(RADIATOR) Class attribute in Quintum D3000
Hi, I tried to use Class attribute in Quintum D3000 but it seems Quintum doesn't support this attribute. Is there any other attribute like class attribute which I can use in Quintum? I'm using Radiator 3.7.1. thanks in advance, Ganbold === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy External clause problem
Hi Hugh,
I added following lines in AuthEXTERNAL.pm and tested radiator.
-
. . . . . .
my $exit = $?;
# added lines
# print exit code
$self->log($main::LOG_DEBUG, "first Exit: $exit",$p);
print "first Exit: $exit\n";
# This usually sets $?
close READER;
# Sometimes need to do this too.
$exit = $? if waitpid($pid, 0);
# added lines
# print exit code
$self->log($main::LOG_DEBUG, "Exit: $exit",$p);
print "Exit: $exit\n";
. . . . . .
-
External program returns exit status 0, but radiator somehow understands it
as 768 which is 3 (768/256) and sends Access-Challenge.
I also tested external program with following simple perl program, where
test.txt contains access-requests. It also gets return value as 768.
-
#!/usr/local/pin/perl
$x = system("cat test.txt | calccredittime");
print "return is: $x\n";
exit 0;
-
I wrote simple C program which gets command line argument and returns that
argument as a exit status. Small perl program gets restult
of program as it supposed to. Very strange.
I don't know what should do, I'll try ResultInOutput switch in radius
config and let's see what happens.
Following is debug:
Code: Access-Request
Identifier: 9
Authentic: <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
Attributes:
User-Name = ""
User-Password = "<28>_<171>Tm9<183><211>$~<173>l<151><190>Y!"
cisco-h323-conf-id = "h323-conf-id=07D022A7 DDB911D7 8008E236
347AF897"
cisco-avpair = "h323-ivr-out=transactionID:8"
Calling-Station-Id = "11323224"
Called-Station-Id = "0011236"
Service-Type = Login-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to
Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler 'User-Name =
/^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to
Thu Sep 4 10:50:24 2003: DEBUG: Running command:
d:\Radiator-3.6\hooks\CalcCreditTime
Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604
^ ^ ^ ^
Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768
^ ^ ^ ^
Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for :
Thu Sep 4 10:50:24 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 21645
Code: Access-Challenge
Identifier: 9
Authentic: <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
Attributes:
cisco-h323-return-code = "h323-return-code=0"
cisco-h323-credit-time = "h323-credit-time=2516"
Reply-Message = "first 5!"
At 09:54 PM 9/3/2003 +1000, you wrote:
Hello Ganbold -
It is possible that you may need to use "ResultInOutput" in this
environment.
Have a look at the code in "Radius/AuthEXTERNAL.pm" and maybe add some
print statements so you can see what is happening. And please let us
know what you find.
regards
Hugh
On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold wrote:
Hi,
I'm testing Radiator-3.6 in Windows 2000 advanced server.
I'm using AuthBy External clause in handlers. But when external program
returns 0 (Access-Accept) radiator understands it as a 3 and responds
with Access-Challenge response. External program worked well in
FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
above problem occurs.
How can I solve this problem? Is it OS issue? or there is something
else?
I really appreciate if somebody give the right solution.
thanks in advance,
Ganbold
Micom CO.,Ltd
---
---
Trace 4 debug:
---
---
Code: Access-Request
Identifier: 149
Authentic:
<157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
Attributes:
User-Name = ""
User-Pa
(RADIATOR) AuthBy External clause problem
Hi,
I'm testing Radiator-3.6 in Windows 2000 advanced server.
I'm using AuthBy External clause in handlers. But when external program
returns 0 (Access-Accept) radiator understands it as a 3 and responds
with Access-Challenge response. External program worked well in
FreeBSD 5.1. It works in FreeBSD as it supposed to. However in Windows
above problem occurs.
How can I solve this problem? Is it OS issue? or there is something else?
I really appreciate if somebody give the right solution.
thanks in advance,
Ganbold
Micom CO.,Ltd
--
Trace 4 debug:
--
Code: Access-Request
Identifier: 149
Authentic: <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
Attributes:
User-Name = ""
User-Password = "<159><192><246><10><228><184>Z<200>K<1><253><232><162>^Tv"
cisco-h323-conf-id = "h323-conf-id=45135D12 DD3911D7 809F812C 9428BE9D"
cisco-avpair = "h323-ivr-out=transactionID:114"
Calling-Station-Id = "11323224"
Called-Station-Id = "002365"
Service-Type = Login-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler 'User-Name =
/^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to
Wed Sep 3 19:36:01 2003: DEBUG: Running command:
d:\Radiator-3.6\hooks\CalcCreditTime
Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for :
Wed Sep 3 19:36:01 2003: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 21661
Code: Access-Challenge
Identifier: 149
Authentic: <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
Attributes:
cisco-h323-return-code = "h323-return-code=0"
cisco-h323-credit-time = "h323-credit-time=1276"
Reply-Message = "first 5!"
