Re: (RADIATOR) Wed Jan 16 17:38:13 2002: ERR: Attribute number 13 (vendor 529) is not defined in your dictionary
i just copy this file over my old one.. will that be ok? - Original Message - From: "Hugh Irvine" <[EMAIL PROTECTED]> To: "alexus" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, January 16, 2002 6:36 PM Subject: Re: (RADIATOR) Wed Jan 16 17:38:13 2002: ERR: Attribute number 13 (vendor 529) is not defined in your dictionary > > Hello Alexus - > > These are Ascend/Lucent vendor specific attributes. They are included in the > file "dictionary.ascend2" and you should add them to your normal dictionary > with whatever text editor you prefer. > > regards > > Hugh > > > On Thu, 17 Jan 2002 09:46, alexus wrote: > > hi, I got this weird message > > > > can someone explain me what they means? > > > > Wed Jan 16 17:38:13 2002: ERR: Attribute number 13 (vendor 529) is not > > defined in your dictionary > > Wed Jan 16 17:38:13 2002: ERR: Attribute number 197 (vendor 529) is not > > defined in your dictionary > > Wed Jan 16 17:38:13 2002: ERR: Attribute number 255 (vendor 529) is not > > defined in your dictionary > > > > thanks > > > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Possible bug in Radiator 2.19 AuthLDAP2.pm
Hi,
$self->{bound} tells us if we are already connected
$self->{NoBindBeforeOp} tells us the we should not re-bind before
every operation (for performance reasons). NoBindBeforeOp actually
means 'NoBindBeforeEveryOp'.
So the whole statement reads: Do not continue, if we are already 'binded'
and should not re-bind before every operation.
If 'or' operator was used and NoBindBeforeOp = 1, then Radiator
would never bind/connect to LDAP server.
v
|
| Valentin Tumarkin
| Xpert Integrated Systems Ltd.
| E-Mail: [EMAIL PROTECTED]
| Office: +972-9-9522380
| Mobile: +972-53-544887
+>
On Fri, 11 Jan 2002, Christophe Wolfhugel wrote:
> Good morning.
>
> The code contains :
>
> sub bind
> {
> my ($self, $name, $password) = @_;
>
> $self->log($main::LOG_INFO, "wolf bind bound=$self->{bound}");
> return 1 if ( $self->{bound}
> && $self->{NoBindBeforeOp});
>
> Shouldn't the test use the "or" statement rather than "and", ie :
>
> return 1 if ( $self->{bound}
> || $self->{NoBindBeforeOp});
>
> --
> Christophe Wolfhugel -+- [EMAIL PROTECTED] -+- France Telecom Transpac
> Direction des opérations, CSI Gennevilliers
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about DBM Auth...
Hi, I use the DBM Auth, but i wanna know if this type of authentication have any type of limit. I explain this This is the actual Realm in the radius.cfg MaxSessions 1 AcctLogFileName /usr/local/etc/radacct/%N/detail RejectHasReason AuthByPolicy ContinueWhileReject AuthByPolicy ContinueWhileReject Filename /etc/raddb/radiator/plus/users Filename /etc/raddb/radiator/rdsigeneral/users Filename /etc/raddb/radiator/prepago/users Host Secret RetryTimeout 10 AuthPort 1645 AcctPort 1646 but if I make some changes, the DB options not work Ej: MaxSessions 1 AcctLogFileName /usr/local/etc/radacct/%N/detail RejectHasReason AuthByPolicy ContinueWhileReject AuthByPolicy ContinueWhileReject Filename /etc/raddb/radiator/plus/users Filename /etc/raddb/radiator/rdsigeneral/users Filename /etc/raddb/radiator/otherdir/users Filename /etc/raddb/radiator/otherdir/users Filename /etc/raddb/radiator/otherdir/users Filename /etc/raddb/radiator/prepago/users Host Secret RetryTimeout 10 AuthPort 1645 AcctPort 1646 exist some kind of limit in the AuthBy option? how many can I use? can use another type of config, Ej using AuthBy GROUP or others? tnx FCC
(RADIATOR) Session Database issues.
I am using Radiator 2.18.3 on AIX. I find that even though in my config
file I have DefaultSimultaneousUse 1 set, all users are still allowed
on. I use an SQL session database, and when I try tests using radpwtst I
find something peculiar.
I first run the following command:
/usr/local/Radiator-2.18/radpwtst -nostop -user=hamlin -password=
-auth_port=1645 -acct_port=1646 -calling_station_id 9095551212
-nas_ip_address 127.0.0.1
This gives me an accesss accept and place the user information into my
sql 'online' table. I purposely do not let radpwtst send a stop packet
so that the information will remain in the online table.
I then change the phone number (because I have a hook that checks for
it) and run the following command from radpwtst.
