Re: (RADIATOR) Bad login count
Hello Chairath - I apologise, but I don't understand the question. Could you please provide me with more details and a trace 4 debug showing the problem. thanks Hugh On Tue, 11 Dec 2001 17:51, Chairath K wrote: Hello Hugh, Our Nas send a user with realm. And when I set Bad login count to zero , I can login with user2@test2 also. Regards, Chairath Hello Chairath - The log message shown below is due to the username user2@test2 not being found in the database. This is probably because you have not used a RewriteUsername in the Handler to strip the realm (you should use the same one that you used in the Realm clause). regards Hugh On Tue, 11 Dec 2001 15:17, Chairath K wrote: Hello Hugh, I have got problem about Bad login count. According to section 5.1.9 in reference manual of RAdmin version 1.4 , it said that if we leave this field blank, then no bad login limits will be applied. But !! when I try , I can't login . In log file shows a message like these Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No such user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump: *** Sending to 10.20.0.2 port 49156 Code: Access-Reject Identifier: 159 Authentic: 004G001321003100/172 Attributes: Reply-Message = Request Denied So how can I fixed it . Futhermore , how can I expand login limit to more than 5 Regards, Chairath P.S. Our system are running with Radiator 2.18 and Radmin 1.4 Foreground LogStdout LogDir d:/Radiator-2.18/log DbDir d:/Radiator-2.18 LogFile %L/logfile-%d-%m-%Y # Dont turn this up too high, since all log messages are logged # to the RADMESSAGES table in the database. 3 will give you everything # except debugging messages Trace 4 # PreClientHook to add NAS-Port attribute PreClientHook file:%D/addNASPort # You will probably want to change this to suit your site. # You should list all the clients you have, and their secrets # If you are using the Radmin Clients table, you wil probably # want to disable this. #Client DEFAULT # Secret mysecret # DupInterval 0 #/Client # You can put additonal (or all) client details in your Radmin # database table # and get their details from there with something like this: # You can then use the Radmin 'Add Radius Client' to add new clients. ClientListSQL DBSource dbi:ODBC:Radmin DBUsername xxx DBAuth /ClientListSQL #AuthBy RADIUS # Identifier ProxyTofunk # Host 10.2.0.6 # Secret test #/AuthBy #Realm funk # strip Realm # RewriteUsername s/^([^@]+).*/$1/ # AuthBy ProxyTofunk #/Realm AuthBy RADMIN Identifier RADMINAUTH # Change DBSource, DBUsername, DBAuth for your database # See the reference manual. You will also have to # change the one in SessionDatabse SQL below # so its the same DBSource dbi:ODBC:Radmin DBUsername xxx DBAuth DateFormat %e %m %Y %T # You can add to or change these if you want, but you # will probably want to change the database schema first AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef DATE,Timestamp,integer-date # This updates the time and octets left # for this user AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' /AuthBy AuthBy GROUP Identifier WithIdleTimeout AuthBy RADMINAUTH # These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's reply AddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 600,\ Class = %{NAS-Port} /AuthBy AuthBy GROUP Identifier WithOutIdleTimeout AuthBy RADMINAUTH # These are the classic things to add to each users # reply to
(RADIATOR) Bad login count
Hello Hugh, I have got problem about Bad login count. According to section 5.1.9 in reference manual of RAdmin version 1.4 , it said that if we leave this field blank, then no bad login limits will be applied. But !! when I try , I can't login . In log file shows a message like these Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No such userTue Dec 11 10:53:56 2001: DEBUG: Packet dump:*** Sending to 10.20.0.2 port 49156 Code: Access-RejectIdentifier: 159Authentic: 004G001321003100/172Attributes:Reply-Message = "Request Denied" So how can I fixed it . Futhermore , how can I expand login limit to more than 5 Regards, Chairath P.S. Our system are running with Radiator 2.18 and Radmin 1.4 ForegroundLogStdoutLogDird:/Radiator-2.18/logDbDird:/Radiator-2.18LogFile %L/logfile-%d-%m-%Y # Dont turn this up too high, since all log messages are logged# to the RADMESSAGES table in the database. 3 will give you everything# except debugging messagesTrace 4 # PreClientHook to add NAS-Port attributePreClientHook file:"%D/addNASPort" # You will probably want to change this to suit your site.# You should list all the clients you have, and their secrets# If you are using the Radmin Clients table, you wil probably# want to disable this.