Re: (RADIATOR) Calculating Session-Timeout based on Expiration?
Brian, You can try something like this as well. AuthBy SQL AuthSQLStatement update USERS set TIMELEFT=%t+86400 where LOGIN=0 AuthSelect select PASSWORD, TIMELEFT-%t as TIMELEFT AcctSQLStatement update USERS set LOGIN=LOGIN+1 /AuthBy Regards - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, November 16, 2002 5:05 AM Subject: Re: (RADIATOR) Calculating Session-Timeout based on Expiration? Hello Brian - I think you will need to write a Hook to do this. There are some example hooks in the file goodies/hooks.txt. regards Hugh On Saturday, Nov 16, 2002, at 07:58 Australia/Melbourne, Brian wrote: I know that Radiator can calculate the Session-Timeout, as an offset from the Time setting, using the until Time syntax. Does such an option exist for Expiration as well? For example, I want to set the Expiration to a unix timestamp, so I get granularity. I want the Session-Timeout passed back to the NAS to be the difference between NOW and Expiration. Is this possible? Brian -- --- Brian Feeny, CCIE #8036e: [EMAIL PROTECTED] Network Engineerp: 318.222.2638x109 ShreveNet Inc.f: 318.221.6612 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Expiration
Title: Message Dave, I am now using this: AcctSQLStatement update USERS set EXPIRATION='%Y-%m-%d' where . I would like the month to be 3 months from the current date. ie. +3. How do I do this? Thanks - Original Message - From: Dave Kitabjian To: Radius Admin ; [EMAIL PROTECTED] Sent: Tuesday, August 13, 2002 2:30 AM Subject: RE: (RADIATOR) Expiration There are a whole mess of date formatting options in the manual: http://www.open.com.au/radiator/ref.html#pgfId=290952 Let me know how you make out! Dave TABLE 2. DateFormat special characters Specifier Is replaced at run-time by: %% The percent character %a Day of the week, abbreviated %A Day of the week %b Month, of the year, abbreviated %B Month of the year %c ctime format: e.g. Sat Nov 19 21:05:57 1994 %d Numeric day of the month DD, with a leading 0 if necessary. %e Numeric day of the month, no leading 0. %D MM/DD/YY %h Month of year, abbreviated %H Hour, 24 hour clock, leading 0 %I Hour, 12 hour clock, leading 0 %j Day of the year %k Hour %l Hour, 12 hour clock %m Month number (starting with Jan = 1) %M Minute, leading 0 %n NEWLINE character %o Ornate day of month e.g. "1st", "2nd", "25th", ... %p `AM' or `PM' %r Time format: 09:05:57 PM %R Time format: 21:05 %S Seconds, leading 0 %t TAB character %T time format: 21:05:57 %U Week number, Sunday as first day of week %w Day of the week, numerically, Sunday == 0 %W Week number, Monday as first day of week %x Date format: 11/19/94 %X Time format: 21:05:57 %y Year (2 digits) %Y Year (4 digits) %Z Timezone in ascii. eg: PST -Original Message-From: Radius Admin [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 11:32 AMTo: [EMAIL PROTECTED]Subject: (RADIATOR) Expiration I am trying to update an EXPIRATION field which is a date field in my users database. I am trying to use the following statement. AcctSQLStatement update USERS set EXPIRATION=%t+7776000 where... Is there anyway for me to format the value of "%t+7776000" to a format which is acceptable to mysql date format. Thanks
(RADIATOR) Expiration
I am trying to update an EXPIRATION field which is a date field in my users database. I am trying to use the following statement. AcctSQLStatement update USERS set EXPIRATION=%t+7776000 where... Is there anyway for me to format the value of "%t+7776000" to a format which is acceptable to mysql date format. Thanks
(RADIATOR) Accounting Keep Alives
How do I send Accounting Keep Alives to a NAS? How is this implemented in Radiator? Thanks
(RADIATOR) PostAuthHook
I am trying to implement a PostAuthHook. I have added the following line in my configuration file Realm .. AuthBy SQL blah blah PostAuthHook file:"%D/SetActive.txt" /AuthBy /Realm When I start Radiator I get the following error: ERR: Unknown keyword 'PostAuthHook' in I am not using Handler's as described in the hooks.txt file. Have I defined it in the wrong place? Thanks
(RADIATOR) DATE
We have made our custom windows app to access RADUSERS table, the fields VALIDFROM and VALIDTO are integer types. What is the formula to convert these fields to a valid DATE Type, so we can automatically manage valid dates of the accounts we create. chris -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Post Processing hook