/usr/local/Radiator-2.18/radpwtst -noacct -user=hamlin -password=
-auth_port=1645 -acct_port=1646 -calling_station_id 9495551213
-nas_ip_address 127.0.0.1
Notice that now, I have changed it to -noacct since all I want is the
access reply.
Strangely enough, it is accepted! Yet I can see the row in the online
database. I get the following from the logfile on trace 4. This is the
access request after the user is already in the online sql database.
-logfile output
*** Received from 127.0.0.1 port 46269
Code: Access-Request
Identifier: 17
Authentic: 1234567890123456
Attributes:
User-Name = "hamlin"
Service-Type = Framed-User
NAS-IP-Address = 127.0.0.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "9491234546"
NAS-Port-Type = Async
User-Password =
"<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>"
Fri Jan 18 05:39:47 2002: INFO: Checking :hamlin: call-id :9491234546:
Fri Jan 18 05:39:47 2002: INFO: CallIDHook: returned row ---> 'hamlin',
'9095551212'
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Service-Type =
Call-Check should be used to handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler User-Name = admin
should be used to handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler
Request-Type=Accounting-Request should be used to handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler should be used to
handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Handling request with Handler ''
Fri Jan 18 05:39:47 2002: DEBUG: Rewrote user name to hamlin
Fri Jan 18 05:39:47 2002: DEBUG: Deleting session for hamlin,
127.0.0.1, 1234 <-### This seems odd to me
Fri Jan 18 05:39:47 2002: DEBUG: do query is: delete from online where
(nasidentifier='127.0.0.1')&&(nasport='1234')
Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL
Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL:
Fri Jan 18 05:39:47 2002: DEBUG: Query is: select check_items,
reply_items, case when (prepay='false') then
if(session_timeout,session_timeout,NULL) when
((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when
((prepay='true')&&(!(ISNULL(session_timeout then
if(prepaid_timeleft
DBSource %{GlobalVar:DbServer}
DBUsername %{GlobalVar:DbUser}
DBAuth %{GlobalVar:DbPass}
AddQuery insert into online (username, nasidentifier, nasport,\
acctsessionid, callingid, framedaddress) values ('%U','%c',\
'%{NAS-Port}','%{Acct-Session-Id}','%{Calling-Station-Id}',\
'%{Framed-IP-Address}')
DeleteQuery delete from online where
(nasidentifier='%1')&&(nasport='%2')
CountQuery select username, acctsessionid from online where
username='%n'
Identifier log1
Filename %L/logfile
LogSuccess 1
LogFailure 1
@
SuccessFormat %l::%n accepted from %c, called %{Called-Station-Id}
from %{Calling-Station-Id}
FailureFormat %l::%n rejected from %c, %1, Called %{Called-Station-Id}
from %{Calling-Station-Id}, password=%P
# Process call-check requests.
AcctLogFileName %L/callcheck.log
DBSource%{GlobalVar:DbServer}
DBUsername %{GlobalVar:DbUser}
DBAuth %{GlobalVar:DbPass}
Timeout 8
FailureBackoffTime 10
AuthSelect select handler_group from check where \
(dialing_number='%{Calling-Station-Id}')&& \
(handler_group='%{Handler-Group}')
AuthColumnDef 0,Handler-Group,check
# Get rid of admin accounting requests
# Handle all accounting here.
RewriteUsername s/^([^@]+).*/$1/
# Need a little hook here to determine if this is an accounting packet
# whether we use the Livingston or Acct-Terminate-Cause attributes.
# This gets the attribute Livingston if it exists, if not, gets
# Acct-Terminate-Cause, if not gets Ascend-Disconnect-Cause
# Put the correct one in new attribute %{Term-Cause} to be used later
PreAuthHook file:"/etc/raddb/accounting.hook"
AuthByPolicy ContinueWhileAccept
DBSourcedbi:mysql:cheetah:ns.quik.com.au
DBUsername %{GlobalVar:DbUser}
DBAuth %{GlobalV
(RADIATOR) cisco avpair questions
Hello again, Making some progress on this issue but have run into a problem. We are trying to assign IP static addresses via radius, and also have radius reference a dynamic IP pool on a cisco 7206vxr router. We have followed the advice given by cisco TAC and suggestions by Hugh here, but still quite haven't got it resolved. We have the following configuration on our cisco: ! interface Virtual-Template1 ip unnumbered FastEthernet0/0 ip mtu 1492 no peer default ip address pool ppp authentication pap centurytel ! ip local pool centurytel 64.119.12.1 64.119.15.254 And this is a portion of our Radius "users" file for the cisco authenticated users. DEFAULT Client-Identifier = dsl, Auth-Type = System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.0, Framed-Routing = None, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500, cisco-avpair = "ip:addr-pool=centurytel" However when we implement this DSL users will not authenticate and receive an IP address. What are we missing here? - Mike Rock Island Communications, Inc. (360)-378-5884 http://www.rockisland.com/ San Juan Islands, WA === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Silly question.
