Re: (RADIATOR) Calculating Session-Timeout based on Expiration?
Brian, You can try something like this as well. AuthBy SQL AuthSQLStatement update USERS set TIMELEFT=%t+86400 where LOGIN=0 AuthSelect select PASSWORD, TIMELEFT-%t as TIMELEFT AcctSQLStatement update USERS set LOGIN=LOGIN+1 /AuthBy Regards - Original Message - From: Hugh Irvine [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, November 16, 2002 5:05 AM Subject: Re: (RADIATOR) Calculating Session-Timeout based on Expiration? Hello Brian - I think you will need to write a Hook to do this. There are some example hooks in the file goodies/hooks.txt. regards Hugh On Saturday, Nov 16, 2002, at 07:58 Australia/Melbourne, Brian wrote: I know that Radiator can calculate the Session-Timeout, as an offset from the Time setting, using the until Time syntax. Does such an option exist for Expiration as well? For example, I want to set the Expiration to a unix timestamp, so I get granularity. I want the Session-Timeout passed back to the NAS to be the difference between NOW and Expiration. Is this possible? Brian -- --- Brian Feeny, CCIE #8036e: [EMAIL PROTECTED] Network Engineerp: 318.222.2638x109 ShreveNet Inc.f: 318.221.6612 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Expiration
Title: Message Dave, I am now using this: AcctSQLStatement update USERS set EXPIRATION='%Y-%m-%d' where . I would like the month to be 3 months from the current date. ie. +3. How do I do this? Thanks - Original Message - From: Dave Kitabjian To: Radius Admin ; [EMAIL PROTECTED] Sent: Tuesday, August 13, 2002 2:30 AM Subject: RE: (RADIATOR) Expiration There are a whole mess of date formatting options in the manual: http://www.open.com.au/radiator/ref.html#pgfId=290952 Let me know how you make out! Dave TABLE 2. DateFormat special characters Specifier Is replaced at run-time by: %% The percent character %a Day of the week, abbreviated %A Day of the week %b Month, of the year, abbreviated %B Month of the year %c ctime format: e.g. Sat Nov 19 21:05:57 1994 %d Numeric day of the month DD, with a leading 0 if necessary. %e Numeric day of the month, no leading 0. %D MM/DD/YY %h Month of year, abbreviated %H Hour, 24 hour clock, leading 0 %I Hour, 12 hour clock, leading 0 %j Day of the year %k Hour %l Hour, 12 hour clock %m Month number (starting with Jan = 1) %M Minute, leading 0 %n NEWLINE character %o Ornate day of month e.g. "1st", "2nd", "25th", ... %p `AM' or `PM' %r Time format: 09:05:57 PM %R Time format: 21:05 %S Seconds, leading 0 %t TAB character %T time format: 21:05:57 %U Week number, Sunday as first day of week %w Day of the week, numerically, Sunday == 0 %W Week number, Monday as first day of week %x Date format: 11/19/94 %X Time format: 21:05:57 %y Year (2 digits) %Y Year (4 digits) %Z Timezone in ascii. eg: PST -Original Message-From: Radius Admin [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 11:32 AMTo: [EMAIL PROTECTED]Subject: (RADIATOR) Expiration I am trying to update an EXPIRATION field which is a date field in my users database. I am trying to use the following statement. AcctSQLStatement update USERS set EXPIRATION=%t+7776000 where... Is there anyway for me to format the value of "%t+7776000" to a format which is acceptable to mysql date format. Thanks
(RADIATOR) Expiration
I am trying to update an EXPIRATION field which is a date field in my users database. I am trying to use the following statement. AcctSQLStatement update USERS set EXPIRATION=%t+7776000 where... Is there anyway for me to format the value of "%t+7776000" to a format which is acceptable to mysql date format. Thanks
(RADIATOR) Accounting Keep Alives
How do I send Accounting Keep Alives to a NAS? How is this implemented in Radiator? Thanks
(RADIATOR) PostAuthHook
I am trying to implement a PostAuthHook. I have added the following line in my configuration file Realm .. AuthBy SQL blah blah PostAuthHook file:"%D/SetActive.txt" /AuthBy /Realm When I start Radiator I get the following error: ERR: Unknown keyword 'PostAuthHook' in I am not using Handler's as described in the hooks.txt file. Have I defined it in the wrong place? Thanks
(RADIATOR) DATE
We have made our custom windows app to access RADUSERS table, the fields VALIDFROM and VALIDTO are integer types. What is the formula to convert these fields to a valid DATE Type, so we can automatically manage valid dates of the accounts we create. chris -- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Post Processing hook