Hi All, Being lazy here Before I dream up something I thought some-one might have invented 'the wheel' aleady. We are currently transitioning all of our user base from usernames without realms to usernames with realms. I would like to send an email in a post processing hook to the user when they logon to give them a polite reminder of the changes they need to make. Obviously I still want to allow them to have a successful logon but hopefully the email generated each time will start to get annoying after a while and they will look into changing their setups. We are using Auth by SQL with mysql at present. I have one more question. This move to users with realms has bought about an issue with Free BSD ppp daemon. Apparently it doesn't accept more than 16 characters in the username. Anyone have a work around or come across this? The easiest solution at the moment is to give them a new account which will be 16 characters with a realm. Thanks in advance for any help I receive and btw thanks for a great product! Brad Lilly Shoalnet/Fastrac admin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rewrite rules
This will remove begining trailing whitespace RewriteUsername s/^\s+// RewriteUsername s/\s+$// - Original Message - From: Paul Black [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 02, 2002 4:41 AM Subject: (RADIATOR) Rewrite rules I'm still trying to make my rewrite rules do exactly what I want. What rule would I need to string leading white space from the username? Also what does the first rule shown below do? Regards. Paul Realm DEFAULT RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RewriteUsername
Try naming the realm DEFAULT. It looks at anything after the @ to determine the realm name. So, if a customer logs in as [EMAIL PROTECTED], it is going to look for a realm called Realm abc.com. By default, if Radiator finds no matches, it will try to use Realm DEFAULT. -Ronan - Original Message - From: Barry Andersson To: [EMAIL PROTECTED] Sent: Thursday, 28 February, 2002 19:36 Subject: (RADIATOR) RewriteUsername Hi, I haveRewriteUsername s/^([^@]+).*/$1/ in my radius.cfg file however domains don't appear to be stripped from users who inadvertently login with their email address. I'm getting errors in the logfile such as "Could not find a handler for username@domainname: request is ignored" Below is the appropriate section from my radius.cfg Regards Barry Andersson AuthBy SYSTEM UseGetspnamf Identifier System /AuthBy Realm auth RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE Filename ./users /AuthBy AcctLogFileName /var/log/radius/detail /Realm Realm AuthBy INTERNAL AcctResult ACCEPT /AuthBy /Realm
Re: (RADIATOR) AcctSQLStatement
I have it in the AuthBy SQL Clause. I don't see it executing in a trace though. Maybe I am typing something wrong. Here is a snip from the config: Realm DEFAULT Description Default Realm for authenticating users RejectHasReason RewriteUsername s/^([^@]+).*/$1/ SessionDatabase RADONLINE AuthByPolicy ContinueWhileReject AuthBy SQL Identifier SUBSCRIBERS DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername x DBAuth x DefaultSimultaneousUse 1 Description Database to use to authenticate users FailureBackoffTime 5 Timeout 10 AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y' # AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' AuthColumnDef 0,User-Password,check AuthColumnDef 1,Port-Limit,reply AuthColumnDef 2,Framed-IP-Address,reply AuthColumnDef 3,Simultaneous-Use,check AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef SERVICETYPE,Service-Type,integer AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AddToReply Service-Type=Framed-User, \ Framed-Protocol=PPP, \ Framed-IP-Netmask = 255.255.255.255 /AuthBy AuthBy SQL Identifier LIMITED_20HRS DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername x DBAuth x DefaultSimultaneousUse 1 Description Database to use to authenticate 20 Hour users FailureBackoffTime 5 Timeout 10 AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where USERNAME='%n' AND ACTIVE='Y' AuthColumnDef 0,User-Password,check AuthColumnDef 1,Port-Limit,reply AuthColumnDef 2,Framed-IP-Address,reply AuthColumnDef 3,Simultaneous-Use,check AuthColumnDef 4,Session-Timeout,reply AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer-date AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef SERVICETYPE,Service-Type,integer AcctColumnDef CALLINGSTATIONID,Calling-Station-Id AcctColumnDef