(RADIATOR) Reinstalling Radiator
I've just upgraded my secondary radius server to Redhat 9. I get the following message when I try to start Radiator. Could you please remind me how to reinstall Radiator? Regards. Paul /usr/sbin/radiusd -config_file /etc/raddb/radius.cfg Can't locate Radius/RDict.pm in @INC (@INC contains: . /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 .) at /usr/sbin/radiusd line 25. BEGIN failed--compilation aborted at /usr/sbin/radiusd line 25. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radius Default User
I have noticed some errors appearing on my ACC/Tigris console (cannot open RADIUS session (no configuration defaults)). The Tigris support person says I need to setup some default radius parameters. How should I go about this with Radiator? Regards. Paul From: "Nathan Chan" <[EMAIL PROTECTED]> To: Paul Black <[EMAIL PROTECTED]> Subject: Re: Tigris Errors Date: Sat, 02 Jun 2001 11:10:47 GMT Paul, Have you got the user ACC_DEFAULT on your radius server ? Without it, it has no default parameters, so that when a user logs on, and has no attributes in radius, they will get the default ones. Is it possible that a user has no attribs against his login username ? To find out whats going on: set radius debug mask 0xff Regards Nathan > Why am I seeing the following connection errors? > > Regards. Paul > > > DM1> > *** TRAP from local agent at 02-Jun-2001 16:59:19 uptime 21 Days, 20:46:04 > *** RADIUS: Cannot open RADIUS session (no configuration defaults) > DM1> > *** TRAP from local agent at 02-Jun-2001 16:59:19 uptime 21 Days, 20:46:04 > *** DIAL: CLID authentication failed on J1.27 > Reason: No matching available dial port was found > DM1> > *** TRAP from local agent at 02-Jun-2001 16:59:23 uptime 21 Days, 20:46:08 > *** RADIUS: Cannot open RADIUS session (no configuration defaults) > DM1> > *** TRAP from local agent at 02-Jun-2001 16:59:23 uptime 21 Days, 20:46:08 > *** DIAL: CLID authentication failed on J1.27 > Reason: No matching available dial port was found > DM1> > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Rebuild Server Problems
Yesterday, I lost my main hard disk and have had to rebuild
my radius server from tape. I've also used this opportunity
to upgrade from Redhat 6.0 to 7.2. I can get Radiator to
run but it gets the following error. I would appreciate
any help in getting this problem sorted out. I'm running
the 2.14 Radiator. I'm happy to upgrade to the latest
Radiator but need to be reminded of my password.
Tue Jan 1 08:22:39 2002: NOTICE: Request from unknown client 203.63.235.10: ignored
Tue Jan 1 08:22:44 2002: DEBUG: Packet dump:
*** Received from 203.63.235.10 port 8003
Code: Accounting-Request
Identifier: 90
Regards. Paul
# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
#Foreground
#LogStdout
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
RewriteUsername s/^.*\\|@.*$|^\s+|\s+$//g
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
Secret XXX
Secret XXX
Secret XXX
Secret XXX
# This clause means we will handle any real that arrives
### AuthByPolicy ContinueWhileIgnore
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in below
# so its the same
DBSourcedbi:mysql:radmin
DBUsername radmin
DBAuth tud349
#
# Set the Idle Timeout using the Radmin database
#
AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS,
MAXIDLETIME, FRAMED_FILTER_ID, FRAMED_NETMASK, (%t - ADDEDDATE)/86400, SERVICENAME,
FRAMEDROUTE from RADUSERS where USERNAME='%n' and SERVICESTATE != 'SUSPENDED'
AuthColumnDef 0,Idle-Timeout,reply
AuthColumnDef 1,Filter-Id,reply
AuthColumnDef 2,Framed-IP-Netmask,reply
AuthColumnDef 3,Days-Since-Added,reply
AuthColumnDef 4,Service-Name,reply
AuthColumnDef 5,Framed-Route,reply
# You can add to or change these if you want, but you
# will probably want to change the databse schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef TXSPEED,Acc-Connect-Tx-Speed
AcctColumnDef RXSPEED,Acc-Connect-Rx-Speed
AcctColumnDef CALLINGFROM,Calling-Station-Id
AcctColumnDef CALLINGTO,Called-Station-Id
#
# This updates the time and octets left for this user
#
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
#
# #
# # These are the classic things to add to each users
# # reply to allow a PPP dialup session. It may be
# # different for your NAS. This will add some
# # reply items to everyone's reply
# #
#
AddToReply Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Acc-Callback-CBCP-Type = CBCP-None,\
Framed-Compression = Van-Jacobson-TCP-IP
# PostAuthHook sub { my $reply = ${$_[1]};
\
# my $reqst
(RADIATOR) Rewrite rules
I'm still trying to make my rewrite rules do exactly what I want. What rule would I need to string leading white space from the username? Also what does the first rule shown below do? Regards. Paul >> >> RewriteUsername s/^([^@]+).*/$1/ >> RewriteUsername tr/A-Z/a-z/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Getting Started
tom minchin wrote: > Hi Paul, > Looks like there is a substantial amount of stuff to fix. > > 1) do you have the right dictionary being loaded? > 2) one of your users file is being reported as missing > 3) on Framed-User, you are require the NAS to confirm with RADIUS that you're > using Service-Type = Framed-User but that's not coming from NAS at all so > it's being rejected. I've just about got things going now. The problem was basically that the default realm was configured to use the USERS file for authentication. Once I realised that and told it to use UNIX authentication it started to work correctly. I'm using the ACC dictionary as I am using an ACC Tigris as my main dialup server. The ACC dictionary has a line which reads VENDORNAME ACC5 Radiator doesn't like this line at all. I've had to comment it out. I am getting a number of warnings about ACC vendor specific attributes not working. Do you have any ideas? Thanks.Paul Sun Jul 25 12:02:18 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:18 1999: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 27 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 30 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 31 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 32 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 33 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 17 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 5 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 6 (vendor 5) is not defined in your dictionary Sun Jul 25 12:02:24 1999: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 27 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 30 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 31 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 32 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 33 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 17 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 5 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 6 (vendor 5) is not defined in your dictionary Sun Jul 25 12:03:34 1999: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 27 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 30 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 31 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 32 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 33 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 17 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 5 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 6 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 3 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 4 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 1 (vendor 5) is not defined in your dictionary Sun Jul 25 12:04:32 1999: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Sun Jul 25 12:05:18 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:05:18 1999: ERR: Attribute number 211 (vendor ) is not defined in your dictionary Sun Jul 25 12:05:18 1999: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sun Jul 25 12:05:18 1999: ERR: Attribute number 27 (vendor 5) is not defined in your dictionary Sun Jul 25 12:05:18 1999: ERR: Attribute number
Re: (RADIATOR) Getting Started
I've now got Radiator going fairly well and using the latest ACC dictionary. Next I would like to start rewriting login names used on the Radius prefix. I have a PortMaster 2e which a some of my customers use. These people generally want a shell login, so login with a prefix of M, ie, Mjoe, this gives them a login menu which they can get to my shell server with. All well and good except it causes problems with my accounting system which ignores accounting records for Mjoe as it is only looking for records with a user of joe. Can anyone tell me how to configure Radiator to log the real username and leave off any login prefix? Thanks.Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin Install
I'm trying to install radmin, I have created a mysql database, setup a radmin user and when I run the installMysql.sh I receive the following errors, can anyone help me with this? Thanks. Paul [root@iggy Radmin-1.2]# ./installMysql.sh Enter password: Database "radmin" created. Enter password: ERROR 1062 at line 1: Duplicate entry 'localhost-root' for key 1 Enter password: DBD::mysql::db do failed: Column 'ATTR_ID' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADATTRS: Column 'ATTR_ID' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'NAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADCONFIG: Column 'NAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'USERNAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create RADONLINE: Column 'USERNAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'NASIDENTIFIER' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADONLINE: Column 'NASIDENTIFIER' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'NAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADSERVICES: Column 'NAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'NAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADSTCONFIG: Column 'NAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'USERNAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create RADUSAGE: Column 'USERNAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'USERNAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADUSERS: Column 'USERNAME' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. DBD::mysql::db do failed: Column 'ATTR_ID' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/DBSQL.pm line 414. Failed to create primary key index for RADVALUES: Column 'ATTR_ID' is used with UNIQUE or INDEX but is not defined as NOT NULL at Radmin/Util.pm line 30. The Radmin database has been created. Radmin/Sql.pm has been created. Now you must run "perl ./install.pl" as root to complete the installation. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Login Menu's
Hi Mike, Thanks for your help, Triode now has Static IP addresses being allocated correctly from the users file. The next problem is that the users file allows for an M prefix to allow people to login and get a menu so they can rlogin to my shell server. This facility was working fine with the Lucent/Livingston Radius server but is not working with Radiator. Following is the debug output when someone logs in with the M prefix. Could you let me know how to sort this one out? Regards. Paul Fri Jul 30 00:12:20 1999: DEBUG: Packet dump: *** Received from 203.63.235.9 port 1026 Code: Access-Request Identifier: 165 Authentic: <21>E&<196><195><166>8<164> <236>?<233>1~nw Attributes: User-Name = "Mvlx" User-Password = "<221>A<177><149><141><214>t<135><27>w<24><198>r<179>@<172>" NAS-IP-Address = 203.63.235.9 NAS-Port = 5 NAS-Port-Type = Async Fri Jul 30 00:12:20 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Fri Jul 30 00:12:20 1999: DEBUG: Deleting session for Mvlx, 203.63.235.9, 5 Fri Jul 30 00:12:20 1999: DEBUG: Handling with Radius::AuthFILE Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthFILE looks for match with Mvlx Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT Fri Jul 30 00:12:20 1999: DEBUG: Handling with Radius::AuthUNIX Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthUNIX looks for match with Mvlx Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthFILE REJECT: No such user Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 Fri Jul 30 00:12:20 1999: DEBUG: Handling with Radius::AuthUNIX Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthUNIX looks for match with Mvlx Fri Jul 30 00:12:20 1999: DEBUG: Radius::AuthFILE REJECT: No such user Fri Jul 30 00:12:20 1999: INFO: Access rejected for Mvlx: No such user Fri Jul 30 00:12:20 1999: DEBUG: Packet dump: *** Sending to 203.63.235.9 port 1026 Code: Access-Reject Identifier: 165 Authentic: <21>E&<196><195><166>8<164> <236>?<233>1~nw Attributes: Reply-Message = "Request Denied" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authenticating From Radmin
I've now got Radmin installed and I'm very pleased with the user interface and
capabilities. Now I'm trying to get my radius.cfg setup to allow
authentication of a test user and still allowing fallback to authenticating
from the shadow password file for my existing customers. I've attached my
radius.cfg file and the trace logfile output. When I ran the attached config
none of my existing customers could login.
