[RADIATOR] reference manual - date stamps
Hey Guys,
Correct me if I'm wrong, but in the reference material, in multiple locations
(for instance page 110) an example is given on how to insert into oracle.
It says:
AcctColumnDefTIME_STAMP,Timestamp,formatted-date,to_date\
('%e %m %Y %H:%M:%S', 'DD MM HH24:MI:SS')
This will result in a an insert statement something like this:
insert into ACCOUNTING(TIME_STAMP, ..) values
(to_date('16 02 1999 16:40:02', 'DD MM HH24:MI:SS'), )
According to further down in the manual %e is actually the two digits of the
year. %i is the day of the month.
%i The Timestamp day of the month (2 digits)
Thanks
Martin.
Martin Edge
Software Development, Business Analysis, Product Management and Design
[cid:image001.jpg@01CB2A67.87FE9E40]
Emersion Software Systems Pty Ltd
Phone: .. 1300 793 310
Fax: .. 1300 793 320
Address: L7, 313 LaTrobe Street, Melbourne VIC 3000
Website:
http://www.emersion.com.auhttp://www.emersion.com.au/
General Enquiries: .. i...@emersion.com.aumailto:i...@emersion.com.au
This communication may contain CONFIDENTIAL or copyright information of
Emersion Software Systems Pty Ltd (ABN 28 119 061 791). If you are not an
intended recipient, you MUST NOT read, print, keep, forward, copy, use, save,
retransmit or rely on this communication or any attachments, and any such
action is unauthorised and prohibited. If you have received this communication
in error, please reply to this e-mail to notify the sender of its incorrect
delivery, and then delete both it and your reply. Emersion does not guarantee
the integrity of any emails or any attached files. The views or opinions
expressed are the author's own and may not reflect the views or opinions of
Emersion. Thank you.
inline: image001.jpg___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] reference manual - date stamps
Actually, %d, is the right one, it seems.
Thanks
Martin.
From: radiator-boun...@open.com.au [mailto:radiator-boun...@open.com.au] On
Behalf Of Martin Edge
Sent: Friday, 23 July 2010 1:04 PM
To: radiator@open.com.au
Subject: [RADIATOR] reference manual - date stamps
Hey Guys,
Correct me if I'm wrong, but in the reference material, in multiple locations
(for instance page 110) an example is given on how to insert into oracle.
It says:
AcctColumnDefTIME_STAMP,Timestamp,formatted-date,to_date\
('%e %m %Y %H:%M:%S', 'DD MM HH24:MI:SS')
This will result in a an insert statement something like this:
insert into ACCOUNTING(TIME_STAMP, ..) values
(to_date('16 02 1999 16:40:02', 'DD MM HH24:MI:SS'), )
According to further down in the manual %e is actually the two digits of the
year. %i is the day of the month.
%i The Timestamp day of the month (2 digits)
Thanks
Martin.
Martin Edge
Software Development, Business Analysis, Product Management and Design
[cid:image001.jpg@01CB2A68.9FB70C10]
Emersion Software Systems Pty Ltd
Phone: .. 1300 793 310
Fax: .. 1300 793 320
Address: L7, 313 LaTrobe Street, Melbourne VIC 3000
Website:
http://www.emersion.com.auhttp://www.emersion.com.au/
General Enquiries: .. i...@emersion.com.aumailto:i...@emersion.com.au
This communication may contain CONFIDENTIAL or copyright information of
Emersion Software Systems Pty Ltd (ABN 28 119 061 791). If you are not an
intended recipient, you MUST NOT read, print, keep, forward, copy, use, save,
retransmit or rely on this communication or any attachments, and any such
action is unauthorised and prohibited. If you have received this communication
in error, please reply to this e-mail to notify the sender of its incorrect
delivery, and then delete both it and your reply. Emersion does not guarantee
the integrity of any emails or any attached files. The views or opinions
expressed are the author's own and may not reflect the views or opinions of
Emersion. Thank you.
inline: image001.jpg___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
(RADIATOR) Retries - Could be a silly question
Hey Guys, Retries 0 , AuthRADIUS Retry never, or retry forever? Martin
(RADIATOR) Using UseExtendedId
Title: Message Hey Guys, Having a few issues after implementing UseExtendedId in ournetwork, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? ThanksMartin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au Level 9 432 St Kilda RdMelbourne VIC 3004NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify.
RE: (RADIATOR) Using UseExtendedId
Hi Hugh,
It appears they are not responding with the Proxy-State attribute,
therefore our RADIUS system is coming up unknown reply to packet.
For instance:
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS
for request 239 from 203.30.19.248:1846
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in AuthRADIUS
for request 240 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS
for request 241 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in AuthRADIUS
for request 241 from 202.71.168.62:1846
Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in AuthRADIUS
for request 242 from 202.71.168.62:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS
for request 242 from 203.30.19.248:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in AuthRADIUS
for request 243 from 202.71.168.62:1846
Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in AuthRADIUS
for request 243 from 203.30.19.248:1846
Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in AuthRADIUS
for request 244 from 203.30.19.248:1846
*** Sending to 202.4.30.2 port 1646
Code: Accounting-Request
Identifier: 74
Authentic:
Attributes:
Acct-Session-Id = 2F85
Framed-Protocol = PPP
Framed-IP-Address = 203.194.16.52
Ascend-Connect-Progress = prLanSessionUp
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = XXX
Called-Station-Id = XXX
NAS-Port-Type = Async
NAS-Port = 7393
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.8
Ascend-Session-Svr-Key = XXX
NAS-Identifier = ACC08-XX
Acct-Delay-Time = 0
User-Name = X
Timestamp = 1056005873
Proxy-State = OSC-Extended-Id=330
Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted
Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
*** Received from 202.4.30.2 port 1646
Code: Accounting-Response
Identifier: 74
Authentic: 181156NP130;{`21226+{U1331406
Attributes:
Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in AuthRADIUS
for request 74 from 202.4.30.2:1646
Thanks
Martin
Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Thursday, 19 June 2003 4:38 PM
To: Martin Edge; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId
Hello Martin -
I am curious to know what the problem is with these customers? What
exactly do they not support?
I have copied Mike on this mail so he can answer the per-host use of
UseExtendedId.
regards
Hugh
On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge
wrote:
Hey Guys,
Having a few issues after implementing UseExtendedId in our network,
much like your documentation suggests, it all works fine except when we
have a customer that doesn't support it within their RADIUS system.
Do you know whether UseExtendedId will work as a row returned within
SQLRADIUS? 0 or blank for dont use, 1 for use it?
Thanks
Martin
Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868
Fax: +61 3 9868 9900
www.kbs.net.au
image.tiff
NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Thanks, I'll give it a bash.. Martin -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:57 PM To: Hugh Irvine; Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
Hi guys, Looks like it doesn't work as expected. Not seeing any Proxy-State values being implemented when relying on SQL RADIUS, have confirmed my database is coming up with a '1' to say use it, as soon as I readd 'UseExtendedIds' to the AuthBy the stuff below sits, it works fine again. Within SQLRADIUS : HostColumnDef 0, Host HostColumnDef 1, Secret HostColumnDef 2, AuthPort HostColumnDef 3, AcctPort HostColumnDef 4, Retries HostColumnDef 5, RetryTimeout HostColumnDef 6, FailureBackoffTime HostColumnDef 7, FailurePolicy HostColumnDef 8, AddToReply HostColumnDef 9, StripFromReply HostColumnDef 10, AllowInReply HostColumnDef 11, AddToReplyIfNotExist HostColumnDef 12, DefaultReply HostColumnDef 13, AddToRequest HostColumnDef 14, StripFromRequset HostColumnDef 15, AddToRequestIfNotExist HostColumnDef 16, UseOldAscendPasswords HostColumnDef 17, ServerHasBrokenPortNumbers HostColumnDef 18, ServerHasBrokenAddresses HostColumnDef 19, IgnoreReplySignature HostColumnDef 20, UseExtendedIds Is this because I am still using depreciated fields, UseOldAs.. And ServerHasBr.. ? Thanks Martin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Edge Sent: Thursday, 19 June 2003 5:02 PM To: 'Mike McCauley'; 'Hugh Irvine' Cc: [EMAIL PROTECTED] Subject: RE: (RADIATOR) Using UseExtendedId Thanks, I'll give it a bash.. Martin -Original Message- From: Mike McCauley [mailto:[EMAIL PROTECTED] Sent: Thursday, 19 June 2003 4:57 PM To: Hugh Irvine; Martin Edge Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Using UseExtendedId Hello Martin, On Thu, 19 Jun 2003 04:38 pm, Hugh Irvine wrote: Hello Martin - I am curious to know what the problem is with these customers? What exactly do they not support? I have copied Mike on this mail so he can answer the per-host use of UseExtendedId. Yes, that should work OK as you described it. Cheers. regards Hugh On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge wrote: Hey Guys, Having a few issues after implementing UseExtendedId in our network, much like your documentation suggests, it all works fine except when we have a customer that doesn't support it within their RADIUS system. Do you know whether UseExtendedId will work as a row returned within SQLRADIUS? 0 or blank for dont use, 1 for use it? Thanks Martin Martin Edge Senior Applications Engineer [EMAIL PROTECTED] KBS Internet Pty Ltd Phone: 1300 302 134 Phone: +61 3 9868 Fax: +61 3 9868 9900 www.kbs.net.au image.tiff NOTICE - This message contains information intended only for the use of the addressee named above. It may also be confidential and/or privileged. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP etc on Unix, Windows, MacOS etc. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Using UseExtendedId
I'll see I can find out which products these customers are using..