CALLEDSTATIONID,Called-Station-Id AcctSQLStatement update LIMITED_20HRS set TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n' AddToReply Service-Type=Framed-User, \ Framed-Protocol=PPP, \ Framed-IP-Netmask = 255.255.255.255 /AuthBy AuthBy SQL Identifier LIMITED_30HRS DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx DBUsername x DBAuth x DefaultSimultaneousUse 1 Description Database to use to authenticate 30 Hour users FailureBackoffTime 5 Timeout 10 AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where USERNAME='%n' AND ACTIVE='Y' AuthColumnDef 0,User-Password,check AuthColumnDef 1,Port-Limit,reply AuthColumnDef 2,Framed-IP-Address,reply AuthColumnDef
Re: (RADIATOR) User-Name encrypted
That's rightI knew it was a config change, but I couldn't remember what it was. Missed it when looking through all the old backup configs... -Ronan - Original Message - From: Fabio Nitti (TEI) [EMAIL PROTECTED] To: Ronan Eckelberry [EMAIL PROTECTED]; Hugh Irvine [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, 21 February, 2002 04:17 Subject: RE: (RADIATOR) User-Name encrypted Hi all I solved my problem! I changed the configuration on Cisco System as5300 in the section Interface Group-async1 I modified the parameter async mode old config: async mode dedicated new config: async mode interactive The Nas pass correct user-name now. thanks a lot bye -Original Message- From: Fabio Nitti (TEI) [mailto:[EMAIL PROTECTED]] Sent: mercoledì 20 febbraio 2002 11.38 To: [EMAIL PROTECTED] Subject: (RADIATOR) User-Name encrypted Hi All, I've a problem whit my system Radiator 2.17.1 It receives access-request from dialin throught the Nas with user-name encrypted I don't know where is the problem because I did all test with radpwtst GUI and I verified the correct configuration The NAS is a Cisco 5300 It doesn't work fine for regular users when I do a dialin connection with modem and a correct user The Nas pass a User-name encrypted This is my logfile Thanks a lots *** Received from 113.254.2.2 port 1645 Code: Access-Request Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: NAS-IP-Address = 113.254.2.2 NAS-Port = 19 NAS-Port-Type = Async User-Name = }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~2 Called-Station-Id = 672908919 Calling-Station-Id = 672588404 User-Password = 3/149|{+-]141e@Eq218131140 Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type = Accounting-Request, Acct-Status-Type = Start should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = ia should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = tilab should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = cuori should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler should be used to handle this request Tue Feb 19 20:15:48 2002: DEBUG: Handling request with Handler '' Tue Feb 19 20:15:48 2002: DEBUG: Deleting session for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~, 113.254.2.2, 19 Tue Feb 19 20:15:48 2002: DEBUG: Running command: /export/home/IVLR/R2.0/bin/ivlr_Authenticator.exe /export/home/IVLR/R2.0/bin/conf/Authenticator.ini Tue Feb 19 20:15:53 2002: INFO: Access rejected for }#@!}!} } $}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~: Tue Feb 19 20:15:53 2002: DEBUG: Packet dump: *** Sending to 113.254.2.2 port 1645 Code: Access-Reject Identifier: 12 Authentic: 30K223238020117143239161152/L211%d Attributes: Reply-Message = Request Denied Fabio Nitti === Research development Consultant ANS s.p.a. c/o TEI Ericsson Italy Intelligence Network Fixed Mobile Convergence DT/DW System Specialist Engineer Via Anagnina 203 Rome C.A.P. 00040 tel. +39 0672583246 ECN 839 73246 fax +39 06 72583127 e-mail [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Empty Requests
Title: Empty Requests Hi, I have the following setup: Radiator 2.18.1 MS SQL Server 2000 Lucent PM3s and PM2 Since a couple of months we are regularly seeing the following warning message, which I have no idea from where its coming. WARNING: Could not find a handler for : request is ignored Any idea? Best Regards, Joseph Cilia Managing Director NextGen.net Limited -- Mobile: (+356) 947 2319 Tel: (+356) 419109 Fax: (+356) 438948 ICQ: 9415615 E-mail: [EMAIL PROTECTED] URL: http://www.nextgen.net.mt --
(RADIATOR) question
I need to reduce my Ascend-Data-Filter from length 28 to 26 Any ideas how? Thanks Eric
(RADIATOR) Testing MaxSessions with radpwtst - MaxSessions not working - very simpleconfig.