Hi All, Being lazy here Before I dream up something I thought some-one might have invented 'the wheel' aleady. We are currently transitioning all of our user base from usernames without realms to usernames with realms. I would like to send an email in a post processing hook to the user when they logon to give them a polite reminder of the changes they need to make. Obviously I still want to allow them to have a successful logon but hopefully the email generated each time will start to get annoying after a while and they will look into changing their setups. We are using Auth by SQL with mysql at present. I have one more question. This move to users with realms has bought about an issue with Free BSD ppp daemon. Apparently it doesn't accept more than 16 characters in the username. Anyone have a work around or come across this? The easiest solution at the moment is to give them a new account which will be 16 characters with a realm. Thanks in advance for any help I receive and btw thanks for a great product! Brad Lilly Shoalnet/Fastrac admin === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Rewrite rules
This will remove begining trailing whitespace RewriteUsername s/^\s+// RewriteUsername s/\s+$// - Original Message - From: Paul Black [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 02, 2002 4:41 AM Subject: (RADIATOR) Rewrite rules I'm still trying to make my rewrite rules do exactly what I want. What rule would I need to string leading white space from the username? Also what does the first rule shown below do? Regards. Paul Realm DEFAULT RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RewriteUsername
Try naming the realm DEFAULT. It looks at anything after the @ to determine the realm name. So, if a customer logs in as [EMAIL PROTECTED], it is going to look for a realm called Realm abc.com. By default, if Radiator finds no matches, it will try to use Realm DEFAULT. -Ronan - Original Message - From: Barry Andersson To: [EMAIL PROTECTED] Sent: Thursday, 28 February, 2002 19:36 Subject: (RADIATOR) RewriteUsername Hi, I haveRewriteUsername s/^([^@]+).*/$1/ in my radius.cfg file however domains don't appear to be stripped from users who inadvertently login with their email address. I'm getting errors in the logfile such as "Could not find a handler for username@domainname: request is ignored" Below is the appropriate section from my radius.cfg Regards Barry Andersson AuthBy SYSTEM UseGetspnamf Identifier System /AuthBy Realm auth RewriteUsername s/^([^@]+).*/$1/ MaxSessions 1 AuthBy FILE Filename ./users /AuthBy AcctLogFileName /var/log/radius/detail /Realm Realm AuthBy INTERNAL AcctResult ACCEPT /AuthBy /Realm
Re: (RADIATOR) AcctSQLStatement
I have it in the AuthBy SQL Clause. I don't see it executing in a trace
though. Maybe I am typing something wrong. Here is a snip from the config:
Realm DEFAULT
Description Default Realm for authenticating users
RejectHasReason
RewriteUsername s/^([^@]+).*/$1/
SessionDatabase RADONLINE
AuthByPolicy ContinueWhileReject
AuthBy SQL
Identifier SUBSCRIBERS
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername x
DBAuth x
DefaultSimultaneousUse 1
Description Database to use to authenticate users
FailureBackoffTime 5
Timeout 10
AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from
SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y'
# AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AddToReply Service-Type=Framed-User, \
Framed-Protocol=PPP, \
Framed-IP-Netmask = 255.255.255.255
/AuthBy
AuthBy SQL
Identifier LIMITED_20HRS
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername x
DBAuth x
DefaultSimultaneousUse 1
Description Database to use to authenticate 20 Hour users
FailureBackoffTime 5
Timeout 10
AuthSelect select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
USERNAME='%n' AND ACTIVE='Y'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef 3,Simultaneous-Use,check
AuthColumnDef 4,Session-Timeout,reply
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef SERVICETYPE,Service-Type,integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctSQLStatement update LIMITED_20HRS set
TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n'
AddToReply Service-Type=Framed-User, \
Framed-Protocol=PPP, \
Framed-IP-Netmask = 255.255.255.255
/AuthBy
AuthBy SQL
Identifier LIMITED_30HRS
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername x
DBAuth x
DefaultSimultaneousUse 1
Description Database to use to authenticate 30 Hour users
FailureBackoffTime 5
Timeout 10
AuthSelect select
PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
USERNAME='%n' AND ACTIVE='Y'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Port-Limit,reply
AuthColumnDef 2,Framed-IP-Address,reply
AuthColumnDef
Re: (RADIATOR) User-Name encrypted
That's rightI knew it was a config change, but I couldn't remember
what it was. Missed it when looking through all the old backup configs...