*This message was transferred with a trial version of CommuniGate(tm) Pro* Hi there. I been testing a network monitoring program. It cans test radius servers, but I neet to "talk" to radiator to be able to see if it's down or not. For example you can test if a certain server has the http service up just "teleneting" it in the 80 port like this: telnet machine.at.some.domain 80 then you write HEAD / HTTP1.0^^ and if the service is up it will tell you something like: HTTP/1.1 200 OK how can I achieve almos the same behavior talking with radiator?. PD: I know (of course) radiator is UDP based, but I still think maybe there is a way to talk to it. Thanks in advance for the help. Sergio Alejandro Gonzalez Director Operativo SkyNet de Colombia. Bogota, Colombia, South America. 57 (+1) 6 422 020 57 (+3) 7 285 094 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Session Database issues.
It looks like radpwtst is sending the default NAS-Port of 1234 for each
request. Since radiator sees the second call coming in on the same physical
port it assumes that the first session had to have ended. Change the
NAS-Port in the second test using the -nas_port parameter of radpwtst so it
looks like you are putting up a second simultaneous call.
-Frank
-Original Message-
From: Griff Hamlin, III [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 17, 2002 2:03 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Session Database issues.
I am using Radiator 2.18.3 on AIX. I find that even though in my config
file I have DefaultSimultaneousUse 1 set, all users are still allowed
on. I use an SQL session database, and when I try tests using radpwtst I
find something peculiar.
I first run the following command:
/usr/local/Radiator-2.18/radpwtst -nostop -user=hamlin -password=
-auth_port=1645 -acct_port=1646 -calling_station_id 9095551212
-nas_ip_address 127.0.0.1
This gives me an accesss accept and place the user information into my
sql 'online' table. I purposely do not let radpwtst send a stop packet
so that the information will remain in the online table.
I then change the phone number (because I have a hook that checks for
it) and run the following command from radpwtst.
/usr/local/Radiator-2.18/radpwtst -noacct -user=hamlin -password=
-auth_port=1645 -acct_port=1646 -calling_station_id 9495551213
-nas_ip_address 127.0.0.1
Notice that now, I have changed it to -noacct since all I want is the
access reply.
Strangely enough, it is accepted! Yet I can see the row in the online
database. I get the following from the logfile on trace 4. This is the
access request after the user is already in the online sql database.
-logfile output
*** Received from 127.0.0.1 port 46269
Code: Access-Request
Identifier: 17
Authentic: 1234567890123456
Attributes:
User-Name = "hamlin"
Service-Type = Framed-User
NAS-IP-Address = 127.0.0.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "9491234546"
NAS-Port-Type = Async
User-Password =
"<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>"
Fri Jan 18 05:39:47 2002: INFO: Checking :hamlin: call-id :9491234546:
Fri Jan 18 05:39:47 2002: INFO: CallIDHook: returned row ---> 'hamlin',
'9095551212'
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Service-Type =
Call-Check should be used to handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler User-Name = admin
should be used to handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler
Request-Type=Accounting-Request should be used to handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler should be used to
handle this request
Fri Jan 18 05:39:47 2002: DEBUG: Handling request with Handler ''
Fri Jan 18 05:39:47 2002: DEBUG: Rewrote user name to hamlin
Fri Jan 18 05:39:47 2002: DEBUG: Deleting session for hamlin,
127.0.0.1, 1234 <-### This seems odd to me
Fri Jan 18 05:39:47 2002: DEBUG: do query is: delete from online where
(nasidentifier='127.0.0.1')&&(nasport='1234')
Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL
Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL:
Fri Jan 18 05:39:47 2002: DEBUG: Query is: select check_items,
reply_items, case when (prepay='false') then
if(session_timeout,session_timeout,NULL) when
((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when
((prepay='true')&&(!(ISNULL(session_timeout then
if(prepaid_timeleft
DBSource %{GlobalVar:DbServer}
DBUsername %{GlobalVar:DbUser}
DBAuth %{GlobalVar:DbPass}
AddQuery insert into online (username, nasidentifier, nasport,\
acctsessionid, callingid, framedaddress) values ('%U','%c',\
'%{NAS-Port}','%{Acct-Session-Id}','%{Calling-Station-Id}',\
'%{Framed-IP-Address}')
DeleteQuery delete from online where
(nasidentifier='%1')&&(nasport='%2')
CountQuery select username, acctsessionid from online where
username='%n'
