Re: (RADIATOR) Proxying accounting requests.
I can't do it with sql, because I'm still trying to get that to work between the two servers :( That was the part that was getting me. Is there a way to do it with AuthBy Proxy or something that does not have to interface with a db directly. If I succeed with freetds or DBD-Proxy, then I'll be in good shape (your example makes perfect sense), but so far it is failing. Comments on my other post: I did a truss again radiusd while doing authby platypus and found that freetds is dumping on the debug file for some reason. Still trying to figure out why. Thanks for all your help. On Sat, 25 May 2002, Hugh Irvine wrote: > > Hello - > > As mentioned in my previous mail, the example I provided does exactly what > you require. Is there something that is not clear that I can clarify for you? > > regards > > Hugh > > > On Fri, 24 May 2002 23:19, Sysadmin wrote: > > Hi, > > This is kind of weird, but here goes. > > I have a NAS that is under the control of a partner company. They > > forward all authentication to my radius servers. I now have a customer > > that is user their NAS, but did not want to move his radius username/passwd > > db to my server, so I have to proxy all the requests to his radius server. > > I'm interested in monitoring their usage and so are they. > > So I need to be able to log the start/stop accounting packet for their > > realm to my accounting database and also fwd it onto their accounting > > database. Both accounting servers are running cisco's ACS radius, so they > > accept the stop/start packets on port 1646 and then store them in sql. > > The reason for not just doing the one central server is because the > > partner company wants to make sure we are not over billing them. :( > > > > Thanks for you help. > > > > On Fri, 24 May 2002, Hugh Irvine wrote: > > > Hello - > > > > > > I don't understand your question, sorry. > > > > > > Could you explain the requirement in a bit more detail? > > > > > > thanks > > > > > > Hugh > > > > > > On Fri, 24 May 2002 00:53, Sysadmin wrote: > > > > Hi, > > > > In this case I am not using sql at the central accounting server or at > > > > the host I am proxying to. So is there a way for me to fwd accounting > > > > request to both hosts on port 1646? > > > > > > > > Thanks > > > > > > > > -Original Message- > > > > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > > > > Sent: Monday, May 13, 2002 7:09 PM > > > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > > Subject: Re: (RADIATOR) Proxying accounting requests. > > > > > > > > > > > > > > > > Hello - > > > > > > > > You will need to add an AuthBy SQL clause to your configuration file. > > > > > > > > Something like this: > > > > > > > > # define AuthBy SQL clause for accounting > > > > > > > > > > > > Identifier SQLAccounting > > > > .. > > > > # empty AuthSelect to disable authentication > > > > AuthSelect > > > > > > > > # define accounting > > > > AccountingTable ACCOUNTING > > > > AcctColumnDef . > > > > . > > > > > > > > > > > > # define Realms > > > > > > > > > > > > AuthByPolicy ContinueAlways > > > > AuthBy SQLAccounting > > > > > > > > > > > > > > > > . > > > > > > > > > > > > > > > > AuthByPolicy ContinueAlways > > > > AuthBy SQLAccounting > > > > > > > > > > > > > > > > . > > > > > > > > > > > > . > > > > > > > > > > > > regards > > > > > > > > Hugh > > > > > > > > On Tue, 14 May 2002 01:02, [EMAIL PROTECTED] wrote: > > > > > I want to put in a central radius accountinng server and was > > > > > > > > wondering how > > > > > > > > > to configure my realms. I have some realms that I proxy for > > > > > > > > and some I do > > > > > > > > > not. Right now I have all the realms going to a file. Is > > > > > > > > there a way I > > > > > > > > > can tell the realms to fwd to a central server? Right now I am just > > > > > saving them to files. > > > > > If I do this, will it also still fwd the start/stop packets to the > > > > > radius servers I am proxying to? > > > > > > > > > > > > > > > > > > > > Thanks > > > > > > > > > > === > > > > > Archive at http://www.open.com.au/archives/radiator/ > > > > > Announcements on [EMAIL PROTECTED] > > > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > > > 'unsubscribe radiator' in the body of the message. > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Access SQL 2000 from Solaris 8
