Hello,
We have Ascend RASes and I was wondering if anyone with these devices can
clarify something for me.
If I send a Session-Timeout value in my access accept, does this value include
the time it takes for the modem to train and the user to authenticate, or is
the timer started after authentic
Hello,
>From what I can understand, the timestamp used in AuthSQL for accounting is
the Timestamp attribute that is created in the request packet by the current
time minus Acct-Delay-Time.
However, when I have one Radiator proxying to another, the 2nd Radiator ends
up with 2 Timestamp different
Hello,
If I have something like the following in a AuthBy FILE:
DEFAULT Calling-Station-Id = 111, Auth-Type = A
DEFAULT Calling-Station-Id = 111, Auth-Type = B
This seems to do the same behavior as if A and B were in an AuthBy GROUP with
a policy of ContinueUntilAccept. Is it safe to assume th
re to place this information in the
packet, could I do something like the following:
AuthBy %{AuthBy-String}
i.e., get the AuthBy name from the packet?
Viraj.
> On Mon, 3 Jun 2002 23:08, Viraj Alankar wrote:
> > On Mon, Jun 03, 2002 at 05:32:20PM +1000, Hugh Irvine wrote:
Hello,
What would be the proper way to insert the Timestamp from accounting into a
MySQL datetime field? Basically it requires format of '-00-00 00:00:00'
but I cannot seem to figure out how to do this with the date formatting. There
is no format specifier for month with preceeding 0.
Viraj.
ave:
DEFAULT Calling-Station-Id = 111, Auth-Type = Some_SQL
Class = "visp_info"
This config would seem to work for authentication, but for accounting I am
unsure. I think I just need to add 'AuthenticateAccounting' to the AuthBy
FILE.
Viraj.
> On Sun, 2 Jun 2002
On Sat, Jun 01, 2002 at 08:31:07PM -0400, Viraj Alankar wrote:
> I just realized something about my proposed config above, in that DoA and DoB
> will not get accounting. Basically 'DoA' and 'DoB' correspond to 2 different
> virtual ISPs and I need the accounting han
> > Another question I have is using Auth-By in a users file. For example:
> >
> >
> >
> > Filename nas-1.2.3.4
> > >
> >
> > nas-1.2.3.4:
> >
> > DEFAULT Calling-Station-Id = 111, Auth-Type = DoA
> >
> > DEFAULT Calling-Station-Id = 222, Auth-Type = DoB
Hello
Hello,
I am trying to determine what's the best way to pass information between 2
Radiator's, one proxying requests to the other. For example, say I have
Radiator A proxying requests to Radiator B. I would like to pass some request
specific information from A to B, such as a VISP ID. I thought of
Hello,
I am wondering what's the best design for a high volume radius system. We are
looking at on the order of 100-150 requests/second (auth+acct) on average.
Does anyone here have a load balancing system setup? If so, I'd appreciate any
tips on how you set this up.
After using Radiator for qui
Hello,
I'm sort of confused whether this is possible or not:
Can I authenticate from a Linux Radiator to a Windows 2000 Active Directory
server?
I'm wondering if anyone has this working on unix and could give me an example.
Or do I need to run Radiator on a Windows 2000 and use the ADSI module?
On Fri, Feb 15, 2002 at 09:38:37AM -0500, Viraj Alankar wrote:
> Now I was able to get it working with the following config. However, it
> appears the select query is still called twice when the callerid doesn't exist
> in the table. Basically in this config I took out
FILE looks for match with DEFAULT1
Fri Feb 15 09:36:48 2002: DEBUG: Radius::AuthFILE ACCEPT: Accept explicitly by
Auth-Type=Accept
Fri Feb 15 09:36:48 2002: DEBUG: Handling with Radius::AuthFILE: Users_File
Fri Feb 15 09:36:48 2002: DEBUG: Radius::AuthFILE looks for match with [EMAIL PROTECTED]
Fr
On Thu, Feb 14, 2002 at 11:01:08AM +1100, Hugh Irvine wrote:
>
> Hello Viraj -
>
> You have to do this with different AuthBy clauses, something like this:
>
> # define AuthBy clauses
>
>
> Identifier CheckNumber
> .
> AuthSelect select ACTION from BLACKLIST \
>
Hello,
I'm trying to setup Radiator to do the following:
if access request's Calling-Station-Id exists in a callerid SQL table
reject the request
else
authenticate with a FILE
What would be the simplest way to do this? Note I am not authenticating via
SQL, but only checking a ca
Hello,
Is there a functional difference between the following:
...
AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0, User-Password, check
and this:
...
AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
- Forwarded message from Viraj Alankar <[EMAIL PROTECTED]> -
Date: Thu, 6 Sep 2001 12:36:55 -0400
From: Viraj Alankar <[EMAIL PROTECTED]>
To: Amit Anand <[EMAIL PROTECTED]>
Subject: Re: (RADIATOR) Forced URL
On Thu, Sep 06, 2001 at 11:15:08AM -0400, Amit Anand wrote:
&
On Thu, Sep 06, 2001 at 11:15:08AM -0400, Amit Anand wrote:
> Hello all:
>
> I was wondering if there is a way within Radius to make users goto a
> particular URL after they have been authenticated. Sort of like a filter
> designed to make people visit a certain website first, and then after they
Hello,
I recently lost some sleep over a problem with a Ascend/Lucent APX. Maybe
someone else here can advise (or take heed).
One night the APX suddenly started sending authentication requests for
frdlink-*, ipxroute-*, appleroute, and other nonsense. Well in our case
authentication for this R
27;Timeout 10' for these SQL AuthBy's. The reason for the SQL
timeout is that the database is overloaded during these times.
Any help appreciated.
Viraj.
On Thu, Jun 28, 2001 at 09:46:53AM -0400, Viraj Alankar wrote:
>
> Hello,
>
> We are using v2.18.1 on Linux x86. W
Hello,
I'm trying to setup different replies based on different check items in a
users file:
joe Password = "test", Client-Identifier = "ROUTER1"
Service-Type = "Administrative-User",
joe Password = "test", Client-Identifier = "ROUTER2"
Service-Type = "Login-User"
In m
Hello,
We are implementing many AuthBy's in Handlers. Currently, I believe
AcctLogFilename can only be specified at the Handler level. However, what we
are trying to do is have different AuthBy's have different AcctLogFilename's.
Is this possible? It seems so when using SQL accounting, s
On Sun, Jul 08, 2001 at 02:31:15AM +0800, Miguel A.L. Paraz wrote:
> On Sun, Jul 08, 2001 at 03:17:38AM +1000, Hugh Irvine wrote:
> > You should always have your main Radiator hosts behind a firewall of
> > some sort, and you should also use packet filters to limit which
> > hosts and/or NAS's a
is captured by
> restartWrapper?
I do not have a copy at hand, but basically there was no output and it was
and error return code of 0. I will send an exact copy once it happens
again.
Thanks,
Viraj.
> At 9:46 AM -0400 6/28/01, Viraj Alankar wrote:
> >Hello,
> >
> > We are using
Hello,
We are using v2.18.1 on Linux x86. Whenever there is a SQL
timeout, the Radiator process just exits.
Thu Jun 28 08:57:40 2001: ERR: Execute failed for 'select ...': SQL Timeout
It then exits with error code 0. We have the restart_wrapper in place
which restarts it, but is there
Hello,
Watching authentication requests from our Ascend RASes show that
the Acct-Session-Id is in the auth request packet, as well as the
accounting start and stop. I noticed that radpwtst does not send
Acct-Session-Id in the auth request.
I would like if all RASes send the Acct
Hello,
I don't think this is currently available in Radiator, but it
would be very useful to have a Trace 4 show Identifier strings in the
logfile when entering different AuthBy's. Sometimes it is hard to tell
which AuthBy is being executed when there are many of them being done in a
seq
Hello,
We were having some difficulty using Oracle stored procedures with
Radiator (and DBI in general). Maybe some of this is helpful to others,
but we found that we couldn't use 'exec' in the DBI query. It seems 'exec'
may be something specific to Sqlplus, but I'm not sure. Anyhow, we
Hello,
We are using v2.18.1 on Linux. We have some problems using %u/%n
in the AuthLog SQL statements, where if '@' exists in the username the
query is blank. I noticed some discussion about this problem in v2.17.1,
as well as a patch for it, but is it fixed in 2.18.1?
Also, is
Hello,
I've written a patch for radstock (the very useful radius packet
analyzer) to show user's passwords (Attribute #2) and/or filter based on
this. It is available here in case anyone is interested:
http://www.bigfoot.com/~valankar/
Viraj.
===
Archive at http://www.open.com.au/arch
Hello,
I was wondering if it is possible to do something like the
following in any way:
...
...
That is, to provide a drill-down like configuration.
Thanks,
Viraj.
===
Archive at http://www.open.com.au/arc
Hello,
I have a quick question on the regular expression parsing in
radiator. Say I have something like this:
Is it correct that the . needs to be escaped (\.) to correctly
match the IP?
Viraj.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTEC
Hello,
We recently switched from Solaris to Linux running Radiator. At
some point, the radiusd process on the Linux box goes to 99% CPU usage and
becomes sluggish when responding to auth/acct. It does respond, but
definitely alot slower than it should.