-Ronan
- Original Message -
From: Fabio Nitti (TEI) [EMAIL PROTECTED]
To: Ronan Eckelberry [EMAIL PROTECTED]; Hugh Irvine
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, 21 February, 2002 04:17
Subject: RE: (RADIATOR) User-Name encrypted
Hi all
I solved my problem!
I changed the configuration on Cisco System as5300 in the section Interface
Group-async1
I modified the parameter async mode
old config: async mode dedicated
new config: async mode interactive
The Nas pass correct user-name now.
thanks a lot
bye
-Original Message-
From: Fabio Nitti (TEI) [mailto:[EMAIL PROTECTED]]
Sent: mercoledì 20 febbraio 2002 11.38
To: [EMAIL PROTECTED]
Subject: (RADIATOR) User-Name encrypted
Hi All,
I've a problem whit my system Radiator 2.17.1
It receives access-request from dialin throught the Nas
with user-name encrypted
I don't know where is the problem because I did all test with radpwtst GUI
and I verified the correct configuration
The NAS is a Cisco 5300
It doesn't work fine for regular users when I do a dialin connection with
modem and a correct user
The Nas pass a User-name encrypted
This is my logfile
Thanks a lots
*** Received from 113.254.2.2 port 1645
Code: Access-Request
Identifier: 12
Authentic: 30K223238020117143239161152/L211%d
Attributes:
NAS-IP-Address = 113.254.2.2
NAS-Port = 19
NAS-Port-Type = Async
User-Name = }#@!}!} }
$}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~2
Called-Station-Id = 672908919
Calling-Station-Id = 672588404
User-Password = 3/149|{+-]141e@Eq218131140
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@tilab should
be used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Stop, User-Name = waptim@cuori should
be used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Stop should be used to handle this
request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Request-Type =
Accounting-Request, Acct-Status-Type = Start should be used to handle this
request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = ia should be used
to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = tilab should be
used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler Realm = cuori should be
used to handle this request
Tue Feb 19 20:15:48 2002: DEBUG: Check if Handler should be used to handle
this request
Tue Feb 19 20:15:48 2002: DEBUG: Handling request with Handler ''
Tue Feb 19 20:15:48 2002: DEBUG: Deleting session for }#@!}!} }
$}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~, 113.254.2.2,
19
Tue Feb 19 20:15:48 2002: DEBUG: Running command:
/export/home/IVLR/R2.0/bin/ivlr_Authenticator.exe
/export/home/IVLR/R2.0/bin/conf/Authenticator.ini
Tue Feb 19 20:15:53 2002: INFO: Access rejected for }#@!}!} }
$}}} } } } }%}} } }*P}'}}(}}-}#}}1}$}N}3})}#} PZocV/r~:
Tue Feb 19 20:15:53 2002: DEBUG: Packet dump:
*** Sending to 113.254.2.2 port 1645
Code: Access-Reject
Identifier: 12
Authentic: 30K223238020117143239161152/L211%d
Attributes:
Reply-Message = Request Denied
Fabio Nitti
===
Research development Consultant
ANS s.p.a.
c/o
TEI Ericsson Italy
Intelligence Network Fixed
Mobile Convergence
DT/DW
System Specialist Engineer
Via Anagnina 203 Rome
C.A.P. 00040
tel. +39 0672583246 ECN 839 73246
fax +39 06 72583127
e-mail [EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Empty Requests
Title: Empty Requests Hi, I have the following setup: Radiator 2.18.1 MS SQL Server 2000 Lucent PM3s and PM2 Since a couple of months we are regularly seeing the following warning message, which I have no idea from where its coming. WARNING: Could not find a handler for : request is ignored Any idea? Best Regards, Joseph Cilia Managing Director NextGen.net Limited -- Mobile: (+356) 947 2319 Tel: (+356) 419109 Fax: (+356) 438948 ICQ: 9415615 E-mail: [EMAIL PROTECTED] URL: http://www.nextgen.net.mt --
(RADIATOR) question
I need to reduce my Ascend-Data-Filter from length 28 to 26 Any ideas how? Thanks Eric
(RADIATOR) Testing MaxSessions with radpwtst - MaxSessions not working - very simpleconfig.