(pretty sure it's not Radiator)
Thanks
Martin
Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Thursday, 19 June 2003 5:12 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId
Hello Martin -
Not returning a Proxy-State attribute is quite broken behaviour.
regards
Hugh
On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge
wrote:
Hi Hugh,
It appears they are not responding with the Proxy-State attribute,
therefore our RADIUS system is coming up unknown reply to packet.
For instance:
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 239 from 203.30.19.248:1846
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 240 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 241 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 241 from 202.71.168.62:1846
Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 242 from 202.71.168.62:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 242 from 203.30.19.248:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 243 from 202.71.168.62:1846
Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 243 from 203.30.19.248:1846
Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 244 from 203.30.19.248:1846
*** Sending to 202.4.30.2 port 1646
Code: Accounting-Request
Identifier: 74
Authentic:
Attributes:
Acct-Session-Id = 2F85
Framed-Protocol = PPP
Framed-IP-Address = 203.194.16.52
Ascend-Connect-Progress = prLanSessionUp
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = XXX
Called-Station-Id = XXX
NAS-Port-Type = Async
NAS-Port = 7393
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.8
Ascend-Session-Svr-Key = XXX
NAS-Identifier = ACC08-XX
Acct-Delay-Time = 0
User-Name = X
Timestamp = 1056005873
Proxy-State = OSC-Extended-Id=330
Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted
Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
*** Received from 202.4.30.2 port 1646
Code: Accounting-Response
Identifier: 74
Authentic: 181156NP130;{`21226+{U1331406
Attributes:
Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 74 from 202.4.30.2:1646
Thanks
Martin
Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use
of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Thursday, 19 June 2003 4:38 PM
To: Martin Edge; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId
Hello Martin -
I am curious to know what the problem is with these customers? What
exactly do they not support?
I have copied Mike on this mail so he can answer the per-host use of
UseExtendedId.
regards
Hugh
On Thursday, Jun 19, 2003, at 16:23 Australia/Melbourne, Martin Edge
wrote:
Hey Guys,
Having a few issues after implementing UseExtendedId in our network,
much like your documentation suggests, it all works fine except when
we
have a customer that doesn't support it within their RADIUS system.
Do you know whether UseExtendedId will work as a row returned
RE: (RADIATOR) Using UseExtendedId
Have 1 instance of MacRadius, one of ICRadius 0.18, one X-Radius 1.2.1
which I've never heard of.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Martin Edge
Sent: Thursday, 19 June 2003 5:31 PM
To: 'Hugh Irvine'
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Using UseExtendedId
I'll see I can find out which products these customers are using..
(pretty sure it's not Radiator)
Thanks
Martin
Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Thursday, 19 June 2003 5:12 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId
Hello Martin -
Not returning a Proxy-State attribute is quite broken behaviour.
regards
Hugh
On Thursday, Jun 19, 2003, at 17:00 Australia/Melbourne, Martin Edge
wrote:
Hi Hugh,
It appears they are not responding with the Proxy-State attribute,
therefore our RADIUS system is coming up unknown reply to packet.
For instance:
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 239 from 203.30.19.248:1846
Thu Jun 19 16:47:47 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 240 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 241 from 203.30.19.248:1846
Thu Jun 19 16:47:50 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 241 from 202.71.168.62:1846
Thu Jun 19 16:47:53 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 242 from 202.71.168.62:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 242 from 203.30.19.248:1846
Thu Jun 19 16:47:55 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 243 from 202.71.168.62:1846
Thu Jun 19 16:47:58 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 243 from 203.30.19.248:1846
Thu Jun 19 16:48:00 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 244 from 203.30.19.248:1846
*** Sending to 202.4.30.2 port 1646
Code: Accounting-Request
Identifier: 74
Authentic:
Attributes:
Acct-Session-Id = 2F85
Framed-Protocol = PPP
Framed-IP-Address = 203.194.16.52
Ascend-Connect-Progress = prLanSessionUp
Acct-Authentic = RADIUS
Acct-Status-Type = Start
Calling-Station-Id = XXX
Called-Station-Id = XXX
NAS-Port-Type = Async
NAS-Port = 7393
Service-Type = Framed-User
NAS-IP-Address = 203.194.30.8
Ascend-Session-Svr-Key = XXX
NAS-Identifier = ACC08-XX
Acct-Delay-Time = 0
User-Name = X
Timestamp = 1056005873
Proxy-State = OSC-Extended-Id=330
Thu Jun 19 16:57:53 2003: DEBUG: Accounting accepted
Thu Jun 19 16:57:53 2003: DEBUG: Packet dump:
*** Received from 202.4.30.2 port 1646
Code: Accounting-Response
Identifier: 74
Authentic: 181156NP130;{`21226+{U1331406
Attributes:
Thu Jun 19 16:57:53 2003: WARNING: Unknown reply received in
AuthRADIUS
for request 74 from 202.4.30.2:1646
Thanks
Martin
Martin Edge
Senior Applications Engineer
[EMAIL PROTECTED]
KBS Internet Pty Ltd
Phone: 1300 302 134
Phone: +61 3 9868
Fax: +61 3 9868 9900
www.kbs.net.au
Level 9
432 St Kilda Rd
Melbourne VIC 3004
NOTICE - This message contains information intended only for the use
of
the addressee named above. It may also be confidential and/or
privileged. If you are not the intended recipient of this message you
are hereby notified that you must not disseminate, copy or take any
action in reliance on it. If you have received this message in error
please notify.
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Thursday, 19 June 2003 4:38 PM
To: Martin Edge; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Using UseExtendedId
Hello Martin -
I am curious to know what the problem is with these customers? What
exactly do they not support?
I have copied Mike on this mail so he can answer the per-host use of
UseExtendedId.
regards
Hugh
On Thursday, Jun
(RADIATOR) Handler for capturing 151 at the end of the Called-Station-Id
Title: Message Hey Guys, Just a quick check.. How would I write a handler to capture all numbers ending in a particular suffix? Handler Called-Station-Id=/151$/ ? Obviously 151 is quite small and likely to appear in the middle of parts of other numbers... Thus has to be matched on the end of the line. Thanks Martin Edge Martin EdgeSystems/Applications EngineerKBS InternetPh: 1300 727 205Web: http://www.kbs.net.au/Wholesale: http://xray.kbs.net.au/Email: [EMAIL PROTECTED]
(RADIATOR) Question on FailurePolicy within SQLRADIUS
Hey Guys, Quick question (well, it might not be ;)), I have a feeling I might have asked something along the same lines before.. But I'm trying to test the FailurePolicy settings within SQLRADIUS. Having a look.. Now, within the code, it's saying if HostColumnDef exists, then use getHostColumns in order to set the current configuration for the next host to proxy to. When the failurepolicy is set from retrieving the server, I'm trying to confirm whether it would be assigning the FailurePolicy to that one server, just for that request, or to a group of packets to the same destination server port pair. $fp is used within the code here, but I'm not sure what that is referencing .. Appears to be the current packet instance ? Technically, if there is no host to proxy to, (which I guessing is quite possible as there is no single identifier for a destination proxy, This is that NumHosts debarkle again), then it will fall back to the superclass to fall back to any hardwired hosts. At which point does it honor the failurepolicy ? Is the expectation that a FailurePolicy will only be used when the hosts that are avaliable are being ignored? Not when HostSelect returns no results on the second attempt for those downstreams with an additional RADIUS server (as defined by the limitations of NumHosts) that don't exist? I guess the global issue appears to be that a downstream proxy customer isn't identified as anyone in particular within the RADIUS code. Is there any plans for development within the SQLRADIUS module to create an pseudo-identifier, to give the ability to configuring information about the downstream and setting statistics etc. for each Downstream Identifier within the SQLRADIUS results.. ? Or is this too specific and would be best hiding in it's own AuthBy Module ? Hope I'm not being too confusing :-) Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) using the already connected DB refs
Hey Guys,
Little curious, I need to perform an Extra SQL query while processing RADIUS
requests, and set the value to an internal Radiator variable, it comes from
the same database, so I was wondering how one would utilise the existing DB
connection easily, without having to spawn an additional one using DBI.
Below is the code I'm using..
