Re: (RADIATOR) Bug in NAS-Address-Port-List?
Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19><217><174> Fri Jan 7 01:25:43 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:43 2000: DEBUG: Deleting session for [EMAIL PROTECTED], 216.41.76.18, 4 Fri Jan 7 01:25:44 2000: DEBUG: Packet dump: *** Received from 209.113.155.4 port 1651 Code: Accounting-Request Identifier: 37 Authentic: <237><161>Q<131><13><176><208><28>j.cJP<160><246>[ Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect_Info = 858862128 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 12252 Proxy-State = 8u<135><28><216>)L<18><4>$0<0>6!<215><144><7>G1-<2>o<143><163>1<209>i) Fri Jan 7 01:25:44 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used to handle this request Fri Jan 7 01:25:44 2000: DEBUG: dump:Code: Accounting-Request Identifier: 37 Authentic: <237><161>Q<131><13><176><208><28>j.cJP<160><246>[ Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect_Info = 858862128 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 12252 Proxy-State = 8u<135><28><216>)L<18><4>$0<0>6!<215><144><7>G1-<2>o<143><163>1<209>i) Fri Jan 7 01:25:44 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:44 2000: DEBUG: Adding session for [EMAIL PROTECTED], 216.41.76.18, 4 Phil Freed <[EMAIL PROTECTED]> === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) No accounting replies
Brilliant, simple, and (after the fact) obvious. Thanks very much; that did the trick. > This week I had a similar problem with an accounting-only server. I had to > put an empty clause in the handler. > It looked like a handler without any AuthBy clauses does not send and > accounting replies. Phil Freed <[EMAIL PROTECTED]> === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Bug in NAS-Address-Port-List?
This may or may not be related my accounting record problem. (I suspect not.) I need a special handler for slot 6 on one of my NASs. I have the following sections in my radius.cfg: # The first item is commented out because it kills radius with the message Can't call method "log" on unblessed reference at /usr/local/lib/perl5/site_perl/5.005/Radius/AuthGeneric.pm line 644. The second one should do just what I want, but it doesn't work. (See log entries below.) The third item is just there for debugging - but it mystifies rather than enlightens. Apparently, it matches the wrong packets altogether. Note that the handler is *supposed* to match the client x.227, but the log shows that it matches x.225 . I'm afraid I'm stumped. Am I missing something obvious here? ### From radius.cfg: ## This kills radius: # # PreAuthHook file:"/usr/local/etc/preauth.hook" #AcctLogFileName %L/x%R-%c-%Y%m%d # PasswordLogFileName %L/$R:%Y%m.pass # # Filename%D/users.isdn # # # This is what I want: PreAuthHook file:"/usr/local/etc/preauth.hook" AcctLogFileName %L/x%R-%c-%Y%m%d PasswordLogFileName %L/$R:%Y%m.pass Filename%D/users.isdn PreAuthHook file:"/usr/local/etc/preauth.hook" AcctLogFileName %L/x%R-%c-%Y%m%d PasswordLogFileName %L/$R:%Y%m.pass Filename%D/users.isdn ### From the log: *** Received from 208.130.42.53 port 45016 Code: Access-Request Identifier: 242 Authentic: 1234567890123456 Attributes: User-Name = "philtest" Service-Type = Framed-User Client-Id = 208.153.18.227 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<173><21><220><249><141><11>g<133><130>Cl<216>u'<154><2 47>" Chassis-Call-Slot = 6 Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Request-Type = Accounting-Request should be used to handle this request Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Client-Id=208.153.18.227,Chassis-Call-Slot=6 shou ld be used to handle this request Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Client-Id=208.153.18.227 should be used to handle this request Fri Jan 7 04:53:18 2000: DEBUG: Check if Handler Realm=psdu.net should be used to handle this requ est etc... -- Fri Jan 7 04:59:43 2000: DEBUG: Packet dump: *** Received from 208.153.18.225 port 1645 Code: Access-Request Identifier: 48 Authentic: <10><230>y<247><135><218><142><234>,SqA<203>$<153><172> Attributes: User-Name = "marier" User-Password = "`<138>8<166>'a<170><252><166><247><4>M<147><226><245><13>" Client-Id = 208.153.18.225 NAS-Port = 781 Acct-Session-Id = "51147957" USR-Interface-Index = 2037 Service-Type = Framed-User Framed-Protocol = PPP Chassis-Call-Slot = 4 Chassis-Call-Span = 1 Chassis-Call-Channel = 13 Calling-Station-Id = "" Called-Station-Id = "6428000" NAS-Port-Type = Async Fri Jan 7 04:59:43 2000: DEBUG: Check if Handler Request-Type = Accounting-Request should be used to handle this request Fri Jan 7 04:59:43 2000: DEBUG: Check if Handler Client-Id=208.153.18.227,Chassis-Call-Slot=6 shou ld be used to handle this request Fri Jan 7 04:59:43 2000: DEBUG: Check if Handler Client-Id=208.153.18.227 should be used to handle this request Fri Jan 7 04:59:43 2000: DEBUG: Handling request with Handler 'Client-Id=208.153.18.227' etc Phil Freed <[EMAIL PROTECTED]> === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) No accounting replies