--
Below is my config:
--
#radius.cfg
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir d:\Radiator-3.6\log
LogFile %L/logfile.txt
DictionaryFile d:\Radiator-3.6\dictionary
RewriteUsername s/^\s+//
RewriteUsername s/\s+$//
RewriteUsername s/\s+//g
RewriteUsername tr/[A-Z]/[a-z]/
Secret xxx
NasType Cisco
SNMPCommunity MN-2008
StatusServerShowClientDetails
DBSourcedbi:mysql:voip_prepaid:localhost
DBUsername xxx
DBAuth xxx
Identifier VoipTerminate
AuthSelect
AccountingTable voip_termination
AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef cisco_nas_port,Cisco-NAS-Port
AcctColumnDef username,User-Name
AcctColumnDef calledstationid,Called-Station-Id
AcctColumnDef callingstationid,Calling-Station-Id
AcctColumnDef
h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw-id}',locate('=','%{cisco-h323-gw-id}')+1))
AcctColumnDef
h323_call_origin,cisco-h323-call-origin,literal,trim(substring('%{cisco-h323-call-origin}',locate('=','%{cisco-h323-call-origin}')+1))
AcctColumnDef
h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco-h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
AcctColumnDef
h323_setup_time,cisco-h323-setup-time,literal,trim(substring('%{cisco-h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
AcctColumnDef
h323_connect_time,cisco-h323-connect-time,literal,trim(substring('%{cisco-h323-connect-time}',locate('=','%{cisco-h323-connect-time}')+1))
AcctColumnDef
h323_disconnect_time,cisco-h323-disconnect-time,literal,trim(substring('%{cisco-h323-disconnect-time}',locate('=','%{cisco-h323-disconnect-time}')+1))
AcctColumnDef
h323_disconnect_cause,cisco-h323-disconnect-cause,literal,trim(substring('%{cisco-h323-disconnect-cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
AcctColumnDef
h323_voice_quality,ci
Re: (RADIATOR) Hook in different language other than Perl
Secret xxx
NasType Cisco
SNMPCommunity xxx
StatusServerShowClientDetails
# authby clause for ACCOUNTING
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier VoipSQLAcctOnly
AuthSelect
AccountingTable voip_accounting
AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef cisco_nas_port,Cisco-NAS-Port
AcctColumnDef card_number,User-Name
# authby clause for credit_time
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier CreditTime
AuthSelect select
pin,concat('h323-credit-amount=',creditamount),'h323-return-code=0','h323-preferred-lang=en','h323-billing-model=1'
from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check
AuthColumnDef 2, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
# authby clause for first second authorizarion
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier CreditAmount
AuthSelect select
pin,concat('h323-credit-amount=',creditamount),'h323-return-code=0','h323-preferred-lang=en','h323-billing-model=1'
from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check
AuthColumnDef 1, cisco-h323-credit-amount, reply
AuthColumnDef 2, cisco-h323-return-code, reply
AuthColumnDef 3, cisco-h323-preferred-lang, reply
AuthColumnDef 4, cisco-h323-billing-model, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
# authby clause for transfer balance
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier SqlTransferBal
AuthSelect select
concat('h323-credit-amount=',creditamount),'h323-return-code=0' from cards
where locate(cardnumber,'%n')=1 and creditamount >=
trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323-credit-amount}')+1))
and status='Active'
AuthColumnDef 0, cisco-h323-credit-amount, reply
AuthColumnDef 1, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1
RejectEmptyPassword
PreAuthHook
file:"/usr/home/tsgan/Radiator-3.6/hooks/CalculateCreditAmountUsed"
AuthBy VoipSQLAcctOnly
RejectHasReason
AccountingHandled
AuthBy SqlTransferBal
PostAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/TransferBalance"
RejectHasReason
AccountingHandled
AuthBy CreditTime
PostAuthHook
file:"/usr/home/tsgan/Radiator-3.6/hooks/CalculateCreditTime"
PreAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/ChangePin"
RejectHasReason
AccountingHandled
SessionDatabase SQL1
AuthBy CreditAmount
PostAuthHook
file:"/usr/home/tsgan/Radiator-3.6/hooks/CheckPrepaidVoip"
DBSourcedbi:mysql:db:localhost
DBUsername dbuser
DBAuth dbpass
Identifier SQL1
AddQuery
DeleteQuery
ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
CountQuery
At 06:03 PM 8/19/2003 +1000, you wrote:
Hello Ganbold -
You can always use the AuthBy EXTERNAL clause to call an external program
in whatever language you prefer.
What do you mean by "compile or decrypt the hook codes"?
Note that the hooks in Radiator *are* compiled at run time, as is the rest
of Radiator.
regards
Hugh
On Tuesday, Aug 19, 2003, at 16:00 Australia/Melbourne, Ganbold wrote:
Hi,
Is it possible to write various hooks in language other than perl (for
example in C)?
Or is there anyway to compile or decrypt the hook codes?
tia,
Ganbold
Micom Co., Ltd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Hook in different language other than Perl
Hi, Is it possible to write various hooks in language other than perl (for example in C)? Or is there anyway to compile or decrypt the hook codes? tia, Ganbold Micom Co., Ltd === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Could you please delete my previous message about PreAuthHook?
Hi, Please delete my previous message from mailing list. I already find out what was the problem. Thank you very much, Ganbold === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PreAuthHook problem
Hi,
I'm having trouble to make PreAuthHook work. It seems like not working and
I don't see any problem with PreAuthHook file.
Ganbold
Following is the hook file and config file.