# find the POP id
sub
{
my $p = ${$_[0]};
my $nasip;
my $db;
$nasip = $p-get_attr('NAS-IP-Address');
# If there is a NAS at all..
if ($nasip) {
use DBI;
my $user = xx;
my $password = x;
my $database = xx;
my $dsn = DBI:mysql:database=$database;host=192.168.3.21;
$db = DBI-connect($dsn, $user, $password);
if (!$db) {
main::log($main::LOG_DEBUG,Failed Bringin Up
Second DB\n.DBI::errstr);
return;
}
# get the popid
my $popidquery = select popid from nascache where
nasidentifier = '$nasip';
my $sth = $db-prepare($popidquery);
$sth-execute;
my $popid = ($sth-fetchrow())[0];
if ($popid) {
main::setVariable(popid, $popid);
main::log($main::LOG_DEBUG,Resolved Packet to
POPid $popid);
} else {
main::log($main::LOG_DEBUG,No POPid for NASIP
$nasip);
main::setVariable(popid, 0);
}
}
Regards,
Martin Edge
Software/Network Engineer
KBS Internet
Phone: 1300 727 205
Web: http://www.kbs.net.au/
Extranet: http://xray.kbs.net.au/
eMail: [EMAIL PROTECTED]
-=-=-=-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Bug
Hey Guys, Believe I have tripped across somewhere which could do with a bit more error checking I am able to reproduce it, but I'd prefer not to ;-) A previous configuration file that I upgraded to the new version of radiator was using formatted-date in an AcctColumnDef We use Oracle, and therefore have a to_date function that we call on Oracle, in order to conform to the Oracle date standards. The issue was, once running this on the new version of Radiator (because we were lacking the TimeDate perl module), the authentications were successful, and the accounting packets caused the Radiator server to restart (even on Trace5) by displaying: Wed Oct 23 09:57:02 2002: DEBUG: Handling with Radius::AuthSQL Wed Oct 23 09:57:02 2002: DEBUG: Reading users file /usr/local/etc/radiator//reject.users Wed Oct 23 09:57:02 2002: INFO: Server started: Radiator 3.3.1 on radius01 Just a note as there is no debugging to hint at what the problem was. As soon as TimeDate was installed, it was successful. Regards, Martin Edge Software/Network Engineer KBS Internet Phone: 1300 727 205 Web: http://www.kbs.net.au/ Extranet: http://xray.kbs.net.au/ eMail: [EMAIL PROTECTED] -=-=-=- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Problem with SNMP communities
Hey Ganbold,
Try this - Usage: snmpget [-Cf] [options...] hostname {community}
[objectID ...]
My SNMPGet is from UCD-SNMP version 4.2.4
Martin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Mike McCauley
Sent: Wednesday, October 09, 2002 2:06 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Problem with SNMP communities
-- Forwarded Message --
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission
from [Ganbold
[EMAIL PROTECTED]]
Date: Tue, 8 Oct 2002 17:59:47 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
From [EMAIL PROTECTED] Tue Oct 8 17:59:46 2002
Received: from publica.ub.mng.net (publica.ub.mng.net [202.179.0.80])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g98MxhC30280
for [EMAIL PROTECTED]; Tue, 8 Oct 2002 17:59:44 -0500
Received: (from root@localhost)
by publica.ub.mng.net (8.12.5/8.12.2) id g993lBFp059231
for [EMAIL PROTECTED]; Wed, 9 Oct 2002 11:47:11 +0800 (ULAT)
(envelope-from [EMAIL PROTECTED])
Received: from ganbold.publica.ub.mng.net (external.micom.mng.net
[202.179.0.164]) (authenticated bits=0)
by publica.ub.mng.net (8.12.5/8.12.3) with ESMTP id g993lANC059221
for [EMAIL PROTECTED]; Wed, 9 Oct 2002 11:47:10 +0800 (ULAT)
(envelope-from [EMAIL PROTECTED])
Message-Id: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Wed, 09 Oct 2002 11:56:14 +0900
To: [EMAIL PROTECTED]
From: Ganbold [EMAIL PROTECTED]
Subject: Problem with SNMP communities
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Hi,
We have problem with snmpget. We put SNMP community in client config part
but when snmpget runs it uses 'public'
to get info. How can I make snmpget to use MN-2008?
snmpget Version is 5.0.1.
tia,
Ganbold
Following is the part of config file and debug ouput.
--
---
-- Client 202.179.0.130
Secret xxx
DupInterval 60
NasType Cisco
SNMPCommunity MN-2008
StatusServerShowClientDetails
/Client
Client 202.179.0.135
Secret xxx
DupInterval 60
NasType Cisco
SNMPCommunity MN-2008
StatusServerShowClientDetails
/Client
Client 202.179.1.2
Secret xxx
DupInterval 60
NasType Cisco
SNMPCommunity MN-2008
StatusServerShowClientDetails
/Client
Client 202.179.0.133
Secret xxx
DupInterval 60
NasType AscendSNMP
SNMPCommunity MN-2008
StatusServerShowClientDetails
/Client
--
---
--
--- debug
---
Tue Oct 8 20:41:01 2002: DEBUG: Handling with Radius::AuthSQL
Tue Oct 8 20:41:01 2002: DEBUG: Handling with Radius::AuthSQL:
CiscoAdjustAuthOnly
Tue Oct 8 20:41:01 2002: DEBUG: Query is: select
ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,if(PREPAID=YES,TIMELEFT,NIGHT) as
TIME, class from SUBSCRIBERS where USERNAME='koicamgl' and STATUS='Active'
Tue Oct 8 20:41:01 2002: DEBUG: Radius::AuthSQL looks for match
with koicamgl
Tue Oct 8 20:41:01 2002: DEBUG: Query is: select
NASIDENTIFIER,NASPORT,ACCTSESSIONID from RADONLINE where
USERNAME='koicamgl'
Tue Oct 8 20:41:01 2002: DEBUG: Checking if user is still online: Cisco,
koicamgl, 202.179.0.135, 274, 0001F0F2
Tue Oct 8 20:41:01 2002: DEBUG: Running command `/usr/local/bin/snmpget -c
'public' 202.179.0.135
.iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.274`
Tue Oct 8 20:41:07 2002: NOTICE: SQL1 Session for koicamgl at
202.179.0.135:274 has gone away
Tue Oct 8 20:41:07 2002: DEBUG: SQL1 Deleting session for koicamgl,
202.179.0.135, 274
Tue Oct 8 20:41:07 2002: DEBUG: do query is: delete from RADONLINE where
USERNAME='koicamgl' and NASIDENTIFIER='202.179.0.130' and NASPORT='77'
Tue Oct 8 20:41:07 2002: DEBUG: Checking if user is still online: Cisco,
koicamgl, 202.179.0.130, 93, 0291
Tue Oct 8 20:41:07 2002: DEBUG: Running command `/usr/local/bin/snmpget -c
'public' 202.179.0.130
.iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.93`
---
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at
RE: (RADIATOR) hostslect FAILUREPOLICY bug!
Yeah, this is the similar effect I have seen as well.
For instance, it was falling back to the default defined AuthBy RADIUS
within SQL RADIUS, after NumHosts was reached, instead of adhering to the
selected Failure Policy. If there was not one defined, it simply ignored.
This is what made me nervous about just letting NumHosts be static.
Oh, the other reason my NumHostSelect query was so important, what about
when there isn't as many authentication servers as there is accounting
servers?
This is the extract from AuthSQLRADIUS that speaks of failurepolicy :
#
# Called when no reply is received fromn any of the attempted
# hosts.
# Look at the failure policy we recorded from the database
# and maybe implement it
sub noreply
{
my ($self, $fp, $p) = @_;
# Call the NoReply hook if there is one, you could adjust the pending
reply here
$self-SUPER::noreply($fp, $p, $p-{rp});
if (defined $fp-{failurePolicy})
{
# The database told us how to deal with failure
$self-adjustReply($p);
$p-{Handler}-handlerResult
($p, $fp-{failurePolicy}, 'SQLRADIUS Proxy failed');
}
return;
}
However, in adjustReply there is no mention of FailurePolicy.. I couldn't
find anything in handlerResult either..
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Mohamed Majdoubi
Sent: Wednesday, September 11, 2002 10:53 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) hostslect FAILUREPOLICY bug!