Hello, I'm stumped, I've looked, I've read, I've tried, and I am stumped. I'm evaluating radiator and I have had absolutely no success getting MaxSessions to function. Below is my config and debug information. I am testing this config with the radpwtst tool and the following arguments: partisan:/usr/local/radiator# radpwtst -user admin -password admin Called-Station-Id=1234 -s 127.0.0.1 -nostop I would expect, with my config and the command above, the second time the command is issued radiator would deny my login because of the "-nostop" argument and not having received a stop argument for the previous login. This does not appear to be the case. I have noticed one thing. If I I set MaxSessions 1 to MaxSession 0 then it will deny the login. Below is the debug output from 2 tests with the above command. I don't mean to grovel but... please help :) -Jared My config: radius.cfg: Foreground LogStdout DbDir . LogDir . Client localhost Secret mysecret /Client Realm MaxSessions 1 AuthBy FILE Filename /usr/local/radiator/users /AuthBy /Realm users file: #one line, very simple admin User-Password = "admin" Debug Output: partisan:/usr/local/radiator# ./radiusd -log_stdout -trace 4 Mon Jan 15 15:43:57 2001: DEBUG: Reading users file /usr/local/radiator/users This Radiator license will expire on 2001-03-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/radiator/ordering.html Mon Jan 15 15:43:57 2001: INFO: Server started: Radiator 2.17.1 on partisan (DEM O) Mon Jan 15 15:44:23 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Access-Request Identifier: 68 Authentic: 1234567890123456 Attributes: User-Name = "admin" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "1522392196193\424618889160216}x153 " Called-Station-Id = "1234" Mon Jan 15 15:44:23 2001: DEBUG: Handling request with Handler 'Realm=' Mon Jan 15 15:44:23 2001: DEBUG: Deleting session for admin, 203.63.154.1, 1234 Mon Jan 15 15:44:23 2001: DEBUG: Handling with Radius::AuthFILE Mon Jan 15 15:44:23 2001: DEBUG: Radius::AuthFILE looks for match with admin Mon Jan 15 15:44:23 2001: DEBUG: Radius::AuthFILE ACCEPT: Mon Jan 15 15:44:23 2001: DEBUG: Access accepted for admin Mon Jan 15 15:44:23 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1035 Code: Access-Accept Identifier: 68 Authentic: 1234567890123456 Attributes: Mon Jan 15 15:44:23 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Accounting-Request Identifier: 69 Authentic: 170241201S{3210132{1254w31476235 Attributes: User-Name = "admin" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "1234" Mon Jan 15 15:44:23 2001: DEBUG: Handling request with Handler 'Realm=' Mon Jan 15 15:44:23 2001: DEBUG: Adding session for admin, 203.63.154.1, 1234 Mon Jan 15 15:44:23 2001: DEBUG: Handling with Radius::AuthFILE Mon Jan 15 15:44:23 2001: DEBUG: Accounting accepted Mon Jan 15 15:44:23 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1035 Code: Accounting-Response Identifier: 69 Authentic: 170241201S{3210132{1254w31476235 Attributes: Mon Jan 15 15:44:28 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Access-Request Identifier: 73 Authentic: 1234567890123456 Attributes: User-Name = "admin" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "1522392196193\424618889160216}x153 " Called-Station-Id = "1234" Mon Jan 15 15:44:28 2001: DEBUG: Handling request with Handler 'Realm=' Mon Jan 15 15:44:28 2001: DEBUG: Deleting session for admin, 203.63.154.1, 1234 Mon Jan 15 15:44:28 2001: DEBUG: Handling with Radius::AuthFILE