---
sub
{
use Time::Local;
use DBI;
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $user_name = $p->get_attr('User-Name');
my ($dsn)="DBI:mysql:radius:202.179.0.140";
my ($namex)="admin";
my ($dbh,$sth);
$dbh=DBI->connect($dsn,$namex,"wcup\#02\$",{RaiseError=>1});
if($p->code eq 'Accounting-Request'){
if ($p->get_attr('Acct-Status-Type') eq 'Stop')
{
my $session_time = $p->get_attr('Acct-Session-Time') + 0;
my $time_stamp = $p->{RecvTime} - int
$p->get_attr('Acct-Delay-Time');
my $duration = $session_time;
my ($rduration, $i);
my ($start_stamp);
my ($start_hour,$end_hour);
my ($start_day, $end_day);
my
($s_tstamp_at_0,$s_tstamp_at_7,$e_tstamp_at_0,$e_tstamp_at_7);
my ($diff, $day_diff, @numDays, $thismonth);
my ($sec,$min,$hour,$mday,$mon,$wday,$yday,$isdst,$year);
$rduration = 0;
$start_stamp = $time_stamp - $duration;
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($start_stamp);
$s_tstamp_at_0 = timelocal(0,0,0,$mday,$mon,$year);
$s_tstamp_at_7 = timelocal(0,0,7,$mday,$mon,$year);
for($i=0; $i<12; $i += 2){
$numDays[$i] = 31;
}
for($i=1; $i<12; $i += 2){
$numDays[$i] = 30;
}
if(($year % 4) != 0){
$numDays[1] = 28;
}elsif(($year % 400) == 0){
$numDays[1] = 29;
}elsif(($year % 100) == 0){
$numDays[1] = 28;
}else{
$numDays[1] = 29;
}
$thismonth = $mon;
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($time_stamp);
$e_tstamp_at_0 = timelocal(0,0,0,$mday,$mon,$year);
$e_tstamp_at_7 = timelocal(0,0,7,$mday,$mon,$year);
($sec,$min,$start_hour,$start_day,$mon,$year,$wday,$yday,$isdst)
= localtime($start_stamp);
($sec,$min,$end_hour,$end_day,$mon,$year,$wday,$yday,$isdst)
= localtime($time_stamp);
$diff = int $duration/86400;# how many day's
connection continued
if($end_day < $start_day){
$day_diff = $numDays[$thismonth] - $start_day +
$end_day;
}else{
$day_diff = $end_day - $start_day;
}
if($start_hour >= 0 && $start_hour < 7){
if($end_hour >= 0 && $end_hour < 7){
if($day_diff > 0){
$rduration = $duration - ($s_tstamp_at_7 - $start_stamp) -
($diff * 25200) - ($time_stamp - $e_tstamp_at_0);
}else{
$rduration = 0;
}
}elsif($end_hour >= 7 && $end_hour <= 23){
$rduration = $duration - ($s_tstamp_at_7 -
$start_stamp) - ($diff * 25200);
}
}elsif($start_hour >= 7 && $start_hour <= 23){
if($end_hour >= 7 && $end_hour <= 23){
$rduration = $duration - ($day_diff * 25200);
}elsif($end_hour >= 0 && $end_hour < 7){
$rduration = $duration - ($time_stamp -
$e_tstamp_at_0) - ($diff * 25200);
}
}
print "User: $user_name, Duration: $duration, Real duration:
$rduration\n";
&main::log($main::LOG_DEBUG, "Time calculated! Duration:
$duration, Real duration: $rduration");
${$_[0]}->add_attr('Real-Time-Used',$rduration);
# my ($sth)=$dbh->prepare (qq{update SUBSCRIBERS set TIMELEFT =
(TIMELEFT - $rduration) where USERNAME = '$user_name and PREPAID='YES'});
# $sth->execute();
}
}
}
Config file:
. . . .
DBSourcedbi:mysql:radi
(RADIATOR) patch for AuthSQL module to calculate real day time ACCTSESSIONTIME
Hi,
I just wrote some codes which calculates user's connected time. We have
some PREPAID users and every time
when they use Internet during day time we have to subtract used time from
TIMELEFT column in MySQL table.
But it is not always.
if user is connected around 23:00:00 and used 3 hours we have to subtract
only one hour(3600) from TIMELEFT. If user is connected around 06:00:00 and
used 3 hours we have to subtract 2 hours(7200) from TIMELEFT.
If user is connected 01:00:00 and used 2 hours then we don't have to
subtract anything.
If user is connected 10:00:00 and used 3 hours then we have to just
subtract ACCTSESSIONTIME.
Day time means 07:00:00 - 23:59:59 (this time is charged and we want to
subtract used time from TIMELEFT)
Night time means 00:00:00 - 07:00:00 (this time is free and we don't want
to subtract used time from TIMELEFT)
Following is the code I want to add to AuthSQL.pm module.
Can somebody look at the code and give me some recommendation on that?
Can I add it to AuthSQL.pm module and use?
TIA,
Ganbold
---
# patch for AuthSQL.pm which calculates day only duration
# Day means from 07:00:00 to 23:59:59
# if connection continued over 00:00:00 or 07:00:00 we have to get real
duration
use Time::Local;
# in handle_request
.
.
.
if ($p->getAttrByNum($Radius::Radius::ACCT_STATUS_TYPE) eq 'Stop')
{
my $session_time =
$p->getAttrByNum($Radius::Radius::ACCT_SESSION_TIME) + 0;
my $user_name = $p->getUserName;
my $time_stamp = $p->{RecvTime} - int
$p->getAttrByNum($Radius::Radius::ACCT_DELAY_TIME);
my $duration = $session_time;
### This lines added to calculate real duration during
day time ###
my ($rduration, $i);
my ($start_stamp);
my ($start_hour,$end_hour);
my ($start_day, $end_day);
my
($s_tstamp_at_0,$s_tstamp_at_7,$e_tstamp_at_0,$e_tstamp_at_7);
my ($diff, $day_diff, @numDays, $thismonth);
my ($sec,$min,$hour,$mday,$mon,$wday,$yday,$isdst,$year);
# initialize first real duration
$rduration = 0;
$start_stamp = $time_stamp - $duration;
# stamp at 0 and 7 o'clock of start day
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($start_stamp);
$s_tstamp_at_0 = timelocal(0,0,0,$mday,$mon,$year);
$s_tstamp_at_7 = timelocal(0,0,7,$mday,$mon,$year);
# calculating number of days in month
for($i=0; $i<12; $i += 2){
$numDays[$i] = 31;
}
for($i=1; $i<12; $i += 2){
$numDays[$i] = 30;
}
# calculating number of days in February
if(($year % 4) != 0){
$numDays[1] = 28;
}elsif(($year % 400) == 0){
$numDays[1] = 29;
}elsif(($year % 100) == 0){
$numDays[1] = 28;
}else{
$numDays[1] = 29;
}
$thismonth = $mon;
# stamp at 0 and 7 o'clock of stop day
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime($time_stamp);
$e_tstamp_at_0 = timelocal(0,0,0,$mday,$mon,$year);
$e_tstamp_at_7 = timelocal(0,0,7,$mday,$mon,$year);
# start and stop hours and start and stop days
($sec,$min,$start_hour,$start_day,$mon,$year,$wday,$yday,$isdst)
= localtime($start_stamp);
($sec,$min,$end_hour,$end_day,$mon,$year,$wday,$yday,$isdst)
= localtime($time_stamp);
$diff = int $duration/86400;# how many day's
connection continued
# day difference between start and stop
# connecton continued until beginning of the next month
if($end_day < $start_day){
$day_diff = $numDays[$thismonth] - $start_day +
$end_day;
}else{
$day_diff = $end_day - $start_day;
}
if($start_hour >= 0 && $start_hour < 7){
if($end_hour >= 0 && $end_hour < 7){
if($day_diff > 0){
$rduration = $duration - ($s_tstamp_at_7 - $start_stamp) -
($diff * 25200) - ($time_stamp - $e_tstamp_at_0);
}else{
$rduration = 0;
}
}elsif($end_hour >= 7 && $end_hour <= 23)
(RADIATOR) Session database
Hi, I have some dial-up users for whom I don't want to use Session Database. How do make radiator not to use Session Database for particular users? TIA, Ganbold === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Problem with Class attribute
Hi Hugh,
These class_id and CONTRACTID fields are integer fields. If I choose
literal it will write only 0 into these fields.