I took Mike's approach first and installed freetds 0.53 with DBD-Sybase 0.94 I set my sybase variable to /usr/local/freetds, added extra_libs EXTRA_LIBS= -ltli (as per the CONFIG file) and added my platypus server to the freetds.conf file. Compiling DBD-Sybase and doing the make test showed a lot of failures. PERL_DL_NONLAZY=1 /usr/bin/perl -Iblib/arch -Iblib/lib -I/usr/local/lib/perl5/5.6.1/i86pc-solaris -I/usr/local/lib/per l5/5.6.1 -e 'use Test::Harness qw(&runtests $verbose); $verbose=0; runtests @ARGV;' t/*.t t/autocommitdubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-4 Failed 3/4 tests, 25.00% okay t/base..ok t/exec..dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-9 Failed 8/9 tests, 11.11% okay t/fail..dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-13 Failed 12/13 tests, 7.69% okay t/login.dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-3 Failed 2/3 tests, 33.33% okay t/main..dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-14 Failed 13/14 tests, 7.14% okay t/nsql..dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-4 Failed 3/4 tests, 25.00% okay t/place.dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-11 Failed 10/11 tests, 9.09% okay t/xblob.dubious Test returned status 0 (wstat 11, 0xb) DIED. FAILED tests 2-6 Failed 5/6 tests, 16.67% okay Failed TestStatus Wstat Total Fail Failed List of Failed t/autocommit.t 011 43 75.00% 2-4 t/exec.t 011 98 88.89% 2-9 t/fail.t 01113 12 92.31% 2-13 t/login.t 011 32 66.67% 2-3 t/main.t 01114 13 92.86% 2-14 t/nsql.t 011 43 75.00% 2-4 t/place.t 01111 10 90.91% 2-11 t/xblob.t 011 65 83.33% 2-6 Failed 8/9 test scripts, 11.11% okay. 56/69 subtests failed, 18.84% okay. *** Error code 2 make: Fatal error: Command failed for target `test_dynamic' I also got errors on my freetds install: root@mail/opt/freetds-0.53% make check Making check in include Making check in src Making check in tds Making check in unittests make t0001 t0002 t0003 t0004 t0005 t0006 `t0001' is up to date. `t0002' is up to date. `t0003' is up to date. `t0004' is up to date. `t0005' is up to date. `t0006' is up to date. make check-TESTS t0001.c: Testing login, logout PASS: t0001 t0002.c: Test basic submit query, results PASS: t0002 t0003.c: Testing DB change -- 'use tempdb' PASS: t0003 t0004.c: Test large (>512 bytes) queries tds_process_result_tokens() returned TDS_FAIL for long query FAIL: t0004 t0005.c: Test large (>512 bytes) replies PASS: t0005 t0006.c: Test SYBREAL, SYBFLT8 values PASS: t0006 === 1 of 6 tests failed === *** Error code 1 make: Fatal error: Command failed for target `check-TESTS' Current working directory /opt/freetds-0.53/src/tds/unittests *** Error code 1 make: Fatal error: Command failed for target `check-am' Current working directory /opt/freetds-0.53/src/tds/unittests *** Error code 1 make: Fatal error: Command failed for target `check-recursive' Current working directory /opt/freetds-0.53/src/tds *** Error code 1 make: Fatal error: Command failed for target `check-recursive' Current working directory /opt/freetds-0.53/src *** Error code 1 make: Fatal error: Command failed for target `check-recursive' I did the make install on both for kicks. I setup my AuthBy PLATYPUS and tried a test user, but it causes radiator to died. Setting Trace to 5 doesn't show anything useful. Should I be focusing on getting all these tests to run cleanly, or is it normal for certain ones to fail? Thanks On Fri, 24 May 2002, Hugh Irvine wrote: > > Hello - > > You might also consider using the DBD-Proxy approach and I will forward you a > related piece of mail from Mike as well. > > Otherwise have a look at the archive site and do a search. > > regards > > Hugh > > > On Fri, 24 May 2002 05:58, Sysadmin wrote: > > Hello, > > I've taken on the challege of getting my Solaris 8 x86 server talking to > > my W2K server running SQL 2000. I've read through the FAQ and still have > > a few questions before I start installing. I would like to do it with the > > freeware products available if possible. I was looking at freetds and > > DBD-sybase. The radiator faq talks about sql 2000, but from the freetds > > faq,
Re: (RADIATOR) Proxying accounting requests.