Identifier log1
Filename %L/logfile
LogSuccess 1
LogFailure 1
@
SuccessFormat %l::%n accepted from %c, called %{Called-Station-Id}
from %{Calling-Station-Id}
FailureFormat %l::%n rejected from %c, %1, Called %{Called-Station-Id}
from %{Calling-Station-Id}, password=%P
# Process call-check requests.
AcctLogFileName %L/callcheck.log
DBSource%{GlobalVar:DbServer}
DBUsername %{GlobalVar:DbUser}
DBAuth %{GlobalVar:DbPass}
Timeout 8
FailureBackoffTime 10
AuthSelect select handler_group from check where \
(dialing_number='%{Calling-Station-Id}')&& \
(handler_group='%{Handler-Group}')
AuthColumnDef 0,Handler-Group,check
# Get rid of admin accounting requests
# Handle all accounting here.
RewriteUsername s/^([^@]+).*/$1/
# N
Re: (RADIATOR) Silly question.
Hi, If your main concern is to restart if radius is not replying rather than only *knowing* if its up, you can write a script using radpwtst like below *on* the radiator server and put it to cron. radpwtst is really a useful tool... If you want only to report the downtime or uptime, its a different story... root#cat testradius.sh #!/bin/sh #see if its up and running if ps -ef | grep -v grep | grep radiusd > /dev/null then echo donothing > /dev/null else /etc/init.d/radiator restartfi #see if its actually replying if /usr/bin/radpwtst -secret yoursecret -noacct -user heartbeat -password heartbeat | grep "No reply" > /dev/null then /etc/init.d/radiator restartfi exit - Original Message - From: Sergio Gonzalez To: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 11:27 PM Subject: (RADIATOR) Silly question. *This message was transferred with a trial version of CommuniGate(tm) Pro*Hi there.I been testing a network monitoring program. It cans test radius servers, but I neet to "talk" to radiator to be able to see if it's down or not.For example you can test if a certain server has the http service up just "teleneting" it in the 80 port like this:telnet machine.at.some.domain 80then you writeHEAD / HTTP1.0^^and if the service is up it will tell you something like:HTTP/1.1 200 OKhow can I achieve almos the same behavior talking with radiator?.PD: I know (of course) radiator is UDP based, but I still think maybe there is a way to talk to it.Thanks in advance for the help.Sergio Alejandro GonzalezDirector OperativoSkyNet de Colombia.Bogota, Colombia, South America.57 (+1) 6 422 02057 (+3) 7 285 094===Archive at http://www.open.com.au/archives/radiator/Announcements on [EMAIL PROTECTED]To unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Session Database issues.
Hi Griff, The reason of that strange lines that you mention is the radiator's default session database implementation which is right. Its because only one user can be connected from the same nasidentifier and nas port at any time... When a user access request comes, radiator first erases the line with the same nas and same nas port in the database just in case of a problem... this means it has to run DeleteQuery first... Since your two radpwtst tests sends the same nasidentifier and nasport, regardless of the other things, you will always get OK for that... Try changing nas_ip_address or nas_port to see the real behaviour... The other conceptual problem is changing the calling-number attribute does not affect anything since this attribute either not exists in the countquery or the deletequery. Utku Er. - Original Message - From: Griff Hamlin, III To: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 9:02 PM Subject: (RADIATOR) Session Database issues. I am using Radiator 2.18.3 on AIX. I find that even though in my configfile I have DefaultSimultaneousUse 1 set, all users are still allowedon. I use an SQL session database, and when I try tests using radpwtst Ifind something peculiar.I first run the following command:/usr/local/Radiator-2.18/radpwtst -nostop -user=hamlin -password=-auth_port=1645 -acct_port=1646 -calling_station_id 9095551212-nas_ip_address 127.0.0.1This gives me an accesss accept and place the user information into mysql 'online' table. I purposely do not let radpwtst send a stop packetso that the information will remain in the online table.I then change the phone number (because I have a hook that checks forit) and run the following command from radpwtst./usr/local/Radiator-2.18/radpwtst -noacct -user=hamlin -password=-auth_port=1645 -acct_port=1646 -calling_station_id 9495551213-nas_ip_address 127.0.0.1Notice that now, I have changed it to -noacct since all I want is theaccess reply.Strangely enough, it is accepted! Yet I can see the row in the onlinedatabase. I get the following from the logfile on trace 4. This is theaccess request after the user is already in the online sql database.-logfile output *** Received from 127.0.0.1 port 46269 Code: Access-RequestIdentifier: 17Authentic: 1234567890123456Attributes: User-Name = "hamlin" Service-Type = Framed-User NAS-IP-Address = 127.0.0.