This configuration works sometimes except saying error. It writes these
fields as integer values.
What do you recommend? What should I change to make it work properly?
Ganbold
At 03:27 PM 11/25/2002 +1100, you wrote:
Hello Ganbold -
OK - having looked at the code in AuthSQL.pm, it appears that the
problem is due to your AcctColumnDef:
AcctColumnDef
class_id,Class,integer,substring('%{Class}',1,locate('- ','%{Class}')-> 1)
AcctColumnDef
CONTRACTID,Class,integer,substring('%{Class}',locate('->
','%{Class}')+1)
...
You have specified "integer" which is causing the problem - you might
try "literal" instead.
Have a look at section 6.28.14 in the Radiator 3.3.1 reference manual.
regards
Hugh
On Monday, Nov 25, 2002, at 12:39 Australia/Melbourne, Ganbold wrote:
Hi Hugh,
I changed as you suggested '-' into ':', but it seems like still error.
Mon Nov 25 10:11:01 2002: ERR: There is no value named 16:3049 for
attribute Class. Using 0.
Mon Nov 25 10:11:01 2002: ERR: There is no value named 16:3049 for
attribute Class. Using 0.
Mon Nov 25 10:11:01 2002: DEBUG: do query is: insert into ACCOUNTING
(USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,NASPORT,CALLINGSTATIONID,A
CCTDELAYTIME,CONTRACTID,ACCTSESSIONID,ACCTINPUTOCTETS,FRAMEDIPADDRESS,A
CCTSESSIONTIME,ACCTOUTPUTOCTETS) values
('ynbstone','Stop',substring('16:3049',1,locate(':','16:3049')-
1),1038190261,'434','11305106',0,substring('16:3049',locate(':','16:304
9')+1),'1D6F',1631,'202.179.xx.xx',18,836)
Ganbold
At 09:47 AM 11/25/2002 +1100, you wrote:
Hello Ganbold -
I think a better approach would be to use a different delimiter than
"-", which I suspect is confusing things.
What about using ":" (colon) instead?
Please try it and let me know what happens.
regards
Hugh
On Sunday, Nov 24, 2002, at 17:45 Australia/Melbourne, Ganbold wrote:
Hi Hugh,
Following is the part of the radius config file where I'm
concatenating 2 integer values into one string and putting into 2
integer field from
concatenated string:
.
AuthSelect select
ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,concat(CLASS_ID,'-',CONTRACTID)
from SUBSCRIBERS where USERNAME='%n' and STATUS='Active'
EncryptedPassword
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, Class, reply
...
AcctColumnDef
class_id,Class,integer,substring('%{Class}',1,locate('- ','%{Class}')-> 1)
AcctColumnDef
CONTRACTID,Class,integer,substring('%{Class}',locate('->
','%{Class}')+1)
...
In dictionary file Class is defined as string.
Ganbold
At 03:24 PM 11/23/2002 +1100, you wrote:
Hello Ganbold -
What definition do you have for "Class" in your dictionary (looks
like
"integer")?
It should be defined as "string".
Here is the entry from the standard dictionary:
ATTRIBUTE Class 25 string
regards
Hugh
On Friday, Nov 22, 2002, at 17:20 Australia/Melbourne, Ganbold
wrote:
Hi,
I'm having trouble with Radiator 3.3.1. I'm putting concatenated
value
to Class attribute.
But in radius logfile it says ERR: There is no value named 19-400
for
attribute Class. Using 0.
In insert statement it gets Class value and gets part of string and
puts into 2 different int field.
Following is the part of logfile and insert statement.
Ganbold
--Logfile --
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for
attribute Class. Using 0.
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for
attribute Class. Using 0.
Thu Nov 21 19:53:08 2002: DEBUG: do query is: insert into
ACCOUNTING
(USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,ACCTTERMINAT
ECAUSE,NASPORT,CALLINGSTATIONID,ACCTDELAYTIME,CONTRACTID,ACCTSESSIO
NI D, ACCTINPUTOCTETS,FRAMEDIPADDRESS,ACCTSESSIONTIME,ACCTOUT
PUTOCTETS) values
('skytel','Stop',substring('19-400',1,locate('-','19-400')-
1),1037879588,'User-Request','56','11366801',0,su
bstring('19-400',locate('-','19-
400')+1),'000F6CE3',511690,'202.179.x.xx',3131,7864103)
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and conf
Re: (RADIATOR) Problem with Class attribute
Hi Hugh,
I changed as you suggested '-' into ':', but it seems like still error.
Mon Nov 25 10:11:01 2002: ERR: There is no value named 16:3049 for
attribute Class. Using 0.
Mon Nov 25 10:11:01 2002: ERR: There is no value named 16:3049 for
attribute Class. Using 0.