Whups - I spoke too soon. It appears that this didn't solve anything after all. Any other thoughts? > > On Fri, 07 Jan 2000, Phil Freed wrote: > > We have just put up the latest Radiator code, and have > > completely revamped our config to take advantage of the > > nifty new stuff. But we're having problems with accounting > > packets. Radiator gets the packets, but according to "snoop" > > it never replies to them. > > > >Note: this means that the problem is _not_ with the NAS. > >It never gets any ACKs because Radiator isn't sending any. > >So the NAS (correctly) keeps resending the packets. > > > > Here are the salient portions of our config. > > > > > > Secret x > > IgnoreAcctSignature > > DupInterval 0 > > > > > > The IgnoreAcctSignature and DupInterval lines are there > > for debugging only; they should go away when everything's > > working. > > > > # Handle All the Accounting requests > > > > AcctLogFileName %L/%R%c-%Y%m%d > > AccountingHandled > > > > > > This is the first handler in the config file. > > According to the log, it is properly intercepting > > the accounting packets. > > > > Finally, here is our PreClientHook: > > > > sub{ > > ## lc() the username and remove junk characters. > > ## If the user has entered a realm, normalize it. > > > > # We don't need to re-create this hash for every packet > > if (!defined %main::loa_realm2class) { > > %main::loa_realm2class = ( > > 'realm1'=> 'class1', > > 'realm2'=> 'class2', > > 'realm3'=> 'class2', > > : : : : : : > > ); > > } > > > > my $p = ${$_[0]}; > > my ($user, $realm); > > ($user = lc $p->getUserName) =~ tr/[\\,*\$:'"\x00-\x20\x7F-\x1FF]//d; > > ($user, $realm) = split ('@', $user); > > > > if ($realm) { > > $realm = ( $main::loa_realm2class{$realm} or $realm); > > $p->changeUserName("$user\@$realm"); > > } > > } > > > > - > > > > And here is a bit from the log file. The daemon has > > just been killed and restarted > > > > Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn > > Fri Jan 7 01:25:40 2000: DEBUG: Reading users file /usr/local/etc/raddb/users.isdn > > Fri Jan 7 01:25:42 2000: INFO: Server started > > Fri Jan 7 01:25:43 2000: DEBUG: Packet dump: > > *** Received from 209.113.155.4 port 1651 > > Code: Accounting-Request > > Identifier: 36 > > Authentic: <3><221>d<237><140><171><152><147>VKov<219>}<171><139> > > Attributes: > > Acct-Session-Id = "1C002EBF" > > User-Name = "[EMAIL PROTECTED]" > > Client-Id = 216.41.76.18 > > NAS-Port = 4 > > NAS-Port-Type = Async > > Acct-Status-Type = Stop > > Acct-Session-Time = 1553 > > Acct-Authentic = RADIUS > > Connect_Info = 858862128 > > Acct-Input-Octets = 20479 > > Acct-Output-Octets = 274291 > > Called-Station-Id = "9783364950" > > Calling-Station-Id = "9787775389" > > Class = "cybertours.com" > > Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST > > Livingston = "User Request - PPP Term Req" > > Service-Type = Framed-User > > Framed-Protocol = PPP > > Framed-IP-Address = 216.41.76.164 > > Acct-Delay-Time = 10699 > > Proxy-State = >8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19 ><217><174> > > > > Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be >used to handl e this request > > Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request > > Identifier: 36 > > Authentic: <3><221>d<237><140><171><152><147>VKov<219>}<171><139> > > Attributes: > > Acct-Session-Id = "1C002EBF" > >
(RADIATOR) No accounting replies