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "9491234546" NAS-Port-Type = Async User-Password ="<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>"Fri Jan 18 05:39:47 2002: INFO: Checking :hamlin: call-id :9491234546:Fri Jan 18 05:39:47 2002: INFO: CallIDHook: returned row ---> 'hamlin','9095551212'Fri Jan 18 05:39:47 2002: DEBUG: Check if Handler Service-Type =Call-Check should be used to handle this requestFri Jan 18 05:39:47 2002: DEBUG: Check if Handler User-Name = adminshould be used to handle this requestFri Jan 18 05:39:47 2002: DEBUG: Check if HandlerRequest-Type=Accounting-Request should be used to handle this requestFri Jan 18 05:39:47 2002: DEBUG: Check if Handler should be used tohandle this requestFri Jan 18 05:39:47 2002: DEBUG: Handling request with Handler ''Fri Jan 18 05:39:47 2002: DEBUG: Rewrote user name to hamlinFri Jan 18 05:39:47 2002: DEBUG: Deleting session for hamlin,127.0.0.1, 1234 <-### This seems odd to meFri Jan 18 05:39:47 2002: DEBUG: do query is: delete from online where(nasidentifier='127.0.0.1')&&(nasport='1234')Fri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthGROUPFri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQLFri Jan 18 05:39:47 2002: DEBUG: Handling with Radius::AuthSQL:Fri Jan 18 05:39:47 2002: DEBUG: Query is: select check_items,reply_items, case when (prepay='false') thenif(session_timeout,session_timeout,NULL) when((prepay='true')&&(ISNULL(session_timeout))) then prepaid_timeleft when((prepay='true')&&(!(ISNULL(session_timeout thenif(prepaid_timeleftend from users where (username='hamlin' && handler_group='defau')Fri Jan 18 05:39:47 2002: DEBUG: Radius::AuthSQL looks for match withhamlinFri Jan 18 05:39:47 2002: DEBUG: Query is: select username,acctsessionid from online where username='hamlin'Fri Jan 18 05:39:47 2002: DEBUG: Radius::AuthSQL ACCEPT:Fri Jan 18 05:39:47 2002: DEBUG: Access accepted for hamlinFri Jan 18 05:39:47 2002::hamlin accepted from 127.0.0.1, called123456789 from9491234546Fri Jan 18 05:39:47 2002: DEBUG: Packet dump:*** Sending to 127.0.0.1 port 46269 Code: Access-AcceptIdentifier: 17Authentic: 1234567890123456Attributes: Framed-IP-Address = 255.255.255.254 Framed-Routing = None Framed-Compression = Van-Jacobson-TCP-IP Framed-IP-Netmas
(RADIATOR) if clause with portlimit for accounting requests
Hi, its strange I know but I have to ask: can I have a something like an "if clause" for accounting requests using portlimit or some other check from the sql ? I see that for the accounting reqests, radiator does not check the portlimit. what other ways can I do this? I mean write accounting if then accounting requests should go to sqldatabase1 else accounting requests should go to authbyradius I tried: Identifier something AuthByPolicy ContinueAlways AuthBy sendaccountingonly AuthByPolicy ContinueWhileAccept SessionLimit 1 CountQuery select COUNT(*) from AAA_REALMS where REALM='%R' AuthByPolicy ContinueUntilAccept #this is other Host somehost Secret mykey ... thanks, Utku
Re: (RADIATOR) Silly question.
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Sachin Srivastava" <[EMAIL PROTECTED]>] Date: Thu, 17 Jan 2002 15:15:41 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Thu Jan 17 15:15:41 2002 Received: from intmail.net4india.com (popscan.net4india.com [202.71.129.41] (may be forged)) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g0HLFd329017 for <[EMAIL PROTECTED]>; Thu, 17 Jan 2002 15:15:40 -0600 Received: from [202.71.128.232] (helo=sunil) by intmail.net4india.com with smtp (Exim 3.22 #2) id 16RLQB-0001An-00 for [EMAIL PROTECTED]; Fri, 18 Jan 2002 04:24:11 +0530 Message-ID: <000501c19fa9$809ee170$e88047ca@sunil> From: "Sachin Srivastava" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> Subject: Re: (RADIATOR) Silly question. Date: Fri, 18 Jan 2002 04:21:29 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Another silly question. Can someone please tell me what's the latest version of Radiator available. Rgds, Sachin Srivastava Net 4 India Ltd, New Delhi - 110024 Tel: +91 11 [6104192/93] Extn. [501] URL: http://www.net4india.com Keyword: net4india (Simply type it in the Internet Explorer address bar and press Enter) ___ This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. ___ - Original Message - From: "Sergio Gonzalez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 18, 2002 2:57 AM Subject: (RADIATOR) Silly question. > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hi there. > > I been testing a network monitoring program. It cans test radius servers, > but I neet to "talk" to radiator to be able to see if it's down or not. > > For example you can test if a certain server has the http service up just > "teleneting" it in the 80 port like this: > > telnet machine.at.some.domain 80 > > then you write > > HEAD / HTTP1.0^^ > > and if the service is up it will tell you something like: > > HTTP/1.1 200 OK > > how can I achieve almos the same behavior talking with radiator?. > > PD: I know (of course) radiator is UDP based, but I still think maybe there > is a way to talk to it. > > > Thanks in advance for the help. > > > > > > Sergio Alejandro Gonzalez > Director Operativo > SkyNet de Colombia. > Bogota, Colombia, South America. > 57 (+1) 6 422 020 > 57 (+3) 7 285 094 > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Silly question.