Mon Nov 25 10:11:01 2002: DEBUG: do query is: insert into ACCOUNTING
(USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,NASPORT,CALLINGSTATIONID,ACCTDELAYTIME,CONTRACTID,ACCTSESSIONID,ACCTINPUTOCTETS,FRAMEDIPADDRESS,ACCTSESSIONTIME,ACCTOUTPUTOCTETS)
values
('ynbstone','Stop',substring('16:3049',1,locate(':','16:3049')-1),1038190261,'434','11305106',0,substring('16:3049',locate(':','16:3049')+1),'1D6F',1631,'202.179.xx.xx',18,836)
Ganbold
At 09:47 AM 11/25/2002 +1100, you wrote:
Hello Ganbold -
I think a better approach would be to use a different delimiter than
"-", which I suspect is confusing things.
What about using ":" (colon) instead?
Please try it and let me know what happens.
regards
Hugh
On Sunday, Nov 24, 2002, at 17:45 Australia/Melbourne, Ganbold wrote:
Hi Hugh,
Following is the part of the radius config file where I'm
concatenating 2 integer values into one string and putting into 2
integer field from
concatenated string:
.
AuthSelect select
ENCRYPTEDPASSWORD,CHECKATTR,REPLYATTR,concat(CLASS_ID,'-',CONTRACTID)
from SUBSCRIBERS where USERNAME='%n' and STATUS='Active'
EncryptedPassword
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, Class, reply
...
AcctColumnDef
class_id,Class,integer,substring('%{Class}',1,locate('-','%{Class}')-> 1)
AcctColumnDef
CONTRACTID,Class,integer,substring('%{Class}',locate('-> ','%{Class}')+1)
...
In dictionary file Class is defined as string.
Ganbold
At 03:24 PM 11/23/2002 +1100, you wrote:
Hello Ganbold -
What definition do you have for "Class" in your dictionary (looks like
"integer")?
It should be defined as "string".
Here is the entry from the standard dictionary:
ATTRIBUTE Class 25 string
regards
Hugh
On Friday, Nov 22, 2002, at 17:20 Australia/Melbourne, Ganbold wrote:
Hi,
I'm having trouble with Radiator 3.3.1. I'm putting concatenated
value
to Class attribute.
But in radius logfile it says ERR: There is no value named 19-400 for
attribute Class. Using 0.
In insert statement it gets Class value and gets part of string and
puts into 2 different int field.
Following is the part of logfile and insert statement.
Ganbold
--Logfile --
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for
attribute Class. Using 0.
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for
attribute Class. Using 0.
Thu Nov 21 19:53:08 2002: DEBUG: do query is: insert into ACCOUNTING
(USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,ACCTTERMINAT
ECAUSE,NASPORT,CALLINGSTATIONID,ACCTDELAYTIME,CONTRACTID,ACCTSESSIONI
D, ACCTINPUTOCTETS,FRAMEDIPADDRESS,ACCTSESSIONTIME,ACCTOUT
PUTOCTETS) values
('skytel','Stop',substring('19-400',1,locate('-','19-400')-
1),1037879588,'User-Request','56','11366801',0,su
bstring('19-400',locate('-','19-
400')+1),'000F6CE3',511690,'202.179.x.xx',3131,7864103)
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem with Class attribute
Hi,
I'm having trouble with Radiator 3.3.1. I'm putting concatenated value to
Class attribute.
But in radius logfile it says ERR: There is no value named 19-400 for
attribute Class. Using 0.
In insert statement it gets Class value and gets part of string and puts
into 2 different int field.
Following is the part of logfile and insert statement.
Ganbold
--Logfile --
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for attribute
Class. Using 0.
Thu Nov 21 19:53:08 2002: ERR: There is no value named 19-400 for attribute
Class. Using 0.
Thu Nov 21 19:53:08 2002: DEBUG: do query is: insert into ACCOUNTING
(USERNAME,ACCTSTATUSTYPE,class_id,TIME_STAMP,ACCTTERMINAT
ECAUSE,NASPORT,CALLINGSTATIONID,ACCTDELAYTIME,CONTRACTID,ACCTSESSIONID,ACCTINPUTOCTETS,FRAMEDIPADDRESS,ACCTSESSIONTIME,ACCTOUT
PUTOCTETS) values
('skytel','Stop',substring('19-400',1,locate('-','19-400')-1),1037879588,'User-Request','56','11366801',0,su
bstring('19-400',locate('-','19-400')+1),'000F6CE3',511690,'202.179.x.xx',3131,7864103)
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question regarding Internet phone
Hi, Also there some billing systems we are interesting. MIND CTI, Portal etc. Are there anybody knows about these system on Radiator? Please let me know. thanks in advance, Ganbold Hugh Irvine wrote: > Hello Ganbold - > > Radiator can be used for any application that uses the radius protocol. > > The question to ask is "what protocol does the NAS use to authenticate > Voice-Over-IP?". > > As you rightly point out, Radiator is not a billing system, so you will still > have to address that aspect, either by developing it yourself or by > purchasing something. > > regards > > Hugh > > > On Thursday 06 September 2001 04:02, ganbold wrote: > >>Hi, >> >>We want to use Radiator for Internet phone. Is it possible to use >>Radiator in this purpose? If possible how will be difficult to write >>Internet phone billing software for Radiator? >>Also I would like to know about compatibility issue with Radiator if we >>buy some other Internet phone billing software. >> >>thanks in advance, >> >>Ganbold Ts. >> >>=== >>Archive at http://www.open.com.au/archives/radiator/ >>Announcements on [EMAIL PROTECTED] >>To unsubscribe, email '[EMAIL PROTECTED]' with >>'unsubscribe radiator' in the body of the message. >> > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question regarding Internet phone
Hi Hugh, Yes, NAS will use Voice over IP. How it would be in this case? Ganbold Hugh Irvine wrote: > Hello Ganbold - > > Radiator can be used for any application that uses the radius protocol. > > The question to ask is "what protocol does the NAS use to authenticate > Voice-Over-IP?". > > As you rightly point out, Radiator is not a billing system, so you will still > have to address that aspect, either by developing it yourself or by > purchasing something. > > regards > > Hugh > > > On Thursday 06 September 2001 04:02, ganbold wrote: > >>Hi, >> >>We want to use Radiator for Internet phone. Is it possible to use >>Radiator in this purpose? If possible how will be difficult to write >>Internet phone billing software for Radiator? >>Also I would like to know about compatibility issue with Radiator if we >>buy some other Internet phone billing software. >> >>thanks in advance, >> >>Ganbold Ts. >> >>=== >>Archive at http://www.open.com.au/archives/radiator/ >>Announcements on [EMAIL PROTECTED] >>To unsubscribe, email '[EMAIL PROTECTED]' with >>'unsubscribe radiator' in the body of the message. >> > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question regarding Internet phone
Hi, We want to use Radiator for Internet phone. Is it possible to use Radiator in this purpose? If possible how will be difficult to write Internet phone billing software for Radiator? Also I would like to know about compatibility issue with Radiator if we buy some other Internet phone billing software. thanks in advance, Ganbold Ts. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) URGENT:AuthByPolicy problem!