Hi
i am trying to use FAILUREPOLICY field in the hostselect statement. The
value FAILUREPOLICY is set to 1 (see the database output), this should
result in a reject to NAS if the host radius does not respond. unfortunatly
this is not happening, the NAS gets still no answer from the proxy radius. i
can conclude that the proxy radius does use the failure policy to send a
reject instead of a ignore. below you can find configuration and the output
with kind regards
Mohamed Majdoubi
KPN Telecom
#
radius setup
#
||||
||
| NAS | - proxy |
radius
||||
||
#
Configuration
#
AuthBy SQLRADIUS
Identifier ProxyToOffice
FailureBackoffTime 60
DBSource dbi:mysql:ProxyDB
DBUsername root
DBAuth
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES,
RETRYTIMEOUT, FAILUREPOLICY from \
RADSQLRADIUS where TARGETNAME='%R'
StripFromRequest Cisco-NAS-Port, \
NAS-Port, \
NAS-Port-Type, \
NAS-IP-Address, \
Called-Station-Id, \
Calling-Station-Id
AddToRequest Service-Class = %{Reply:Service-Class}
AllowInReply Service-Type, \
Framed-Protocol, \
Framed-IP-Netmask, \
Framed-IP-Address, \
Ascend-Client-Primary-DNS, \
Ascend-Client-Secondary-DNS, \
Loopback-Tag, \
Release-Name, \
VRF-Tag
ReplyHook file:%D/reply.pl
/AuthBy
#
Database output
#
mysql select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT,
FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1';
+---++--+--+-+--+---
+
| HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT |
FAILUREPOLICY |
+---++--+--+-+--+---
+
| 127.0.0.1 | kpn| 1812 | 1813 | 2 |5 |
1 |
+---++--+--+-+--+---
+
1 row in set (0.00 sec)
#
Debug
#
Code: Access-Request
Identifier: 2
Authentic: 1234567890123456
Attributes:
User-Name = mohamed@office1
Service-Type = Framed-User
User-Password =
166186H1By%222155151153171216!U133
Service-Class = office2-1.1.1.1-
Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting
Wed Sep 11 11:03:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812
Packet length = 83
01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66
66 69 63 65 31 06 06 00 00 00 02
(RADIATOR) FW: As requested.
Hey Guys,
On what conditions does a packet appear to Radiator as Duplicate?
Below I attach two RADIUS packets I received, within 1 second of each other.
Of course, the second packet was said to be duplicated, but the packets
themselves would show they are completely different..
Thanks,
Martin :-)
-- FIRST PACKET IN
Thu Sep 5 00:14:46 2002: DEBUG: Packet dump:
*** Received from 203.194.56.121 port 1813
Code: Accounting-Request
Identifier: 167
Authentic: h254]166V243.18245V2480Y236211v
Attributes:
NAS-IP-Address = 203.220.252.241
NAS-Port = 7204
NAS-Port-Type = Async
Called-Station-Id = 142330886300424
Calling-Station-Id = 886324356
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = 0009E3D8
Framed-Protocol = PPP
Ascend-Session-Svr-Key = AA9D6ABD
Acct-Link-Count = 1
Ascend-Num-In-Multilink = 1
Acct-Multi-Session-Id = 25972
Framed-IP-Address = 203.220.230.249
Ascend-PreSession-Time = 24
Ascend-Pre-Input-Octets = 157
Ascend-Pre-Output-Octets = 113
Ascend-Pre-Input-Packets = 5
Ascend-Pre-Output-Packets = 4
Acct-Input-Octets = 706094
Acct-Output-Octets = 2766801
Acct-Input-Packets = 5904
Acct-Output-Packets = 5436
Acct-Session-Time = 2286
Ascend-Multilink-ID = 25972
Acct-Delay-Time = 0
User-Name = andym
Proxy-State =
BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0
3488D35E66BCBA8CADB716F56D71F9EC12
430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81
Thu Sep 5 00:14:46 2002: DEBUG: Handling request with Handler ''
Thu Sep 5 00:14:46 2002: DEBUG: mysessiondb Adding session for andym,
203.220.252.241, 7204
Thu Sep 5 00:14:46 2002: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.220.252.241' and NASPORT=07204
--- FIRST PACKET END ---
--- FIRST PACKET RESPONSE START
Thu Sep 5 00:14:46 2002: DEBUG: Accounting accepted
Thu Sep 5 00:14:46 2002: DEBUG: Packet dump:
*** Sending to 203.194.56.121 port 1813
Code: Accounting-Response
Identifier: 167
Authentic: h254]166V243.18245V2480Y236211v
Attributes:
Proxy-State =
BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0
3488D35E66BCBA8CADB716F56D71F9EC12
430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81
--- FIRST PACKET RESPONSE STOP -
--- SECOND PACKET START-
Thu Sep 5 00:14:47 2002: DEBUG: Packet dump:
*** Received from 203.194.56.121 port 1813
Code: Accounting-Request
Identifier: 167
Authentic: 2I136PA3s244{30k191143hN196
Attributes:
Acct-Session-Id = 3541
Framed-Protocol = PPP
Framed-IP-Address = 203.220.218.5
Ascend-Connect-Progress = prLanSessionUp
Ascend-PreSession-Time = 36
Ascend-Xmit-Rate = 33600
Ascend-Data-Rate = 33600
Acct-Session-Time = 12200
Connect-Info = 33600 V34+/V42bis/LAPM
Acct-Input-Octets = 817119
Acct-Output-Octets = 4990544
Ascend-Pre-Input-Octets = 122
Ascend-Pre-Output-Octets = 114
Acct-Input-Packets = 9177
Acct-Output-Packets = 11655
Ascend-Pre-Input-Packets = 5
Ascend-Pre-Output-Packets = 5
Acct-Terminate-Cause = Session-Timeout
Ascend-Disconnect-Cause = sessTimeOut
Acct-Authentic = RADIUS
Acct-Status-Type = Stop
NAS-Port = 7241
Called-Station-Id = 142320198333414
Calling-Station-Id = 891881736
NAS-Port-Type = Async
Service-Type = Framed-User
NAS-IP-Address = 203.220.251.113
Ascend-Session-Svr-Key = EE3451F2
Event-Timestamp = 103114
Acct-Delay-Time = 0
User-Name = noseeds
Proxy-State =
BSP2ims01-syd/7685C184EE7199F2CBEA363B011E321B84656D6D2109E1F70235F83144
1D0F6D91616D6D21E52A2BF9E7FE5F5856
C4B14B386D7F2682D08476F99E081003485CE249020B18CAB6B06CF98B543D307C
Thu Sep 5 00:14:47 2002: INFO: Duplicate request id 167 received from
203.194.56.121(1813): ignored
--- SECOND PACKET STOP -
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) FW: As requested.
Hey Hugh,
This is the reply from my supplier :-
The ID of a RADIUS packet is a 1 byte field, range 1-255. It's set by
the NAS so it's likely that different NAS's will set the same ID at the
same time. When proxying, the proxy-state attribute is added and this
becomes the new unique ID of the packet from the Proxy - Customer
RADIUS perspective. If decoding the proxy-state you would see info like
NAS IP, RADIUS packet ID, Username, DNIS and a few other fields that
make the packet unique (perhaps a little excessive).
So I guess my next question is, would it be more effective for the
Proxy-State attribute to become the new identifier, and how would I go about
implementing it as the unique identifier in a packet. (Given the range of
the standard Identifier being so small)
Thanks,
Martin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Hugh Irvine
Sent: Friday, September 06, 2002 10:13 AM
To: Martin Edge
Cc: Radiator
Subject: Re: (RADIATOR) FW: As requested.
Hello Martin -
As Toomas mentioned (thanks Toomas), it is the Identifier 167 that is
used to detect duplicates during the DupInterval that is defined for
this Client. The DupInterval is a sliding window in time within which
identical Identifiers are considered to be duplicates.
Note that this is the definition from the RFC.
regards
Hugh
On Thursday, September 5, 2002, at 05:16 PM, Martin Edge wrote:
Hey Guys,
On what conditions does a packet appear to Radiator as Duplicate?
Below I attach two RADIUS packets I received, within 1 second of each
other.
Of course, the second packet was said to be duplicated, but the packets
themselves would show they are completely different..