Can anyone tell me how to correct this problem?
Regards. Paul
# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
#Foreground
#LogStdout
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
Secret XXX
Secret XXX
Secret XXX
# This clause means we will handle any real that arrives
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in below
# so its the same
DBSourcedbi:mysql:radmin
DBUsername radmin
DBAuth XXX
# You can add to or change these if you want, but you
# will probably want to change the databse schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
#
# This updates the time and octets left for this user
#
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
#
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
#
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Filename /etc/raddb/users
# Log accounting to the detail file in LogDir
AcctLogFileName /var/log/radacct/dm1/detail
# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
Identifier System
Filename /etc/shadow
# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
#Foreground
#LogStdout
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
Secret XXX
Secret XXX
Secret XXX
# This clause means we will handle any real that arrives
(RADIATOR) Radmin Up And Running
Mike, I now have Radmin up and running with customers being authenticated from the mysql database. I am quite impressed. There are a couple of things which would be good for you to change though: Where user connection times are displayed, currently they are in seconds. It would be more useful if they were displayed in a HH:MM:SS format. Where inbound and outbound traffic is displayed, currently it is in bytes. It would be better if it were displayed in a format of MB's with three decimal digits, ie 124.123 MB is much easier for me to read than 124123876 bytes. On the add user window, a field of user group is needed, this would be analogous to the Unix group and would then allow me to later make user group policy decisions in Radiator, ie email a warning after a certain amount of usage, disallow access after a larger amount of usage, a different policy for Trial logins and so on. Let me know your thoughts on the above. Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Radmin Up And Running
> > Where user connection times are displayed, currently they are in seconds. It > > would be more useful if they were displayed in a HH:MM:SS format. > > > > Where inbound and outbound traffic is displayed, currently it is in bytes. It > > would be better if it were displayed in a format of MB's with three decimal > > digits, ie 124.123 MB is much easier for me to read than 124123876 bytes. > > Both good ideas, and Devin's suggestion on configurable formats too. I have > made the changes for the next release. For those who are really interested, the > changed files are attached. There are a few. You will need to put them the > appropriate places in your distribution and reinstall. I've saved the attached files and put them in the appropriate source directory and reinstalled. The Radmin displays still looks the same, time in seconds, traffic in bytes. I've checked that the files have been installed in the right places. Is there a file which I need to edit in order to specify the format for the time and traffic? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin: Need to Create SessionDatabase
I've got my Radmin up and running and would now like to get the SessionDatabase setup in Radiator so I can see who is online through Radmin. The problem is that I do not have a script or clear description of how to create the SessionDatabase tables. Can someone post the SQL which I will need to run in order to create the required tables or point me to the SQL in an online document? Regards. Paul PS The error message which I am getting in relation to the SessionDatabase is: Tue Aug 3 19:34:26 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Aug 3 19:34:26 1999: DEBUG: Deleting session for , 203.63.235.10, 5 Tue Aug 3 19:34:26 1999: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.235.10' and NASPORT=5 Tue Aug 3 19:34:26 1999: ERR: do failed for 'delete from RADONLINE where NASIDENTIFIER='203.63.235.10' and NASPORT=5': Table 'radius.RADONLINE' doesn't exist Tue Aug 3 19:34:26 1999: ERR: do failed for 'delete from RADONLINE where NASIDENTIFIER='203.63.235.10' and NASPORT=5': Table 'radius.RADONLINE' doesn't exist Tue Aug 3 19:34:26 1999: DEBUG: Handling with Radius::AuthRADMIN Tue Aug 3 19:34:26 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (933672866, 4, 'Handling with Radius::AuthRADMIN') Tue Aug 3 19:34:26 1999: DEBUG: Handling accounting with Radius::AuthRADMIN Tue Aug 3 19:34:26 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (933672866, 4, 'Handling accounting with Radius::AuthRADMIN') Tue Aug 3 19:34:26 1999: DEBUG: do query is: update RADUSERS set TIMELEFT=TIMELEFT-0362, OCTETSINLEFT=OCTETSINLEFT-068324, OCTETSOUTLEFT=OCTETSOUTLEFT-0316183 where USERNAME='j' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) POP3 Authentication Using Radius
Having got Radiator/Radmin setup and running. I would like to move over to doing all of my authentication from the Radmin database. The main problem at the moment is that my qpopper POP3 server authenticates using the shadow password file on my Redhat 6.0 Linux server. Before I destroy next weekend in a frenzy of hacking, can someone tell me if there already exists a patch to allow a POP server to authenticate using Radius? (Ditto for IMAP) Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Unwanted Session Limits
I have a customer who has a Radiator users file entry as follows: davidm Auth-Type = System Client-Id = pm1, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.213, Framed-MTU = 1500, Idle-Timeout = 99 This works fine, when he logs into my PortMaster (pm1), he gets his permanent IP address. The trouble is when he tries a second login to my Tigris he cannot connect (Before changing to Radiator this was not a problem). This could be due to one of two things: 1) Could Radiator be not allowing the second session (I did not explicitly configure radius.cfg to do this) 2) Or could Radiator be assigning the static IP address when he logs into the Tigris. This IP address is already in use so the connection fails. I suspect that Radiator is seeing the second login on the Tigris and allocating the address from the users file, which is wrong, as the davidm rule is only for the pm1 NAS not the dm1 NAS. How could I sort this problem out? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) POP, RADIUS and PAM
Having got Radiator setup and authenticating out of an MySQL database, I'm now trying to get my qpopper to authenticate with Radiator. Rather than patching radius support into qpopper, it has been suggested that I use the pamradius module and use pam support in the pop server. This sound good but I dont know much about pam so I have a few questions. My main concern is that if I setup pamradius will I be dependent on radius to login as root. For example what happens if Radiator fails to start when I have rebooted my radius machine. Will pam try to use radius to allow me to login on the shell as root? Or will pam be smart enough to check root against the shadow password file? I'd be seek to talk with anyone who has been down this path. Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Framed-Netmask Problems
I have a customer with a permanent link and a small network of machines. The
radius users file allocates a netmask of 255.255.255.248 as follows. The
problem is that when dannya calls in neither the specified ip address or
netmask is allocated. A logfile trace is attached. Any suggestions on how to
fix this problem would be appreciated.
Regards. Paul
dannya Auth-Type = System, Client-Id = pm1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 203.63.235.96,
Framed-Netmask = 255.255.255.248,
Framed-MTU = 1500,
Idle-Timeout = 99
Fri Aug 6 18:11:03 1999: DEBUG: Packet dump:
*** Received from 203.63.235.9 port 1028
Code: Access-Request
Identifier: 202
Authentic: (<8><14><160><137>`<17><214>7<149>{:<0><217><249>i
Attributes:
User-Name = "dannya"
User-Password = "<130><129><247>H<16>~<198><198><160><1><10>Cr<3>A""
NAS-IP-Address = 203.63.235.9
NAS-Port = 7
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Fri Aug 6 18:11:03 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Aug 6 18:11:03 1999: DEBUG: Deleting session for dannya, 203.63.235.9, 7
Fri Aug 6 18:11:03 1999: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.235.9' and NASPORT=7
Fri Aug 6 18:11:03 1999: DEBUG: Handling with Radius::AuthRADMIN
Fri Aug 6 18:11:03 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP,
TYPE, MESSAGE)
values (933927063, 4, 'Handling with Radius::AuthRADMIN')
Fri Aug 6 18:11:03 1999: DEBUG: Handling with Radius::AuthRADMIN
Fri Aug 6 18:11:03 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP,
TYPE, MESSAGE)
values (933927063, 4, 'Handling with Radius::AuthRADMIN')
Fri Aug 6 18:11:03 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT,
MAXLOGINS from RADUSERS where USERNAME='dannya' and BADLOGINS < 5 and VALIDFROM <
933927063 and VALIDTO > 933927063
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthRADMIN looks for match with dannya
Fri Aug 6 18:11:03 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP,
TYPE, MESSAGE)
values (933927063, 4, 'Radius::AuthRADMIN looks for match with dannya')
Fri Aug 6 18:11:03 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT,
MAXLOGINS from RADUSERS where USERNAME='DEFAULT' and BADLOGINS < 5 and VALIDFROM <
933927063 and VALIDTO > 933927063
Fri Aug 6 18:11:03 1999: DEBUG: Handling with Radius::AuthFILE
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthFILE looks for match with dannya
Fri Aug 6 18:11:03 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthUNIX looks for match with dannya
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthUNIX REJECT: Check item Client-Id
expression 'pm1' does not match '' in request
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthFILE REJECT: Check item Client-Id
expression 'pm1' does not match '' in request
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Aug 6 18:11:03 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthUNIX looks for match with dannya
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthUNIX REJECT: Prefix does not match
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthFILE REJECT: Prefix does not match
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1
Fri Aug 6 18:11:03 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthUNIX looks for match with dannya
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthUNIX ACCEPT:
Fri Aug 6 18:11:03 1999: DEBUG: Radius::AuthFILE ACCEPT:
Fri Aug 6 18:11:03 1999: DEBUG: Access accepted for dannya
Fri Aug 6 18:11:03 1999: DEBUG: Packet dump:
*** Sending to 203.63.235.9 port 1028
Code: Access-Accept
Identifier: 202
Authentic: (<8><14><160><137>`<17><214>7<149>{:<0><217><249>i
Attributes:
Framed-IP-Address = 255.255.255.254
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Idle-Timeout = 2400
Fri Aug 6 18:11:04 1999: DEBUG: Packet dump:
*** Received from 203.63.235.9 port 1028
Code: Accounting-Request
Identifier: 203
Authentic: #<194>p"<200>S<164><164>O<216><255><241>.<13><176><128>
Attributes:
Acct-Session-Id = "06DC"
User-Name = "dannya"
NAS-IP-Address = 203.63.235.9
NAS-Port = 7
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 203.63.235.43
Acct-Delay-Time = 0
Fri Aug 6 18:11:04 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Aug 6 18:11:04 1999: DEBUG: Adding session for dannya, 203.63.235.9, 7
Fri Aug 6 18:11:04 1999: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.235.9' an
(RADIATOR) Pam Radius Authentication
I run a small internet service provider and have just started to use the
Cryptocard Pam Radius Authentication module. I have got the basic
authentication work but have a few loose ends to tidy up.