t;<146><227><146>;{<148>I<212><186><166>
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
User-Id = "stac"
NAS-Identifier = "202.179.0.135"
User-Realm = ""
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Class = "3b7c799c.e.nmc.ub.mng.net"
Fri Aug 17 09:57:40 2001: DEBUG: Received reply in AuthRADIUS for req
197 from 202.179.0.106:1645
Fri Aug 17 09:57:40 2001: DEBUG: Access accepted for stac
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Sending to 202.179.0.135 port 1645
Code: Access-Accept
Identifier: 212
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
User-Id = "stac"
NAS-Identifier = "202.179.0.135"
User-Realm = ""
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Class = "3b7c799c.e.nmc.ub.mng.net"
Class = "MERIT"
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Received from 202.179.0.167 port 1645
Code: Access-Reject
Identifier: 201
Authentic:
c<247><16><143><203><222><144><189>x<236><215><163><6>2<176><216>
Attributes:
Fri Aug 17 09:57:40 2001: DEBUG: Received reply in AuthRADIUS for req
201 from 202.179.0.167:1645
Fri Aug 17 09:57:40 2001: INFO: Access rejected for stac: Proxied
Fri Aug 17 09:57:40 2001: DEBUG: Packet dump:
*** Sending to 202.179.0.135 port 1645
Code: Access-Reject
Identifier: 212
Authentic: <237><204><218>3y<212><208>t <153><225><241><1><219><153>b
Attributes:
NAS-IP-Address = 202.179.0.135
NAS-Port = 536
Cisco-NAS-Port = "Async3/104"
NAS-Port-Type = Async
User-Name = "stac"
Called-Station-Id = "1633"
Calling-Station-Id = "11315556"
User-Password = "M<253><156>Z<167><2>R[&T<226><210>_<220><251>-"
Service-Type = Framed-User
Framed-Protocol = PPP
User-Id = "stac"
NAS-Identifier = "202.179.0.135"
User-Realm = ""
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Class = "3b7c799c.e.nmc.ub.mng.net"
Class = "MERIT"
Class = "IPASS"
Reply-Message = "Proxied"
---
I don't understand why Radiator sending Access-Request simultaneously to
both iPass outbound and Merit AAA.
Could you help me to solve it?
I think Radiator should to do authentication one-by-one. We are using
"ContinueUntilAccept" policy. Is it correct?
I attached Radiator configuration file.
Thank you,
Ganbold
# radius.cfg
Foreground
Trace 4
AuthPort1645
AcctPort1646
LogDir /var/log/radius
#DbDir /usr/local/mysql/var/radius
LogFile %L/logfile
DictionaryFile /root/radiator/Radiator-2.18.1/dictionary
#FingerProg /usr/bin/finger
SnmpgetProg /usr/local/bin/snmpget
Secret
DupInterval 15
# NoIgnoreDuplicates Access-Request
NasType Cisco
RewriteUsername tr/[A-Z]/[a-z]/
RewriteUsername s/^([^@]+).*/$1/
SNMPCommunity public
StatusServerShowClientDetails
Secret
DupInterval 15
# NoIgnoreDuplicates Access-Request
NasType Cisco
RewriteUsername tr/[A-Z]/[a-z]/
RewriteUsername s/^([^@]+).*/$1/
S
(RADIATOR) Bad encrypted password
Hello, We have some problem with our Radiator-2.18.1 in FreeBSD 4.3 We have DES encrypted password for almost all users in Mysql database. Some users have MD5 passwords in database. Users can change password from web and it uses UNIX crypt() function to encrypt it and saves to database. Problem is: Sometimes users can't login to Radiator. It says bad encrypted password. Sometimes users can login but after disconnecting connection and trying reestablishing connection it says again bad encrypted password. In system when I issue command ls -l /usr/lib/libcrypt* it points to DES libraries. But when I change password from shell it creates MD5 passwords for users. Also seems like sometimes some users password changed from DES to MD5 without user intervention. Is it problem of OS or problem of FreeBSD? Of course it is off topic question but are there anyone who can help me to solve this kind of problem? Can somebody give me advice, direction to solve this problem? Also I want to have only one encryption standard for all users. How to accomplish that? thanks in advance, Ganbold === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Problem with Ascend
Hello, We have problem with Ascend Max with Radiator 2.18.1. Ascend sends garbage something like banner, initial-banner, route1 etc. I read FAQ and configured Ascend in that way but again it didn't solve the problem. What should I do in this case? I searched through mailing list but seems like there is no solution. Is there any solution exits? thanks in advance, Ganbold === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Important - How to do Block Time users
Yes, I tried CheckBlockTIme script from goodies directory. First time itworked when I had 2.17.1 version and Cisco IOS 11.0. But when I upgradedCisco IOS to latest version it didn't worked. So I solved it in that way.Ganbold
Re: (RADIATOR) Important - How to do Block Time users
Hi,
I solved it in following way. Below is PostAuthHook script.
