Hi Tim,
You should use the BindAddress parameter in your radius config file to define this
(note that the AuthBy RADIUS has its own binding, as its a client).
/Ingvar
-Original Message-
From: Timothy G. Wells [mailto:[EMAIL PROTECTED]]
Sent: den 30 april 2002 14:45
To:
There was a discussion on this quite recently, and Hugh's answer was to use a regex,
like /1234|1235/.
/Ingvar
-Original Message-
From: Muhammad Mushtaque [mailto:[EMAIL PROTECTED]]
Sent: den 13 februari 2002 08:19
To: [EMAIL PROTECTED]
Subject: (RADIATOR) CLI facility on more
It's easy, you just define the two AuthBy RADIUS
AuthBy RADIUS
Identifier Rad1
#define host
/AuthBy RADIUS
AuthBy RADIUS
Identifier Rad2
#define host
/AuthBy RADIUS
...
Handler Request-Type = Accounting-Request
AuthBy GROUP
AuthByPolicy ContinueAlways
AuthBy Rad1
AuthBy Rad2
Thanx :)
God knows how long that's been there, I've only just been
assigned this
box...
Thought you said nothing had changed ;-)
/Ingvar
Cheers,
David Napier
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL
Just go ahead and use the AcctLogFileName option, it works.
/Ingvar
-Original Message-
From: Eric Castaneda [mailto:[EMAIL PROTECTED]]
Sent: den 3 oktober 2001 14:41
To: [EMAIL PROTECTED]
Subject: (RADIATOR) AcctLogFileName and AuthBy LDAP2 ??
We are running Radiator
Hello Elias,
You probably need to supply some LDAP admin credentials for the bind, because Radiator
asks for the userpassword.
IMHO, you're better off having the LDAP server check the password, because writing the
admin name and pw in your radius cfg file is both a security problem and an
Hello Quintin,
Isn't this defined in your LDAP schema? I.e. Radiator takes whatever case comes in and
use it in the LDAP search. Then it depends on the LDAP server if wai, WAI and Wai all
match the same entry.
Cheers
-Original Message-
From: Quintin Lam [mailto:[EMAIL PROTECTED]]
Hi Fred,
Have you considered using ServerChecksPassword? By using that, you can remove the
admin password from the config file (and network traffic :).
/Ingvar
-Original Message-
From: Fred Albrecht [mailto:[EMAIL PROTECTED]]
Sent: den 4 september 2001 16:24
To: '[EMAIL
Hi Vadim,
It's either a Cisco or a telco issue, Radiator has no control over this.
Cheers,
Ingvar
-Original Message-
From: Vadim Isakov [mailto:[EMAIL PROTECTED]]
Sent: den 5 september 2001 05:03
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Calling-Station-Id
Hi all,
We are
Hi Julio,
We have a configuration with separate processes for authentication and accounting,
running on an Enterprise 420 box. Authentication uses iPlanet Directory 4.x, and
accounting is both to local file and to another radius server. With only
authentication, we have around 80 auths/sec,
When it comes to LDAP performance, that might depend on what server you use. The
iPlanet Directory caches the whole user entry, so getting one or two extra attributes
from it wont do much difference. OTOH, if you actually search the directory for a
non-indexed attribute the pereformance will
Still TBD, so that's why we have all these VSAs :-(
(All the standard attibutes are listed in RFCs 2865, 2866)
/Ingvar
-Original Message-
From: Michael Chen [mailto:[EMAIL PROTECTED]]
Sent: den 18 mars 2001 17:29
To: [EMAIL PROTECTED]
Subject: (RADIATOR) IETF specific attribute for DNS
You can take care of the accounting first in a
Handler Request-Type = Accounting-Request
Then you have an unconconditional handler that picks up what's left, i.e.
authentication requests.
And while you're at it, you might consider splitting into two processes, one for
authentication
I must admit that I don't see the connection, but if you want to let anyone
in:
AuthBy TEST would do it for you. If you have SQL accoutning, you could
keep it in a Handler Request-Type = Accounting-Request and then have the
AuthBy TEST in a subsequent handler.
HTH,
Ingvar
-Original
Are you sure you don't get CHAP password from the NAS?