Hello,
I'm stumped, I've looked, I've read, I've tried, and I am stumped.
I'm evaluating radiator and I have had absolutely no success getting
MaxSessions to function. Below is my config and debug information.
I am testing this config with the radpwtst tool and the following
arguments:
partisan:/usr/local/radiator# radpwtst -user admin -password admin
Called-Station-Id=1234 -s 127.0.0.1 -nostop
I would expect, with my config and the command above, the second
time the command is issued radiator would deny my login because of the
"-nostop" argument and not having received a stop argument for the
previous login. This does not appear to be the case.
I have noticed one thing. If I I set MaxSessions 1 to MaxSession 0
then it will deny the login. Below is the debug output from 2 tests with
the above command.
I don't mean to grovel but... please help :)
-Jared
My config:
radius.cfg:
Foreground
LogStdout
DbDir .
LogDir .
Client localhost
Secret mysecret
/Client
Realm
MaxSessions 1
AuthBy FILE
Filename /usr/local/radiator/users
/AuthBy
/Realm
users file:
#one line, very simple
admin User-Password = "admin"
Debug Output:
partisan:/usr/local/radiator# ./radiusd -log_stdout -trace 4
Mon Jan 15 15:43:57 2001: DEBUG: Reading users file
/usr/local/radiator/users
This Radiator license will expire on 2001-03-01
This Radiator license will stop operating after 1000 requests
To purchase an unlimited full source version of Radiator, see
http://www.open.com.au/radiator/ordering.html
Mon Jan 15 15:43:57 2001: INFO: Server started: Radiator 2.17.1 on
partisan (DEM
O)
Mon Jan 15 15:44:23 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1035
Code: Access-Request
Identifier: 68
Authentic: 1234567890123456
Attributes:
User-Name = "admin"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"1522392196193\424618889160216}x153
"
Called-Station-Id = "1234"
Mon Jan 15 15:44:23 2001: DEBUG: Handling request with Handler 'Realm='
Mon Jan 15 15:44:23 2001: DEBUG: Deleting session for admin,
203.63.154.1, 1234
Mon Jan 15 15:44:23 2001: DEBUG: Handling with Radius::AuthFILE
Mon Jan 15 15:44:23 2001: DEBUG: Radius::AuthFILE looks for match with
admin
Mon Jan 15 15:44:23 2001: DEBUG: Radius::AuthFILE ACCEPT:
Mon Jan 15 15:44:23 2001: DEBUG: Access accepted for admin
Mon Jan 15 15:44:23 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1035
Code: Access-Accept
Identifier: 68
Authentic: 1234567890123456
Attributes:
Mon Jan 15 15:44:23 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1035
Code: Accounting-Request
Identifier: 69
Authentic: 170241201S{3210132{1254w31476235
Attributes:
User-Name = "admin"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "1234"
Acct-Status-Type = Start
Called-Station-Id = "1234"
Mon Jan 15 15:44:23 2001: DEBUG: Handling request with Handler 'Realm='
Mon Jan 15 15:44:23 2001: DEBUG: Adding session for admin, 203.63.154.1,
1234
Mon Jan 15 15:44:23 2001: DEBUG: Handling with Radius::AuthFILE
Mon Jan 15 15:44:23 2001: DEBUG: Accounting accepted
Mon Jan 15 15:44:23 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1035
Code: Accounting-Response
Identifier: 69
Authentic: 170241201S{3210132{1254w31476235
Attributes:
Mon Jan 15 15:44:28 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1035
Code: Access-Request
Identifier: 73
Authentic: 1234567890123456
Attributes:
User-Name = "admin"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"1522392196193\424618889160216}x153
"
Called-Station-Id = "1234"
Mon Jan 15 15:44:28 2001: DEBUG: Handling request with Handler 'Realm='
Mon Jan 15 15:44:28 2001: DEBUG: Deleting session for admin,
203.63.154.1, 1234