# CheckBlockTimeLeft
#
# PostAuthHook to check time left for a block user
# by verifying the Session-Timeout attribute
#
sub
{
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $result = ${$_[2]};
my $name = $p->get_attr('User-Name');
my $timeoutxx = 0;
use DBI;
my ($dsn)="DBI:mysql:radius:localhost";
my ($namex)="xxx";
#my ($password11)="xxx";
my ($dbh,$sth);
my (@ary);
$dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
my ($sth)=$dbh->prepare (qq{
SELECT USERNAME,TIMELEFT FROM SUBSCRIBERS
WHERE USERNAME='$name'
});
$sth->execute();
while(my $hash_ref=$sth->fetchrow_hashref())
{
print join ("\t",$hash_ref->{USERNAME},$hash_ref->{TIMELEFT}). "\n";
$timeoutxx = $hash_ref->{TIMELEFT};
}
$sth->finish();
$dbh->disconnect();
if (($result == $main::ACCEPT) && ($timeoutxx <= 0))
{
&main::log($main::LOG_DEBUG, "User $name has no time left");
if($timeoutxx<0){
$dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
my ($sth)=$dbh->prepare (qq{
UPDATE SUBSCRIBERS SET TIMELEFT=0 WHERE USERNAME='$name'
});
$sth->execute();
$sth->finish();
$dbh->disconnect();
}
#${$_[2]} = $main::REJECT;
if($p->code eq 'Access-Request'){
$rp->delete_attr('Filter-Id');
$rp->delete_attr('Session-Timeout');
$rp->delete_attr('Framed-Protocol');
$rp->delete_attr('Service-Type');
$rp->delete_attr('Framed-MTU');
$rp->delete_attr('Framed-Compression');
$rp->set_code('Access-Reject');
$rp->change_attr('Reply-Message','Prepaid time limit reached!');
$p->{Client}->replyTo($rp,$p);
}
if($p->code eq 'Accounting-Request'){
$rp->set_code('Accounting-Response');
$p->{Client}->replyTo($rp,$p);
}
}
return;
}
#
HTH,
Ganbold Ts.
- Original Message -
From: "William Hernandez" <[EMAIL PROTECTED]>
To: "Radiator" <[EMAIL PROTECTED]>
Sent: Wednesday, April 25, 2001 11:25 PM
Subject: RE: (RADIATOR) Important - How to do Block Time users
> Hello everyone,
>
> I'm trying to follow Hugh's tips, but I'm doing something wrong.
>
> In my radius.cfg I have:
>
>
> Identifier TimeBlock-SQL
> DBSource*
> DBUsername*
> DBAuth*
> AuthSelect select TIMEBLOCK from XSTOP where
> USERNAME='%n'
> AuthColumnDef 0, Time, check
>
>
> AuthBy Check-FILE
> AuthBy System
> # This AuthBy will check the Time check-item
> AuthBy TimeBlock-SQL
> # This hook calculates the session-timeout
> PostAuthHook file:"/etc/raddb/setSessionTimeout"
> AcctLogFileName /var/log/radacct/detail
> PasswordLogFileName /var/log/radius.log
> ExcludeFromPasswordLog root
>
>
> In my PostAuthHook I have:
> my $timeblock=$p->get_attr('Time');
>
> The problem is $timeblock is coming back an empty string. I can't
> get the value to the PostAuthHook.
> The "ERR: Invalid timeblock for user whr" in the radius.log comes
> from the PostAuthHook.
>
> A Trace 4 radius.log shows:
> Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> *** Received from 208.249.78.6 port 4319
> Code: Access-Request
> Identifier: 196
> Authentic: 1234567890123456
> Attributes:
> User-Name = "whr"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "<146><208><238><158><247><22><144><5><164><133><228><17
> 4><1>H<30>x"
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> 203.63.154.1, 1234
> Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> RADONLINE where NASIDE
> NTIFIER='203.63.154.1' and NASPORT=01234
>
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
> with whr
> Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT
> Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
&
(RADIATOR) AuthSelect problem
Hi! I'm asking previously posted question. Is it possible conditional parsing of radius.cfg?Another words - if it's possible to realise following algorithm:AuthSelect select SERVICE from .if SERVICE == 1 then AuthColumnDef 0, Framed-Protocol, replyelse AuthColumnDef 0, Login-Service, replyend thanks in advance, Ganbold
(RADIATOR) Accounting-Response problem
Hi,
I have problem with Radiator-2.18 in FreeBSD 4.0.
All modules installed.
All is working fine except Radiator is not sending
accounting-response after receiving accounting-request from
NAS.
Here is my radiator config file.
