Re: (RADIATOR) ipass problem
Hello Tunde - If you want Radiator to allocate IP addresses for IPASS requests, you will need to use a ReplyHook in the AuthBy RADIUS clause. There is an example showing how to do this in the file "goodies/hooks.txt". regards Hugh On Tuesday, Dec 3, 2002, at 04:39 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Finally getting near UHURU! I found out from IPASS that they don't support chap and all the while my test NAS (a patton) was set to use text or pap or chap! So, the test worked after changing the NAS to "textORchap" OK. New problem. Given my radius config file which I sent to you in my last mail. HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS roaming client dials into? At the moment, radiator is allocating IPs to my Windows NASes and the patton boxes are configured to allocate IPs from pools defined on them. How can I get the pattons to still allocate IPs (not minding whether the client is local or a IPASS client) and still allow radiator to allocate IPs if the IPASS client dials into one of my Windows servers? Regards, Tunde I. - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> Sent: Saturday, November 30, 2002 12:16 AM Subject: Re: (RADIATOR) ipass problem Hello Tunde - Thanks for sending the files. The Radiator log file shows that you are sending the access request to IPASS, but that you are getting an access reject back from them. You will need to check with IPASS to see what is happening at their end. regards Hugh On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Please find attached the following files: radius.cfg (my full config file with no passwords) cmdtest.txt (test carried out with test credentials from ipass using the command line tester that comes with ipass netserver) logfile.txt (radius logfile after attempting access twice via the NAS 80.247.140.30) Hope to hear from you soon. Regards, Tunde I. - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, November 28, 2002 11:28 PM Subject: Re: (RADIATOR) ipass problem Hello Tunde - I will need to see a trace 4 debug from Radiator showing what happens in both cases. regards Hugh On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I am testing my config for ipass. I have used ipass' own config checker from the prompt of my radiator server, and I was able to authenticate the username/password given to me by ipass. But dialing into one of the NASes on my network with the same credentials results in a "request denied" . Any help would be appreciated. My config: === Secret asecret DupInterval 0 NasType Patton SNMPCommunity patt222 Identifier viruse1 IdenticalClients 80.4.4.61 80.4.4.92 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ # ipass client for VNAS (incoming roamers) Secret asecret Identifier ipassclient IdenticalClients 63.4.4.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ # === AUTH BYs = ## proxy radius for IPASS Identifier ipassNetserver Host 63.4.4.212 Secret asecret AuthPort 11812 AcctPort 11813 # AddToRequest NAS-IP-Address=%N AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N #=== HANDLERs AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ # MaxSessions 1 AuthBy ipassNetserver AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- # MaxSessions 1 # Show rejection reason to users RejectHasReason AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth # AuthBy pattonIPADDRESSauth -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywher
Re: (RADIATOR) ipass problem
Hi Hugh, Finally getting near UHURU! I found out from IPASS that they don't support chap and all the while my test NAS (a patton) was set to use text or pap or chap! So, the test worked after changing the NAS to "textORchap" OK. New problem. Given my radius config file which I sent to you in my last mail. HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS roaming client dials into? At the moment, radiator is allocating IPs to my Windows NASes and the patton boxes are configured to allocate IPs from pools defined on them. How can I get the pattons to still allocate IPs (not minding whether the client is local or a IPASS client) and still allow radiator to allocate IPs if the IPASS client dials into one of my Windows servers? Regards, Tunde I. - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> Sent: Saturday, November 30, 2002 12:16 AM Subject: Re: (RADIATOR) ipass problem > > Hello Tunde - > > Thanks for sending the files. > > The Radiator log file shows that you are sending the access request to > IPASS, but that you are getting an access reject back from them. You > will need to check with IPASS to see what is happening at their end. > > regards > > Hugh > > > On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde > Itayemi wrote: > > > Hi Hugh, > > Please find attached the following files: > > radius.cfg (my full config file with no passwords) > > cmdtest.txt (test carried out with test credentials from ipass using > > the > > command line tester that comes with ipass > > netserver) > > logfile.txt (radius logfile after attempting access twice via the NAS > > 80.247.140.30) > > > > Hope to hear from you soon. > > > > Regards, > > Tunde I. > > > > - Original Message - > > From: "Hugh Irvine" <[EMAIL PROTECTED]> > > To: "Ayotunde Itayemi" <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Thursday, November 28, 2002 11:28 PM > > Subject: Re: (RADIATOR) ipass problem > > > > > > > > Hello Tunde - > > > > I will need to see a trace 4 debug from Radiator showing what happens > > in both cases. > > > > regards > > > > Hugh > > > > > > On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi > > wrote: > > > >> Hi Hugh, Hi All, > >> > >> I am testing my config for ipass. I have used ipass' own config > >> checker > >> from the prompt of my radiator server, and I was able to authenticate > >> the > >> username/password given to me by ipass. > >> > >> But dialing into one of the NASes on my network with the same > >> credentials > >> results in a "request denied" . Any help would be appreciated. > >> > >> My config: > >> > >> === > >> Secret asecret > >> DupInterval 0 > >> NasType Patton > >> SNMPCommunity patt222 > >> Identifier viruse1 > >> IdenticalClients 80.4.4.61 80.4.4.92 > >> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ > >> > >> > >> # ipass client for VNAS (incoming roamers) > >> Secret asecret > >> Identifier ipassclient > >> IdenticalClients 63.4.4.212 > >> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ > >> > >> # === AUTH BYs = > >> ## proxy radius for IPASS > >> > >> Identifier ipassNetserver > >> Host 63.4.4.212 > >> Secret asecret > >> AuthPort 11812 > >> AcctPort 11813 > >> # AddToRequest NAS-IP-Address=%N > >> AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N > >> > >> #=== HANDLERs > >> > >> AcctLogFileName %L/ipass/detail > >> RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ > >> # MaxSessions 1 > >> AuthBy ipassNetserver > >> > >> > >> AuthByPolicy ContinueWhileAccept > >> RewriteUsername s/^([^@]+).*/$1/ > >> RewriteUsername tr/A-Z/a-z/ > >> UsernameCharset a-zA-Z0-9\._@- > >> AcctLogFileName %L/account.log > >> PasswordLogFileName %L/password.log > >> SessionDatabase SDB1 > >> AuthBy SQLClientauth > >> StripFromReply Framed-IP-A
Re: (RADIATOR) ipass problem
Hello Tunde - I will need to see a trace 4 debug from Radiator showing what happens in both cases. regards Hugh On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi wrote: Hi Hugh, Hi All, I am testing my config for ipass. I have used ipass' own config checker from the prompt of my radiator server, and I was able to authenticate the username/password given to me by ipass. But dialing into one of the NASes on my network with the same credentials results in a "request denied" . Any help would be appreciated. My config: === Secret asecret DupInterval 0 NasType Patton SNMPCommunity patt222 Identifier viruse1 IdenticalClients 80.4.4.61 80.4.4.92 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ # ipass client for VNAS (incoming roamers) Secret asecret Identifier ipassclient IdenticalClients 63.4.4.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ # === AUTH BYs = ## proxy radius for IPASS Identifier ipassNetserver Host 63.4.4.212 Secret asecret AuthPort 11812 AcctPort 11813 # AddToRequest NAS-IP-Address=%N AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N #=== HANDLERs AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ # MaxSessions 1 AuthBy ipassNetserver AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- # MaxSessions 1 # Show rejection reason to users RejectHasReason AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth # AuthBy pattonIPADDRESSauth -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ipass Problem
Hi Philip, On May 17, 3:13pm, Philip Buckley wrote: > Subject: (RADIATOR) Ipass Problem > Hi everyone, > > > I got the Ipass module for radiator compiled and > installed. I have also run test.pl that comes with radiator Ipass > module, I changed the user name and password that went though ok all > six stages. I then edit the radius.cfg to default authentication to > ipass. The final test was to dial up to my modem bank to get > authenticated via ipass I did this but all that happen was that it > stayed there then I eventually got disconnected. I then tried using > radpwtst with username plus domain name I got a response of no reply for > access request. I have done everything in the Ipass documentation and > the radiator documentation I now suspecting maybe it is timing issue > with terminal server and the radiator server. > Do you people have any suggestions. It sounds a lot like Radiator was still waiting for a reply from iPASS. Can you send your Radiator config file (no secrets), plus the Radiator log file at trace level 4, showing what is happening during authentication. The iPASS log file may be helpful too. Cheers. > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Philip Buckley -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ipass Problem
Hi Phillip, On May 3, 12:47pm, Phillip Buckley wrote: > Subject: (RADIATOR) Ipass Problem > Hi Everyone, > > > I having a problem installing Ipass for radiator 13.1. > When running the make command to compile the Ipass module it give an > error can anybody help. The error is below. > > > gcc -c -I/usr/ipass/include -I/usr/local/include -DVERSION=\"1.3\" > -DXS_VE > RSION=\"1.3\" -fPIC -I/usr/local/lib/perl5/5.00502/i86pc-solaris/CORE > Ipass.c > gcc: installation problem, cannot exec `cpp': No such file or directory > *** Error code 1 > make: Fatal error: Command failed for target `Ipass.o' That looks to me like your gcc is not installed (or maybe not configured) properly. We got a similar problem recently when we installed gcc binaries on SCO: the cpp and other binaries ended up in /usr/bin instead of /usr/local/bin and gcc could not find them. Hope that helps. Cheers. > > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Phillip Buckley -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.