Hi, This is kind of weird, but here goes. I have a NAS that is under the control of a partner company. They forward all authentication to my radius servers. I now have a customer that is user their NAS, but did not want to move his radius username/passwd db to my server, so I have to proxy all the requests to his radius server. I'm interested in monitoring their usage and so are they. So I need to be able to log the start/stop accounting packet for their realm to my accounting database and also fwd it onto their accounting database. Both accounting servers are running cisco's ACS radius, so they accept the stop/start packets on port 1646 and then store them in sql. The reason for not just doing the one central server is because the partner company wants to make sure we are not over billing them. :( Thanks for you help. On Fri, 24 May 2002, Hugh Irvine wrote: > > Hello - > > I don't understand your question, sorry. > > Could you explain the requirement in a bit more detail? > > thanks > > Hugh > > On Fri, 24 May 2002 00:53, Sysadmin wrote: > > Hi, > > In this case I am not using sql at the central accounting server or at > > the host I am proxying to. So is there a way for me to fwd accounting > > request to both hosts on port 1646? > > > > Thanks > > > > -Original Message- > > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > > Sent: Monday, May 13, 2002 7:09 PM > > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > Subject: Re: (RADIATOR) Proxying accounting requests. > > > > > > > > Hello - > > > > You will need to add an AuthBy SQL clause to your configuration file. > > > > Something like this: > > > > # define AuthBy SQL clause for accounting > > > > > > Identifier SQLAccounting > > .. > > # empty AuthSelect to disable authentication > > AuthSelect > > > > # define accounting > > AccountingTable ACCOUNTING > > AcctColumnDef . > > . > > > > > > # define Realms > > > > > > AuthByPolicy ContinueAlways > > AuthBy SQLAccounting > > > > > > > > . > > > > > > > > AuthByPolicy ContinueAlways > > AuthBy SQLAccounting > > > > > > > > . > > > > > > . > > > > > > regards > > > > Hugh > > > > On Tue, 14 May 2002 01:02, [EMAIL PROTECTED] wrote: > > > I want to put in a central radius accountinng server and was > > > > wondering how > > > > > to configure my realms. I have some realms that I proxy for > > > > and some I do > > > > > not. Right now I have all the realms going to a file. Is > > > > there a way I > > > > > can tell the realms to fwd to a central server? Right now I am just > > > saving them to files. > > > If I do this, will it also still fwd the start/stop packets to the > > > radius servers I am proxying to? > > > > > > > > > > > > Thanks > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Access SQL 2000 from Solaris 8
Hello, I've taken on the challege of getting my Solaris 8 x86 server talking to my W2K server running SQL 2000. I've read through the FAQ and still have a few questions before I start installing. I would like to do it with the freeware products available if possible. I was looking at freetds and DBD-sybase. The radiator faq talks about sql 2000, but from the freetds faq, it says sql 2000 is not fully supported and to use TDS 7.0. I'm confused about the different formats. Will TDS 7.0 actuall work with sql 2000? I'm going to be interfacing with the accounting package Platypus. Once these two packages (and any other dependant packages) are installed, I should just be able to configure radiator's config file to AuthBy PLATYPUS with the correct information? Is anyone else runs solaris 8 x86 with radiator and sql 2000? Thanks === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Proxying accounting requests.
Hi, In this case I am not using sql at the central accounting server or at the host I am proxying to. So is there a way for me to fwd accounting request to both hosts on port 1646? Thanks -Original Message- From: Hugh Irvine [mailto:[EMAIL PROTECTED]] Sent: Monday, May 13, 2002 7:09 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: (RADIATOR) Proxying accounting requests. Hello - You will need to add an AuthBy SQL clause to your configuration file. Something like this: # define AuthBy SQL clause for accounting Identifier SQLAccounting .. # empty AuthSelect to disable authentication AuthSelect # define accounting AccountingTable ACCOUNTING AcctColumnDef . . # define Realms AuthByPolicy ContinueAlways AuthBy SQLAccounting . AuthByPolicy ContinueAlways AuthBy SQLAccounting . . regards Hugh On Tue, 14 May 2002 01:02, [EMAIL PROTECTED] wrote: > I want to put in a central radius accountinng server and was wondering how > to configure my realms. I have some realms that I proxy for and some I do > not. Right now I have all the realms going to a file. Is there a way I > can tell the realms to fwd to a central server? Right now I am just > saving them to files. > If I do this, will it also still fwd the start/stop packets to the > radius servers I am proxying to? > > > > Thanks > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Proxying accounting requests.