Thanks,
Martin :-)
-- FIRST PACKET IN
Thu Sep 5 00:14:46 2002: DEBUG: Packet dump:
*** Received from 203.194.56.121 port 1813
Code: Accounting-Request
Identifier: 167
Authentic: h254]166V243.18245V2480Y236211v
Attributes:
NAS-IP-Address = 203.220.252.241
NAS-Port = 7204
NAS-Port-Type = Async
Called-Station-Id = 142330886300424
Calling-Station-Id = 886324356
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = 0009E3D8
Framed-Protocol = PPP
Ascend-Session-Svr-Key = AA9D6ABD
Acct-Link-Count = 1
Ascend-Num-In-Multilink = 1
Acct-Multi-Session-Id = 25972
Framed-IP-Address = 203.220.230.249
Ascend-PreSession-Time = 24
Ascend-Pre-Input-Octets = 157
Ascend-Pre-Output-Octets = 113
Ascend-Pre-Input-Packets = 5
Ascend-Pre-Output-Packets = 4
Acct-Input-Octets = 706094
Acct-Output-Octets = 2766801
Acct-Input-Packets = 5904
Acct-Output-Packets = 5436
Acct-Session-Time = 2286
Ascend-Multilink-ID = 25972
Acct-Delay-Time = 0
User-Name = andym
Proxy-State =
BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0
3488D35E66BCBA8CADB716F56D71F9EC12
430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81
Thu Sep 5 00:14:46 2002: DEBUG: Handling request with Handler ''
Thu Sep 5 00:14:46 2002: DEBUG: mysessiondb Adding session for andym,
203.220.252.241, 7204
Thu Sep 5 00:14:46 2002: DEBUG: do query is: delete from RADONLINE
where
NASIDENTIFIER='203.220.252.241' and NASPORT=07204
--- FIRST PACKET END ---
--- FIRST PACKET RESPONSE START
Thu Sep 5 00:14:46 2002: DEBUG: Accounting accepted
Thu Sep 5 00:14:46 2002: DEBUG: Packet dump:
*** Sending to 203.194.56.121 port 1813
Code: Accounting-Response
Identifier: 167
Authentic: h254]166V243.18245V2480Y236211v
Attributes:
Proxy-State =
BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0
3488D35E66BCBA8CADB716F56D71F9EC12
430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81
--- FIRST PACKET RESPONSE STOP -
--- SECOND PACKET START-
Thu Sep 5 00:14:47 2002: DEBUG: Packet dump:
*** Received from 203.194.56.121 port 1813
Code: Accounting-Request
Identifier: 167
Authentic: 2I136PA3s244{30k191143hN196
Attributes:
Acct-Session-Id = 3541
Framed-Protocol = PPP
Framed-IP-Address = 203.220.218.5
Ascend-Connect-Progress = prLanSessionUp
Ascend-PreSession-Time = 36
Ascend-Xmit-Rate = 33600
Ascend-Data-Rate = 33600
Acct-Session-Time = 12200
Connect-Info = 33600 V34+/V42bis/LAPM
Acct-Input-Octets = 817119
Acct-Output-Octets = 4990544
Ascend-Pre-Input-Octets = 122
Ascend-Pre-Output-Octets = 114
Acct-Input-Packets = 9177
Acct-Output-Packets = 11655
Ascend
RE: (RADIATOR) FW: As requested.
And another query..
You said the Identifier 'cache' persay is kept for each Client
Does that mean, if I use IdenticalClients, the cache is for the collection
of RADIUS boxes?
And therefore does that mean under high load it would be preferable to not
use IdenticalClients, and use a separate Client for each RADIUS box that
the Supplier has?
Thanks,
Martin
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Hugh Irvine
Sent: Friday, September 06, 2002 10:35 AM
To: Martin Edge
Cc: Radiator
Subject: Re: (RADIATOR) FW: As requested.
Hello Martin -
RFC 2865 (and possibly others).
(doc/rfc2865.txt).
regards
Hugh
On Friday, September 6, 2002, at 10:16 AM, Martin Edge wrote:
Thanks Hugh,
It's what I thought, just thought I'd confirm before raising a ticket
request with my supplier..
Which RFC does it talk about duplication in ?
Thanks,
Martin
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 06, 2002 10:13 AM
To: Martin Edge
Cc: Radiator
Subject: Re: (RADIATOR) FW: As requested.
Hello Martin -
As Toomas mentioned (thanks Toomas), it is the Identifier 167 that is
used to detect duplicates during the DupInterval that is defined for
this Client. The DupInterval is a sliding window in time within which
identical Identifiers are considered to be duplicates.
Note that this is the definition from the RFC.
regards
Hugh
On Thursday, September 5, 2002, at 05:16 PM, Martin Edge wrote:
Hey Guys,
On what conditions does a packet appear to Radiator as Duplicate?
Below I attach two RADIUS packets I received, within 1 second of each
other.
Of course, the second packet was said to be duplicated, but the packets
themselves would show they are completely different..
Thanks,
Martin :-)
-- FIRST PACKET IN
Thu Sep 5 00:14:46 2002: DEBUG: Packet dump:
*** Received from 203.194.56.121 port 1813
Code: Accounting-Request
Identifier: 167
Authentic: h254]166V243.18245V2480Y236211v
Attributes:
NAS-IP-Address = 203.220.252.241
NAS-Port = 7204
NAS-Port-Type = Async
Called-Station-Id = 142330886300424
Calling-Station-Id = 886324356
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = 0009E3D8
Framed-Protocol = PPP
Ascend-Session-Svr-Key = AA9D6ABD
Acct-Link-Count = 1
Ascend-Num-In-Multilink = 1
Acct-Multi-Session-Id = 25972
Framed-IP-Address = 203.220.230.249
Ascend-PreSession-Time = 24
Ascend-Pre-Input-Octets = 157
Ascend-Pre-Output-Octets = 113
Ascend-Pre-Input-Packets = 5
Ascend-Pre-Output-Packets = 4
Acct-Input-Octets = 706094
Acct-Output-Octets = 2766801
Acct-Input-Packets = 5904
Acct-Output-Packets = 5436
Acct-Session-Time = 2286
Ascend-Multilink-ID = 25972
Acct-Delay-Time = 0
User-Name = andym
Proxy-State =
BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0
3488D35E66BCBA8CADB716F56D71F9EC12
430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81
Thu Sep 5 00:14:46 2002: DEBUG: Handling request with Handler ''
Thu Sep 5 00:14:46 2002: DEBUG: mysessiondb Adding session for andym,
203.220.252.241, 7204
Thu Sep 5 00:14:46 2002: DEBUG: do query is: delete from RADONLINE
where
NASIDENTIFIER='203.220.252.241' and NASPORT=07204
--- FIRST PACKET END ---
--- FIRST PACKET RESPONSE START
Thu Sep 5 00:14:46 2002: DEBUG: Accounting accepted
Thu Sep 5 00:14:46 2002: DEBUG: Packet dump:
*** Sending to 203.194.56.121 port 1813
Code: Accounting-Response
Identifier: 167
Authentic: h254]166V243.18245V2480Y236211v
Attributes:
Proxy-State =
BSP2ims01-syd/72480B24F09399CB54AE56B24540BA02B5A54B62BCBA8CA37CCA09027797F0
3488D35E66BCBA8CADB716F56D71F9EC12
430FB8C3BCA889FA4DB97DF311AEA447CFE22D4ED3DCB5B22B8D68F213EE81
--- FIRST PACKET RESPONSE STOP -
--- SECOND PACKET START-
Thu Sep 5 00:14:47 2002: DEBUG: Packet dump:
*** Received from 203.194.56.121 port 1813
Code: Accounting-Request
Identifier: 167
Authentic: 2I136PA3s244{30k191143hN196
Attributes:
Acct-Session-Id = 3541
Framed-Protocol = PPP
Framed-IP-Address = 203.220.218.5
Ascend-Connect-Progress = prLanSessionUp
Ascend-PreSession-Time = 36
Ascend-Xmit-Rate = 33600
Ascend-Data-Rate = 33600
Acct-Session-Time = 12200
Connect-Info = 33600 V34+/V42bis/LAPM
Acct-Input-Octets = 817119
Acct-Output-Octets = 4990544
Ascend-Pre-Input-Octets = 122
Ascend-Pre-Output-Octets
RE: (RADIATOR) Hacking around an upstream issue.
Kinda, it's a load issue. The policy from our upstream RADIUS is to pound the primary until it fails, and then failover. They have no RR or Load Balance functionality. We get enough load on that one server that you'd expect it to timeout occasionally.. I may just whack another proxy inbetween my supplier and myself and do RR or LB there.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ingvar Berg (EAB) Sent: Wednesday, September 04, 2002 10:09 PM To: Radiator Subject: RE: (RADIATOR) Hacking around an upstream issue. Sounds like a broken NAS, sending alive packets for a terminated session... /Ingvar The NAS's appear to be sending an Alive packet for a Session after we have received the Stop packet for the _same_ Session. This is due to the first attempt to send the Alive packet failing, the NAS waits 10 seconds for a retry. During this ten seconds, the user disconnects, the NAS sends a stop record. The NAS then sends off the second attempt for the Alive packet. Consequently, the session is 'reopened' in my SessionTable, as the Alive packet triggers a delete/insert .. for all intensive purposes I see a dead session, which was actually already closed off. Thanks Martin -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 9:50 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) Hacking around an upstream issue. Hello Martin - What exactly is the problem? If you just want special processing for Alives, do something like this: Handler Acct-Status-Type = Alive /Handler regards Hugh On Wednesday, September 4, 2002, at 09:23 AM, Martin Edge wrote: Hey Guys, Want to see if anyone has any ideas of how I should deal with this situation. We are currently getting the following for the 'occasional' user session from our Upstream RADIUS.. Order Amount Type - 1 1 Start 2 ManyAlive's (every 15 min) 3 1 Stop (0 sec, Acct-Delay-Time) 4 1 Alive (9 seconds afterwards, Acct-Delay-Time=10) We are told that what is happening, is the first attempt is made to send the first Alive packet. By coincendence, the user disconnects between these retries, and the Stop packet is fired off. The Retry Alive packet is sent after the Stop packet for that session has arrived. Until they can come up with a network-fix for the problem (to prevent Additional Packets for the Same Session to be sent before completely failing the current packet (until $x times tried), I'm going to have to develop a hack around to work out on what basis to ignore these extra Alives. I was thinking I have two options 1:- Make Radiator see whether the SessionID is still active for an Alive packet (could be costly on DB work each instance) 2:- Make Radiator store recent sessionIDs it has closed off in a DB or DBM file, and check incoming Alive packet -isn't- in the recently expired list. Which would be the best? Where should I start? :) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Creating an Identifier for StatsLogSQL within SQLRADIUS
Hey Guys, Can one of my columns i define in HostColumnDef in SQLRADIUS be: - Identifier ? (preferably) - Realm ? (And therefore, would Radiator keep Statistics on each of those identifiers/realms?) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Hacking around an upstream issue.
