Re: (RADIATOR) ipass problem
Hello Tunde -
If you want Radiator to allocate IP addresses for IPASS requests, you
will need to use a ReplyHook in the AuthBy RADIUS clause. There is an
example showing how to do this in the file "goodies/hooks.txt".
regards
Hugh
On Tuesday, Dec 3, 2002, at 04:39 Australia/Melbourne, Ayotunde Itayemi
wrote:
Hi Hugh,
Finally getting near UHURU!
I found out from IPASS that they don't support chap and all the while
my
test NAS (a patton) was set to use text or pap or chap!
So, the test worked after changing the NAS to "textORchap"
OK. New problem. Given my radius config file which I sent to you in
my last mail.
HOW DO I, get IPs to be allocated based on the NAS to which say an
IPASS
roaming client dials into?
At the moment, radiator is allocating IPs to my Windows NASes and the
patton boxes are configured to allocate IPs from pools defined on them.
How can I get the pattons to still allocate IPs (not minding whether
the
client is
local or a IPASS client) and still allow radiator to allocate IPs if
the
IPASS client
dials into one of my Windows servers?
Regards,
Tunde I.
- Original Message -
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Ayotunde Itayemi" <[EMAIL PROTECTED]>
Sent: Saturday, November 30, 2002 12:16 AM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
Thanks for sending the files.
The Radiator log file shows that you are sending the access request to
IPASS, but that you are getting an access reject back from them. You
will need to check with IPASS to see what is happening at their end.
regards
Hugh
On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
Itayemi wrote:
Hi Hugh,
Please find attached the following files:
radius.cfg (my full config file with no passwords)
cmdtest.txt (test carried out with test credentials from ipass using
the
command line tester that comes with ipass
netserver)
logfile.txt (radius logfile after attempting access twice via the NAS
80.247.140.30)
Hope to hear from you soon.
Regards,
Tunde I.
- Original Message -
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Ayotunde Itayemi" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, November 28, 2002 11:28 PM
Subject: Re: (RADIATOR) ipass problem
Hello Tunde -
I will need to see a trace 4 debug from Radiator showing what happens
in both cases.
regards
Hugh
On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde
Itayemi
wrote:
Hi Hugh, Hi All,
I am testing my config for ipass. I have used ipass' own config
checker
from the prompt of my radiator server, and I was able to
authenticate
the
username/password given to me by ipass.
But dialing into one of the NASes on my network with the same
credentials
results in a "request denied" . Any help would be appreciated.
My config:
===
Secret asecret
DupInterval 0
NasType Patton
SNMPCommunity patt222
Identifier viruse1
IdenticalClients 80.4.4.61 80.4.4.92
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
# ipass client for VNAS (incoming roamers)
Secret asecret
Identifier ipassclient
IdenticalClients 63.4.4.212
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
# === AUTH BYs =
## proxy radius for IPASS
Identifier ipassNetserver
Host 63.4.4.212
Secret asecret
AuthPort 11812
AcctPort 11813
# AddToRequest NAS-IP-Address=%N
AddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
#=== HANDLERs
AcctLogFileName %L/ipass/detail
RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
# MaxSessions 1
AuthBy ipassNetserver
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
# MaxSessions 1
# Show rejection reason to users
RejectHasReason
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
# AuthBy pattonIPADDRESSauth
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywher
Re: (RADIATOR) ipass problem
Hi Hugh,
Finally getting near UHURU!
I found out from IPASS that they don't support chap and all the while my
test NAS (a patton) was set to use text or pap or chap!
So, the test worked after changing the NAS to "textORchap"
OK. New problem. Given my radius config file which I sent to you in
my last mail.
HOW DO I, get IPs to be allocated based on the NAS to which say an IPASS
roaming client dials into?
At the moment, radiator is allocating IPs to my Windows NASes and the
patton boxes are configured to allocate IPs from pools defined on them.
How can I get the pattons to still allocate IPs (not minding whether the
client is
local or a IPASS client) and still allow radiator to allocate IPs if the
IPASS client
dials into one of my Windows servers?
Regards,
Tunde I.
- Original Message -
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Ayotunde Itayemi" <[EMAIL PROTECTED]>
Sent: Saturday, November 30, 2002 12:16 AM
Subject: Re: (RADIATOR) ipass problem
>
> Hello Tunde -
>
> Thanks for sending the files.
>
> The Radiator log file shows that you are sending the access request to
> IPASS, but that you are getting an access reject back from them. You
> will need to check with IPASS to see what is happening at their end.
>
> regards
>
> Hugh
>
>
> On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
> Itayemi wrote:
>
> > Hi Hugh,
> > Please find attached the following files:
> > radius.cfg (my full config file with no passwords)
> > cmdtest.txt (test carried out with test credentials from ipass using
> > the
> > command line tester that comes with ipass
> > netserver)
> > logfile.txt (radius logfile after attempting access twice via the NAS
> > 80.247.140.30)
> >
> > Hope to hear from you soon.
> >
> > Regards,
> > Tunde I.
> >
> > - Original Message -
> > From: "Hugh Irvine" <[EMAIL PROTECTED]>
> > To: "Ayotunde Itayemi" <[EMAIL PROTECTED]>
> > Cc: <[EMAIL PROTECTED]>
> > Sent: Thursday, November 28, 2002 11:28 PM
> > Subject: Re: (RADIATOR) ipass problem
> >
> >
> >
> > Hello Tunde -
> >
> > I will need to see a trace 4 debug from Radiator showing what happens
> > in both cases.