'top' shows me:
PID USER PR
wrote:
>
> Hello Viraj -
>
> On Wed, 29 Nov 2000, Viraj Alankar wrote:
> > Hello,
> >
> > I am noticing in my logs warnings similar to:
> >
> > WARNING: Bad authenticator in request from 1.2.3.4
> >
> > The manual suggests that if I am gettings
Hello,
I am noticing in my logs warnings similar to:
WARNING: Bad authenticator in request from 1.2.3.4
The manual suggests that if I am gettings these, my accounting
requests are not being store, and authentications are OK, to try
IgnoreAcctSignature. However, I am getting acc
Hugh Irvine wrote:
>
> Hello Matthias -
>
> On Tue, 10 Oct 2000, Matthias Fechner (Temp) wrote:
> > Hi,
> >
> > i want to integrate a complete fallback, if the database isn't working like
> > client-auth, user-auth or accounting radiator should be use flatfiles. If
> > accounting cannot be write
Hello,
I am inheriting AuthFILE to create a modified version. I have the
following at the top of my .pm file:
package Radius::AuthFILE_AND_LOG;
use Radius::AuthFILE;
use strict;
use vars qw($VERSION @ISA);
BEGIN
{
@ISA = qw(Radius::AuthFILE);
}
My question is do I have to
Hello,
We have a situation where we would like to attempt authentication
via SQL and if that fails, to log the attempt, and send an access accept
anyhow. Basically it will be free authentication, but I'd like to know
what requests would have failed.
What I have currently in my c
Hello,
We're using 2.16.1 on Solaris and I'm noticing a strange problem
with Client-Identifier in a Handler clause. In my clients list I have
something similar to:
Identifier BO_LAPAZ_RAS1
Secret blah
And my Handler:
...
However, watching a trace 4 shows that it passing over
Hello,
This may be a silly question, but what is the correct procedure for
applying patches? If I'm installing from scratch do I just copy the .pm
files to the 'Radius' directory from the source archive?
If Radiator is already installed, do I just copy over the .pm files in
the
Hello,
We have about 200 RASes in our clients file. I would like to restrict
certain realms to a group of RASes only. One solution I see is to use
NAS-Address-Port-List in each of my handlers. This would be fine, but
I'd have to duplicate the RASes in the clients list in the portlist
fil
Hello,
We are running Radiator and there is another radius server proxying us
auth/accounting for certain realms.
I would like Radiator to only accept auth/accounting from this server
for specified realms, and ignore everything else. I'm trying to find the
best way to put this i
Hugh Irvine wrote:
>
> Hello Mark -
>
> On Sat, 28 Oct 2000, Mark Brettin wrote:
> > I'm having a problem with records being 'stuck' in the RADONLINE
> > table when user's disconnect. Then when they try to reconnect
> > they get rejected because it appears they are still online.
> > Has anyone
Hello,
Recently, I tried increasing my Trace level from 2 to 4 in my config
file and then sent a HUP to radiator. It died with the following error.
We are using v2.16.1 on Sparc Solaris 2.7. Let me know if I can provide
more information. It is difficult to duplicate, however it happens to
Hello,
We are using Radiator 2.16.1 on Solaris SPARC. For some reason I
cannot get StripFromReply to remove a certain reply item:
Ascend-Assign-IP-Pool
All of my other reply item stripping works fine. Is there some
reason it would not work for this attribute?
Also, is
Hello,
We are receiving alot of these in our logs:
Thu Sep 14 15:17:46 2000: ERR: Attribute number 66 (vendor 529) is not
defined in your dictionary
Thu Sep 14 15:17:46 2000: ERR: Attribute number 67 (vendor 529) is not
defined in your dictionary
I wasn't able to find these in
23:29:45 2000: DEBUG: Deleting session for blah@blah, 5.6.7.8, 21
Thu Sep 7 23:29:45 2000: INFO: AuthTEST handle_request: Received from 5.6.7.8 port
1026
Thu Sep 7 23:29:45 2000: DEBUG: Access accepted for blah@blah
Thu Sep 7 23:29:45 2000: DEBUG: Packet dump:
*** Sending to 5.6.7.8 port 1026 ..
ity B, which logs locally, then forwards to City A. City A then logs the
accounting locally and forwards it back to City B, which from the:
And then depend on the proxied back accounting for local storage?
Thanks.
Viraj.
>
>
> Hopefully you get the idea. If you have problems, please f
On v2.16.3, I just noticed that if I have a:
in the configuration file, startup Radiator, then remove the clause and send a SIGHUP, it appears to still be in the
configuration.
I'm not sure if it is a bug or not, but I was thinking HUP would first
remove the current config and reload from th
Hello,
We have a situation in which we have 2 Radiator servers setup, one
in city A and one in city B. Our goal is the following:
Users authenticating in city A authenticate and store accounting locally,
but also forward accounting to city B.
Users with realms from city A can login to
50 matches
Mail list logo