Mon Jan 15 15:44:28 2001: DEBUG: Radius::AuthFILE looks for match with admin Mon Jan 15 15:44:28 2001: DEBUG: Radius::AuthFILE ACCEPT: Mon Jan 15 15:44:28 2001: DEBUG: Access accepted for admin Mon Jan 15 15:44:28 2001: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1035 Code: Access-Accept Identifier: 73 Authentic: 1234567890123456 Attributes: Mon Jan 15 15:44:28 2001: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1035 Code: Accounting-Request Identifier: 74 Authentic: 232]=N]D172hf181206+.W156207 Attributes: User-Name = "admin" Service-Type = Framed-
No Subject
Return-Path: [EMAIL PROTECTED] Received: from oscar.open.com.au (oscar.open.com.au [203.63.154.1]) by tiberius (8.9.3/8.9.3) with SMTP id JAA11324 for [EMAIL PROTECTED]; Sat, 8 Jan 2000 09:52:01 -0500 (EST) Received: (from majordom@localhost) by oscar.open.com.au (8.6.12/8.6.12) id NAA29481 for radiator-list; Sat, 8 Jan 2000 13:40:18 +1100 Received: (from uucp@localhost) by oscar.open.com.au (8.6.12/8.6.12) id NAA29470 for [EMAIL PROTECTED]; Sat, 8 Jan 2000 13:40:13 +1100 Received: from latte.2xtreme.net (latte.2xtreme.net [209.63.222.34]) by perki.connect.com.au with SMTP id NAA01377 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Sat, 8 Jan 2000 13:28:28 +1100 (EST) Message-ID: [EMAIL PROTECTED] Received: from latte.2xtreme.net (latte.2xtreme.net [209.63.222.34]) by perki.connect.com.au with SMTP id NAA01377 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Sat, 8 Jan 2000 13:28:28 +1100 (EST) Received: (qmail 4737 invoked from network); 8 Jan 2000 02:29:50 - Received: from java.2xtreme.net (HELO java) (209.63.220.3) by latte.2xtreme.net with SMTP; 8 Jan 2000 02:29:50 - Date: Fri, 7 Jan 2000 18:32:58 -0800 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: (RADIATOR) Simultaneous-Use Broken? X-mailer: Pegasus Mail for Win32 (v3.01b) Content-Type: text/plain; charset=US-ASCII Sender: [EMAIL PROTECTED] Precedence: bulk === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Simultaneous-Use Broken?
I'm having a problem with the new version of radiator such that it is rejecting more than one usage of the same username in a handler even though there are no limits on how many of this particular username can login. I have had this configuration working for over a year now, but the new version of radiator seems to have broken my configuration allowing this username to login more than one time. Below is the trace4 output as well as a snipping of my config file that deals with this handler. I may have missed a new option that I need to put in, but it sure feels like a bug. Thanks, John Kicklighter Internet 2xtreme http://www.2xtreme.net/ *** Received from 127.0.0.1 port 1452 Code: Access-Request Identifier: 30 Authentic: 1234567890123456 Attributes: User-Name = "test" User-Service = Framed-User Client-Id = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "c1922315.21018012817826,214133234170157" Fri Jan 7 18:03:00 2000: DEBUG: Rewrote user name to test Fri Jan 7 18:03:00 2000: DEBUG: Rewrote user name to test Fri Jan 7 18:03:00 2000: DEBUG: Check if Handler Realm=interx.net should be used to handle this request Fri Jan 7 18:03:00 2000: DEBUG: Check if Handler User-Name=test should be used to handle this request Fri Jan 7 18:03:00 2000: DEBUG: Handling request with Handler 'User-Name=test' Fri Jan 7 18:03:00 2000: DEBUG: Deleting session for test, 203.63.154.1, 1234 Fri Jan 7 18:03:00 2000: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=1234 Fri