The recommended Pam config for a service using Pam Radius Authentication is
#auth
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_radius_auth.so
auth required /lib/security/pam_unix_auth.so
The problem is that the pam_securetty.so module always fails. Reading the docs
indicates that some files in /etc/security need to be setup, but I dont know
where to start. It would be real handy if I could get pam_securetty to tell me
why it is failing. Is this possible?
I'm using the Pam Radius Authentication with the GNU_POP3D 0.97 server. The
PAM authentication section of this pop server contains the following code. The
pam_authenticate call works ok but the pam_acct_mgmt and pam_setcred calls
fail. Pam_authenticate is authenticating correctly off of the radius server.
If anyone has any ideas on how to sort this out I like to hear them.
Regards. Paul
#else /* HAVE_SECURITY_PAM_APPL_H */
_user = (char *) arg;
_pwd = pass;
/* libpam doesn't log to LOG_MAIL */
closelog ();
pamerror = pam_start ("pop", arg, &PAM_conversation, &pamh);
PAM_ERROR;
pamerror = pam_authenticate (pamh, 0);
username = strdup (arg);
syslog (LOG_INFO, "Pam trying to authenticate %s", username);
PAM_ERROR;
/* pamerror = pam_acct_mgmt (pamh, 0);
PAM_ERROR;
syslog (LOG_INFO, "Pam acct mgmt ok");
pamerror = pam_setcred (pamh, PAM_ESTABLISH_CRED);
PAM_ERROR;
syslog (LOG_INFO, "Pam set cred ok");
*/
pam_end (pamh, PAM_SUCCESS);
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Sendmail & Radiator
I've now got my POP server authenticating from Radiator and I thought I would be ready to go ahead and use authentication from a database. When I tried to send an email to a test user in the Radiator database I received an error message from sendmail. The message said that the test user did not exist, ie he was not in the password file. Has anyone come across this problem before and managed to solve it? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Sendmail & Radiator
> Hey, just curious here. Why do you want people to authenticate from > Radiator instead of the password file? > > I'm just curious, I don't know what your problem is. Thinking you might > have a neat application I haven't thought of... Hi Chris, I'm using Radmin which has a nice www interface, it easy for my support reps to add new users. Radmin only supports authentication from the database. Authentication from the database gives me on point to set the access policies for my whole system. These are the sort of things that make the use of a database attractive. Sendmail does not appear to know about PAM though, unless there is a patch I don't know about. Cheers. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Sendmail & Radiator
This sounds interesting. Does the NSS/LDAP module support PAM, ie, can it be made to authenticate via Radiator? I'm trying to setup a system where the Radiator database is the source of customer authentication information. Thanks for your help. Regards. Paul Valentin Tumarkin wrote: > > I think your problem is that your 'system' does not know of your users > existence. Having configured PAM is not enough, you need to make your > unix 'system' aware of your users via Name Service. > > Example: If you are using LDAP, you can install the nss_ldap module > from http://www.padl.com > And then put something like this in /etc/nsswitch.conf > (Solaris,Linux) > > passwd: files ldap > shadow: files ldap > group: files ldap > > > Date: Sat, 07 Aug 1999 23:33:54 + > > From: Paul Black <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: (RADIATOR) Sendmail & Radiator > > > > I've now got my POP server authenticating from Radiator and I thought I would > > be ready to go ahead and use authentication from a database. When I tried to > > send an email to a test user in the Radiator database I received an error > > message from sendmail. The message said that the test user did not exist, ie > > he was not in the password file. > > > > Has anyone come across this problem before and managed to solve it? > > > > Regards. Paul > > > > === > > Archive at http://www.thesite.com.au/~radiator/ > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > Valentin Tumarkin > > Xpert Trusted Systems === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Rlogin Prefix
Hi Mike, I have just about got all of my initial problems with Radiator sorted out. This should be the last one. My UUCP users need to rlogin to a machine to run a shell session and pick up their mail and news via uucico. I've setup the following prefix for them to login with a U prefix on their login id. Problem is I'm still getting an access denied message when I test this prefix. Here is the entry in my users file. Could you let me know if their is anything wrong with the way this prefix is specified? Regards. Paul DEFAULT Auth-Type = System, Service-Type = Login-User, Login-IP-Host = ice.triode.net.au, Login-Service = Rlogin, Client-Id = pm1 Prefix="U", Framed-IP-Address = 255.255.255.254 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rlogin Prefix
> > DEFAULT Auth-Type = System,
> > Service-Type = Login-User,
> > Login-IP-Host = ice.triode.net.au,
> > Login-Service = Rlogin,
> > Client-Id = pm1
> > Prefix="U",
> > Framed-IP-Address = 255.255.255.254
>
> You will notice that the line "Client-ID = pm1" does not have a comma (",") at
> the end of the line. This indicates the end of the Check items for the user and
> the beginning of the Reply items. Therefore the "Prefix="U" is never being
> Checked.
Thanks Hugh,
I have made the change as follows:
DEFAULT Auth-Type = System,
Service-Type = Login-User,
Login-IP-Host = ice.triode.net.au,
Login-Service = Rlogin,
Client-Id = pm1,
Prefix="U"
Framed-IP-Address = 255.255.255.254
I am still not able to login as Upaulb. Could you suggest what to do next to
sort this out? The trace from my latest test follows.
