table in
database and then get the result of it (SESSIONLIMIT) and assigned it as a
value on Session-Timeout
is it wrong? or do you have any suggestions
thanks so much
lloyd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '
hello,
just wanna ask what does this mean in the log file?
this is trace 4 by the way
Mon Oct 22 14:56:17 2001: ERR: Bad attribute=value pair: 116000
Mon Oct 22 14:56:17 2001: ERR: Bad attribute=value pair: 72000
lloyd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on
hello,
just wondering if RADIATOR can send a signal to NAS to disconnect a
particular usercan RADIATOR do that? if yes , how?
= )
thanks
lloyd
inter.net philippines incorporated
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe
AcctColumnDef USERID, Class
...
...
or is there a better way to do it?
thanks
lloyd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator'
researching on it
thanks
lloyd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
hello,
i just want to know if SMS service can be incorporated to RADIATOR, if yes
how or what do we need
thanks
lloyd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiat
hello,
have a question, if we are proxying to another radius server and we want to
have accounting on us, do we have to forward accounting to them before
proxying of not? which is better (forward accounting or not) if we are
proxying to another server ?
thanks so much
lloyd dagoc
===
Archive
whenever a usage entry is inserted in my table...how do i do this?
thanks = )
lloyd
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
of the user in our
RADONLINE database? any ideas?
thanks
lloyd dagoc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
hi there,
does anyone know if it is possible to have 2 AccountingTable defined
tables in a default handler??? we want to do this cause we are trying to
store different data on different tables...is it possible??
thank you so much!!!
Lloyd Dagoc
Consulting Engineer
InterDotNet Philippines Inc
me %d/Called-Station-ID
Identifier radiusproxy>
Host ***.***.***.***
Secret **
AuthPort
AcctPort
AuthByPolicy ContinueAlways
AuthBy calledstationid
AuthBy radiusproxy
Lloyd Dagoc
InterDotNet Philippines Inc.
===
On Fri, 13 Jul 2001, Jeremy Bushman wrote:
> I am having some problems getting our new MegaPOP sites to auth users.
> The problem is that the username makes it ok, but the password shows
> up as a bunch of garbage.
99.999% of the time, garbled password == unmatched secrets.
Some NASes don't see
mean how do we reject
completely a usersay for
exampleNOT BINDING TO AN AUTHPORT OR NOT BINDING TO AN ACCTPORT?
that's all i guess
thank you
hope you can reply soon
Lloyd Brian V. Dagoc
Consulting Engineer
InterDotNet Philipines Incorporated
===
Archive at http://www.open.com.au/arc
On Tue, 13 Mar 2001, Jamie Orzechowski wrote:
> Hello ... I am noticing a bunch of "Alive" records in my details log ... is
> there any way to disable these? .. I only want start / stop ... or is this a
> setting in my NAS?
It's a setting in the NAS.
You *could* use a to filter them but... yuc
Toni Riekkinen wrote:
> Hi,
>
> I'm using for failed logins and I'd like to insert caller's
> phone number into database too, is it possible?
Sure, just put %{Calling-Station-Id} into one of your columns. You can
actually use any attribute that comes in the access-request.
- D
<[EMAIL PROTE
Carlos Canau wrote:
>
> On Fri, Dec 08, 2000 at 08:33:11AM -0600, Dave Lloyd wrote:
> > Mike McCauley wrote:
> >
> > > > Hi,
> > > >
> > > > Could someone please confirm me that the new feature on
> > > >2.17.1, AuthLog do
Mike McCauley wrote:
> > Hi,
> >
> > Could someone please confirm me that the new feature on
> >2.17.1, AuthLog doesn't work inside a ... It seems to
> >me that in Handler.pm:
> >
> >line 572:if ($handled == $main::ACCEPT)
> >
> > $handled is allways 2, $main::IGNORE.
> >
> > The
Hugh Irvine wrote:
>
> Hi Dave -
>
> Thanks for the suggestion - passed to Mike.
>
> And as it happens, Mike has already developed a load balancer module
> for Hydraweb that does exactly what you describe.
Cool, as soon as I get that version I'll add a Checkpoint Firewall load
balancer. :-)
-
First the suggestion... regarding AuthRADIUS.
Right now, when a request is proxied, as far as I can tell, the
identifier is chosen by simply adding 1 to the last identifier sent from
that AuthBy.