I want to put in a central radius accountinng server and was wondering how to configure my realms. I have some realms that I proxy for and some I do not. Right now I have all the realms going to a file. Is there a way I can tell the realms to fwd to a central server? Right now I am just saving them to files. If I do this, will it also still fwd the start/stop packets to the radius servers I am proxying to? Thanks === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about accounting
Hi; Our system is working just fine (authentication wise), but I need to be able to send accounting packets to two seperate locations for a particular realm. For example: Authentication packets for a certain realm are proxied (AuthBy Realm) to another Radius server which works fine. Accounting packets should be sent there too, this seems to be happening as well (it is not our radius server so I don't know for sure). I also want to be able to stuff the contents of the accounting packets into an SQL database, which I am currently doing for realms that authenticate of the same database. Here is my current config for the realm in question: AuthByPolicy ContinueWhileAccept #I was just guesing on this one RewriteUsername tr/A-Za-z0-9\-\_\&\.\@/ /cs RewriteUsername s/^([^@]+).*/$1/ Host Secret DBSourcedbi:mysql: DBUsername DBAuth AuthSelect SELECT DialupUsers.password FROM DialupUsers, DialupService WHERE DialupService.my_key = DialupUsers.my_key AND user_name = '%U' AND DialupService.realm = 'not_real' AND type='region' AND status='ACTIVE' DefaultReply User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = NoneFramed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP, Session-Timeout = 28800, Idle-Timeout = 1800 AuthColumnDef 0, User-Password, check AccountingStopsOnly AccountingTable ACCOUNTING_NATIONAL AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address,ipaddr # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail-%m%d%Y SessionDatabase SDB2 John D [EMAIL PROTECTED] PS Something else, with the SessionDatabase like it is, somethimes the re-written user-name is inserted into the database sometimes the origional username is inserted this is just strange. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about accounting
Hi; Our system is working just fine (authentication wise), but I need to be able to send accounting packets to two seperate locations for a particular realm. For example: Authentication packets for a certain realm are proxied (AuthBy Realm) to another Radius server which works fine. Accounting packets should be sent there too, this seems to be happening as well (it is not our radius server so I don't know for sure). I also want to be able to stuff the contents of the accounting packets into an SQL database, which I am currently doing for realms that authenticate of the same database. Here is my current config for the realm in question: AuthByPolicy ContinueWhileAccept #I was just guesing on this one RewriteUsername tr/A-Za-z0-9\-\_\&\.\@/ /cs RewriteUsername s/^([^@]+).*/$1/ Host Secret DBSourcedbi:mysql: DBUsername DBAuth AuthSelect SELECT DialupUsers.password FROM DialupUsers, DialupService WHERE DialupService.my_key = DialupUsers.my_key AND user_name = '%U' AND DialupService.realm = 'not_real' AND type='region' AND status='ACTIVE' DefaultReply User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = NoneFramed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP, Session-Timeout = 28800, Idle-Timeout = 1800 AuthColumnDef 0, User-Password, check AccountingStopsOnly AccountingTable ACCOUNTING_NATIONAL AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address,ipaddr # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail-%m%d%Y SessionDatabase SDB2 John D [EMAIL PROTECTED] PS Something else, with the sessiondatabase like it is, somethime the re-written user-name is inserted into the database sometimes the origional username is inserted this is just strange. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Strange warning...