Jan 7 18:03:00 2000: DEBUG: Handling with Radius::AuthEMERALD Fri Jan 7 18:03:00 2000: DEBUG: Handling with Radius::AuthEMERALD Fri Jan 7 18:03:00 2000: DEBUG: Query is: select DateAdd(Day, ma.extension, maExpireDate), DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType, sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit from masteraccounts ma, subaccounts sa where (sa.login = 'test' or sa.shell = 'test') and ma.customerid = sa.customerid and sa.active 0 and ma.active 0 Fri Jan 7 18:03:00 2000: DEBUG: Select results: Dec 31 2030 12:00:00:000AM, Jan 1 2037 12:00:00:000AM, 5784, PPP, dilbert, test, , , Fri Jan 7 18:03:00 2000: DEBUG: Query is: select ra.RadAttributeID, Data, Value, Type from RadConfigs rc, RadAttributes ra where ra.RadAttributeID = rc.RadAttributeID and rc.AccountID=5784 Fri Jan 7 18:03:00 2000: DEBUG: Query is: select ra.RadAttributeID, Data, Value, Type from RadATConfigs rc, RadAttributes ra where ra.RadAttributeID = rc.RadAttributeID and rc.AccountType='PPP' Fri Jan 7 18:03:00 2000: DEBUG: Radius::AuthEMERALD looks for match with test Fri Jan 7 18:03:00 2000: DEBUG: Expiration date converted to: 1924934400 Fri Jan 7 18:03:00 2000: DEBUG: Expiration date converted to: 2114409600 Fri Jan 7 18:03:00 2000: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='test' Fri Jan 7 18:03:00 2000: DEBUG: Checking if user is still online: unknown, test, 209.63.222.36, 8, 01030646 Fri Jan 7 18:03:00 2000: DEBUG: Radius::AuthEMERALD REJECT: Simultaneous-Use of 1 exceeded Fri Jan 7 18:03:00 2000: DEBUG: Query is: select DateAdd(Day, ma.extension, maExpireDate), DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType, sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit from masteraccounts ma, subaccounts sa where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT') and ma.customerid = sa.customerid and sa.active 0 and ma.active 0 Fri Jan 7 18:03:00 2000: INFO: Access rejected for test: Simultaneous-Use of 1 exceeded Fri Jan 7 18:03:00 2000: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1452 Code: Access-Reject Identifier: 30 Authentic: 1234567890123456 Attributes: Port-Message = "Request Denied" == # Allow Multiple Logins for the Test account Handler User-Name=test PasswordLogFileName /var/log/radiusd/logins/%m%d%Y-password.log AuthBy EMERALD DBSourcedbi:Sybase:dbaseiface DBUsername dblogin DBAuth dbpassword AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef NASIdentifier,Client-Id AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef
RE: [platypus-users] Re: (RADIATOR) Expiration date passed!
After being awakened by my pager telling me that my radius was down just after midnight on 12/31 in the AM and reading this, I'm going back to bed. This fixed the problem. An early Y2K bug bite. Thanks for posting this to the RADIATOR list. John Kicklighter Internet 2xtreme From: Granville Barker [EMAIL PROTECTED] To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED], [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED] Subject:RE: [platypus-users] Re: (RADIATOR) Expiration date passed! Date sent: Thu, 30 Dec 1999 23:32:12 -0600 After working with John, I determined that Radiator is using the MasterAccounts view as well as the SubAccounts view in some cases to authenticate users. Anyone running Radiator with Platypus may need the attached SQL Script to head off any Y2K issues. -- Granville Barker Platypus Support === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PMWHO killing radiator?