I suggest that the behaviour be changed a bit. Make a table that keeps
track of what identifiers ha
Viraj Alankar wrote:
>
> Hello,
>
> I am inheriting AuthFILE to create a modified version. I have the
> following at the top of my .pm file:
>
> package Radius::AuthFILE_AND_LOG;
> use Radius::AuthFILE;
> use strict;
>
> use vars qw($VERSION @ISA);
> BEGIN
> {
> @ISA = qw(Radius::A
ersion of Radiator, which seems to have a more universal method
for reporting success or failure. I'll have to look at it again. But
if you're interested, I can send you the code I have (including an
AuthLog FILE and an untested AuthLogSQL) in my CVS repository.
> At 16:55 -0600 00/11/8
Here's a couple more handy little things we put into our Radiator
server:
- USR1Hook and USR2Hook: I don't much use dynamic log level changes, so
I added these global config items to do stuff I want instead when we get
SIGUSR1/2. If they aren't defined, they default to the normal
behavour. I us
I am observing a small but significant memory leak in Radiator 2.16.3
under Perl 5.6, Solaris 2.7.
The rate of leakage is about 4-8k per second, and it's steady... I've
run Radiator for a number of hours without any sign of slowing.
Here's my config:
## ##
#
Hugh Irvine wrote:
>
> Hello Daniel -
>
> On Mon, 06 Nov 2000, [EMAIL PROTECTED] wrote:
> > Hi,
> >
> > I'm testing Radiator with SQL (Oracle 8.1.6) and something strange happens.
> > After accessing DB (with or ), Radiator dies
> > and this message appears (in 10 seconds like say sessiondataba
There is a bug in AuthRADIUS... the 'SocketQueueLength' directive does
not apply for sockets created by AuthRADIUS.pm. I hardcoded a
setsockopt call in mine, but either the global directive should apply,
or there should be a config item within AuthBy RADIUS for
SocketQueueLength.
- D
<[EMAIL PR
Has anyone ever had any luck getting Radiator to talk SNMP with an
AS5300 with ISDN, that gives high port numbers (200xx) for the
NAS-Port? The normal MIB (.1.3.6.1.4.1.9.2.9.2.1.18) works fine for
analog (Async) calls, but when an ISDN call comes in and arrives on a
high port number, the SNMP ge
When I kill -HUP my radiusd and I'm using ClientListSQL, and the query
fails for whatever reason, the radius daemon dies quietly... shouldn't
it stay up and simply not include the clients, maybe printing an error
message in the logs so that I can -HUP it again after I fixed the
problem?
- D
<[E
Chris Keladis wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi all,
>
> I am having a rather peculiar timeout problem with Radiator authenticating
> from an Oracle SQL database..
>
> Firstly, the details..
>
> Solaris 2.6 (sparc) OS
> Radiator 2.16.3
> Oracle 8.0.5 (sparc)
>
Have the Radiator folks considered using the Perl Net::SNMP module
instead of an external snmpget program? There are many advantages to
this approach; for one thing, you don't have to run an external program
as Net::SNMP is written fully in Perl. That improves performance by
eliminating a fork,
Has anyone ever gotten Radiator to work with Infranet in leu of their
pathetic Radius server?
If so, did you write your own AuthBy module for Infranet? Did it take a
long time?
Any replies are most appreciated... thanks!
- D
<[EMAIL PROTECTED]>
===
Archive at http://www.starport.net/~radiat
On Thu, 20 Jul 2000, Charles Sprickman wrote:
> What about locking? I was considering just holding a lock on the file
> until I've finished writing it... Would that also accomplish the same
> thing?
As far as I'm aware, Radiator does *not* support locking at all. We had
to modify ours to 'flo
On Thu, 20 Jul 2000, Nikos Aslanakis wrote:
> We have a problem regarding simultaneous logins. One of our users did
> the following:
>
> Logged in once using his normal username, eg. "user" ..and then logged
> in successfuly using the same username with additional trailing
> spaces: "user "(
On Thu, 20 Jul 2000, Hugh Irvine wrote:
> A better approach to maintaining session database coherency is to use
> strict checking of the NAS. This is what the NasType parameter is used
> for in the Client clauses (see section 6.4.5 in the Radiator 2.16.1
> reference manual). Note that there is a
On Wed, 19 Jul 2000, Jeremy Gault wrote:
> Hi,
>
> We are running Radiator (its either the 2.13 series or 2.14) and
> 3Com Total Control HiPer ARC terminal servers. We're having a problem
> with the Simultaneous-Use feature.
> Our regular dialup customers (and 64K ISDN) accounts are
On Thu, 13 Jul 2000 [EMAIL PROTECTED] wrote:
> Currently we are using Radiator pointed at an LDAP server.
> Everything works great but a need has come up that requires the use of
> ms-chap. Does anyone know if there is a way to do ms-chap with
> Radiator? Thanks in advance.