/Ingvar
-Original Message-
From: Frederic Gargula [mailto:[EMAIL PROTECTED]]
Sent: den 7 februari 2001 16:26
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Robin Gruyters; Claude Iyi Dogan
Subject: (RADIATOR) LDAP with MIMEBASE64 and
Julio,
You might try some "-timeout N" to allow for proper sequencing, i.e. wait
for the Access-Accept before sending the accounting start.
/Ingvar
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: den 2 februari 2001 09:05
To: [EMAIL PROTECTED]
Subject: RE:
Hello Hugh,
Wouldn't it be nice with some "generic" solution to this generic problem? I.e. handle
RADIUS primary/secondary and LDAP primary/secondary in a similar way.
Some configurable time before Radiator tries the primary server again will help the
performance problem Andy is indicating,
It seems to me that a radius server would be one of the components in an EAP
system:
http://search.metacrawler.com/crawler?general=Extensible+Authentication+Prot
ocol
For some unknown reason, the rfc (2284) assumes that CHAP is more secure
than PAP so you must use CHAP.
/Ingvar
-Original
I recall someone giving a description of this several months ago = go dig
the archives ;-)
/Ingvar
-Original Message-
From: Jesús M Díaz [mailto:[EMAIL PROTECTED]]
Sent: den 1 december 2000 09:17
To: [EMAIL PROTECTED]
Subject: (RADIATOR) running radiator as non root
how can i run
Hello Camil,
You have the list at
http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
/Ingvar
-Original Message-
From: Camil Samaha [mailto:[EMAIL PROTECTED]]
Sent: den 30 november 2000 18:59
To: [EMAIL PROTECTED]
Subject: (RADIATOR) vendor codes
Does anyone know where I
AFAIK you configure your NAS to use CHAP, then Radiator will understand what
to do when the CHAP-Password etc comes.
/Ingvar
-Original Message-
From: Camil Samaha [mailto:[EMAIL PROTECTED]]
Sent: den 30 november 2000 23:53
To: [EMAIL PROTECTED]
Subject: (RADIATOR) CHAP, HOWTO
This is
Hello Janet,
From what I know about DSL (about $0.02), it is the DSLAM that acts as the
NAS. I.e. you should configure the DSLAM as your radius client. Anyway, who
cares? All you need to know is the IP address and thesharedsecret of
whatever is acting radius client ;-)
/Ingvar
-Original
Hakim,
Both Cisco and Tigris are covered by the standard "dictionary" file.
/Ingvar
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
I think the hook belongs to the Realm and Handler statements.
/Ingvar
-Original Message-
From: Lisa Goulet [mailto:[EMAIL PROTECTED]]
Sent: den 17 november 2000 16:22
To: [EMAIL PROTECTED]
Subject: (RADIATOR) PreHandlerHook
Hi all,
I've implemented a PreHandlerHook for filtering out
Sure, you just start you config file with
AuthPort
AcctPort 1813
and you have an accounting-only server.
/Ingvar
-Original Message-
From: Blake Golliher [mailto:[EMAIL PROTECTED]]
Sent: den 3 november 2000 03:21
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) stand alone accounting
This is what you can do if you authenticat using some LDAP variant:
AuthBy LDAP
# This will check Calling-Station_id against
# LDAP attribute mobile
Identifier Check-LDAP-mobile
Host ldap.your.domain
AuthDN cn=Directory Manager
AuthPassword
Mike Hugh use to recommend the LDAPSK module you can get from ActiveState.
It should work with LDAP v.3, and you use AuthBy LDAPSDK
HTH,
/Ingvar
-Original Message-
From: Lina NAKHLE [mailto:[EMAIL PROTECTED]]
Does Radiator on Win NT work with LDAP Server-side 3 (MCIS LDAP)?
If
This is a stupid behaviour that also Cisco boxes has. In the Cisco case you can
configure it to either send an update packet when the PPP negotiations are finally
done, or delay the start packet til the same point in time.
Guess there is a similar possibility with Bay?
/Ingvar
-Original
How to implement it depends on what user db you have, Hugh will probably give you the
full answer tomorrow. If you AuthBy LDAP, then you specify a search filter to define
what user attribute should match Calling Line ID. Flat file is also real simple and
(I'm guessing here) also SQL.