#Client DEFAULT#Secretmysecret#DupInterval 0#/Client # You can put additonal (or all) client details in your Radmin# database table# and get their details from there with something like this:# You can then use the Radmin 'Add Radius Client' to add new clients.ClientListSQLDBSourcedbi:ODBC:RadminDBUsernamexxx DBAuth /ClientListSQL #AuthBy RADIUS#Identifier ProxyTofunk#Host 10.2.0.6#Secret test#/AuthBy #Realm funk# strip Realm#RewriteUsername s/^([^@]+).*/$1/#AuthBy ProxyTofunk#/Realm AuthBy RADMINIdentifier RADMINAUTH# Change DBSource, DBUsername, DBAuth for your database# See the reference manual. You will also have to # change the one in SessionDatabse SQL below# so its the sameDBSourcedbi:ODBC:RadminDBUsernamexxxDBAuthDateFormat %e %m %Y %T# You can add to or change these if you want, but you# will probably want to change the database schema firstAccountingTableRADUSAGEAcctColumnDefUSERNAME,User-NameAcctColumnDefTIME_STAMP,Timestamp,integerAcctColumnDefACCTSTATUSTYPE,Acct-Status-Type,integerAcctColumnDefACCTDELAYTIME,Acct-Delay-Time,integerAcctColumnDefACCTINPUTOCTETS,Acct-Input-Octets,integerAcctColumnDefACCTOUTPUTOCTETS,Acct-Output-Octets,integerAcctColumnDefACCTSESSIONID,Acct-Session-IdAcctColumnDefACCTSESSIONTIME,Acct-Session-Time,integerAcctColumnDefACCTTERMINATECAUSE,Acct-Terminate-Cause,integerAcctColumnDefFRAMEDIPADDRESS,Framed-IP-AddressAcctColumnDefNASIDENTIFIER,NAS-IdentifierAcctColumnDefNASIDENTIFIER,NAS-IP-AddressAcctColumnDefNASPORT,NAS-Port,integerAcctColumnDefDNIS,Called-Station-IdAcctColumnDefDATE,Timestamp,integer-date# This updates the time and octets left# for this userAcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' /AuthBy AuthBy GROUP Identifier WithIdleTimeout AuthBy RADMINAUTH# These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's replyAddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 600,\ Class = %{NAS-Port}/AuthBy AuthBy GROUP Identifier WithOutIdleTimeout AuthBy RADMINAUTH# These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's replyAddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Class = %{NAS-Port}/AuthBy AuthBy FILEIdentifier TimeZoneFilename %D/adsl.users/AuthBy Handler Request-Type=Accounting-RequestAuthBy RADMINAUTH/Handler Handler Realm=test1AuthBy TimeZone/Handler Handler Realm=test2AuthBy WithOutIdleTimeout/Handler HandlerAuthBy WithIdleTimeout/Handler # Handle User with NO Realm with RADMIN#Realm#AuthBy RADMINAUTH#/Realm # Handle everyone with RADMIN#Realm DEFAULT#AuthBy RADMINAUTH#/Realm SessionDatabase SQL# This database spec usually should be exactly the same# as in AuthBy RADMIN aboveDBSourcedbi:ODBC:RadminDBUsernameDBAuthClearNasQuery/SessionDatabase
Re: (RADIATOR) Bad login count
Hello Chairath - The log message shown below is due to the username user2@test2 not being found in the database. This is probably because you have not used a RewriteUsername in the Handler to strip the realm (you should use the same one that you used in the Realm clause). regards Hugh On Tue, 11 Dec 2001 15:17, Chairath K wrote: Hello Hugh, I have got problem about Bad login count. According to section 5.1.9 in reference manual of RAdmin version 1.4 , it said that if we leave this field blank, then no bad login limits will be applied. But !! when I try , I can't login . In log file shows a message like these Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No such user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump: *** Sending to 10.20.0.2 port 49156 Code: Access-Reject Identifier: 159 Authentic: 004G001321003100/172 Attributes: Reply-Message = Request Denied So how can I fixed it . Futhermore , how can I expand login limit to more than 5 Regards, Chairath P.S. Our system are running with Radiator 2.18 and Radmin 1.4 Foreground LogStdout LogDir d:/Radiator-2.18/log DbDir d:/Radiator-2.18 LogFile %L/logfile-%d-%m-%Y # Dont turn this up too high, since all log messages are logged # to the RADMESSAGES table in the database. 3 will give you everything # except debugging messages Trace 4 # PreClientHook to add NAS-Port attribute PreClientHook file:%D/addNASPort # You will probably want to change this to suit your site. # You should list all the clients you have, and their secrets # If you are using the Radmin Clients table, you wil probably # want to disable this. #Client DEFAULT # Secret mysecret # DupInterval 0 #/Client # You can put additonal (or all) client details in your Radmin # database table # and get their details from there with something like this: # You can then use the Radmin 'Add Radius Client' to add new clients. ClientListSQL DBSource dbi:ODBC:Radmin DBUsername xxx DBAuth /ClientListSQL #AuthBy RADIUS # Identifier ProxyTofunk # Host 10.2.0.6 # Secret test #/AuthBy #Realm funk # strip Realm # RewriteUsername s/^([^@]+).