# radius.cfg
ForegroundTrace 5
AuthPort 1645AcctPort 1646
LogDir /var/log/radiusDbDir /usr/local/var/radius
LogFile %L/logfile
DictionaryFile %D/dictionary#DictionaryFile
%D/dictionary.cisco#DictionaryFile %D/dictionary.ascend#DictionaryFile
%D/dictionary.ascend2
FingerProg /usr/bin/fingerSnmpgetProg
/usr/local/bin/snmpget
#RewriteUsername tr/[A-Z]/[a-z]/#RewriteUsername s/\S+//g
#PreClientHook sub { print "Here I am in
PreClentHook\n"; }#StartupHook sub {print "here I am in StartupHook
$_[0]\n";}
Secret xxx DupInterval
0 NoIgnoreDuplicates Access-Request NasType
Cisco# NasType Ascend# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/ StatusServerShowClientDetails
Secret xxx DupInterval
0 NoIgnoreDuplicates Access-Request NasType
Cisco# NasType Ascend# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/ StatusServerShowClientDetails
Secret xxx DupInterval
0 NoIgnoreDuplicates Access-Request NasType
Cisco# NasType Ascend# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/ StatusServerShowClientDetails
# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/
MaxSessions 1# AcctLogFileName %L/detail
# AcctLogFileFormat %{Timestamp}
%{Acct-Session-Id} %{User-Name}
# WtmpFileName
%L/wtmp# PasswordLogFileName %L/password.log
RejectHasReason
AuthByPolicy
ContinueWhileIgnore AccountingHandled
SessionDatabase SQL1
DBSource dbi:mysql:radius DBUsername root DBAuth xxx
# AuthSelect select
PASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where
USERNAME='%n' AuthSelect select PASSWORD,REPLYATTR,TIMELEFT from
SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, reply AuthColumnDef 2,
Session-Timeout, reply
AddToReply Framed-Protocol = PPP,Service-Type =
Framed-User,Framed-MTU = 1500,Framed-Compression =
Van-Jacobson-TCP-IP
AccountingTable ACCOUNTING AccountingStopsOnly
AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-%{Acct-Session-Time} where USERNAME='%n'
RejectEmptyPassword AcctFailedLogFileName
%L/misseddetails
Host xxx.net Secret xxx AuthPort
1645 AcctPort 1646 Retries
4 RetryTimeout 5 CachePasswords
RejectEmptyPassword# AcctLogFileName
%L/misseddetails2 ## PostAuthHook
file:"%D/CheckBlockTimeLeft"
#
DBSource dbi:mysql:radius DBUsername root DBAuth xxx
DBSource dbi:mysql:radius DBUsername root DBAuth xxx #
Optional identifier. Its just a name Identifier SQL1
AddQuery insert into RADONLINE
(USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,SERVICETYPE)
values('%n','%N',%{NAS-Port},'%{Acct-Session-Id}',%{Timestamp},'%{Framed-IP-Address}','%{Port-Type}','%{Service-Type}')DeleteQuery
delete from RADONLINE where USERNAME='%n' and NASIDENTIFIER='%N' and
NASPORT=%{NAS-Port}ClearNasQuery delete from RADONLINE where
NASIDENTIFIER='%N'CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID from
RADONLINE where USERNAME='%n'
# Log to a file Filename %L/mylog Trace
5
# Log to syslog (Unix only) Facility user Trace 4
# # Defines how to connect
to the database. See examples
above# DBSource dbi:mysql:radius# DBUsername mikem# DBAuth fred #
Trace level to use (allows same values as the global Trace
level)# Trace 4#
#
(RADIATOR) Accounting-Response problem
Hi,
I have problem with Radiator-2.18 in FreeBSD 4.0.
All modules installed.
All is working fine except Radiator is not sending
accounting-response after receiving accounting-request from
NAS.
Here is my radiator config file.
# radius.cfg
ForegroundTrace 5
AuthPort 1645AcctPort 1646
LogDir /var/log/radiusDbDir /usr/local/var/radius
LogFile %L/logfile
DictionaryFile %D/dictionary#DictionaryFile
%D/dictionary.cisco#DictionaryFile %D/dictionary.ascend#DictionaryFile
%D/dictionary.ascend2
FingerProg /usr/bin/fingerSnmpgetProg
/usr/local/bin/snmpget
#RewriteUsername tr/[A-Z]/[a-z]/#RewriteUsername s/\S+//g
#PreClientHook sub { print "Here I am in
PreClentHook\n"; }#StartupHook sub {print "here I am in StartupHook
$_[0]\n";}
Secret xxx DupInterval
0 NoIgnoreDuplicates Access-Request NasType
Cisco# NasType Ascend# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/ StatusServerShowClientDetails
Secret xxx DupInterval
0 NoIgnoreDuplicates Access-Request NasType
Cisco# NasType Ascend# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/ StatusServerShowClientDetails
Secret xxx DupInterval
0 NoIgnoreDuplicates Access-Request NasType
Cisco# NasType Ascend# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/ StatusServerShowClientDetails
# RewriteUsername s/^([^@]+).*/$1/# RewriteUsername tr/[A-Z]/[a-z]/
MaxSessions 1# AcctLogFileName %L/detail
# AcctLogFileFormat %{Timestamp}
%{Acct-Session-Id} %{User-Name}
# WtmpFileName
%L/wtmp# PasswordLogFileName %L/password.log
RejectHasReason
AuthByPolicy
ContinueWhileIgnore AccountingHandled
SessionDatabase SQL1
DBSource dbi:mysql:radius DBUsername root DBAuth xxx
# AuthSelect select
PASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where
USERNAME='%n' AuthSelect select PASSWORD,REPLYATTR,TIMELEFT from
SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, reply AuthColumnDef 2,
Session-Timeout, reply
AddToReply Framed-Protocol = PPP,Service-Type =
Framed-User,Framed-MTU = 1500,Framed-Compression =
Van-Jacobson-TCP-IP
AccountingTable ACCOUNTING AccountingStopsOnly
AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctSQLStatement update SUBSCRIBERS set
TIMELEFT=TIMELEFT-%{Acct-Session-Time} where USERNAME='%n'
RejectEmptyPassword AcctFailedLogFileName
%L/misseddetails
Host xxx.net Secret xxx AuthPort
1645 AcctPort 1646 Retries
4 RetryTimeout 5 CachePasswords
RejectEmptyPassword# AcctLogFileName
%L/misseddetails2 ## PostAuthHook
file:"%D/CheckBlockTimeLeft"
#
DBSource dbi:mysql:radius DBUsername root DBAuth xxx
DBSource dbi:mysql:radius DBUsername root DBAuth xxx #
Optional identifier. Its just a name Identifier SQL1
AddQuery insert into RADONLINE
(USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,SERVICETYPE)
values('%n','%N',%{NAS-Port},'%{Acct-Session-Id}',%{Timestamp},'%{Framed-IP-Address}','%{Port-Type}','%{Service-Type}')DeleteQuery
delete from RADONLINE where USERNAME='%n' and NASIDENTIFIER='%N' and
NASPORT=%{NAS-Port}ClearNasQuery delete from RADONLINE where
NASIDENTIFIER='%N'CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID from
RADONLINE where USERNAME='%n'
# Log to a file Filename %L/mylog Trace
5
# Log to syslog (Unix only) Facility user Trace 4
# # Defines how to connect
to the database. See examples
above# DBSource dbi:mysql:radius# DBUsername mikem# DBAuth fred #
Trace level to use (allows same values as the global Trace
level)# Trace 4#
#