Regards. Paul
Tue Aug 10 18:27:49 1999: DEBUG: Packet dump:
*** Received from 203.63.235.9 port 1028
Code: Access-Request
Identifier: 161
Authentic:
<166><26><233><189>?<184><244><151><250><132>u<143><152><191>@<173>
Attributes:
User-Name = "Upaulb"
User-Password =
"d_<185><160>C<12><188><152><141><183><195><12>$<19><128><135>"
NAS-IP-Address = 203.63.235.9
NAS-Port = 6
NAS-Port-Type = Async
Tue Aug 10 18:27:49 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Tue Aug 10 18:27:49 1999: DEBUG: Deleting session for Upaulb, 203.63.235.9, 6
Tue Aug 10 18:27:49 1999: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='203.63.235.9' and NASPORT=6
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthRADMIN
Tue Aug 10 18:27:49 1999: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE)
values (934273669, 4, 'Handling with Radius::AuthRADMIN')
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthRADMIN
Tue Aug 10 18:27:49 1999: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE)
values (934273669, 4, 'Handling with Radius::AuthRADMIN')
Tue Aug 10 18:27:49 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS,
TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='Upaulb' and BADLOGINS < 5
and VALIDFROM < 934273669 and VALIDTO > 934273669
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthRADMIN looks for match with
Upaulb
Tue Aug 10 18:27:49 1999: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAMP, TYPE, MESSAGE)
values (934273669, 4, 'Radius::AuthRADMIN looks for match with Upaulb')
Tue Aug 10 18:27:49 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS,
TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='DEFAULT' and BADLOGINS < 5
and VALIDFROM < 934273669 and VALIDTO > 934273669
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthFILE
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE looks for match with Upaulb
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthUNIX
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE REJECT: No such user
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT1
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthUNIX
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE REJECT: No such user
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT2
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthUNIX
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthFILE REJECT: No such user
Tue Aug 10 18:27:49 1999: DEBUG: Handling with Radius::AuthUNIX
Tue Aug 10 18:27:49 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb
Tue Aug 10 18:27:49 1999: INFO: Access rejected for Upaulb: No such user
Tue Aug 10 18:27:49 1999: DEBUG: Packet dump:
*** Sending to 203.63.235.9 port 1028
Code: Access-Reject
Identifier: 161
Authentic:
<166><26><233><189>?<184><244><151><250><132>u<143><152><191>@<173>
Attributes:
Reply-Message = "Request Denied"
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rlogin Prefix
tom minchin wrote: > DEFAULT Auth-Type = System > Service-Type = Login-User, > Login-IP-Host = ice.triode.net.au, > Login-Service = Rlogin, > Client-Id = pm1, > Prefix = "U", > Framed-IP-Address = 255.255.255.254 > > Still a few stray commas and missing commas. > > [EMAIL PROTECTED] The above didn't work, it stopped anyone from being able to login. What are the rules for which lines have commas at the end and which ones don't? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rlogin Prefix
Hugh Irvine wrote: > Tom is correct, Check items are on the first line, Reply items are on the > following lines. See Section 13 in the Radiator 2.14.1 manual. > > I think you might want something more like this (if not let me know): > > # Check for Prefix = U and Client-Id = pm1 (not sure if this is correct?) > # Reply with the others > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 > Service-Type = Login-User, > Login-IP-Host = ice.triode.net.au, > Login-Service = Rlogin Still no luck. I have changed the entry in my users file as follows. What can I try next? Regards. Paul DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 Service-Type = Login-User, Login-IP-Host = ice.triode.net.au, Login-Service = Rlogin, Framed-IP-Address = 255.255.255.254 Following is what I see in the logfile: Wed Aug 11 21:16:16 1999: DEBUG: Packet dump: *** Received from 203.63.235.9 port 1028 Code: Access-Request Identifier: 245 Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131> Attributes: User-Name = "Upaulb" User-Password = "<208>q<26><140><135>?7<150>+<192><27><24><218><189><252><227>" NAS-IP-Address = 203.63.235.9 NAS-Port = 6 NAS-Port-Type = Async Wed Aug 11 21:16:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Wed Aug 11 21:16:16 1999: DEBUG: Deleting session for Upaulb, 203.63.235.9, 6 Wed Aug 11 21:16:16 1999: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.235.9' and NASPORT=6 Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (934370176, 4, 'Handling with Radius::AuthRADMIN') Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (934370176, 4, 'Handling with Radius::AuthRADMIN') Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='Upaulb' and BADLOGINS < 5 and VALIDFROM < 934370176 and VALIDTO > 934370176 Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthRADMIN looks for match with Upaulb Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (934370176, 4, 'Radius::AuthRADMIN looks for match with Upaulb') Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='DEFAULT' and BADLOGINS < 5 and VALIDFROM < 934370176 and VALIDTO > 934370176 Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthFILE Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with Upaulb Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT2 Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb Wed Aug 11 21:16:16 1999: INFO: Access rejected for Upaulb: No such user Wed Aug 11 21:16:16 1999: DEBUG: Packet dump: *** Sending to 203.63.235.9 port 1028 Code: Access-Reject Identifier: 245 Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131> Attributes: Reply-Message = "Request Denied" === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rlogin Prefix
Hi Hugh, I have been running Livingston Radius for the last couple of years. I had it setup with a Livingston menu so that customers could login with a prefix of M to bring up a menu to select the machine to rlogin to for shell access. This is especially improtant for my UUCP customers (who have now not been able to connect for 2 weeks). I discussed this with Mike McCauley who said that Radiator does not support Livingston Menu's but that it does support radius login prefixes. I need to setup a login prefix of U to allow my UUCP customers to rlogin to the correct machine. I suspect that the prefix handling code for Radiator has not been fully tested. pm1 is my PortMaster and does resolve. My radius.cfg file is attached as is my users file. Regards. Paul Hugh Irvine wrote: > > Hi Paul - > > I think we might want to go back to basics. Could you please send me (again) > your config file, together with your description of what exactly you want to do. > > That way we can make sure. > > Notice that the definition below will only work on calls coming in on "pm1" - > is this correct? And have you checked that "pm1" will resolve to an IP address > (and vice-versa)? > > I've also taken this discussion off the list. > > thanks > > Hugh > > On Wed, 11 Aug 1999, you wrote: > > Hugh Irvine wrote: > > > > > Tom is correct, Check items are on the first line, Reply items are on the > > > following lines. See Section 13 in the Radiator 2.14.1 manual. > > > > > > I think you might want something more like this (if not let me know): > > > > > > # Check for Prefix = U and Client-Id = pm1 (not sure if this is correct?) > > > # Reply with the others > > > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 > > > Service-Type = Login-User, > > > Login-IP-Host = ice.triode.net.au, > > > Login-Service = Rlogin > > > > Still no luck. I have changed the entry in my users file as follows. What can > > I try next? > > > > Regards. Paul > > > > > > DEFAULT Auth-Type = System, Prefix = U, Client-Id = pm1 > > Service-Type = Login-User, > > Login-IP-Host = ice.triode.net.au, > > Login-Service = Rlogin, > > Framed-IP-Address = 255.255.255.254 > > > > Following is what I see in the logfile: > > > > Wed Aug 11 21:16:16 1999: DEBUG: Packet dump: > > *** Received from 203.63.235.9 port 1028 > > Code: Access-Request > > Identifier: 245 > > Authentic: <192>#Rb<136><204><207>'<244>25<191>.7<145><131> > > Attributes: > > User-Name = "Upaulb" > > User-Password = > > "<208>q<26><140><135>?7<150>+<192><27><24><218><189><252><227>" > > NAS-IP-Address = 203.63.235.9 > > NAS-Port = 6 > > NAS-Port-Type = Async > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' > > Wed Aug 11 21:16:16 1999: DEBUG: Deleting session for Upaulb, 203.63.235.9, 6 > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: delete from RADONLINE where > > NASIDENTIFIER='203.63.235.9' and NASPORT=6 > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES > > (TIME_STAMP, TYPE, MESSAGE) > > values (934370176, 4, 'Handling with Radius::AuthRADMIN') > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthRADMIN > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES > > (TIME_STAMP, TYPE, MESSAGE) > > values (934370176, 4, 'Handling with Radius::AuthRADMIN') > > > > Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, > > TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='Upaulb' and BADLOGINS < 5 > > and VALIDFROM < 934370176 and VALIDTO > 934370176 > > > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthRADMIN looks for match with > > Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: do query is: insert into RADMESSAGES > > (TIME_STAMP, TYPE, MESSAGE) > > values (934370176, 4, 'Radius::AuthRADMIN looks for match with Upaulb') > > > > Wed Aug 11 21:16:16 1999: DEBUG: Query is: select PASS_WORD, STATICADDRESS, > > TIMELEFT, MAXLOGINS from RADUSERS where USERNAME='DEFAULT' and BADLOGINS < 5 > > and VALIDFROM < 934370176 and VALIDTO > 934370176 > > > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthFILE > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such user > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE looks for match with > > DEFAULT1 > > Wed Aug 11 21:16:16 1999: DEBUG: Handling with Radius::AuthUNIX > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthUNIX looks for match with Upaulb > > Wed Aug 11 21:16:16 1999: DEBUG: Radius::AuthFILE REJECT: No such
Re: (RADIATOR) Rlogin Prefix
Thanks Hugh, A difficult little puzzle is solved. I'm very relieved to be able to give access back to my shell based customers. Regards. Paul > Well, I have just spent quite some time testing the Prefix and Suffix code, and > I am happy to report that it does work correctly. > > I did however discover that the order of the user Check items is important and > therein lies your problem - the "Prefix = U" must appear *before* the "AuthType > = System", otherwise the userid *including* the "U" is checked. > > Therefore you should have something this: > > DEFAULT Prefix = U, Auth-Type = System, Client-Id = pm1 > Service-Type = Login-User, > Login-IP-Host = ice.triode.net.au, > Login-Service = Rlogin, > Framed-IP-Address = 255.255.255.254 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Framed-Netmask
I've got one last problem in converting over to Radiator. I have a permanent connection customer. He logs in ok and his IP address is correctly assigned, but he netmask is not set. This users table entry had previously been in user for a couple of years with the Livingston Radius server. Please let me know what needs to be changed in the following users file entry. Regards. Paul dannya Auth-Type = System, Client-Id = pm1 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.63.235.96, Framed-Netmask = 255.255.255.248, Framed-MTU = 1500, Idle-Timeout = 99 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Framed-Netmask
Mike McCauley wrote: > > dannya Auth-Type = System, Client-Id = pm1 > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-IP-Address = 203.63.235.96, > > Framed-Netmask = 255.255.255.248, > > Framed-MTU = 1500, > > Idle-Timeout = 99 > > If you are using the standard Radiator dicitonary, it should be spelt: > Framed-IP-Netmask = 255.255.255.248, > > You should have seen an error message about this? Hi Mike, I didn't see the error message, but it probably got hidden by all of the trace output in my logfile. That should be the last of the bushfires out. Next thing is to start working on getting radmin adding new users into my passwd file. I've just noticed that Radmin 1.3 is in the downloads area. In rough terms, what are the new features over Radmin 1.2? Cheers. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin 1.3 Installed
Hi Mike, I have just reinstalled Radmin 1.3. I dropped the radmin database and ran the install from scratch, is there a procedure for upgrading Radmin when a new release comes out? The Total Time in hours, minutes and seconds on the Modem Usage Report is good. As is the in/out traffic in Mb. On the Usage Summary page though we still have time in seconds and traffic in bytes. Could we get these changed to be consistent with the Modem Usage Report? Time in hours, minutes and seconds. Traffic in Mb. Also could we get a button to show the Usage Summary sorted by Outgoing traffic with logins with highest Outgoing Traffic at the top of the report. This would then give me an easy report for seeing who has been chewing up more than their fair share of my internet link. Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Passwd Program
I'm a new Radmin user and I have found that there is a problem with authenticating out of the Radmin database and Sendmail. The basic problem is that Sendmail does not use Pam and Sendmail checks that users exist against the Shadow password file. Mike McCauley has shown me how to patch Radmin to add new customers to the password file as well as to the Radmin database. In order to implement this patch I need a version of the passwd program which takes the username and password as a command line argument. Before I spend time hacking the existing password program, I thought it would be good to know if anyone already has or knows of a version of the passwd program that can be run from a script. Cheers. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin Adding Users
I've almost got Radmin adding new users to my shadow password file. My perl is
pretty basic. Following is the function being used to add the users.