*/$1/ # AuthBy ProxyTofunk #/Realm AuthBy RADMIN Identifier RADMINAUTH # Change DBSource, DBUsername, DBAuth for your database # See the reference manual. You will also have to # change the one in SessionDatabse SQL below # so its the same DBSource dbi:ODBC:Radmin DBUsername xxx DBAuth DateFormat %e %m %Y %T # You can add to or change these if you want, but you # will probably want to change the database schema first AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef DATE,Timestamp,integer-date # This updates the time and octets left # for this user AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' /AuthBy AuthBy GROUP Identifier WithIdleTimeout AuthBy RADMINAUTH # These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's reply AddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 600,\ Class = %{NAS-Port} /AuthBy AuthBy GROUP Identifier WithOutIdleTimeout AuthBy RADMINAUTH # These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's reply AddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Class = %{NAS-Port} /AuthBy AuthBy FILE Identifier TimeZone Filename %D/adsl.users /AuthBy Handler Request-Type=Accounting-Request AuthBy RADMINAUTH /Handler Handler Realm=test1 AuthBy TimeZone /Handler Handler Realm=test2 AuthBy WithOutIdleTimeout /Handler Handler
Re: (RADIATOR) Bad login count
Hello Hugh, Our Nas send a user with realm. And when I set Bad login count to zero , I can login with user2@test2 also. Regards, Chairath Hello Chairath - The log message shown below is due to the username user2@test2 not being found in the database. This is probably because you have not used a RewriteUsername in the Handler to strip the realm (you should use the same one that you used in the Realm clause). regards Hugh On Tue, 11 Dec 2001 15:17, Chairath K wrote: Hello Hugh, I have got problem about Bad login count. According to section 5.1.9 in reference manual of RAdmin version 1.4 , it said that if we leave this field blank, then no bad login limits will be applied. But !! when I try , I can't login . In log file shows a message like these Tue Dec 11 10:53:56 2001: INFO: Access rejected for user2@test2: No such user Tue Dec 11 10:53:56 2001: DEBUG: Packet dump: *** Sending to 10.20.0.2 port 49156 Code: Access-Reject Identifier: 159 Authentic: 004G001321003100/172 Attributes: Reply-Message = Request Denied So how can I fixed it . Futhermore , how can I expand login limit to more than 5 Regards, Chairath P.S. Our system are running with Radiator 2.18 and Radmin 1.4 Foreground LogStdout LogDir d:/Radiator-2.18/log DbDir d:/Radiator-2.18 LogFile %L/logfile-%d-%m-%Y # Dont turn this up too high, since all log messages are logged # to the RADMESSAGES table in the database. 3 will give you everything # except debugging messages Trace 4 # PreClientHook to add NAS-Port attribute PreClientHook file:%D/addNASPort # You will probably want to change this to suit your site. # You should list all the clients you have, and their secrets # If you are using the Radmin Clients table, you wil probably # want to disable this. #Client DEFAULT # Secret mysecret # DupInterval 0 #/Client # You can put additonal (or all) client details in your Radmin # database table # and get their details from there with something like this: # You can then use the Radmin 'Add Radius Client' to add new clients. ClientListSQL DBSource dbi:ODBC:Radmin DBUsername xxx DBAuth /ClientListSQL #AuthBy RADIUS # Identifier ProxyTofunk # Host 10.2.0.6 # Secret test #/AuthBy #Realm funk # strip Realm # RewriteUsername s/^([^@]+).*/$1/ # AuthBy ProxyTofunk #/Realm AuthBy RADMIN Identifier RADMINAUTH # Change DBSource, DBUsername, DBAuth for your database # See the reference manual. You will also have to # change the one in SessionDatabse SQL below # so its the same DBSource dbi:ODBC:Radmin DBUsername xxx DBAuth DateFormat %e %m %Y %T # You can add to or change these if you want, but you # will probably want to change the database schema first AccountingTable RADUSAGE AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef DNIS,Called-Station-Id AcctColumnDef DATE,Timestamp,integer-date # This updates the time and octets left # for this user AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n' /AuthBy AuthBy GROUP Identifier WithIdleTimeout AuthBy RADMINAUTH # These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's reply AddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Idle-Timeout = 600,\ Class = %{NAS-Port} /AuthBy AuthBy GROUP Identifier WithOutIdleTimeout AuthBy RADMINAUTH # These are the classic things to add to each users # reply to allow a PPP dialup session. It may be # different for your NAS. This will add some # reply items to everyone's reply AddToReply Framed-Protocol = PPP,\ Service-Type = Framed-User,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP,\ Class =