Most OSS tools can make RADIUS requests - we use ISM Netcool, even some load balancers like the Alteon AceDirector can make active health checks. If your tool can't make RADIUS requests you could try adapting 'radpwtst' and use that in a script as a testing tool to check if Radiator is running. Also for high availability use 'restartwrapper' included in the Radiator distribution. P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sergio Gonzalez Sent: 17 January 2002 21:27 To: [EMAIL PROTECTED] Subject: (RADIATOR) Silly question. *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi there. I been testing a network monitoring program. It cans test radius servers, but I neet to "talk" to radiator to be able to see if it's down or not. For example you can test if a certain server has the http service up just "teleneting" it in the 80 port like this: telnet machine.at.some.domain 80 then you write HEAD / HTTP1.0^^ and if the service is up it will tell you something like: HTTP/1.1 200 OK how can I achieve almos the same behavior talking with radiator?. PD: I know (of course) radiator is UDP based, but I still think maybe there is a way to talk to it. Thanks in advance for the help. Sergio Alejandro Gonzalez Director Operativo SkyNet de Colombia. Bogota, Colombia, South America. 57 (+1) 6 422 020 57 (+3) 7 285 094 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) session limit conflict
Hi all , My system has current session limit conflict. It tells me in the log that the limit session is Thu Jan 17 20:46:30 2002: DEBUG: Output is: :stdattr, Framed-IP-Netmask = 255.255.255.255, Port-Limit = 1, Session-Timeout = 0, Idle-Timeout = 900, Idle-Timeout = 3600, It conflict with setting in my database and when any user login it goes to the settings in the message above .How can I correct this ?? By the way what does this line mean ?? AuthBindDef :stdattr, GENERIC, reply, 1000
Re: (RADIATOR) Silly question.
Alternatively, you can use the program "restartWrapper" which is included with the radiator package. It would perform the two things you require, restart radiator if it stops and e-mail the administrator in case it stops. Regards, Jaime - Original Message - From: Utku Er To: [EMAIL PROTECTED] ; Sergio Gonzalez Sent: Friday, January 18, 2002 6:37 AM Subject: Re: (RADIATOR) Silly question. Hi, If your main concern is to restart if radius is not replying rather than only *knowing* if its up, you can write a script using radpwtst like below *on* the radiator server and put it to cron. radpwtst is really a useful tool... If you want only to report the downtime or uptime, its a different story... root#cat testradius.sh #!/bin/sh #see if its up and running if ps -ef | grep -v grep | grep radiusd > /dev/null then echo donothing > /dev/null else /etc/init.d/radiator restartfi #see if its actually replying if /usr/bin/radpwtst -secret yoursecret -noacct -user heartbeat -password heartbeat | grep "No reply" > /dev/null then /etc/init.d/radiator restartfi exit - Original Message - From: Sergio Gonzalez To: [EMAIL PROTECTED] Sent: Thursday, January 17, 2002 11:27 PM Subject: (RADIATOR) Silly question. *This message was transferred with a trial version of CommuniGate(tm) Pro*Hi there.I been testing a network monitoring program. It cans test radius servers, but I neet to "talk" to radiator to be able to see if it's down or not.For example you can test if a certain server has the http service up just "teleneting" it in the 80 port like this:telnet machine.at.some.domain 80then you writeHEAD / HTTP1.0^^and if the service is up it will tell you something like:HTTP/1.1 200 OKhow can I achieve almos the same behavior talking with radiator?.PD: I know (of course) radiator is UDP based, but I still think maybe there is a way to talk to it.Thanks in advance for the help.Sergio Alejandro GonzalezDirector OperativoSkyNet de Colombia.Bogota, Colombia, South America.57 (+1) 6 422 02057 (+3) 7 285 094===Archive at http://www.open.com.au/archives/radiator/Announcements on [EMAIL PROTECTED]To unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) if clause with portlimit for accounting requests