My first problem is that useradd is not working. How can I display the error
message from useradd?
The second problem is that chpasswd takes its input on STDIN. Is the code
below (currently commented out) correct to do this?
Regards. Paul
# Heres an example of how to override the database insertion function
# so that when you add a new user, it automatically
# adds them to your Unix system too:
BEGIN
# Remember pointers to functions we are going to override
$Radmin::Site::original_insert = \&Radmin::DBSQL::insert;
sub Radmin::DBSQL::insert
my ($self, $obj) = @_;
if ($obj->{Type} eq 'RADUSERS')
{
# Adding a new entry to the user list
`usr/sbin/useradd -c \"$obj->{FULLNAME}\" $obj->{USERNAME}`
|| fatalError("UserAddError");
# Set up their password, you may need a
# special program for this so you can send the password
# on the command line
#`/usr/sbin/chpasswd` < $obj->{USERNAME} $obj->{PASS_WORD}
#|| fatalError("Could not set new password in Unix");
}
&$Radmin::Site::original_insert($self, $obj);
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin User Addition
I've got the perl function for adding new users to my Linux system working.
The code is below. Now I would like to clean it up a little. How can I check
the completion code of the useradd function and print out error completion
codes and error messages? Also why does the ; terminating the useradd call
have to be on the next line (It doesn't work if it is on the same line). I am
well pleased to have this working. Thanks to everyone who help me piece it
together.
Regards. Paul
# Heres an example of how to override the database insertion function
# so that when you add a new user, it automatically
# adds them to your Unix system too:
BEGIN
# Remember pointers to functions we are going to override
$Radmin::Site::original_insert = \&Radmin::DBSQL::insert;
sub Radmin::DBSQL::insert
my ($self, $obj) = @_;
if ($obj->{Type} eq 'RADUSERS')
{
# Adding a new entry to the user list
`/usr/sbin/useradd -c \"$obj->{FULLNAME}\" $obj->{USERNAME}`
;
#
# Set up the new users password
#
open(CHANGEPASSWORD,"|/usr/sbin/chpasswd");
print CHANGEPASSWORD "$obj->{USERNAME}:$obj->{PASS_WORD}\n";
close(CHANGEPASSWORD);
}
&$Radmin::Site::original_insert($self, $obj);
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Apache and Radiator
I'm having very little success in getting my apache 1.3.6 server to authenticate using radius. I've been using the Apache mod_auth_pam module. I'd be keen to get a few clues from anyone who has Apache being authorised via Radiator in a linux environment. Which Apache module did you use and are there any specific problems to look out for? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Changing Shadow Password from Radmin
I have written a bit of perl code to allow Radmin to add new users to my
shadow password file when a new user is added using Radmin. Now I need to
write a bit of code to allow the shadow password to be changed when a password
is changed using Radmin. Could anyone tell me how to go about this?
The code to allow users to be added to the shadow password file as well as the
Radmin database follows.
Regards. Paul
# Heres an example of how to override the database insertion function
# so that when you add a new user, it automatically
# adds them to your Unix system too:
BEGIN
# Remember pointers to functions we are going to override
$Radmin::Site::original_insert = \&Radmin::DBSQL::insert;
sub Radmin::DBSQL::insert
my ($self, $obj) = @_;
if ($obj->{Type} eq 'RADUSERS')
{
# Adding a new entry to the user list
`/usr/sbin/useradd -c \"$obj->{FULLNAME}\" $obj->{USERNAME}`
;
#
# Set up the new users password
#
open(CHANGEPASSWORD,"|/usr/sbin/chpasswd");
print CHANGEPASSWORD "$obj->{USERNAME}:$obj->{PASS_WORD}\n";
close(CHANGEPASSWORD);
#
# Set the user to trial group and no login shell
#
`/usr/sbin/usermod -g trial -s /usr/local/bin/noshell
$obj->{USERNAME}`
}
&$Radmin::Site::original_insert($self, $obj);
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
[Re: (RADIATOR) Changing Shadow Password from Radmin]
The code will be very similar and not a problem. The real issue is the name of the procedure which I need to overwrite. Regards. Paul tom minchin wrote: > > On Tue, Aug 24, 1999 at 10:56:35AM +, Paul Black wrote: > > I have written a bit of perl code to allow Radmin to add new users to my > > shadow password file when a new user is added using Radmin. Now I need to > > write a bit of code to allow the shadow password to be changed when a password > > is changed using Radmin. Could anyone tell me how to go about this? > > > > Can't you just use the same code you use for adding new users (just the > chpasswd bit I think is all you need)? > > [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Unix based SQL selection request......which one should I use?
Hi Jay, I've recently put in MySql on Linux with Radiator/Radmin. It s working very nicely. Regards. Paul Jay West wrote: > > We're using FreeBSD 3.2Release for our radius servers. I've decided I have > to switch to using SQL rather than dbm files to get some other functionality > that we want. > > My question is, does anyone have any suggestions as to which SQL server to > use? I have a strong preference for it to run on FreeBSD, and be free of > charge :) Must work well with radiator, and take a minimum of > cpu/disk/memory, etc The SQL server we pick will only be used for > radius, not website databases, etc. etc. > > based on those requirements, should I be looking at msql or mysql or other? > > Thanks in advance for everyone's input! > > Jay West > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) L/C Login Ids
My most frequent cause of support calls comes from people who are logging in with their caps lock key on. How can I use Radiator to translate all usernames and passwords to lowercase, or better yet, to be case insensitive? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) L/C Login Ids
Thanks John, Thats a really useful feature, I've put it in and it is working well. Is there any way to get Radiator to translate all passwords to lowercase? Cheers. Paul John Coy wrote: > > This is handled by the RewriteUsername directive. You > can have a global one or one applied to a specific client > or realm. To make usernames all lower case: > > RewriteUsername tr/A-Z/a-z/ > > See the radiator docs section 6.3.19 RewriteUsername for a > start (that's the section for the 2.13 docs). === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) pop3
Ricardo Guerra wrote: > > Hi!! > is there any way to use radiatortor authenticate pop users, telling them > where to find their mail?? i mean, reading it from a different server, i > want the users to authenticate at intelnet.net.gt, and there the radius > server tell them which one of the other mail servers has their mail > (mail1.intelnet.net.gt, etc.).. can somebody help me or tell me if that > is possible?? You need to use PAM to do this. Set a Pam library to authenticate using Radius. The setup a Pam aware POP server. I was able to get POP3 authenticating OK with Radiator, I did strike problems with Sendmail though. Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
[Fwd: (RADIATOR) Attrib to display message on Windows]
Displaying a "server-assigned message in a window after authorisation" sounds like a very good idea. Does anyone know if it is possible? > Would anyone who knows the RADIUS attribute to make the Microsoft PPP > client display a server-assigned message in a window after authorization > please post it in a reply to this email? > > > L L Richi Plana 8^) ,-,-. ,-,-. ,-,-. ,-,-. ,- > LL LL Systems Administrator / / \ \ / / \ \ / / \ \ / / \ \ / / > L Mosaic Communications, Inc. \ \ / / \ \ / / \ \ / / \ \ / / > L mailto:[EMAIL PROTECTED] `-'-' `-'-' `-'-' `-'-' === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
[Fwd: (RADIATOR) PasswordLog]
I see the same messages in my password logfile as well. I've also wondered what is going on. Hello, Speaking of the password logfile. I'm getting these entries, and I'm curious as to what is meant by UNKNOWN. If it's UNKNOWN then how can the user be authenticated? Sat Sep 25 23:11:03 1999:938319063:blackhawk:UNKNOWN:somepassword:PASS Thank you, Robert === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator Suddenly Stopped Working
I've been running Radmin and Radiator (2.14.1) for 3 or 4 months, everything has been working fine until this evening when Radiator suddenly stopped working. I have not been making changes on primary radius server machine. When I run radpwtst I get the following response: radpwtst -s iggy -secret "mysecret" -user myuser -password mypassword sending Access-Request... No reply sending Accounting-Request Start... No reply sending Accounting-Request Stop... No reply I have tried rebooting the machine, but it didn't help. I'm using Redhat 5.2 linux. It appears that radiator/network communications has stopped. When I use a netstat -a command I get the following output. It looks to me that mysql might be involved in the problem. The odd thing is that Radmin can add, delete and list users from the database with no problems. This one has got me really baffled. Any suggestions on how to sort this out would be appreciated. Regards. Paul [root@iggy Radiator-2.14.1]# netstat -a Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 iggy.triode.net.au:smtp fep9.mail.ozemail:57136 TIME_WAIT tcp0 0 iggy.triode.net.au:smtp fep9.mail.ozemail:57069 TIME_WAIT tcp0 0 iggy.triode.net.a:pop-3 dm1-11.triode.net.:1333 TIME_WAIT tcp0 0 iggy.triode.net.a:pop-3 port6.liz.hare.net:1066 TIME_WAIT tcp0 0 iggy.triode.net.au:smtp phototalk.org:3452 TIME_WAIT tcp0 0 iggy.triode.net.au:smtp mx1.eskimo.com:1469 ESTABLISHED tcp0 0 iggy.triode.net.a:imap2 dm1-14.triode.net.:1187 ESTABLISHED tcp0 0 iggy.triode.net.a:mysql iggy.triode.net.au:1358 ESTABLISHED tcp0 0 iggy.triode.net.au:1358 iggy.triode.net.a:mysql ESTABLISHED tcp0 0 iggy.triode.net.au:ssh dm1-14.triode.net.:1163 ESTABLISHED tcp0 1056 iggy.triode.net.au:ssh dm1-14.triode.net.:1158 ESTABLISHED tcp0 0 iggy.triode.net.a:mysql iggy.triode.net.au:1138 ESTABLISHED tcp0 0 iggy.triode.net.au:1138 iggy.triode.net.a:mysql ESTABLISHED tcp0 0 iggy.triode.net.a:mysql iggy.triode.net.au:1077 ESTABLISHED tcp0 0 iggy.triode.net.au:1077 iggy.triode.net.a:mysql ESTABLISHED tcp0 0 iggy.triode.net.a:mysql iggy.triode.net.au:1035 ESTABLISHED tcp0 0 iggy.triode.net.au:1035 iggy.triode.net.a:mysql ESTABLISHED tcp0 0 *:mysql *:* LISTEN tcp0 0 *:1026 *:* LISTEN tcp0 0 *:7412 *:* LISTEN tcp0 0 *:ftp *:* LISTEN tcp0 0 *:ssh *:* LISTEN tcp0 0 iggy.triode.net.:domain *:* LISTEN tcp0 0 localhost:domain*:* LISTEN tcp0 0 *:www *:* LISTEN tcp0 0 *:smtp *:* LISTEN tcp0 0 *:617 *:* LISTEN tcp0 0 *:auth *:* LISTEN tcp0 0 *:imap2 *:* LISTEN tcp0 0 *:pop-3 *:* LISTEN tcp0 0 *:telnet*:* LISTEN udp0 0 *:1260 *:* udp0 0 *:1027 *:* udp32016 0 *:radacct *:* udp65456 0 *:radius *:* udp0 0 *:1024 *:* udp0 0 iggy.triode.net.:domain *:* udp0 0 localhost:domain *:* udp0 0 *:tftp *:* udp0 0 *:ntalk *:* udp0 0 *:talk *:* udp0 0 *:syslog *:* raw0 0 *:icmp *:* 7 raw0 0 *:tcp *:* Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node Path unix 1 [ ] STREAM CONNECTED 625@0028 unix 1 [ ] STREAM CONNECTED 590@0027 unix 0 [ ACC ] STREAM LISTENING 720/tmp/mysql.sock unix 0
