for the hook: sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; my $username = $p-get_attr('User-Name'); if ($username) { if (!grep(/^[a-z][a-z][a-z][0-9][0-9][0-9][0-9][0-9].*/, $username)) { main::log($main::LOG_DEBUG, This isn't a standard username, grabbing alternate); my $user = weee; my $pwd = b00; my $dbh = DBI-connect(dbi:Sybase:server=secure-nike.izone.net.au;database=nb9901 , $user, $pwd); my $sth = $dbh-prepare(select id_user from serviceuser where id_alternate = '$username'); my $error = $sth-execute; my @results = $sth-fetch; #main::log($main::LOG_DEBUG, select id_user from serviceuser where id_alternate = '$username'); #main::log($main::LOG_DEBUG, my alternative username $username translates to $results[0]-[0]); # Find the new username $p-change_attr('User-Name', $results[0]-[0]); } } return; } - Martin Edge Network Engineer Phoneware Online eMail: [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 Creating the structure necessary for your business internet requirements - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.