Mon Jan 15 15:44:28 2001: DEBUG: Handling with Radius::AuthFILE
Mon Jan 15 15:44:28 2001: DEBUG: Radius::AuthFILE looks for match with
admin
Mon Jan 15 15:44:28 2001: DEBUG: Radius::AuthFILE ACCEPT:
Mon Jan 15 15:44:28 2001: DEBUG: Access accepted for admin
Mon Jan 15 15:44:28 2001: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1035
Code: Access-Accept
Identifier: 73
Authentic: 1234567890123456
Attributes:
Mon Jan 15 15:44:28 2001: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1035
Code: Accounting-Request
Identifier: 74
Authentic: 232]=N]D172hf181206+.W156207
Attributes:
User-Name = "admin"
Service-Type = Framed-
No Subject
Return-Path: [EMAIL PROTECTED] Received: from oscar.open.com.au (oscar.open.com.au [203.63.154.1]) by tiberius (8.9.3/8.9.3) with SMTP id JAA11324 for [EMAIL PROTECTED]; Sat, 8 Jan 2000 09:52:01 -0500 (EST) Received: (from majordom@localhost) by oscar.open.com.au (8.6.12/8.6.12) id NAA29481 for radiator-list; Sat, 8 Jan 2000 13:40:18 +1100 Received: (from uucp@localhost) by oscar.open.com.au (8.6.12/8.6.12) id NAA29470 for [EMAIL PROTECTED]; Sat, 8 Jan 2000 13:40:13 +1100 Received: from latte.2xtreme.net (latte.2xtreme.net [209.63.222.34]) by perki.connect.com.au with SMTP id NAA01377 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Sat, 8 Jan 2000 13:28:28 +1100 (EST) Message-ID: [EMAIL PROTECTED] Received: from latte.2xtreme.net (latte.2xtreme.net [209.63.222.34]) by perki.connect.com.au with SMTP id NAA01377 (8.8.8/IDA-1.7 for [EMAIL PROTECTED]); Sat, 8 Jan 2000 13:28:28 +1100 (EST) Received: (qmail 4737 invoked from network); 8 Jan 2000 02:29:50 - Received: from java.2xtreme.net (HELO java) (209.63.220.3) by latte.2xtreme.net with SMTP; 8 Jan 2000 02:29:50 - Date: Fri, 7 Jan 2000 18:32:58 -0800 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: (RADIATOR) Simultaneous-Use Broken? X-mailer: Pegasus Mail for Win32 (v3.01b) Content-Type: text/plain; charset=US-ASCII Sender: [EMAIL PROTECTED] Precedence: bulk === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Simultaneous-Use Broken?
I'm having a problem with the new version of radiator such that it is rejecting more than one usage of the same username in a handler even though there are no limits on how many of this particular username can login. I have had this configuration working for over a year now, but the new version of radiator seems to have broken my configuration allowing this username to login more than one time. Below is the trace4 output as well as a snipping of my config file that deals with this handler. I may have missed a new option that I need to put in, but it sure feels like a bug. Thanks, John Kicklighter Internet 2xtreme http://www.2xtreme.net/ *** Received from 127.0.0.1 port 1452 Code: Access-Request Identifier: 30 Authentic: 1234567890123456 Attributes: User-Name = "test" User-Service = Framed-User Client-Id = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "c1922315.21018012817826,214133234170157" Fri Jan 7 18:03:00 2000: DEBUG: Rewrote user name to test Fri Jan 7 18:03:00 2000: DEBUG: Rewrote user name to test Fri Jan 7 18:03:00 2000: DEBUG: Check if Handler Realm=interx.net should be used to handle this request Fri Jan 7 18:03:00 2000: DEBUG: Check if Handler User-Name=test should be used to handle this request Fri Jan 7 18:03:00 2000: DEBUG: Handling request with Handler 'User-Name=test' Fri Jan 7 18:03:00 2000: DEBUG: Deleting session for test, 203.63.154.1, 1234 Fri Jan 7 18:03:00 2000: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='203.63.154.1' and NASPORT=1234 Fri Jan 7 18:03:00 2000: DEBUG: Handling with Radius::AuthEMERALD Fri Jan 7 18:03:00 2000: DEBUG: Handling with