(RADIATOR) Radiator Stopped Working
I've found out where the problem is with my Radiator. When I commented out the Session Database section of my radius.cfg file, Radiator started to work again. I've noticed that a couple of my mysql processes are using up 99% of the cpu time. I'm fairly sure the problem lies in the Session Database. Could anyone tell me which table(s) to deleted and how to recreate it again? Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator Stopped Working
I seem to have sorted the problem out now. There is a handy mysql program called isamchk which allowed me to check each of the tables, sure enough a couple of them had corrupted pointers. Used the repair option and now Radiator seems to be working ok again. Regards. Paul Hugh Irvine wrote: > > Hello Paul - > > On Fri, 15 Oct 1999, Paul Black wrote: > > I've found out where the problem is with my Radiator. When I commented out the > > Session Database section of my radius.cfg file, Radiator started to work > > again. I've noticed that a couple of my mysql processes are using up 99% of > > the cpu time. I'm fairly sure the problem lies in the Session Database. > > > > Could anyone tell me which table(s) to deleted and how to recreate it again? > > > > Have a look in the Radiator goodies directory - there is a mysqlCreate.sql > script that does both, although it does all the other tables as well!! > > *** You will have to extract just the bit that drops and recreates the table > called RADONLINE. Don't just run the script as it is, as it will destroy and > recreate all your other tables as well*** > > You might also check in the RAdmin directory to verify the format that was > created by the schema.pl module. I just had a look here and the RADONLINE > tables in both places look identical, but you should check yourself. > > If you have any questions please don't hesitate to contact me. > > hth > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MAX IDLE TIME
I'm using Radmin and currently my users have a value of 0 (no timeout) set for the Max Idle Timeout. I checked this by displaying the dialup user attributes on my Tigris. I'm rewriting the Radmin Interface so I can set the MAXIDLETIME values in the Radius Database. What I need to know is how to tell Radiator to use the MAXIDLETIME value in the Radiator MySQL database? I'm sure this problem has been solved a few times by other people. Regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MAX IDLE TIME
My Tigris was using the Idle-Timeout attribute in the users file correctly before I started using radmin. Could you please give me some more hints on how to set the Idle-Timeout attribute (from the database field) in the reply? Mike McCauley wrote: >> What I need to know is how to tell Radiator to use the MAXIDLETIME value in >> the Radiator MySQL database? I'm sure this problem has been solved a few >> times by other people. > The radius attribute that most (not all) NASs honour is Idle-Timeout > which is the max idle time in seconds. > So you just need to arrange for that attribute to be set in the reply. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MAX IDLE TIME
Hi Mike,
Attached is my radius.cfg file with secrets removed, could you let me know
where to add in the AuthSelect and AuthColumDef lines.
Regards. Paul
Mike McCauley wrote:
>
> On Dec 15, 6:18am, Paul Black wrote:
> > Subject: Re: (RADIATOR) MAX IDLE TIME
> > My Tigris was using the Idle-Timeout attribute in the users file correctly
> > before I started using radmin. Could you please give me some more hints on
> how
> > to set the Idle-Timeout attribute (from the database field) in the reply?
>
> If you have a database column IDLETIMEOUT that you want to use for
> Idle-Timeout, you could have something like:
>
> AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, IDLETIMEOUT
> from RADUSERS where USERNAME='%n' and BADLOGINS < 5 and VALIDFROM < %t and
> VALIDTO > %t
>
> AuthColumnDef 4,Idle-Timeout,reply
>
> Hope that helps.
# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
#Foreground
#LogStdout
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
RewriteUsername s/^.*\\|@.*$|^\s+|\s+$//g
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
Secret
Secret
Secret
# This clause means we will handle any real that arrives
AuthByPolicy ContinueWhileReject
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in below
# so its the same
DBSourcedbi:mysql:radmin
DBUsername radmin
DBAuth
# You can add to or change these if you want, but you
# will probably want to change the databse schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
#
# This updates the time and octets left for this user
#
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
#
# #
# # These are the classic things to add to each users
# # reply to allow a PPP dialup session. It may be
# # different for your NAS. This will add some
# # reply items to everyone's reply
# #
#
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Filename /etc/raddb/users
Filename /etc/shadow
AcctLogFileName /var/log/radacct/dm1/detail
# This database spec usually should be exactly the same
# as in above
DBSourcedbi:mysql:radmin
DBUsername radmin
DBAuth
# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
Identifier System
Filename /etc/shadow
Re: (RADIATOR) MAX IDLE TIME
Hi Mike, I've added the two lines below to the AuthBy RADMIN clause (IDLETIMEOUT is MAXIDLETIME in the Radmin d/b). I then restarted Radmin. I could see users looking like they were logging in in the Radmin logfile but they were not appearing on the Tigris console where I normally see the radius login messages. I've seperately emailed you the logfile and the radius.cfg file. Could you let me know where I have gone wrong? Regards. Paul Mike McCauley wrote: > > Hello Paul, > > You would add these to you AuthBy RADMIN claause: > > # The following is all on one line: > AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, IDLETIMEOUT > from RADUSERS where USERNAME='%n' and BADLOGINS < 5 and VALIDFROM < %t and > VALIDTO > %t > > AuthColumnDef 4,Idle-Timeout,reply > > Hope that helps. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MAX IDLE TIME
Hi Mike, All of my users are in the Radmin Database. The MAXIDLETIME is currently set to 40 (I'll change it to 2400 shortly). The users who are logging in with an Idle-Timeout of 2400 are failing their Radmin DB authentication and are picking up their Timeout from the Users file and authenticating from the Shadow password file (This is a seperate issue that I havent bothered sorting out yet, users with a correct Radmin Password, who always authenticate from the shadow password file). I'll send my radius.cfg file to you again. Could you think of some way of debugging why the MAXIDLETIME field in the Radmin DB is not getting set into the Idle-Timeout attribute? Regards. Paul Mike McCauley wrote: > Ive had a look at the log, but Im not sure whichg user is the one demonstrating > the problem? I can see one access accept for "altrex" with a Session-Timeout of > 2400. But I didnt see any with Idle-Timeout of 0 ? > > The only reason I can think of for not putting the idle timeout in the reply > is that the IDLETIMEOUT column for that user is null. Can you confirm that? === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SOLVED: RADIATOR/MAX IDLE TIME
Hi Mike, I traced through the Radiator code with Log calls to work out where the problem was. Eventually, I figured out that the AuthColumnDef should be 0 not 5 because it was the first user defined column. Setting IdleTimeOut from the Radmin user interface is now working correctly. I'm also setting a Radius Filter-Id of email (no web access) if the ServiceName (now also set in Radmin) is set to Mailbox. I've added an extra column to my Radmin/Radiator database, it is ServiceState, basically it has values of OK or SUSPENDED. What I want to do is to stop people from logging on if their SERVICESTATE in the Radiator database is set to SUSPENDED. Could you let me know how I could go about this? Regards. Paul Mike McCauley wrote: > > Hello Paul, > > You would add these to you AuthBy RADMIN claause: > > # The following is all on one line: > AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, IDLETIMEOUT > from RADUSERS where USERNAME='%n' and BADLOGINS < 5 and VALIDFROM < %t and > VALIDTO > %t > > AuthColumnDef 5,Idle-Timeout,reply === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Access Control Using Radmin
Hi Mike,
I have spent most of my Christmas break working on Radmin/Radiator and making
sure that my /etc/passwd file and Radmin MySQL database exactly mirror each
other.