As far as I know
On Thu, 6 Jul 2000, Hugh Irvine wrote:
> > Am I forgetting anything? Also, if I *don't* specify Nocache in my AuthBy
> > FILE, when is the user file read? Is it before or after the StartupHook
> > is executed?
>
> In an AuthBy FILE, the user file is read initially at startup, and is
> reread w
I am going to implement a backup for if our SQL server fails, but this has
to work on the first try. So I'm running it by you folks just to be sure.
If my SQL server is down I want to authenticate from a file that is
updated once a day.
So my config file would read like this:
Identifi
It would be really nice if I could use special formatting characters in my
AddToReply, for instance:
AddToReply User-Name="%U"
Any thoughts?
- D
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe rad
We were broken into recently, in a minor way, and that got me thinking
about security. Our dialups are all stored in an SQL database, complete
with passwords in cleartext... a gem for a potential cracker. The
password for this database was stored in cleartext inside of my
radius.cfg, so if someo
On Thu, 15 Jun 2000, Mike McCauley wrote:
> On Jun 15, 8:33am, Hugh Irvine wrote:
> > Subject: Re: (RADIATOR) Sim. use control by Ping
> >
> > Hello Clement -
> >
> > This is exactly what one of our other customers has done - he added a
> > "DeleteIPQuery" to the session database. We haven't yet
On Fri, 25 Feb 2000, Mike McCauley wrote:
> Hi Andrew,
>
> On Feb 25, 11:42am, Andrew Pollock wrote:
> >
> > Hi guys,
> >
> > If I have the same AcctLogFileName for two different handlers, will the
> > writing of the detail file be messed up by the two handlers writing to it at
> > the same time
On Thu, 24 Feb 2000, tom minchin wrote:
> On Wed, Feb 23, 2000 at 12:17:44PM -0600, David Lloyd wrote:
> > On Wed, 23 Feb 2000, Mike McCauley wrote:
> >
> > > Hi David,
> > >
> > > Radiator only ever contacts the NAS when it has to: when a user logs
On Wed, 23 Feb 2000, Mike McCauley wrote:
> Hi David,
>
> Radiator only ever contacts the NAS when it has to: when a user logs in, and
> the session database thinks they are at their sim-use limit already. That means
> that Radiator only checks the NAS occasionally.
>
> At DEBUG (level 4), Radi
Is there any way to verify that Radiator is successfully querying my NASs
to update its session database? Nothing shows up in my logfile that looks
like an error (at trace 3), but I am having a problem where some people
are unable to log in due to Simultaneous-Use problems.
I am able to do snmpg
that they could use to help
me out.
I have the diffs, if someone has the server and the time! Thanks a lot...
--
Dave Lloyd
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
at happens is that session limits are completely ignored, because
according to my trace, everyone is handled with the 'Void' session
database!!! Did I make a mistake in this config?
Thanks for your help... if anyone else is interested in SessNONE.pm let me
know...
--
Dave Lloyd
===
Ar
er Windows becuase it messes up the binary data in the
process of 'translating' UNIX text to MS text. Any attempt to unzip the
file results in a corrupted binary error message.
The MIME type should be set to application/x-gzip.
--
Dave Lloyd
===
Archive at http://www.thesite.com.au/~radi
ting that entry into my session database? Or can I set CountQuery to
somehow ignore those?
Thanks...
--
Dave Lloyd
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
ed passwords, which
doesn't work by the way.
Make sure the WIN95/98 users don't have the 'Require Encrypted Password'
checkbox highlighted in their DUN to help prevent CHAP.
--
Dave Lloyd
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
rom sending bum
modules that wipe out half your filesystem, and will also avoid the
permission problems you were having.
Only change to root when you are at the final step: make install.
Hope this helps!
--
Dave Lloyd
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, emai
led PasswordLogFile I
believe. It's great for troubleshooting connections, you can tell a
customer when they're typing in their password in all caps or something
like that. :-)
===
David M. Lloyd mailto:[
Identifier System
...
Then in your file, you have this:
UserAuth-Type = System
DEFAULT Auth-Type = System
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Adm
ld then charge $x * n for n channels. That will allow either
multilink, or multiple users, for the same price-per-channel.
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator Phone: (60
r problem Simultaneous-Use is internal to Radiator,
You don't need to put it in your dictionary (that I know of).
I would also put a Port-Limit on as well, just for the heck of it. In
case Simultaneous-Use fails for some odd reason.