Radius::AuthEMERALD Fri Jan 7 18:03:00 2000: DEBUG: Query is: select DateAdd(Day, ma.extension, maExpireDate), DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType, sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit from masteraccounts ma, subaccounts sa where (sa.login = 'test' or sa.shell = 'test') and ma.customerid = sa.customerid and sa.active 0 and ma.active 0 Fri Jan 7 18:03:00 2000: DEBUG: Select results: Dec 31 2030 12:00:00:000AM, Jan 1 2037 12:00:00:000AM, 5784, PPP, dilbert, test, , , Fri Jan 7 18:03:00 2000: DEBUG: Query is: select ra.RadAttributeID, Data, Value, Type from RadConfigs rc, RadAttributes ra where ra.RadAttributeID = rc.RadAttributeID and rc.AccountID=5784 Fri Jan 7 18:03:00 2000: DEBUG: Query is: select ra.RadAttributeID, Data, Value, Type from RadATConfigs rc, RadAttributes ra where ra.RadAttributeID = rc.RadAttributeID and rc.AccountType='PPP' Fri Jan 7 18:03:00 2000: DEBUG: Radius::AuthEMERALD looks for match with test Fri Jan 7 18:03:00 2000: DEBUG: Expiration date converted to: 1924934400 Fri Jan 7 18:03:00 2000: DEBUG: Expiration date converted to: 2114409600 Fri Jan 7 18:03:00 2000: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='test' Fri Jan 7 18:03:00 2000: DEBUG: Checking if user is still online: unknown, test, 209.63.222.36, 8, 01030646 Fri Jan 7 18:03:00 2000: DEBUG: Radius::AuthEMERALD REJECT: Simultaneous-Use of 1 exceeded Fri Jan 7 18:03:00 2000: DEBUG: Query is: select DateAdd(Day, ma.extension, maExpireDate), DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType, sa.password, sa.login, sa.shell, sa.TimeLeft, sa.LoginLimit from masteraccounts ma, subaccounts sa where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT') and ma.customerid = sa.customerid and sa.active 0 and ma.active 0 Fri Jan 7 18:03:00 2000: INFO: Access rejected for test: Simultaneous-Use of 1 exceeded Fri Jan 7 18:03:00 2000: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1452 Code: Access-Reject Identifier: 30 Authentic: 1234567890123456 Attributes: Port-Message = "Request Denied" == # Allow Multiple Logins for the Test account Handler User-Name=test PasswordLogFileName /var/log/radiusd/logins/%m%d%Y-password.log AuthBy EMERALD DBSourcedbi:Sybase:dbaseiface DBUsername dblogin DBAuth dbpassword AccountingTable Calls AcctColumnDef UserName,User-Name AcctColumnDef CallDate,Timestamp,integer-date AcctColumnDef AcctStatusType,Acct-Status-Type,integer AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer AcctColumnDef AcctSessionId,Acct-Session-Id AcctColumnDef AcctSessionTime,Acct-Session-Time,integer AcctColumnDef NASIdentifier,Client-Id AcctColumnDef NASPort,NAS-Port,integer AcctColumnDef
RE: [platypus-users] Re: (RADIATOR) Expiration date passed!
After being awakened by my pager telling me that my radius was down just after midnight on 12/31 in the AM and reading this, I'm going back to bed. This fixed the problem. An early Y2K bug bite. Thanks for posting this to the RADIATOR list. John Kicklighter Internet 2xtreme From: Granville Barker [EMAIL PROTECTED] To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED], [EMAIL PROTECTED] Copies to: [EMAIL PROTECTED] Subject:RE: [platypus-users] Re: (RADIATOR) Expiration date passed! Date sent: Thu, 30 Dec 1999 23:32:12 -0600 After working with John, I determined that Radiator is using the MasterAccounts view as well as the SubAccounts view in some cases to authenticate users. Anyone running Radiator with Platypus may need the attached SQL Script to head off any Y2K issues. -- Granville Barker Platypus Support === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PMWHO killing radiator?