Hello Utku - You should use the Class attribute and a Handler for each Class value for the accounting, something like this: # define AuthBy clauses Identifier SQLDB .. AddToReply . \ Class = SQLDB Identifier PROXY . AddToReply . \ Class = PROXY # define Handlers AuthBy SQLDB . AuthBy PROXY . AuthByPolicy ContinueUntilAccept AuthBy SQLDB AuthBy PROXY . regards Hugh On Fri, 18 Jan 2002 10:11, Utku Er wrote: > Hi, > > its strange I know but I have to ask: > > can I have a something like an "if clause" for accounting requests using > portlimit or some other check from the sql ? I see that for the accounting > reqests, radiator does not check the portlimit. what other ways can I do > this? > > I mean > write accounting > if > then accounting requests should go to sqldatabase1 > else accounting requests should go to authbyradius > > > I tried: > > Identifier something > > > AuthByPolicy ContinueAlways > AuthBy sendaccountingonly > > > AuthByPolicy ContinueWhileAccept > > SessionLimit1 > CountQuery select COUNT(*) from AAA_REALMS where REALM='%R' > > > > AuthByPolicy ContinueUntilAccept > #this is other > > Host somehost > Secret mykey > ... > > > > > > > > thanks, > Utku -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Wed Jan 16 17:38:13 2002: ERR: Attribute number 13 (vendor 529) is not defined in your dictionary
Hello Alexus - You should really start with the standard Radiator dictionary and add/delete entries as required. regards Hugh On Fri, 18 Jan 2002 02:14, alexus wrote: > i just copy this file over my old one.. will that be ok? > > - Original Message - > From: "Hugh Irvine" <[EMAIL PROTECTED]> > To: "alexus" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Wednesday, January 16, 2002 6:36 PM > Subject: Re: (RADIATOR) Wed Jan 16 17:38:13 2002: ERR: Attribute number 13 > (vendor 529) is not defined in your dictionary > > > Hello Alexus - > > > > These are Ascend/Lucent vendor specific attributes. They are included in > > the > > > file "dictionary.ascend2" and you should add them to your normal > > dictionary > > > with whatever text editor you prefer. > > > > regards > > > > Hugh > > > > On Thu, 17 Jan 2002 09:46, alexus wrote: > > > hi, I got this weird message > > > > > > can someone explain me what they means? > > > > > > Wed Jan 16 17:38:13 2002: ERR: Attribute number 13 (vendor 529) is not > > > defined in your dictionary > > > Wed Jan 16 17:38:13 2002: ERR: Attribute number 197 (vendor 529) is not > > > defined in your dictionary > > > Wed Jan 16 17:38:13 2002: ERR: Attribute number 255 (vendor 529) is not > > > defined in your dictionary > > > > > > thanks > > > > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question about DBM Auth...
Hello Fernando - There are no limits on the number of AuthBy clauses you can use (unless there is some underlying operating system limit on the number of files a single process can have open). Perhaps you can send me a copy of the complete configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. regards Hugh On Fri, 18 Jan 2002 02:53, Fernando Caranton Cruz wrote: > Hi, > > I use the DBM Auth, but i wanna know if this type of authentication have > any type of limit. I explain this > > This is the actual Realm in the radius.cfg > > > > MaxSessions 1 > AcctLogFileName /usr/local/etc/radacct/%N/detail > RejectHasReason > > AuthByPolicy ContinueWhileReject > > AuthByPolicy ContinueWhileReject > > Filename /etc/raddb/radiator/plus/users > > > Filename > /etc/raddb/radiator/rdsigeneral/users > > > Filename /etc/raddb/radiator/prepago/users > > > Host > Secret > RetryTimeout 10 > AuthPort 1645 > AcctPort 1646 > > > > > but if I make some changes, the DB options not work > > Ej: > > > MaxSessions 1 > AcctLogFileName /usr/local/etc/radacct/%N/detail > RejectHasReason > > AuthByPolicy ContinueWhileReject > > AuthByPolicy ContinueWhileReject > > Filename /etc/raddb/radiator/plus/users > > > Filename > /etc/raddb/radiator/rdsigeneral/users > > Filename /etc/raddb/radiator/otherdir/users > > > Filename /etc/raddb/radiator/otherdir/users > > > Filename /etc/raddb/radiator/otherdir/users > > > > Filename /etc/raddb/radiator/prepago/users > > > Host > Secret > RetryTimeout 10 > AuthPort 1645 > AcctPort 1646 > > > > > exist some kind of limit in the AuthBy option? how many can I use? can use > another type of config, Ej using AuthBy GROUP or others? > > tnx > > FCC -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) session limit conflict
Hello Lewis - I don't understand your question, sorry. Could you please send me a clearer description of the problem, a copy of your configuration file (no secrets) and a trace 4 debug from Radiator showing what is happening. thanks Hugh On Fri, 18 Jan 2002 14:48, Lewis Gorley wrote: > Hi all , > My system has current session limit conflict. It tells me in the log that > the limit session is > > Thu Jan 17 20:46:30 2002: DEBUG: Output is: :stdattr, Framed-IP-Netmask = > 255.255.255.255, P ort-Limit = 1, Session-Timeout = 0, Idle-Timeout = 900, > Idle-Timeout = 3600, > > It conflict with setting in my database and when any user login it goes to > the settings in the message above .How can I correct this ?? > > By the way what does this line mean ?? AuthBindDef :stdattr, GENERIC, > reply, 1000 -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Silly question.