Reading
From: Gildas PERROT [mailto:[EMAIL PROTECTED]]
- only Insert in RADONLINE for Alive packets and not Start
packets (I am
using Cisco AS and IP is not present in Start but Alive packets)
You can also configure the Cisco box to delay the accounting start until it
has finished the client
-Original Message-
From: Benny Chee [mailto:[EMAIL PROTECTED]]
Sent: den 9 oktober 2000 15:15
To: [EMAIL PROTECTED]
Subject: (RADIATOR) AuthBy LDAP - compare ldap attributes with regex
hi,
--- snip ---
Also, is it possible to put another ldap inside the
same AuthBy
What is the best way to write a Handler for requests containing a particular
attribute, regardless of its value?
Like Handler attribute-x=/*/
Any suggestions?
/Ingvar
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL
To me this sounds like a warning message from the Ericsson Tigris, meaning that any
more users recieve a busy signal when they try to connect. Time to expand the Tigris
with more HW :)
The Radiator license is not based on number of users.
/Ingvar
-Original Message-
From: Hakim
How would you handle routing with a common IP pool across several NASs?
/Ingvar
-Original Message-
From: FlintHillsTechnical Support [mailto:[EMAIL PROTECTED]]
Sent: den 19 augusti 2000 02:48
To: [EMAIL PROTECTED]
Subject: (RADIATOR) assigning ip addresses from a common pool
Are you running the AuthBy RADIUS synchronous, i.e. not forking? I think the default
is async.
Cheers
Ingvar
-Original Message-
From: Orcon Network Coordinator, Mark Mackay
[mailto:[EMAIL PROTECTED]]
Sent: den 11 augusti 2000 07:46
To: [EMAIL PROTECTED]
Subject: (RADIATOR)
--Original Message-
From: Antonio Coloma [mailto:[EMAIL PROTECTED]]
Sent: den 28 juli 2000 09:16
To: Ingvar Berg (ERA)
Subject: Re: (RADIATOR) Radiator under Sun Cluster 2.2
Hi Ingvar,
We have running Radiator with Sun Cluster 2.2. Our
conf is this:
2 machine
Radiator itself doesn't need SunCluster. If you want to combine several servers you
can use Alteon Webswitches to do load balancing and also acheive high availability.
/Ingvar
-Original Message-
From: Stefanita Vilcu [mailto:[EMAIL PROTECTED]]
Sent: den 25 juli 2000 11:44
To:
BTW - SQL databases are *much* better for managing user populations.
And the next quantum leap in this particular area is called Directory, with an LDAP
interface.
:-)
Ingvar
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email
-Original Message-
From: Charles Sprickman [mailto:[EMAIL PROTECTED]]
SNIP -
What I'd like to see is an option in the password logging to only log
failed attempts showing the username, time, and the password the
user entered. This would be a wonderful tool to give my
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Hello David -
On Wed, 21 Jun 2000, David Rigby wrote:
Hi
We've been using Radiator for a while in conjunction with
ACC/Ericsson
Tigris RAS devices for some time, allocating the IP address from the
Tigris. However, I have reciently
I checked around a bit...
-Original Message-
I have spoken to the ACC support team.
They had another customer trying to do this using Radiator.
This customer also had problems.
The fix was to upgrade Radiator to the latest level of code
and all works well now.
Tigris conforms
-Original Message-
From: tom minchin [mailto:[EMAIL PROTECTED]]
Sent: den 28 april 2000 05:16
To: Mark Jenks
Cc: '[EMAIL PROTECTED]'
Subject: Re: (RADIATOR) Prepaid services
On Fri, Apr 28, 2000 at 09:23:41AM +1200, Mark Jenks wrote:
I have radiator working for pre paid and
I had a similar problem, that was "cured" by HoldServerConnection in the AuthBy clause.
But I think that was just fixing the symptom, not the root problem.
/Ingvar
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: den 11 april 2000 09:59
To: Taufik Kurniawan;
1. Use the date as part of the file name (Y/M or Y/M/D depending on your needs).
2. cron gzip the old files
3. ftp the really old files to archie
/Ingvar
-Original Message-
From: kailash [mailto:[EMAIL PROTECTED]]
Sent: den 7 april 2000 00:51
To: radiator
Subject: (RADIATOR) How to
I assume that 24 is for a T1 line, so with E1 lines it would be 30?