I have a problem where my radiator stops responding sometimes a few times a day (at least every few days). Luckily, I have a backup radius and a paging program that calls me when this happens, but it is still annoying. When I attempt to start my radiator back up, I run my shell script that kills any currently running copies and starts a fresh one. The fresh one comes up and indicates that it could not bind to the port. I then run: ps auwwx | grep telnet and find the telnet session to my 3com modem bank that is hanging around and kill that pid. After that, radiator can get going normally again. I suspect that pmwho is checking the double logins and happened to grab port 1645 to make that connection to the modem bank. Has anyone else had something like this? I'm going to take out all the "NasType" listings in the config file and see if that helps. I'd still like to fix it for good though. Thanks, John Kicklighter Internet 2xtreme === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) how to assign static IP addresses
Having never used a RADIUS server before, I'm pleased to have found Radiator so easy to get up and running. I'm hoping one of you can help me with a simple query. We have a Bay Networks Versalar RAC 8000 which currently uses Bay's proprietary ACP protocol to communicate with an NT Server. ACP performs two functions for us at the moment: authentication from native NT user accounts, and it also reads a simple text file which lets me assign static IP addresses to specific dial-in users. It's this second task I need help with. Radiator is installed, tested, and using a config based on the provided /goodies/nt.cfg is succesfully authenticating dial-in users. The only thing stopping me from making the switch from ACP to RADIUS is how best to assign static IPs. From my reading of the reference manual, I need to AuthBy FILE, but I can't get my head around exactly how to do this when I -also- want the passwords to remain in NT (AuthBy NT). Can someone help by showing me the minimum change required to my nt.cfg (see below) and also the minimum amount of information I need to define in a USERS file, to make this possible. I guess I'm after a USERS file which only states two things: go look in NT for the password, and for certain users here's a static IP. Thanks in advance. Chris Core GPM Internet /// nt.cfg /// ForegroundLogStdoutLogDir .DbDir . Client DEFAULTSecret *** DupInterval 0/Client Realm DEFAULTAuthBy NT Domain DomainController DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP/AuthBy AcctLogFileName ./detail/Realm
Re: (RADIATOR) how to assign static IP addresses
Thanks David. Our NAS is now using Radiator and all of the dial-ins are humming along. One thing that I've broken along the way is inbound telnet sessions, which I use from another office to manage the NAS. I assume this is because the default in my nt.cfg specifies that Radiator tells the NAS all incoming users are to use PPP. My telnet sessions work to the point of successful authentication and then telnet drops out altogether. I guess this is telnet's way of saying it doesn't talk PPP :) Here's my updated nt.cfg: --- Foreground LogStdout LogDir . DbDir . Client DEFAULT Secret * DupInterval 0 /Client Realm DEFAULT AuthBy FILE Filename ./rac1 /AuthBy AcctLogFileName ./detail PasswordLogFileName ./password /Realm Realm DUMMY_REALM AuthBy NT Identifier System Domain DomainController DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP /AuthBy /Realm -- and here's a snippet of my rac1 (user file) where I've tried to allow the username gpm_cc access via telnet: - gpm_cc Auth-Type = System Service-Type = Login-User, Login-Service = Telnet But gpm_cc can't use telnet. Any ideas? Regards, Chris Core GPM Internet -Original Message- From: David Lloyd [EMAIL PROTECTED] To: Admin [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] [EMAIL PROTECTED] Date: Friday, November 12, 1999 3:17 AM Subject: Re: (RADIATOR) how to assign static IP addresses From my reading of the reference manual, I need to AuthBy FILE, but I can't get my head around exactly how to do this when I -also- want the passwords to remain in NT (AuthBy NT). Can someone help by showing me the minimum change required to my nt.cfg (see below) and also the minimum amount of information I need to define in a USERS file, to make this possible. I guess I'm after a USERS file which only states two things: "go look in NT for the password", and for certain users "here's a static IP". That's not too hard. I'll paraphrase from tha manual (Section 6.13.5): # This is where all your normal reals stuff goes Realm DEFAULT AuthBy FILE ... /AuthBy /Realm # The only purpose of this realm is to define # the System identifier for use with Auth-Type Realm Dummy_Realm AuthBy NT Identifier System ... /AuthBy /Realm Then in your file, you have this: User Auth-Type = System reply items, incl. Framed-IP-Address DEFAULT Auth-Type = System default reply items === David M. Lloyd mailto:[EMAIL PROTECTED] Administrator Phone: (608) 663- Internet Express, Inc. http://www.inxpress.net 802 W. Broadway, Suite # 101 Madison, WI. 53713-1866 === === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) RewriteUserName help needed