We are receiving alot of the following warnings: Thu Dec 2 07:56:26 1999: WARNING: No such attribute Timestamp Every time Radiator tries to relay an accounting packet this message gets generated. Below I have included Trace 4 output for the packet before and after. Any Ideas? John D [EMAIL PROTECTED] *** Received from 216.98.155.2 port 1097 Code: Accounting-Request Identifier: 145 Authentic: <130>pZ<169><149><219><217><253><242>F-<4>L<141><212>8 Attributes: Acct-Session-Id = "3B0246B0" User-Name = "brlgear" NAS-Identifier = "216.98.155.2" NAS-Port = 21 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 996 Acct-Authentic = RADIUS Connect-Info = "44000 LAPM/V42BIS" Acct-Input-Octets = 194170 Acct-Output-Octets = 898353 Acct-Terminate-Cause = User-Request Livingston-Acct-Terminate-Cause = "User Request - Call Circuit Closed" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.98.155.36 Acct-Delay-Time = 0 Thu Dec 2 07:56:26 1999: DEBUG: Rewrote user name to brlgear Thu Dec 2 07:56:26 1999: DEBUG: Handling request with Handler 'Realm=' Thu Dec 2 07:56:26 1999: DEBUG: SDB2 Deleting session for brlgear, 216.98.155.2, 21 Thu Dec 2 07:56:26 1999: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.98.155.2' and NASPORT=21 Thu Dec 2 07:56:26 1999: DEBUG: Handling with Radius::AuthRADIUS Thu Dec 2 07:56:26 1999: WARNING: No such attribute Timestamp Thu Dec 2 07:56:26 1999: DEBUG: Packet dump: *** Sending to 216.98.128.65 port 1646 Code: Accounting-Request Identifier: 13 Authentic: <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0> Attributes: Acct-Session-Id = "3B0246B0" User-Name = "brlgear" NAS-Identifier = "216.98.155.2" NAS-Port = 21 NAS-Port-Type = Async Acct-Status-Type = Stop Acct-Session-Time = 996 Acct-Authentic = RADIUS Connect-Info = "44000 LAPM/V42BIS" Acct-Input-Octets = 194170 Acct-Output-Octets = 898353 Acct-Terminate-Cause = User-Request Livingston-Acct-Terminate-Cause = "User Request - Call Circuit Closed" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 216.98.155.36 Acct-Delay-Time = 0 Timestamp = 944150186 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NT dialup and Radiator (Updated 8/10/99)
THANK YOU!!! THANK YOU!!!THANK YOU!!! THANK YOU!!! THANK YOU!!!THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! THANK YOU!!! I don't think I can say it enough times. That immediatly solved the problem. This also solved a THREE year problem we have been having with our 95/98 customers (unable to establish a compatable set of network protocolls). Everybody seems to be connecting faster and borwsing faster. Again thank you!!! John D [EMAIL PROTECTED] PS to radiator folk: This might be a good one to put in the Radiator FAQ? > > > I nearly went insane trying to track this one down when I ran into it. > > Change your users file from this : > > Framed-Compression = Van-Jacobsen-TCP-IP > > to this : > > Framed-Compression = Van-Jacobson-TCP-IP > > ...and see if it helps. It cleared up the same problem for me. > > VJ only affects TCP traffic, so pings (ICMP) and DNS (UDP) are > unaffected when VJ is out of whack. > > I'm not sure why our PM3's suddenly get fussy over the spelling error > when served by Radiator rather than Radius, but that's what appears to > happen. If I proxy all our authentication traffic to our Radius server > through Radiator running at trace 4, I can see that Radius serves it up with > the spelling error intact. > > Nor am I sure why Windows 95/98 clients don't seem to be affected. It > blew our NT users (and Win3 users) right out of the water, though. > > Lucent/Livingston's site has several pages with the spelling error given > in example code, so I almost suspect that Radius example files may come with > it or did come with it for a time. > > ---Mike Biesele > > > > - Original Message - > From: John Davidson <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, August 10, 1999 12:48 PM > Subject: (RADIATOR) NT dialup and Radiator (Updated 8/10/99) > > > | Something new 8/10/99: I removed Radiator from our system and put back > the old radius we were using, Meret AAA, and NT customers can now connect. > This is a Radiator issue, but I have no idea