I would like to be able to control customer access to my ISP via Radmin. I
have added an extra field SERVICESTATE to the Radmin Database. When
SERVICESTATE is set to SUSPENDED I want to prevent that customer from logging
in. The behaviour I want to get from Radiator is as follows:
If the MySQL Database is running then
If Customer Login Id is NOT SUSPENDED then
Authenticate customer for login
Else if MySQL is not running/working
Authenticate customer from the passwd file
If the customer is set to suspended the AuthBy Radmin will fail and will drop
through and authenticate from the password file.
What do I need to do to not let the customer login if he is suspended, but
still allow authentication from the passwd file is MySQL is not running?
Regards. Paul
My Radmin config is as follows:
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
RewriteUsername s/^.*\\|@.*$|^\s+|\s+$//g
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
Secret
Secret
# This clause means we will handle any real that arrives
AuthByPolicy ContinueWhileReject
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in below
# so its the same
DBSourcedbi:mysql:radmin
DBUsername
DBAuth
#
# Set the Idle Timeout using the Radmin database
#
AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT,
MAXLOGINS, MAXIDLETIME, FRAMED_FILTER_ID, FRAMED_NETMASK from RADUSERS where
USERNAME='%n' and SERVICESTATE != 'SUSPENDED'
AuthColumnDef 0,Idle-Timeout,reply
AuthColumnDef 1,Filter-Id,reply
AuthColumnDef 2,Framed-IP-Netmask,reply
# You can add to or change these if you want, but you
# will probably want to change the databse schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
#
# This updates the time and octets left for this user
#
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
#
# #
# # These are the classic things to add to each users
# # reply to allow a PPP dialup session. It may be
# # different for your NAS. This will add some
# # reply items to everyone's reply
# #
#
AddToReply Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Acc-Callback-CBCP-Type = CBCP-None,\
Framed-Compression = Van-Jacobson-TCP-IP
Filename /etc/raddb/users
# Log accounting to the detail file in LogDir
AcctLogFileName /var/log/radacct/dm1/detail
# This database spec usually should be exactly the same
# as in above
DBSourcedbi:mysql:radmin
DBUsername
DBAuth
# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
Identifier System
Filename /etc/shadow
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access Control Using Radmin
Thanks Mike, I've just tested your suggestion below and it works very nicely. I'm using the SERVICENAME column in the Radamin/Radius database to indicate whether the customer is a TRIAL, HOURLY, etc. What I would like to do next is to get Radiator to send out an email (to my accounts staff and to the customer) when a TRIAL user is in the 10th day of their trial login period. I can see that ADDEDDATE is set correctly, how can I work out if they have been in the trial period for 10 days or more? Regards. Paul Mike McCauley wrote: > > What do I need to do to not let the customer login if he is suspended, but > > still allow authentication from the passwd file is MySQL is not running? > > I would normally do it like this: > > AuthByPolicy ContinueWhileIgnore > > AuthSelect and SUSPENDED != 'whatever' > > # Will go to the next auth if the database is down > > # or any other authby you like > > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access Control Using Radmin
Thanks Mike, The way I want to do this is to perform the calculation of the trial period duration and then send an email when the customer has succesfully logged in. Could you show me an outline of how to do this with Radiator? Regards. Paul > > What I would like to do next is to get Radiator to send out an email (to my > > accounts staff and to the customer) when a TRIAL user is in the 10th day of > > their trial login period. I can see that ADDEDDATE is set correctly, how can > I > > work out if they have been in the trial period for 10 days or more? > > ADDEDDATE is unix epoch seconds (ie seconds since Jan 1 1970), so if the > difference between the current time and ADDEDDATE divided by (60*60*24) will > give the number of days since the account was added. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access Control Using Radmin
Thanks Mike,
The pseudo reply attributes are now being created correctly. For my first
PostAuthHook I want to print out an element of the current request (I hope to
be able to see the print in the debug log, otherwise I'll send it to a file).
I'm wondering exactly how I should do this. My first thought would be:
PostAuthHook sub{ print(_[0][2]); }
second thought
PostAuthHook sub { print(_[0]->Days-Since-Added); }
or is there some other way that I should do this?
Regards. Paul
Mike McCauley wrote:
> Sorry, not word-for-word.
> One approach you might take is to set a pseudo-reply-attribute in the reply,
> based on the difference betwen the current time and the ADDEDDATE, then in a
> PostAuthHook, use that value to figure out whether to send mail or not?
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook
Thanks Mike,
I'm starting to get my PostAuthHook running and starting to like Radiator a
lot. My hook so far is:
PostAuthHook sub { my $reply = ${$_[1]};\
my $reqst = ${$_[0]};\
my $status = ${$_[2]}; \
print "\n"; \
print "User =", $reqst->get_attr('User-Name'),
" "; \
print "Days =",
$reply->get_attr('Days-Since-Added'); \print
"ACCEPT = ", $main::ACCEPT, " "; \
print "Status = ", $status,
"\n";\
}
This is printing to the screen which is crude, but good enough for debugging.
Some of the output is below. I've been reading the online manual and trying to
work it out. I would expect to see PostAuthHook called once when someone logs
in [currently seeing it twice]. Could this be due to having the PostAuthHook
in the section? If so where should I put the PostAuthHook? Do
I need to add in a section?
Thanks. Paul
User =rjensen Days = ACCEPT = 0 Status = 0
User =gstearn Days =129.84 ACCEPT = 0 Status = 0
User =gstearn Days = ACCEPT = 0 Status = 0
User =gstearn Days = ACCEPT = 0 Status = 0
User =robyn Days = ACCEPT = 0 Status = 0
User =airmen Days =131.09 ACCEPT = 0 Status = 0
User =airmen Days = ACCEPT = 0 Status = 0
User =ryan Days =104.89 ACCEPT = 0 Status = 0
User =ryan Days = ACCEPT = 0 Status = 0
User =johndel Days = ACCEPT = 0 Status = 0
User =lumsden Days =104.88 ACCEPT = 0 Status = 0
User =lumsden Days = ACCEPT = 0 Status = 0
Mike McCauley wrote:
> Like this:
>
> PostAuthHook sub { my $reply = ${$_[1]); print "its ",
> $reply->get_attr('Days-Since-Added'), "\n";}
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: PostAuthHook
Hi Mike,
How should I check if I have an Access-Accept in the reply? Below is my
PostAuthHook, you can see that I am printing out the authentication result,
${$_[2]}, the value is always 0. I'm also printing out $main::ACCEPT (From the
PostAuthHook documentation) and it is always 0. Could you let me know if I'm
doing something wrong, or if I am seeing a bug in Radiator?
Regards. Paul
>PostAuthHook sub {
> my $reply = ${$_[1]}; \
> my $reqst = ${$_[0]}; \
> my $status = ${$_[2]}; \
> print "\n"; \
> print "User = ",$reqst->get_attr('User-Name')," "; \
> print "Days = ",$reply->get_attr('Days-Since-Added');\
> print "ACCEPT = ", $main::ACCEPT, " "; \
> print "Status = ", $status,"\n";\
> }
> User = rjensen Days =ACCEPT = 0 Status = 0
> User = gstearn Days = 129.84 ACCEPT = 0 Status = 0
> User = gstearn Days =ACCEPT = 0 Status = 0
> User = gstearn Days =ACCEPT = 0 Status = 0
> User = robyn Days =ACCEPT = 0 Status = 0
> User = airmen Days = 131.09 ACCEPT = 0 Status = 0
> User = airmen Days =ACCEPT = 0 Status = 0
Mike McCauley wrote:
> PostAuthHook will be called for every packet, so perhaps you are seeing it for
> auth and accounting packets, making you think it is clled twice. IN the hook,
> you will have to chjeckl whether you are dealing with an Access-Accept in the
> reply, and therfore that the user has just successfully logged in.
>
> Cheers.
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) DB Authentication and Login Prefix's
I've now moved over to authenticating with Radiator via a MySQL database, one thing that is no longer working is the login prefix's which I previously had setup in my /etc/raddb/users file. Following is an example of one of these prefix's DEFAULT Prefix = U, Auth-Type = System, Client-Id = pm1 Service-Type = Login-User, Login-IP-Host = hyperion.triode.net.au, ACC-Callback-CBCP-Type = CBCP-None, Login-Service = Rlogin What do I need to add to my radius.cfg file (and/or database) in order to allow my customers to make use of login prefix's like the U prefix above? regards. Paul === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
No Subject
Return-Path: <[EMAIL PROTECTED]> Received: from oscar.open.com.au (oscar.open.com.au [203.63.154.1]) by tiberius.accn.org (8.9.3/8.9.3) with SMTP id BAA02286 for <[EMAIL PROTECTED]>; Sun, 9 Jan 2000 01:27:40 -0500 (EST) Received: (from majordom@localhost) by oscar.open.com.au (8.6.12/8.6.12) id RAA01168 for radiator-list; Sun, 9 Jan 2000 17:10:15 +1100 Received: (from uucp@localhost) by oscar.open.com.au (8.6.12/8.6.12) id RAA01156; Sun, 9 Jan 2000 17:10:11 +1100 >Received: from iggy.triode.net.au (iggy.triode.net.au [203.63.235.1]) by perki.connect.com.au with ESMTP id QAA01086 (8.8.8/IDA-1.7); Sun, 9 Jan 2000 16:48:54 +1100 (EST) Received: from iggy.triode.net.au (iggy.triode.net.au [203.63.235.1]) by perki.connect.com.au with ESMTP id QAA01086 (8.8.8/IDA-1.7); Sun, 9 Jan 2000 16:48:54 +1100 (EST) Received: from triode.net.au (IDENT:[EMAIL PROTECTED] [203.63.34.97]) by iggy.triode.net.au (8.9.3/8.9.3) with ESMTP id QAA19127; Sun, 9 Jan 2000 16:49:11 +1100 Message-ID: <[EMAIL PROTECTED]> Date: Sun, 09 Jan 2000 16:48:52 +1100 Organization: Triode Internet X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.3.35 i586) X-Accept-Language: en MIME-Version: 1.0 Subject: (RADIATOR) Re: PostAuthHook References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: [EMAIL PROTECTED] Precedence: bulk === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Remote Mysql Vulnerability
http://lwn.net/2000/0210/a/mysql.html
Title: a/mysql
Date: Tue, 8 Feb 2000 20:03:32 +0100
From: Robert van der Meulen <[EMAIL PROTECTED]>
Subject: Remote access vulnerability in all MySQL server versions
To: [EMAIL PROTECTED]
Hi,
Below you find a security advisory i wrote concerning a vulnerability found in
all (known to me) mysql server versions, including the latest one.