Hey Guys, Want to see if anyone has any ideas of how I should deal with this situation. We are currently getting the following for the 'occasional' user session from our Upstream RADIUS.. Order Amount Type - 1 1 Start 2 ManyAlive's (every 15 min) 3 1 Stop (0 sec, Acct-Delay-Time) 4 1 Alive (9 seconds afterwards, Acct-Delay-Time=10) We are told that what is happening, is the first attempt is made to send the first Alive packet. By coincendence, the user disconnects between these retries, and the Stop packet is fired off. The Retry Alive packet is sent after the Stop packet for that session has arrived. Until they can come up with a network-fix for the problem (to prevent Additional Packets for the Same Session to be sent before completely failing the current packet (until $x times tried), I'm going to have to develop a hack around to work out on what basis to ignore these extra Alives. I was thinking I have two options 1:- Make Radiator see whether the SessionID is still active for an Alive packet (could be costly on DB work each instance) 2:- Make Radiator store recent sessionIDs it has closed off in a DB or DBM file, and check incoming Alive packet -isn't- in the recently expired list. Which would be the best? Where should I start? :) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Hacking around an upstream issue.
Hi Hugh, The normal processing of Alives is fine. The fact we get Alives ensures I can check the sanity of the SessionTable. Each time an Alive record comes in, it updates the SessionTable for each user's session The NAS's appear to be sending an Alive packet for a Session after we have received the Stop packet for the _same_ Session. This is due to the first attempt to send the Alive packet failing, the NAS waits 10 seconds for a retry. During this ten seconds, the user disconnects, the NAS sends a stop record. The NAS then sends off the second attempt for the Alive packet. Consequently, the session is 'reopened' in my SessionTable, as the Alive packet triggers a delete/insert .. for all intensive purposes I see a dead session, which was actually already closed off. Thanks Martin -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 9:50 AM To: Martin Edge Cc: Radiator Subject: Re: (RADIATOR) Hacking around an upstream issue. Hello Martin - What exactly is the problem? If you just want special processing for Alives, do something like this: Handler Acct-Status-Type = Alive /Handler regards Hugh On Wednesday, September 4, 2002, at 09:23 AM, Martin Edge wrote: Hey Guys, Want to see if anyone has any ideas of how I should deal with this situation. We are currently getting the following for the 'occasional' user session from our Upstream RADIUS.. Order Amount Type - 1 1 Start 2 ManyAlive's (every 15 min) 3 1 Stop (0 sec, Acct-Delay-Time) 4 1 Alive (9 seconds afterwards, Acct-Delay-Time=10) We are told that what is happening, is the first attempt is made to send the first Alive packet. By coincendence, the user disconnects between these retries, and the Stop packet is fired off. The Retry Alive packet is sent after the Stop packet for that session has arrived. Until they can come up with a network-fix for the problem (to prevent Additional Packets for the Same Session to be sent before completely failing the current packet (until $x times tried), I'm going to have to develop a hack around to work out on what basis to ignore these extra Alives. I was thinking I have two options 1:- Make Radiator see whether the SessionID is still active for an Alive packet (could be costly on DB work each instance) 2:- Make Radiator store recent sessionIDs it has closed off in a DB or DBM file, and check incoming Alive packet -isn't- in the recently expired list. Which would be the best? Where should I start? :) Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
FW: (RADIATOR) NumHosts in SQLRadius
Information on extending the functionality of SQLRADIUS
You may remember in a previous email I was asking about how to get NumHosts
to not be a fixed value. NumHosts defines the amount of hosts avaliable for
the downstream configuration we are currently proxy RADIUS'ing to.
Reason being, that the amount of avaliable hosts is completely different for
each proxy-radius downstream.
I have modified my version of SQLRADIUS to fix this problem, and here's what
to do if anyone else is interested:
First part is the modification of the configuration keywords in the
AuthSQLRADIUS.pm module. I added NumHostQuery, as a string.
%Radius::AuthSQLRADIUS::ConfigKeywords =
(
'HostSelect'= 'string',
'NumHosts' = 'integer',
'NumHostQuery' = 'string', # Define NumHostQuery for the Config
'HostColumnDef' = 'stringhash',
);
The NumHostQuery I use:
NumHostQuery select count(*) from downstream_host downh, downstream_dnis
ddnis \
where ddnis.target_id = downh.target_id and ddnis.dnis =
'%{Called-Station-Id}'
Below, is the changes I made to the chooseHost method. Denoted by the
meriads of ---'s.
Thanks,
Martin
sub chooseHost
{
my ($self, $fp, $p) = @_;
# If they have already tried to send this too many times, and there
# are no more hosts to send to take the policy from the database
# This standard table has space for 2 hosts. Adjust this if necessary
return if ($fp-{hostCounter} = $self-{NumHosts});
- my
bit
# However, the first time we try to find a host for this
# instance, we should check whether there is a NumHostQuery (to
# confirm the amount of hosts)
# Added by Martin Edge [EMAIL PROTECTED]
if (defined $self-{NumHostQuery}) # If there is a NumHostQuery defined
if (!defined $self-{NumHostQueryRan}) { # If we haven't checked
NumHostQuery result
# Format the Query with special character results
my $sth = $self-prepareAndExecute(
Radius::Util::format_special ($self-{NumHostQuery}, $p,
undef, undef, undef)
);
# fetch results
my @results = $sth-fetchrow();
# If there is results, update NumHosts, and set a flag in the object so
we know
# we have run a check
if (@results) {
$self-log($main::LOG_DEBUG, ADJUSTING NUMHOSTS TO
.$results[0]);
$self-{NumHosts} = $results[0];
}
$self-{NumHostQueryRan} = 1; # Mark the Object with a 'we have
checked it'
}
}
- /my
bit
$fp-{hostCounter}++;
my $q = Radius::Util::format_special
($self-{HostSelect}, $p, undef, $fp-{hostCounter});
my $sth = $self-prepareAndExecute($q);
return unless $sth;
my (@row, $host);
if (@row = $self-getOneRow($sth))
{
# If there is no host (maybe no secondary?) return
return if $row[0] eq '';
if (defined $self-{HostColumnDef})
{
$host = $self-getHostColumns($fp, @row);
}
else
{
# If certain columns are present, use them to
# initialise the Radius::Host object that tells
# AuthRADIUS where to proxy to.
$fp-{failurePolicy} = $row[10] if defined $row[10];
$host = Radius::Host-new
(undef, $row[0],
defined $row[1] ? (Secret = $row[1]) :
(),
defined $row[2] ? (AuthPort = $row[2]) :
(),
defined $row[3] ? (AcctPort = $row[3]) :
(),
defined $row[4] ? (Retries= $row[4]) :
(),
defined $row[5] ? (RetryTimeout = $row[5]) :
(),
defined $row[6] ? (UseOldAscendPasswords = $row[6]) :
(),
defined $row[7] ? (ServerHasBrokenPortNumbers = $row[7]) :
(),
defined $row[8] ? (ServerHasBrokenAddresses = $row[8]) :
(),
defined $row[9] ? (IgnoreReplySignature = $row[9]) :
(),
);