where to look for a solution. > BTW this is running on a BSDI 4.0 system. > | > | Something interesting 8/9/99: I had an NT customer call me up today and > he told me that he was able to connect and browse yesterday just fine for > about two hours today he can't. The logfile and detail file showed no > difference in what happened, except that it was logged in the detail file > multiple times. There were two start accounting records and three stop all > with the same session ID the only difference is that the "Acct-Delay-time" > is different. I have noticed this in many other locations in the detail > file as well. > | > | More info: When an NI customer connects and can't browse (open socket > connections) they are able to ping, trace and perform host name lookups, so > it doesn't appear to be a routing issue. > | > | Here are portions of the logfile at trace level 4. I have included what > the startup looks like, what an NT (bad) connection looks liks and what a 98 > (good) connection looks like. I am not sure why it says that thoes > attribute numbers are not defined because they are, they are Ascend specific > attributes, but that only seems to affect accounting. > | > | --START UP INFO FROM LOG FILE-- > > [large amount of trace output deleted for brevity] > > | John Davidson > | > | > > | > > | > Hi John - > | > > | > It would also be useful to include debug output at Trace level 4 showing > what > | > is happening. I would have expected to see at least a couple of errors > when > | > Radiator started up with this configuration. > | > > | > On Sat, 07 Aug 1999, [EMAIL PROTECTED] wrote: > | > > Hi; > | > > > | > > We installed Radiator last weekend on our system and since that time > our dialup NT (4.0) customers have had problems accessing the system. They > authenticate just fine but can't browse. To really confuse things this only > happens when they dialup into our PM3's not our Ascend's. > | > > > | > > I know that this doesn't sound like a Radius problem, but that is the > only thing that has changed on our system. > | > > > | > > Here is the info from our config files that is relivant: > | > > > | > > From radius.cfg: > | > > > | > > > | > > AuthByPolicy ContinueUntilAccept > | > > > | > > > | > > # The filename defaults to %D/users > | > > > | > > > | > > # Log accounting to the detail file in LogDir > | > > MaxSessions 1 > | > > AcctLogFileName %L/detail > | > > SessionDatabase SDB1 > | > > > | > > > | > > # This clause says that for entries in the users file > | > > # that specify Auth-Type=System, use the UNIX module to > | > > # authenticate them > | > > > | > > Identifier System > | > > Filename /etc/master.passwd > | > >
Re: (RADIATOR) NT dialup and Radiator
Something interesting: I had an NT customer call me up today and he told me that he was able to connect and browse yesterday just fine for about two hours today he can't. The logfile and detail file showed no difference in what happened, except that it was logged in the detail file multiple times. There were two start accounting records and three stop all with the same session ID the only difference is that the "Acct-Delay-time" is different. I have noticed this in many other locations in the detail file as well. More info: When an NI customer connects and can't browse (open socket connections) the are able to ping, trace and perform host name lookups, so it doesn't appear to be a routing issue. Here are portions of the logfile at trace level 4. I have included what the startup looks like, what an NT (bad) connection looks liks and what a 98 (good) connection looks like. I am not sure why it says that thoes attribute numbers are not defined because they are, they are Ascend specific attributes, but that only seems to affect accounting. --START UP INFO FROM LOG FILE-- Mon Aug 9 09:42:03 1999: NOTICE: SIGTERM received: stopping Mon Aug 9 09:42:09 1999: DEBUG: Reading users file /etc/radiator/users Mon Aug 9 09:42:09 1999: DEBUG: Reading password file /etc/master.passwd Mon Aug 9 09:42:15 1999: DEBUG: Reading group file /etc/group Mon Aug 9 09:42:16 1999: INFO: Server started Mon Aug 9 09:42:16 1999: ERR: Attribute number 120 (vendor 