At the advice of Mike, I have started to put a realm name on the end of some of my usernames. This is being done in the Client clause. I have this working correctly where it puts "@host.2xtreme.net" on the end of any usename appearing from that client. The problem I'm having now is that when this username gets recognized by the Realm clause, it send the whole '[EMAIL PROTECTED]' in to my platypus SQL looking for a match. Naturally, I have not entered the realm name into my customers user fields in platypus and it does not find a match. I'm thinking that I need to do another RewriteUsername that will strip off the whole realm name once it is received by the Realm clause before it sends it to my platypus SQL for authentication. Another issue with adding realm names at the end of each username with the Client clause, multiple logins cannot be enforced between POPs since each POP has it's own realm name. If the same username logs attempts to login to the same POP twice, that should work though. If I could strip off the realm name before any AuthBy clauses in the realm, this would solve both problems I believe. Since I'm not very good at regular expressions in perl, can someone show me how to truncate a username based on the '@' ? Thanks, John Kicklighter Internet 2xtreme === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Getting Accounting Information
I'm selling Internet accounts to other ISPs for their end users that live in our area. I've got them setup using realms for thier users. I simply proxy the request to their radius servers. I want a way to send them a copy of the accounting records and save a copy of the accounting information for me to charge them as well. I'm not sure what would be the best way to go and how to do it: 1) Save the accounting in a flat file. or 2) Send the accounting to my platypus database Any comments or suggestions? Thanks, John Kicklighter Internet 2xtreme === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) radpwtst error
While running radpwtst: ./radpwtst -secret -user "[EMAIL PROTECTED]" -pass hello -s host.2xtreme.net sending Access-Request... Can't call method "identifier" without a package or object reference at ./radpwtst line 485. What do you think the problem is? John Kicklighter Internet 2xtreme === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
No Subject
hello, Could someone shed some light on the meaning of the following Duplicate request id 52 received from xxx.xxx.xxx.xxx: ignored I keep getting this message in my logfile every so often. thanks. === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Recommendations for ISP Billing System
Yes, it uses Filemaker Pro. FMP has hooks to query a SQL database but not act as an SQL database. As it is now Optigold has a RADIUS import feature that imports parsed RADIUS detail files. Optigold already works with a number of user management packages and even exports RADIUS users files. I'm not exactly sure how the integration would work but i've copied this to the Optigold ISP list for further comment :-) Of course you also have all the features of FMP like built in web integration, cross platform operation, etc. For all you Optigold ISP users out there, Radiator is definately one of the best (if not the best) RADIUS servers around. Check it out at http://www.open.com.au/radiator/ -Dave On Fri, 19 Feb 1999, Mike McCauley wrote: On Feb 18, 8:26pm, Novagate Systems Admin wrote: Subject: Re: (RADIATOR) Recommendations for ISP Billing System Check out http://www.data-point.com/products/isp/ IMHO, it is by far the best package out there. From an interface point of view it is easily the best. And moving from Quickbooks is a snap, just click on the fields you want to convert. Also, the revisions are constant so if there's a feature you need it will probably end up in the next version (although it does just about everything, including manage a WuakeII server!). I've seen some packages that haven't been upgraded in months and as we know, our businesses are not that static :-) Looks very nice. Any idea what sort of database is behind it? Could Radiator get to it? -- Mike McCauley[EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development Phone, Fax: +61 3 9598-0985 http://www.open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PM3 Dictionary
I put that in and I get:
Livingston = "User Request - PPP Term Req"
Look familiar?
John Kicklighter
Internet 2xtreme
From: "Mike McCauley" [EMAIL PROTECTED]
Date sent: Wed, 17 Feb 1999 17:28:44 -0500
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject:Re: (RADIATOR) PM3 Dictionary
Well, we have this in a newer dictionary:
# Vendor-specific attributes for Livingston
VENDORATTR 307 Livingston2 string
But just what it means I dont know. Anyone else?
On Feb 16, 9:10pm, [EMAIL PROTECTED] wrote:
Subject: (RADIATOR) PM3 Dictionary
I'm getting this in my trace4 output from my PM3s. The attribute is
not defined in the dictionary.livingston that I can find. What do I
need to add to my dictionary to get it to be quiet?
Thanks,
John Kicklighter
Internet 2xtreme
ERR: Attribute number 2 (vendor 307) is not defined
Code: Accounting-Request
Identifier: 36
Authentic:
H{E+20215617313810213173150ZD;201
Attributes:
Acct-Session-Id = "0362"
User-Name = "myuser
Client-Id = 555.555.555.555
NAS-Port = 8
NAS-Port-Type = Async
Acct-Status-Type = Stop
Acct-Session-Time = 1
Acct-Authentic = RADIUS
Connect-Info = "49333 LAPM/V42BIS"
Acct-Input-Octets = 10
Acct-Output-Octets = 8
Acct-Terminate-Cause = ACCT_TERM_USER_REQUEST
User-Service = Framed-User
Framed-Protocol = PPP
Framed-Address = 666.666.666.666
Acct-Delay-Time = 0
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- End of excerpt from [EMAIL PROTECTED]
--
Mike McCauley[EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 AustraliaConsulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