> >
> > regards
> >
> > Hugh
> >
> >
> > On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi
> > wrote:
> >
> >> Hi Hugh, Hi All,
> >>
> >> I am testing my config for ipass. I have used ipass' own config
> >> checker
> >> from the prompt of my radiator server, and I was able to authenticate
> >> the
> >> username/password given to me by ipass.
> >>
> >> But dialing into one of the NASes on my network with the same
> >> credentials
> >> results in a "request denied" . Any help would be appreciated.
> >>
> >> My config:
> >>
> >> ===
> >> Secret asecret
> >> DupInterval 0
> >> NasType Patton
> >> SNMPCommunity patt222
> >> Identifier viruse1
> >> IdenticalClients 80.4.4.61 80.4.4.92
> >> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
> >>
> >>
> >> # ipass client for VNAS (incoming roamers)
> >> Secret asecret
> >> Identifier ipassclient
> >> IdenticalClients 63.4.4.212
> >> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
> >>
> >> # === AUTH BYs =
> >> ## proxy radius for IPASS
> >>
> >> Identifier ipassNetserver
> >> Host 63.4.4.212
> >> Secret asecret
> >> AuthPort 11812
> >> AcctPort 11813
> >> # AddToRequest NAS-IP-Address=%N
> >> AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N
> >>
> >> #=== HANDLERs
> >>
> >> AcctLogFileName %L/ipass/detail
> >> RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
> >> # MaxSessions 1
> >> AuthBy ipassNetserver
> >>
> >>
> >> AuthByPolicy ContinueWhileAccept
> >> RewriteUsername s/^([^@]+).*/$1/
> >> RewriteUsername tr/A-Z/a-z/
> >> UsernameCharset a-zA-Z0-9\._@-
> >> AcctLogFileName %L/account.log
> >> PasswordLogFileName %L/password.log
> >> SessionDatabase SDB1
> >> AuthBy SQLClientauth
> >> StripFromReply Framed-IP-A
Re: (RADIATOR) ipass problem
Hello Tunde -
I will need to see a trace 4 debug from Radiator showing what happens
in both cases.
regards
Hugh
On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde Itayemi
wrote:
Hi Hugh, Hi All,
I am testing my config for ipass. I have used ipass' own config checker
from the prompt of my radiator server, and I was able to authenticate
the
username/password given to me by ipass.
But dialing into one of the NASes on my network with the same
credentials
results in a "request denied" . Any help would be appreciated.
My config:
===
Secret asecret
DupInterval 0
NasType Patton
SNMPCommunity patt222
Identifier viruse1
IdenticalClients 80.4.4.61 80.4.4.92
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
# ipass client for VNAS (incoming roamers)
Secret asecret
Identifier ipassclient
IdenticalClients 63.4.4.212
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
# === AUTH BYs =
## proxy radius for IPASS
Identifier ipassNetserver
Host 63.4.4.212
Secret asecret
AuthPort 11812
AcctPort 11813
# AddToRequest NAS-IP-Address=%N
AddToRequest Called-Station-Id=%{Called-Station-Id}, NAS-IP-Address=%N
#=== HANDLERs
AcctLogFileName %L/ipass/detail
RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
# MaxSessions 1
AuthBy ipassNetserver
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._@-
# MaxSessions 1
# Show rejection reason to users
RejectHasReason
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
# AuthBy pattonIPADDRESSauth
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ipass Problem
Hi Philip, On May 17, 3:13pm, Philip Buckley wrote: > Subject: (RADIATOR) Ipass Problem > Hi everyone, > > > I got the Ipass module for radiator compiled and > installed. I have also run test.pl that comes with radiator Ipass > module, I changed the user name and password that went though ok all > six stages. I then edit the radius.cfg to default authentication to > ipass. The final test was to dial up to my modem bank to get > authenticated via ipass I did this but all that happen was that it > stayed there then I eventually got disconnected. I then tried using > radpwtst with username plus domain name I got a response of no reply for > access request. I have done everything in the Ipass documentation and > the radiator documentation I now suspecting maybe it is timing issue > with terminal server and the radiator server. > Do you people have any suggestions. It sounds a lot like Radiator was still waiting for a reply from iPASS. Can you send your Radiator config file (no secrets), plus the Radiator log file at trace level 4, showing what is happening during authentication. The iPASS log file may be helpful too. Cheers. > > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Philip Buckley -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Ipass Problem
Hi Phillip, On May 3, 12:47pm, Phillip Buckley wrote: > Subject: (RADIATOR) Ipass Problem > Hi Everyone, > > > I having a problem installing Ipass for radiator 13.1. > When running the make command to compile the Ipass module it give an > error can anybody help. The error is below. > > > gcc -c -I/usr/ipass/include -I/usr/local/include -DVERSION=\"1.3\" > -DXS_VE > RSION=\"1.3\" -fPIC -I/usr/local/lib/perl5/5.00502/i86pc-solaris/CORE > Ipass.c > gcc: installation problem, cannot exec `cpp': No such file or directory > *** Error code 1 > make: Fatal error: Command failed for target `Ipass.o' That looks to me like your gcc is not installed (or maybe not configured) properly. We got a similar problem recently when we installed gcc binaries on SCO: the cpp and other binaries ended up in /usr/bin instead of /usr/local/bin and gcc could not find them. Hope that helps. Cheers. > > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Phillip Buckley -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