529) is not defined in your dictionary Mon Aug 9 09:42:16 1999: ERR: Attribute number 122 (vendor 529) is not defined in your dictionary Mon Aug 9 09:42:16 1999: ERR: Attribute number 121 (vendor 529) is not defined in your dictionary Mon Aug 9 09:42:16 1999: DEBUG: Packet dump: *** Received from 209.244.17.8 port 53603 Code: Accounting-Request Identifier: 163 Authentic: Z]j<249><178><196>[<233>%Uvr<13>0<225><200> Attributes: User-Name = "militarypress" NAS-Identifier = "209.244.42.44" NAS-Port = 391 Framed-Protocol = PPP Framed-Address = 216.98.152.250 Client-Port-DNIS = "6196644638" Caller-Id = "8585772916" Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Session-Id = "285706089" Acct-Authentic = RADIUS NAS-Port-Type = Async Mon Aug 9 09:42:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Aug 9 09:42:16 1999: DEBUG: SDB1 Adding session for militarypress, 209.244.42.44, 391 Mon Aug 9 09:42:16 1999: DEBUG: Handling with Radius::AuthFILE Mon Aug 9 09:42:16 1999: DEBUG: Accounting accepted Mon Aug 9 09:42:16 1999: DEBUG: Packet dump: *** Sending to 209.244.17.8 port 53603 Code: Accounting-Response Identifier: 163 Authentic: Z]j<249><178><196>[<233>%Uvr<13>0<225><200> Attributes: Mon Aug 9 09:42:16 1999: DEBUG: Packet dump: *** Received from 216.98.155.2 port 1026 Code: Access-Request Identifier: 214 Authentic: <205><141>8<169>u:#<157><246><183><157><154><135><184><233>j Attributes: User-Name = "beachchair1" User-Password = "<133><182>b`<145><192>E<250>}d(<189>o9<7><170>" NAS-Identifier = "216.98.155.2" NAS-Port = 3 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Connect-Info = "26400 LAPM/V42BIS" Mon Aug 9 09:42:16 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Aug 9 09:42:16 1999: DEBUG: SDB1 Deleting session for beachchair1, 216.98.155.2, 3 Mon Aug 9 09:42:16 1999: DEBUG: Handling with Radius::AuthFILE Mon Aug 9 09:42:16 1999: DEBUG: Radius::AuthFILE looks for match with beachchair1 Mon Aug 9 09:42:16 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT Mon Aug 9 09:42:16 1999: DEBUG: Handling with Radius::AuthUNIX Mon Aug 9 09:42:16 1999: DEBUG: Radius::AuthUNIX looks for match with beachchair1 Mon Aug 9 09:42:16 1999: DEBUG: Radius::AuthUNIX ACCEPT: Mon Aug 9 09:42:16 1999: DEBUG: Radius::AuthFILE ACCEPT: Mon Aug 9 09:42:16 1999: DEBUG: Access accepted for beachchair1 Mon Aug 9 09:42:16 1999: DEBUG: Packet dump: *** Sending to 216.98.155.2 port 1026 Code: Access-Accept Identifier: 214 Authentic: <205><141>8<169>u:#<157><246><183><157><154><135><184><233>j Attributes: Framed-Address = 255.255.255.254 User-Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.0 Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobsen-TCP-IP Session-Timeout = 28800 Idle-Timeout = 1800 Mon Aug 9 09:42:16 1999: ERR: Attribute number 120 (vendor 529) is not defined in your dictionary Mon Aug 9 09:42:16 1999: ERR: Attribute number 122 (vendor 529) is not defined in your dictionary Mon Aug 9 09:42:16 1999: ERR: Attribute number 121 (vendor 529) is not defined in your dictionary --NT LOGIN THAT COULDN'T BROWSE-
(RADIATOR) NT dialup and Radiator
Hi; We installed Radiator last weekend on our system and since that time our dialup NT (4.0) customers have had problems accessing the system. They authenticate just fine but can't browse. To really confuse things this only happens when they dialup into our PM3's not our Ascend's. I know that this doesn't sound like a Radius problem, but that is the only thing that has changed on our system. Here is the info from our config files that is relivant: >From radius.cfg: AuthByPolicy ContinueUntilAccept # The filename defaults to %D/users # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail SessionDatabase SDB1 # This clause says that for entries in the users file # that specify Auth-Type=System, use the UNIX module to # authenticate them Identifier System Filename /etc/master.passwd SessionDatabase SDB1 >From users: DEFAULT Auth-Type=System User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP, Session-Timeout = 28800, Idle-Timeout = 1800 BTW we are using BSDI 4.01 to run Radiator. SysAdmin John D. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