}
}
else
{
# Call the superclass to fall back to any hardwired
# hosts.
return $self-SUPER::chooseHost($fp, $p, $p-{rp});
}
return $host;
}
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) FW: Comindico DialIP Ports
Hi Skeeve, What you may notice, is these packets also contain the attribute Tunnel-Id These attributes will match the two packets, perhaps you could use that in order to collect the two packets correctly. I have to battle that one myself in a few days, I have suggested to COMindico engineers that perhaps they could attempt to combine the packets from their end, as their response in regards to handling StaticIP Accounting was to simply ignore the second packet. I don't believe this is going to happen :-) The reason for the packet is the startpoint and endpoint sections from the L2TP tunnel formed.. I guess the question, do you require any of the information that is only held in one of the packets? For instance, the packets below are two example start packets for the same user.. The first packet is generated from the NAS, the second from the LNS Server. As you'll notice, most of the information here is duplicated, besides the important things like Session-Id's and the like. The LNS Server Packet seems to have little useful information. I also noticed, from the Alive packets, we only get Alive packets for the NAS Record (SessionId: F316). With this, I would say, as much as it's throwing away information, ignore the second packet, perhaps with: Handler NAS-Port-Type=/Virtual/ AuthBy SOMETHING ... /AuthBy /Handler (However, if you resell Request, make sure ignoring NAS-Port-Type doesn't affect billing there too.. as NAS-Port-Type = Virtual is used there too I think) Thanks Martin *** Received from 203.194.56.121 port 1813 Code: Accounting-Request Identifier: 114 Authentic: ho-199128k159]306139165i|x26 Attributes: NAS-IP-Address = 203.220.251.113 NAS-Port = 6204 NAS-Port-Type = Async Called-Station-Id = 142320198333401 Calling-Station-Id = 891751477 Acct-Status-Type = Start Acct-Authentic = Local Service-Type = Framed-User Acct-Session-Id = F316 Framed-Protocol = PPP Tunnel-Server-Endpoint = 50:03.194.30.244 Tunnel-Client-Endpoint = 50:03.220.251.65 Tunnel-Client-Auth-ID = 65:CC01-WARA-KTA Tunnel-Server-Auth-ID = 76:NS01-KENT-SYD Tunnel-ID = 49:44176 Ascend-Session-Svr-Key = xx Acct-Delay-Time = 0 User-Name = eastpilb Proxy-State = BSP2ims01-syd/E084B8A3558A933FC21E351925257349AAEAD1F20F70D16B8156A80724198C 3F9780E2B10F70D3474A8A53D522 7794019780E2ED0F62DB2EB025DCCB4220DC54D0B191996016EA66D611CDC5576DE46AFBE2 - TUNNEL PACKET - Pros: Nothing. Appears most of the information below is duplicated above. Cons: Doesn't tell you where the user dialed up (the NAS-IP-Address is COMindico's LNS Server) *** Received from 203.194.28.132 port 1813 Code: Accounting-Request Identifier: 43 Authentic: 133T0155154156P129204144235181w176153V Attributes: Acct-Session-Id = 000138E8 Tunnel-Server-Endpoint = 0:203.194.29.248 Tunnel-Client-Endpoint = 0:203.220.251.65 Tunnel-Assignment-ID = 0:1 Tunnel-ID = 49:44176 Tunnel-Client-Auth-ID = 0:ACC01-WARA-KTA Tunnel-Server-Auth-ID = 0:LNS01-KENT-SYD Framed-Protocol = PPP Ascend-Connect-Progress = prCallUp Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port = 33 NAS-Port-Type = Virtual Calling-Station-Id = 891751477 Called-Station-Id = 142320198333401 Service-Type = Framed-User NAS-IP-Address = 203.194.30.244 Event-Timestamp = 1030370079 Acct-Delay-Time = 0 User-Name = eastpilb Proxy-State = BSP2ims01-syd/1977AAFCDD88DD49DA1DAA988803EF58DDBF6595956F445CA5DF21F972F4CD C1E0D556D6956F460C6E1D3FCF74 9ACDE2E0D5568A957D4E1994AC555414CD85B7A7E425FEFA097F51F298445A0180BD898CB7 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Skeeve Stevens Sent: Monday, August 26, 2002 11:03 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) FW: Comindico DialIP Ports Anyone here have any experience doing the radius accounting with Comindico DialIP Ports? (Australia) I am not sure how to deal with their double accounting radius records. If they had the same session ID this would not be a problem... but they come from 2 sources with different id's maybe a second or two apart and I am really unsure how to differentiate them Anyone dealt with this that can help? ...Skeeve ___ Skeeve Stevens, RHCE Email: [EMAIL PROTECTED] Website: www.skeeve.org - Telephone: (0414) 753 383 Address: P.O Box 1035, Epping, NSW, 1710, Australia eIntellego - [EMAIL PROTECTED] - www.eintellego.net ___ Si vis pacem, para bellum === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL
RE: (RADIATOR) Determine IP address request came to
I think %c.. Check the docco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Timothy G. Wells Sent: Sunday, August 25, 2002 10:29 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Determine IP address request came to Greetings, Has there been anything added to radiator to allow me to determine which IP a request came into radiator with? This is needed for a server with multiple IP's and one radiator process binding to all addresses. I brought this up maybe a year ago but no such attribute existed. I think it would be very helpful in general. Thanks, -- Tim -- This message has been scanned for viruses and dangerous content by IntelliBlock MailScanner (www.intelliblock.net), and is believed to be clean. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Determine IP address request came to
Ah, re-reading, I now understand your query .. Not in the list I have of attributes, anyhow.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Martin Edge Sent: Monday, August 26, 2002 9:07 AM To: Timothy G. Wells; [EMAIL PROTECTED] Subject: RE: (RADIATOR) Determine IP address request came to I think %c.. Check the docco -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Timothy G. Wells Sent: Sunday, August 25, 2002 10:29 PM To: [EMAIL PROTECTED] Subject: (RADIATOR) Determine IP address request came to Greetings, Has there been anything added to radiator to allow me to determine which IP a request came into radiator with? This is needed for a server with multiple IP's and one radiator process binding to all addresses. I brought this up maybe a year ago but no such attribute existed. I think it would be very helpful in general. Thanks, -- Tim -- This message has been scanned for viruses and dangerous content by IntelliBlock MailScanner (www.intelliblock.net), and is believed to be clean. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) NumHosts in SQLRadius
Yeah, the issue is that SQLRadius works around the default of a maximum 2
within the object code.. (or whatever I manually set it to).
Technically perhaps I could make the value so 'large' that it would hit
no-rows first, and have to bail to the Host Failover settings..
The difference is, the way I have setup SQLRADIUS, I'm not limited by a set
of hosts, for instance, in the configuration you supply within the goodies
directory..
...
HostSelect select R.HOST%0, R.SECRET, R.AUTHPORT, \
R.ACCTPORT, R.RETRIES, R.RETRYTIMEOUT, \
R.USEOLDASCENDPASSWORDS, R.SERVERHASBROKENPORTNUMBERS, \
R.SERVERHASBROKENADDRESSES, R.IGNOREREPLYSIGNATURE, \
R.FAILUREPOLICY from RADSQLRADIUS R, RADSQLRADIUSINDIRECT I \
where I.SOURCENAME='%{Called-Station-Id}' and I.TARGETNAME=R.TARGETNAME
...
In this example, NumHosts 2 is fine, because if we exceed this, It's
designed to fallover to the default host config, the database structure has
limited any further hosts being configurd.
My issue is, there can be any number of RADIUS hosts, and I'd like to design
the system so that it's happy to figure out how many hosts it has to choose
from.
My HostSelect:
HostSelect
SELECT downh.ip_address, downh.secret, downh.authport, downh.acctport,
downh.retries, downh.retrytimeout, downh.failurebackofftime,
down.failurepolicy, down.addtoreply, down.stripfromreply,
down.allowinreply, down.addtoreplyifnotexist, down.defaultreply,
down.addtorequest, down.stripfromrequest, down.addtorequestifnotexist,
down.useoldascendpasswords, down.serverhasbrokenportnumbers,
down.serverhasbrokenaddresses, down.ignorereplysignature
FROM downstream_host downh, downstream_dnis ddnis, downstream down,
downstream_host_preference downhp
WHERE ddnis.dnis = '%{Called-Station-Id}' and ddnis.target_id =
downhp.target_id and downhp.hostid = downh.hostid and ddnis.target_id =
down.target_id and downhp.preftype = '%{Packet-Type}' and downhp.priority =
'%0';
Perhaps the NumHosts flag could be rewrite to accept an SQL Query as well
that allowed Radiator to figure out how many RADIUS targets maximum it had
to deal with.. ?
Stats: Yeah Cool :)
Thanks,
Martin
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 20, 2002 5:27 PM
To: Martin Edge
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) NumHosts in SQLRadius
Hello Martin -
For the first point, no you cannot specify the number of hosts in the
database, but I don't believe you need to have the number specified in
any case as the query will just fail and fall back to the local Host
definition.
For the StatsLog, I suggest yo try some experiments to see what you get
(and have a look at Radar).
regards
Hugh
On Tuesday, August 20, 2002, at 02:52 AM, Martin Edge wrote:
Hey Guys,
Is there anyway to set NumHosts dynamically? Say perhaps via the first
SQLRADIUS lookup, it returns the NumHosts variable?
I'd prefer to not have to hard set this, as I'm trying to design the
system
around a dynamic number of destination RADIUS servers..
also..
What type of detail can I expect with trying to run StatsLogSQL with
SQLRADIUS, as I would like to be able to scalably count the
request/responses along with the number of downstream ISPs I am
supporting.
From what I read in the documentation, statistics are kept for each
Identifier, the SQLRADIUS itself as an Identifier, but each downstream
within the database, I would expect does not have it's own unique
Identifier..