As mysql is a widely used sql platform, i strongly advise everyone using it
to read it, and fix where appropriate.
This email has been bcc'd to the mysql bug list, and other appropriate parties.
Greets,
Robert van der Meulen/Emphyrio
.Introduction.
There exists a vulnerability in the password checking routines in the latest
versions of the MySQL server, that allows any user on a host that is allowed
to connect to the server, to skip password authentication, and access databases.
For the exploit to work, a valid username for the mysql server is needed, and
this username must have access to the database server, when connecting from
the attacking host.
.Vulnerable Systems.
All systems running 3.22.26a and up (tested).
Probably all systems running lower versions as well (not tested, not reviewed).
All versions are vulnerable on all platforms.
.A snippet of code from the mysql code, explaining password authentication **
>From mysql-3.22.26a/sql/password.c:
/* password checking routines */
/*
The main idea is that no password are sent between client & server on
connection and that no password are saved in mysql in a decodable form.
On connection a random string is generated and sent to the client.
The client generates a new string with a random generator inited with
the hash values from the password and the sent string.
This 'check' string is sent to the server where it is compared with
a string generated from the stored hash_value of the password and the
random string.
*/
.More code, and vulnerability explanation.
The problem is, that in the comparison between the 'check' string, and the
string generated from the hash_value of the password and the random string,
the following code is used (from mysql-3.22.26a/sql/password.c):
while (*scrambled)
{
if (*scrambled++ != (char) (*to++ ^ extra))
return 1; /* Wrong password */
}
'scrambled' represents the 'check' value, and (*to++ ^ extra) walks trough the
hash_value.
Suppose a client would send a _single_ character to the server as the 'check'
string.
Of course the server should notice the check string is not the same length as
the check string needed, and give a password error.
Because no such checks are done, when a check string of length 1 is passed to
the server, only one character is compared.
So the only thing that remains to know if we want to peek in someone's MySQL
database, is a technique to find out the first character of the server-side
check string.
The string that's used for the comparison is generated using some random data,
so two following authenticate-actions will probably use different check-strings.
After looking at the algorithm, generating the check string, it becomes clear
that there are actually only 32 possibilities for each character.
In practice, this means that if you connect, sending one single character as
the check string, you will be in in about 32 tries maximum.
.Impact.
Hosts in the access list (by default any host, on a lot of distributions and
servers) can connect to the MySQL server, without a password, and access
(often sensitive) data _as long as the attacker has a valid username for the
database server_.
This vulnerability also incorporates a MySQL DoS attack, as the attacker can
shutdown database servers and delete data, if she logs in with the MySQL
management account.
.Exploit information.
I have an exploit available, but to defer script kiddies i will not release
it (yet). Do not ask me for it.
If above explanation is understood, an exploit should be easy enough...
.Fix information.
Change the routine 'check_scramble' in mysql-3.22.26a/sql/password.c to do a
length check, _before_ starting the compare.
This should be as easy as inserting the following just above the
while (*scrambled) loop:
if (strlen(scrambled)!=strlen(to)) {
return 1;
}
WARNING: This is NOT an official fix. You can use this as a temporary solution
to the problem.
Please check the official mysql site (www.mysql.org) for a fix.
.Commentary.
I think this exploit should not be a very scary thing to people that know
how to secure their servers.
In practice, there's almost never a need to allow the whole world to connect
to your SQL server, so that part of the deal should be taken care of.
As long as your MySQL ACL is secure, this problem doesn't really occur (unless
your database server doubles as a shell server).
We h
(RADIATOR) Upgrading Radiator and Radmin
I'm about to upgrade from Radiator 2.14.1 to 2.16.1; and Radmin 1.3 to 1.4, I have customised Radmin a bit. The first thing I need to know is what are the changes in the Radmin database between Radmin 1.3 and 1.4 and any comments on the best way to go about the upgrade would be appreciated. Regards. Paul === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator/Radmin Extensions
About a year ago I added a function to the Site.pm file to allow a user to be
added to the shadow password file when the user was added using the Radmin
interface (which adds the users details to a MySQL DB). The problem is,
sometime in the last few months, the function to add the user to ther shadow
password file has stopped working. As far as I can see the code is not being
executed. I'd appreciated some guidance on how to sort this pronlem out.
Following is the function to add the user to the shadow password file:
# You can add or override Radmin functions here like this
# sub Radmin::Util::formatDateTime {
# Your stuff here
# }
BEGIN
{
# Remember pointers to functions we are going to override
$Radmin::Site::original_insert = \&Radmin::DBSQL::insert;
}
sub Radmin::DBSQL::insert
{
my ($self, $obj) = @_;
`/usr/bin/logger \"Radmin Insert Called\"`;
if ($obj->{Type} eq 'RADUSERS')
{
# Adding a new entry to the user list
`/usr/sbin/useradd -c \"$obj->{FULLNAME}\" $obj->{USERNAME}`
;
#
# Set up the new users password
#
open(CHANGEPASSWORD,"|/usr/sbin/chpasswd");
print CHANGEPASSWORD "$obj->{USERNAME}:$obj->{PASS_WORD}\n";
close(CHANGEPASSWORD);
#
# Set the user to trial group and no login shell
#
`/usr/sbin/usermod -g trial -s /usr/local/bin/noshell
$obj->{USERNAME}`
}
&$Radmin::Site::original_insert($self, $obj);
}
1;
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Usage Summary Page
I've just upgraded to Radiator 2.16.3 and Radmin 1.4b2 and have sorted out some gremlins along the way (some setuid bits had been lost). My customers are keen to get a window which will allow them to view their usage over the last couple of months (on a per month basis). The Radmin Usage Summary window goes part of the way there. If I select a User Name (text like) pat, I get 4 matches, fpatruno, pat, patrick and patto. I'm really interested in the usage for pat, so I click on the link for that user name (pat) and I get the List Usage window up, the User Name (text like) already has pat in it. So I click the search button and Radmin comes back with a list of the usage for fpatruno, pat, patrick and patto. This is a problem because I had already told Radmin that I wanted the usage for pat. Could you let me know if this is a known problem and when it might be fixed. Regards. Paul === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin Mailing List
Hi Mike, What do I need to do to get back onto the Radmin Mailing list? Thanks. Paul === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Radmin: Usage Summary Problem
I have downloaded Radmin-1.4.tgz and have copied over the cgi-bin and Radmin files into the correct directories. I am still having a problem with the Radmin Usage summary screen. I select pat on the first screen, then get a list of usernames containing pat. Once again I select pat and get a list of usage for all usernames containing pat. I have noted that the datestamp on all of the files in the cgi-bin/private directory is May 4, could you have forgotten to include the May 30 cgi-bin updates into the Radmin-1.4.tgz archive? If not which file should I check to see it is the correct version? Regards. Paul === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Re: Radmin: Usage Summary Problem
Hi Mike, I am now setting up mod_auth_mysql from http://bourbon.netvision.net.il/mod_auth_mysql, this will allow me to authenticate the people wanting to look at the listUsage.pl page. Once they have got access to the usage page, how can I stop pat from looking at joe's usage? Cheers. Paul Mike McCauley wrote: > On Sep 19, 3:19pm, Paul Black wrote: > > That is looking much better now. I've copied > over listUsage.pl from > private to> public and made the edit > below. It works quite nicely now. > > > The next question is how do I restrict pat to only looking at Pat's usage > from the > > public listUsage.pl? There would be an outcry if I let everyone look at > everyone > > else's usage statistics. > > Are you able to enable authentication in your web server, so that it does > Radius authentication of your end users (ie so that end users can run your > public script, but only after authenticationing against their Radius > password?)? > === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Adding Connection Speed and Calling Number to Radusage
Hi Mike, I'm using the latest version of Radiator/Radmin. I would like to add Connection Speed and Calling Number to the RADUSAGE table. What do I need to do in order to get Radiator to write these values into the MySQL database when the customer logs in? Regards. Paul === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) The Death Packet
I dont know about a kill packet, bit I have found that if someone logs in with a comma in their username by mistake, it causes my Radiator process to die. Regards. Paul > Received: from Nathan [202.22.161.42] > Hello, > > I am just wandering how is can actually send the kill packet to radiator = > to kick someone off the internet. > I have Radiator 2.17.1. > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > Nathan Franklin > Programmer > http://www.tsn.cc === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