I have a problem where my radiator stops responding sometimes a few times a day (at least every few days). Luckily, I have a backup radius and a paging program that calls me when this happens, but it is still annoying. When I attempt to start my radiator back up, I run my shell script that kills any currently running copies and starts a fresh one. The fresh one comes up and indicates that it could not bind to the port. I then run: ps auwwx | grep telnet and find the telnet session to my 3com modem bank that is hanging around and kill that pid. After that, radiator can get going normally again. I suspect that pmwho is checking the double logins and happened to grab port 1645 to make that connection to the modem bank. Has anyone else had something like this? I'm going to take out all the "NasType" listings in the config file and see if that helps. I'd still like to fix it for good though. Thanks, John Kicklighter Internet 2xtreme === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) how to assign static IP addresses
Having never used a RADIUS server before, I'm pleased to have found Radiator so easy to get up and running. I'm hoping one of you can help me with a simple query. We have a Bay Networks Versalar RAC 8000 which currently uses Bay's proprietary ACP protocol to communicate with an NT Server. ACP performs two functions for us at the moment: authentication from native NT user accounts, and it also reads a simple text file which lets me assign static IP addresses to specific dial-in users. It's this second task I need help with. Radiator is installed, tested, and using a config based on the provided /goodies/nt.cfg is succesfully authenticating dial-in users. The only thing stopping me from making the switch from ACP to RADIUS is how best to assign static IPs. From my reading of the reference manual, I need to AuthBy FILE, but I can't get my head around exactly how to do this when I -also- want the passwords to remain in NT (AuthBy NT). Can someone help by showing me the minimum change required to my nt.cfg (see below) and also the minimum amount of information I need to define in a USERS file, to make this possible. I guess I'm after a USERS file which only states two things: go look in NT for the password, and for certain users here's a static IP. Thanks in advance. Chris Core GPM Internet /// nt.cfg /// ForegroundLogStdoutLogDir .DbDir . Client DEFAULTSecret *** DupInterval 0/Client Realm DEFAULTAuthBy NT Domain DomainController DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP/AuthBy AcctLogFileName ./detail/Realm
Re: (RADIATOR) how to assign static IP addresses
Thanks David. Our NAS is now using Radiator and all of the dial-ins are humming along. One thing that I've broken along the way is inbound telnet sessions, which I use from another office to manage the NAS. I assume this is because the default in my nt.cfg specifies that Radiator tells the NAS all incoming users are to use PPP. My telnet sessions work to the point of successful authentication and then telnet drops out altogether. I guess this is telnet's way of saying it doesn't talk PPP :) Here's my updated nt.cfg: --- Foreground LogStdout LogDir . DbDir . Client DEFAULT Secret * DupInterval 0 /Client Realm DEFAULT AuthBy FILE Filename ./rac1 /AuthBy AcctLogFileName ./detail PasswordLogFileName ./password /Realm Realm DUMMY_REALM AuthBy NT Identifier System Domain DomainController DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP /AuthBy /Realm -- and here's a snippet of my rac1 (user file) where I've tried to allow the username gpm_cc access via telnet: - gpm_cc Auth-Type = System Service-Type = Login-User, Login-Service = Telnet But gpm_cc can't use telnet. Any ideas? Regards, Chris Core GPM Internet -Original Message- From: David Lloyd [EMAIL PROTECTED] To: Admin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, November 12, 1999 3:17 AM Subject: Re: (RADIATOR) how to assign static IP addresses From my reading of the reference manual, I need to AuthBy FILE, but I can't get my head around exactly how to do this when I -also- want the passwords to remain in NT (AuthBy NT). Can someone help by showing me the minimum change required to my nt.cfg (see below) and also the minimum amount of information I need to define in a USERS file, to make this possible. I guess I'm after a USERS file which only states two things: "go look in NT for the password", and for certain users "here's a static IP". That's not too hard. I'll paraphrase from tha manual (Section 6.13.5): # This is where all your normal reals stuff goes Realm DEFAULT AuthBy FILE ... /AuthBy /Realm # The only purpose of this realm is to define # the System identifier for use with Auth-Type Realm Dummy_Realm AuthBy NT Identifier System ... /AuthBy /Realm Then in your file, you have this: User Auth-Type = System reply items, incl. Framed-IP-Address DEFAULT Auth-Type = System default reply items === David M. Lloyd mailto:[EMAIL PROTECTED] Administrator Phone: (608) 663- Internet Express, Inc. http://www.inxpress.net 802 W. Broadway, Suite # 101 Madison, WI. 53713-1866 === === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RewriteUserName help needed