Thanks,
Martin
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) NumHosts in SQLRadius
Hey Guys, Is there anyway to set NumHosts dynamically? Say perhaps via the first SQLRADIUS lookup, it returns the NumHosts variable? I'd prefer to not have to hard set this, as I'm trying to design the system around a dynamic number of destination RADIUS servers.. also.. What type of detail can I expect with trying to run StatsLogSQL with SQLRADIUS, as I would like to be able to scalably count the request/responses along with the number of downstream ISPs I am supporting. From what I read in the documentation, statistics are kept for each Identifier, the SQLRADIUS itself as an Identifier, but each downstream within the database, I would expect does not have it's own unique Identifier.. Thanks, Martin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about Radius and SQL
Hey Guys, Having a few issues, as we are unable to easily find out where the cause of the slowdown's we get when a "avalanche" scenario occurs. (where the amount of requests coming in, is faster than the processing power to complete them..) Is this necessarily an SQL timeout, or could there be other attributing factors to these errors: If so, how would we go about finding these out.. I tried LogMicroseconds in a Log FILE routine, and this is the output below.. (although I dont see any milliseconds results..) Thanks for your help, Martin snip Fri Jan 25 17:42:13 2002 32431: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:42:28 2002 911157: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:42:32 2002 481065: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:42:36 2002 960943: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:42:36 2002 982364: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:42:50 2002 371277: ERR: Execute failed for 'Sp_fetchUserPassword 'office'': SQL TimeoutFri Jan 25 17:42:52 2002 391393: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:42:52 2002 421577: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:43:07 2002 361641: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:43:07 2002 411189: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:43:21 2002 671671: ERR: Execute failed for 'Sp_fetchUserPassword 'simona'': SQL TimeoutFri Jan 25 17:43:23 2002 691896: ERR: Could not connect to SQL database with DBI-connect dbi:Sybase:server=notus.izone.net.au;database=nb9901, netbeans, beans2000: timeout at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Util.pm line 507. Fri Jan 25 17:43:23 2002 716376: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 10 secondsFri Jan 25 17:43:39 2002 561994: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:42 2002 501985: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:45 2002 382053: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:43:47 2002 972065: ERR: Execute failed for 'Sp_fetchUserPassword 'clouston'': SQL TimeoutFri Jan 25 17:43:50 2002 742074: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:53 2002 321952: ERR: Execute failed for 'Sp_fetchUserPassword 'themoodies'': SQL TimeoutFri Jan 25 17:43:55 2002 722314: ERR: Execute failed for 'Sp_fetchUserPassword 'shields'': SQL TimeoutFri Jan 25 17:43:58 2002 32217: ERR: Execute failed for 'Sp_fetchUserPassword 'shields'': SQL TimeoutFri Jan 25 17:44:00 2002 532429: ERR: Execute failed for 'Sp_fetchUserPassword 'blp04395'': SQL TimeoutFri Jan 25 17:44:02 2002 832373: ERR: Execute failed for 'Sp_fetchUserPassw ---------Martin Edge Technical Services Co-ordinator Phoneware Online eMail: [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 "In the end, it's speed, price and customer service." -
RE: (RADIATOR) (Radiator) SNMPAgent on NT4?
Believe you need SNMP_Session-0.90 Should be avaliable from CPAN Martin -Original Message- From: Kent, Ashley [mailto:[EMAIL PROTECTED]] Sent: Thursday, 24 January 2002 11:32 AM To: '[EMAIL PROTECTED]' Subject: (RADIATOR) (Radiator) SNMPAgent on NT4? Guys, I want to start doing mrtg monitoring of radius authentication requests on my NT4 radiator boxes. I'm having trouble getting hold of the correct snmp package. I've downloaded and installed net-snmp from http://www.activestate.com/PPMPackages/zips/6xx-builds-only, but this must be the wrong package since when I start radiator I get Thu Jan 24 10:14:15 2002: ERR: Could not load module Radius::SNMPAgent: Can't locate SNMP_util.pm in @INC (@INC contains: . d:/Perl/lib d:/Perl/site/lib .) at d:/Perl/site/lib/Radius/SNMPAgent.pm line 14, FILE line 189. BEGIN failed--compilation aborted at d:/Perl/site/lib/Radius/SNMPAgent.pm line 14, FILE line 189. Compilation failed in require at (eval 37) line 3, FILE line 189. From the mailing archives I see that the net-snmp package at sourceforge needs to be installed, but this looks to be for unix boxes only. What am I missing? Thanks, Ash. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Odd Issue with SNMPAgent
Hey Guys, Something I noticed last night while playing ... I have a radius server which runs two copies of Radiator Both copies run on separate bound IP's on the machine.. When running SNMPAgent using : # enable SNMP handlingSNMPAgent Portxx ROCommunityxxx BindAddress 202.160.128.46/SNMPAgent and # enable SNMP handlingSNMPAgent Portx ROCommunityx BindAddress 202.160.128.43/SNMPAgent The first one loads, but when loading the second, I get an error saying it is unable to bind to the IP, assuming that the first one is binding to everything, instead of the IP it was told to bind too.. Using SNMP_Session-0.90 + Radiator 2.19 Has this been seen before? Martin -Martin Edge Technical Services Co-ordinator Phoneware Online eMail: [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 "In the end, it's speed, price and customer service." -
(RADIATOR) Stopping processing on Invalid radius requests
Hey Guys, Is there a way to stop processing some radius packets depending on information? Like, for instance.. the radius stop record below is sent via a USR Nas who hasn't been able to authenticate a user, but it still sends the stop/start record because of the connection itself. There are other Ascend NAS's that react the same way for us. If I can possibly build a hook to just say drop this request, then I would save filling up logs with unnecessary SQL errors (Framed-IP-Address is required in all SQL entries, and where they aren't allocated one..) I'm not sure the syntax required in the hooks to say ACCEPT or REJECT user, or to just say stop processing User-Name = unauthenticated NAS-IP-Address = 202.160.140.3 Acct-Status-Type = Stop Acct-Session-Id = 51576937 Acct-Delay-Time = 0 Service-Type = Framed-User NAS-Port-Type = Async NAS-Port = 788 USR-Interface-Index = 2044 USR-Chassis-Call-Slot = 4 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 20 USR-Unauthenticated-Time = 2 USR-Modem-Training-Time = 18 Calling-Station-Id = 0298073422 Called-Station-Id = 0282053301 USR-Modulation-Type = v90Digital USR-Simplified-MNP-Levels = ccittV42 USR-Simplified-V42bis-Usage = ccittV42bis USR-Connect-Speed = 44000_BPS Framed-Protocol = PPP Acct-Session-Time = 20 Acct-Terminate-Cause = User-Request Disconnect-Reason = 8 Acct-Input-Octets = 127 Acct-Output-Octets = 215 Acct-Input-Packets = 5 Acct-Output-Packets = 7 Call-Arrived-time = 183605368 Call-Lost-time = 183605388 Thanks, Martin - Martin Edge Network Engineer Phoneware Online eMail: mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] Phone: +613 9640 4140 ext. 193 Creating the structure necessary for your business internet requirements - === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Rewriting Usernames on the Fly
Hey,
I'm having a few issues working with hooks within Radiator.
I'm trying to use a PreProcessing Hook, to modify the username of a user
as they come in. It appears to grab the right data, but when I change
the attribute, it doesn't appear to affect the username that is used to
process.
Is there another attribute or command I have to use to change the
username of a user?
The basic jist is, we are moving customers from they old usernames, to
new ones, in a new billing system, and I want to be able to detect that
they aren't using a normal username, use the one they entered to look
for a new one, and then set the new one, to it.
Any help would be appreciated, but I feel I'm probably just missing
something and this is simpler than it looks..
My code is below for the hook:
sub
{
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $username = $p-get_attr('User-Name');
if ($username) {
if (!grep(/^[a-z][a-z][a-z][0-9][0-9][0-9][0-9][0-9].*/,
$username)) {
main::log($main::LOG_DEBUG, This isn't a
standard username, grabbing alternate);
my $user = weee;
my $pwd = b00;
my $dbh =
DBI-connect(dbi:Sybase:server=secure-nike.izone.net.au;database=nb9901
, $user, $pwd);
my $sth = $dbh-prepare(select id_user from
serviceuser where id_alternate = '$username');
my $error = $sth-execute;
my @results = $sth-fetch;
#main::log($main::LOG_DEBUG, select id_user
from serviceuser where id_alternate = '$username');
#main::log($main::LOG_DEBUG, my alternative
username $username translates to $results[0]-[0]);
# Find the new username
$p-change_attr('User-Name', $results[0]-[0]);
}
}
return;
}
-
Martin Edge
Network Engineer
Phoneware Online
eMail: [EMAIL PROTECTED]
Phone: +613 9640 4140 ext. 193
Creating the structure necessary for your
business internet requirements
-
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