om 209.113.155.4 port 1651 Code: Accounting-Request Identifier: 36 Authentic: <3><221>d<237><140><171><152><147>VKov<219>}<171><139> Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1553 Acct-Authentic = RADIUS Connect_Info = 858862128 Acct-Input-Octets = 20479 Acct-Output-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19><217><174> Fri Jan 7 01:25:43 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used to handle this request Fri Jan 7 01:25:43 2000: DEBUG: dump:Code: Accounting-Request Identifier: 36 Authentic: <3><221>d<237><140><171><152><147>VKov<219>}<171><139> Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1553 Acct-Authentic = RADIUS Connect_Info = 858862128 Acct-Input-Octets = 20479 Acct-Output-Octets = 274291 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST Livingston = "User Request - PPP Term Req" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 10699 Proxy-State = 8u<135><28><216>)L<18><4>$f<0>I\<221><174><31>P<204><141>&<165>}\<219><19><217><174> Fri Jan 7 01:25:43 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:43 2000: DEBUG: Deleting session for [EMAIL PROTECTED], 216.41.76.18, 4 Fri Jan 7 01:25:44 2000: DEBUG: Packet dump: *** Received from 209.113.155.4 port 1651 Code: Accounting-Request Identifier: 37 Authentic: <237><161>Q<131><13><176><208><28>j.cJP<160><246>[ Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect_Info = 858862128 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 12252 Proxy-State = 8u<135><28><216>)L<18><4>$0<0>6!<215><144><7>G1-<2>o<143><163>1<209>i) Fri Jan 7 01:25:44 2000: DEBUG: Check if Handler Acct-Status-Type=/.+/ should be used to handle this request Fri Jan 7 01:25:44 2000: DEBUG: dump:Code: Accounting-Request Identifier: 37 Authentic: <237><161>Q<131><13><176><208><28>j.cJP<160><246>[ Attributes: Acct-Session-Id = "1C002EBF" User-Name = "[EMAIL PROTECTED]" Client-Id = 216.41.76.18 NAS-Port = 4 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect_Info = 858862128 Called-Station-Id = "9783364950" Calling-Station-Id = "9787775389" Class = "cybertours.com" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.41.76.164 Acct-Delay-Time = 12252 Proxy-State = 8u<135><28><216>)L<18><4>$0<0>6!<215><144><7>G1-<2>o<143><163>1<209>i) Fri Jan 7 01:25:44 2000: DEBUG: Handling request with Handler 'Acct-Status-Type=/.+/' Fri Jan 7 01:25:44 2000: DEBUG: Adding session for [EMAIL PROTECTED], 216.41.76.18, 4 Phil Freed <[EMAIL PROTECTED]> === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Re: your mail
> >interesting. Do you all feel its a good idea to "lowercase and chop" all > >usernames like this, and just let the user have "[EMAIL PROTECTED]" incorrectly > >in their dial up config, or do you think its better to correct for it? > > > >I think the RewriteUsername would cut down alot of tech support calls, and > >really its harmless so long as its only their dialup config that is > >braindead and not their mail config etc. > > I think it's not a good idea. > Remeber that the password will not be touched, so if your customer forgot to > turn off caps lock, the authentication will fail anyway, and support calls > will happen. FWIW, we like to automatically LC() the realm. Enough of our users think that their e-mail address ought to be upper case - or lower case - or proper case - that we decided it was simpler to accept them all. Especially since our name has odd capitalization anyway.... (cyberTours. Yup - sure looks funny at the beginnig of a sentence.) Phil Freed <[EMAIL PROTECTED]> === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) perl obfuscation redux
Sorry, Mike. This one's crackable. But you're right - it would certainly stop the casual reader. > To that end, we have a packer that might at least prevent casual > inspection of perl source. Would any perl guns out there care to > see if they can get into this to see what the secret message is? $IsEncrypted=1; # The secret message is: Chocolate Brownies print "Hello world\n"; Phil Freed <[EMAIL PROTECTED]> === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS Identitier as domain
Hugh Irvine <[EMAIL PROTECTED]> recently suggested: > It might be simpler to set up your Client clauses with DNS names, then use > Client-Id in your accounting records. > > # Configure Client clause with DNS name, something like this: > > > > I've often considered doing this, but I'm not sure that I like the idea of performing a DNS lookup on each packet. Does Radiator cache DNS info? If so, does it 1) Do any lookups when reading the config file? 2) Time out DNS caches as appropriate? 3) Flush DNS caches on a kill -HUP? Thanks. --phil "All my life, I always wanted to be somebody. Now I see that I should have been more specific." === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.