====
t the regular expressions used in Radiator are actually not the
'standard' UNIX regular expressions; rather, they are Perl's. A good
description can be found in chapter 2 of O'Reilly's 'The Perl Language',
also known as the Camel book.
==
rd, NT, Emerald,
>>Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>>NT, Rhapsody
>>
>>===
>>Archive at http://www.thesite.com.au/~radiator/
>>To unsubscribe, email '[EMAIL PROTECTED]' with
>>'unsubscribe radiator' in the body of the message.
>
>
>===
d set up four machines, two proxies (configured
identically) and two real servers. Then the proxies could load balance
somehow, and if one went down you'd have another.
But now we're talking about 4 machines instead of 2
===
Dav
his time swap file was half used. This is brand new computer. What
>else can I check.
Look for 'core' files lying around, and use the GNU debugger to see if it
is crashing on a malloc or something... there might me a memory leak or
something.
===
On Tue, 26 Oct 1999, David Lloyd wrote:
>On Tue, 26 Oct 1999, Gary wrote:
>
>>Is there some way to put users in the user file which only has a
>>Caller-Id as a check item ... No username, no password etc
>>
>>Basically we want to trap certain numbers, as
es
let you authenticate (or not) via caller ID.
=======
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1866
Voice: (608) 663- http://www.inxpress.net
Fax: (608) 663-5595
=====
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1866
Voice: (608) 663- http://www.inxpress.net
Fax: (608) 663-5595 mailto:[EMAIL PROTECTED]
Data: (608) 663-
ut having to make a custom insert.
Now if only the PortMaster 2e could do that, I'd be all set! :-)
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1866
Voice: (608) 663-
l NAS that lets you
accept a username as specified by RADIUS I'm hoping to use this
feature.
Thanks!
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Mad
AcctLogFileFormat directive, and be guaranteed to get the right numbers!
Unless someone already knows how to do this another way?
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite
d
changing the first line to:
sub { my $p = ${$_[1]}; \
Then it is no longer a package global. If it *is* a global variable
(which I doubt, judging from how you use it), you'll need to specify a
package (replace $p with $main::p or something like that).
=
What does it mean to have a bad authenticator in a request? My secrets
match up okay, but I"m getting spammed with these.
Thanks...
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
nd) you will be able to see these passwords.
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1866
Voice: (608) 663- http://www.inxpress.net
Fax: (608) 663-5595 ma
you'll know if they
just put it in all capital letters one time. :-)
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1866
Voice: (608) 663-
use Prefix="S" will that remove
the character before putting the username in the database? What about
Rewrite-Username? Does the rewritten username get put in the database, or
is the original name put in there?
Thanks...
==
ried to implement Rodopi, but it was a failure. It was fundamentally
incompatible with how our billing structure works. Also I was turned off
by the fact that it runs only on Windows; this is a serious limitation
IMHO.
=
it's the most flexible, yet easy to use, package I've ever seen.
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1866
Voice: (608) 663- http://www.inxpress.net
Fax: (608) 663-5595
ives me way more irrelevant data than I
>want because it dumps details for every realm instead of just those I
>am testing / having trouble with.
>
>Possible?
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
hen there is CLI
I would add a check item like this:
userPassword="pass", Calling-Station-Id=/\d+/
That will only 'pass the test' if there is one or more digits of
caller-id.
===
David M. Lloyd mailt
Service-Type" as there is
>no comma on the end and the rest will be reply items.
That part looks great. :-)
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 5
types?
I just want to make sure I'm not going to attempt the impossible. :-)
===
David M. Lloyd mailto:[EMAIL PROTECTED]
Administrator
Internet Express, Inc.
802 W. Broadway, Suite 0101
Madison, WI. 53713-1
is a reason this
>hasn't been done, just curious.
I like that idea... then there won't be a problem with conflicting
attribute names from different vendors.
=======
David M. Lloyd mailto:[EMAIL PROTECTED]
Admi
e 4 different types of NAS. What
I have been doing is just using a generic dictionary, and ignoring the
spam in my logfiles
If there is a better way (short of running 3 Radiators) I'd love to hear
about it!
===
David M. Lloyd
oblem with the USR cards. If they don't
> indicate different values for NAS-PORT/CLIENT-ID for different channels it
> makes it *very* difficult to enforce Simultaneous-Use.
Exactly right... all except for the most recent software release for
HiperARC have an obnoxious bug where the NAS
two 64k (or 56k) dialups. We have a
one-login-per-computer policy, where a customer is not allowed to log in
from more than one machine at a time.
I am of the opinion that Radiator should if possible recognize a multilink
connection as just one session!
.....
79 matches
Mail list logo