At the advice of Mike, I have started to put a realm name on the end of some of my usernames. This is being done in the Client clause. I have this working correctly where it puts "@host.2xtreme.net" on the end of any usename appearing from that client. The problem I'm having now is that when this username gets recognized by the Realm clause, it send the whole '[EMAIL PROTECTED]' in to my platypus SQL looking for a match. Naturally, I have not entered the realm name into my customers user fields in platypus and it does not find a match. I'm thinking that I need to do another RewriteUsername that will strip off the whole realm name once it is received by the Realm clause before it sends it to my platypus SQL for authentication. Another issue with adding realm names at the end of each username with the Client clause, multiple logins cannot be enforced between POPs since each POP has it's own realm name. If the same username logs attempts to login to the same POP twice, that should work though. If I could strip off the realm name before any AuthBy clauses in the realm, this would solve both problems I believe. Since I'm not very good at regular expressions in perl, can someone show me how to truncate a username based on the '@' ? Thanks, John Kicklighter Internet 2xtreme === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Getting Accounting Information
I'm selling Internet accounts to other ISPs for their end users that live in our area. I've got them setup using realms for thier users. I simply proxy the request to their radius servers. I want a way to send them a copy of the accounting records and save a copy of the accounting information for me to charge them as well. I'm not sure what would be the best way to go and how to do it: 1) Save the accounting in a flat file. or 2) Send the accounting to my platypus database Any comments or suggestions? Thanks, John Kicklighter Internet 2xtreme === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radpwtst error
While running radpwtst: ./radpwtst -secret -user "[EMAIL PROTECTED]" -pass hello -s host.2xtreme.net sending Access-Request... Can't call method "identifier" without a package or object reference at ./radpwtst line 485. What do you think the problem is? John Kicklighter Internet 2xtreme === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
No Subject
hello, Could someone shed some light on the meaning of the following Duplicate request id 52 received from xxx.xxx.xxx.xxx: ignored I keep getting this message in my logfile every so often. thanks. === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Recommendations for ISP Billing System
Yes, it uses Filemaker Pro. FMP has hooks to query a SQL database but not act as an SQL database. As it is now Optigold has a RADIUS import feature that imports parsed RADIUS detail files. Optigold already works with a number of user management packages and even exports RADIUS users files. I'm not exactly sure how the integration would work but i've copied this to the Optigold ISP list for further comment :-) Of course you also have all the features of FMP like built in web integration, cross platform operation, etc. For all you Optigold ISP users out there, Radiator is definately one of the best (if not the best) RADIUS servers around. Check it out at http://www.open.com.au/radiator/ -Dave On Fri, 19 Feb 1999, Mike McCauley wrote: On Feb 18, 8:26pm, Novagate Systems Admin wrote: Subject: Re: (RADIATOR) Recommendations for ISP Billing System Check out http://www.data-point.com/products/isp/ IMHO, it is by far the best package out there. From an interface point of view it is easily the best. And moving from Quickbooks is a snap, just click on the fields you want to convert. Also, the revisions are constant so if there's a feature you need it will probably end up in the next version (although it does just about everything, including manage a WuakeII server!). I've seen some packages that haven't been upgraded in months and as we know, our businesses are not that static :-) Looks very nice. Any idea what sort of database is behind it? Could Radiator get to it? -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PM3 Dictionary
I put that in and I get: Livingston = "User Request - PPP Term Req" Look familiar? John Kicklighter Internet 2xtreme From: "Mike McCauley" [EMAIL PROTECTED] Date sent: Wed, 17 Feb 1999 17:28:44 -0500 To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject:Re: (RADIATOR) PM3 Dictionary Well, we have this in a newer dictionary: # Vendor-specific attributes for Livingston VENDORATTR 307 Livingston2 string But just what it means I dont know. Anyone else? On Feb 16, 9:10pm, [EMAIL PROTECTED] wrote: Subject: (RADIATOR) PM3 Dictionary I'm getting this in my trace4 output from my PM3s. The attribute is not defined in the dictionary.livingston that I can find. What do I need to add to my dictionary to get it to be quiet? Thanks, John Kicklighter Internet 2xtreme ERR: Attribute number 2 (vendor 307) is not defined Code: Accounting-Request Identifier: 36 Authentic: H{E+20215617313810213173150ZD;201 Attributes: Acct-Session-Id = "0362" User-Name = "myuser Client-Id = 555.555.555.555 NAS-Port = 8 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 1 Acct-Authentic = RADIUS Connect-Info = "49333 LAPM/V42BIS" Acct-Input-Octets = 10 Acct-Output-Octets = 8 Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST User-Service = Framed-User Framed-Protocol = PPP Framed-Address = 666.666.666.666 Acct-Delay-Time = 0 === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from [EMAIL PROTECTED] -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.