/Ingvar
-Original Message-
From: Mike McCauley [mailto:[EMAIL PROTECTED]]
Sent: den 29 mars 2000 03:27
To: Aaron Nabil; Stephen Roderick
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) TotalControlSNMP
Hi Aaron,
I've read in the docu that CHAP will not work when using
encrypted passwords (which is what I have in LDAP)
That's correct, you'll have to un-encrypt the passwords
in LDAP or use PAP. If you require encrypted passwords in
LDAP, you should disable CHAP on the Cisco.
The really big
Umar,
The file dictionary.acc contains some ACC Tigris specific attributes. However, I don't
think that is your problem; it should be enough to turn on accounting from the Tigris,
as Radiator uses the standard attributes in the Stop packets for session termination.
/Ingvar
-Original
Hello Josafat
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: den 12 oktober 1999 08:06
To: Josafat Timotius
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Remote Annex 6300
Hello Josafat -
On Tue, 12 Oct 1999, Josafat Timotius wrote:
Hi Hugh ,
There was aproblem to unpack when you had used a particular browser (NS or MS, can't
remember), so I used wget to download.
/Ingvar
-Original Message-
From: Peter van Loenhout [mailto:[EMAIL PROTECTED]]
Sent: den 30 augusti 1999 11:15
To: [EMAIL PROTECTED]
Subject: (RADIATOR)
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
On Tue, 31 Aug 1999, Robert Mann wrote:
This is the last portion of my config file. The result I
am looking for is
as follows.
We want to authenticate until we have an accept. We have
two ISP's so what
In rfc2138 (5.33) it is defined as Proxy-State, and can contain just about anything :-)
/Ingvar
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: den 27 augusti 1999 04:30
To: John Coy; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) messages in my logfile
Hi
I think this is what you will get with AuthByTEST
/Ingvar
-Original Message-
From: Greg Kornatowsky [mailto:[EMAIL PROTECTED]]
We want to setup radiator so that all users get authenticated
regrdless of
what password or username they enter. We also want to accounting. So
-Original Message-
From: Bill [mailto:[EMAIL PROTECTED]]
Is there a way to log these failed auth attempts? It'd be nice to
also have the option of logging what was entered as the password
for failed auths. (only for failed auths, not for successfull
auths too).
There is a
Maybe there is some nice filter plug-in for the mail-list sw? There SHOULD be...
/Ingvar
May I please just take a moment to ask folks to please *not* post to
this list in HTML?
use standard-no-html.pl
A lot of us using Radiator don't read email via HTML-enabled mail
clients...
===
It is probably easier to get a fix that allows your POP/IMAP server to authenticate
from an LDAP directory. And Radiator works fine with LDAP.
Regards,
Ingvar
-Original Message-
From: Paul Black [mailto:[EMAIL PROTECTED]]
Sent: den 3 augusti 1999 12:52
To: [EMAIL PROTECTED]
Hi Mike,
Well, credit for reporting the problem goes to Joost, I just added another wish to the
list...
/Ingvar
-Original Message-
From: Mike McCauley [mailto:[EMAIL PROTECTED]]
Sent: den 13 juli 1999 01:28
To: Ingvar Berg (ERA); [EMAIL PROTECTED]
Subject: Re: (RADIATOR
-Original Message-
From: Requiem Aurelien (Ext/NTC)
[mailto:[EMAIL PROTECTED]]
Sent: den 7 juli 1999 11:19
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) Best Nas
Hello
I would like to know the best Nas ( Price/Quality/Features)
This is for testing a Wap Isp plateform.
Wouldn't it be nice to have all the patches in a single file and the correct directory
structure.
Yes, I know I'm lazy :-)
Ingvar
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Hi,
I just moved from testing with flat user file to LDAP with SHA-1 hashed
passwords. And gets stuck without a clue...
Can anyone see the reason for not accepting the password?
/Ingvar
radius.cfg
logfile
Cisco's are very picky about the attributes they receive in
an Access-Accept -
They *require* that the Service-Type in the reply match the
Service-Type in the
request. In the debug output we can see that the Service-Type
= Framed-User
arrives in the Access-Request, but the reply does
60 matches
Mail list logo