Hello Sergio - There have been a couple of good suggestions from others on the list already, however there are a couple of others. You can use cron and radpwtst to send a periodic Status-Server request to Radiator which will return some of the internal status information from the server, or you can turn on the SNMPAgent clause and use MRTG or similar to poll Radiator via SNMP. regards Hugh On Fri, 18 Jan 2002 08:27, Sergio Gonzalez wrote: > *This message was transferred with a trial version of CommuniGate(tm) Pro* > > Hi there. > > I been testing a network monitoring program. It cans test radius servers, > but I neet to "talk" to radiator to be able to see if it's down or not. > > For example you can test if a certain server has the http service up just > "teleneting" it in the 80 port like this: > > telnet machine.at.some.domain 80 > > then you write > > HEAD / HTTP1.0^^ > > and if the service is up it will tell you something like: > > HTTP/1.1 200 OK > > how can I achieve almos the same behavior talking with radiator?. > > PD: I know (of course) radiator is UDP based, but I still think maybe there > is a way to talk to it. > > > Thanks in advance for the help. > > > > > > Sergio Alejandro Gonzalez > Director Operativo > SkyNet de Colombia. > Bogota, Colombia, South America. > 57 (+1) 6 422 020 > 57 (+3) 7 285 094 > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) cisco avpair questions
Hello Mike - As usual, I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is going on. You should also run a debug on the Cisco to see what it is doing. thanks Hugh On Fri, 18 Jan 2002 08:10, Mike Greene wrote: > Hello again, > > Making some progress on this issue but have run into a problem. We are > trying to assign IP static addresses via radius, and also have radius > reference a dynamic IP pool on a cisco 7206vxr router. We have followed > the advice given by cisco TAC and suggestions by Hugh here, but still quite > haven't got it resolved. > > We have the following configuration on our cisco: > > ! > interface Virtual-Template1 > ip unnumbered FastEthernet0/0 > ip mtu 1492 > no peer default ip address pool > ppp authentication pap centurytel > ! > ip local pool centurytel 64.119.12.1 64.119.15.254 > > > And this is a portion of our Radius "users" file for the cisco > authenticated users. > > > DEFAULT Client-Identifier = dsl, Auth-Type = System > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Address = 255.255.255.254, > Framed-Netmask = 255.255.255.0, > Framed-Routing = None, > Framed-Compression = Van-Jacobson-TCP-IP, > Framed-MTU = 1500, > cisco-avpair = "ip:addr-pool=centurytel" > > However when we implement this DSL users will not authenticate and receive > an IP address. > > What are we missing here? > > - Mike > > > Rock Island Communications, Inc. (360)-378-5884 > http://www.rockisland.com/ San Juan Islands, WA > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Silly question.
Hello Sachin - Radiator 2.19 is the latest version. regards Hugh > > Another silly question. Can someone please tell me what's the latest > version of Radiator available. > Rgds, > Sachin Srivastava > Net 4 India Ltd, > New Delhi - 110024 > Tel: +91 11 [6104192/93] Extn. [501] > > URL: http://www.net4india.com > Keyword: net4india > (Simply type it in the Internet Explorer address bar > and press Enter) > ___ > This message may contain confidential and/or privileged > information. If you are not the addressee or authorized to > receive this for the addressee, you must not use, copy, > disclose or take any action based on this message or any > information herein. If you have received this message in > error, please advise the sender immediately by reply e-mail > and delete this message. Thank you for your cooperation. > ___ > - Original Message - > From: "Sergio Gonzalez" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, January 18, 2002 2:57 AM > Subject: (RADIATOR) Silly question. > > > *This message was transferred with a trial version of CommuniGate(tm) > > Pro* > > > > Hi there. > > > > I been testing a network monitoring program. It cans test radius servers, > > but I neet to "talk" to radiator to be able to see if it's down or not. > > > > For example you can test if a certain server has the http service up just > > "teleneting" it in the 80 port like this: > > > > telnet machine.at.some.domain 80 > > > > then you write > > > > HEAD / HTTP1.0^^ > > > > and if the service is up it will tell you something like: > > > > HTTP/1.1 200 OK > > > > how can I achieve almos the same behavior talking with radiator?. > > > > PD: I know (of course) radiator is UDP based, but I still think maybe > > there > > > is a way to talk to it. > > > > > > Thanks in advance for the help. > > > > > > > > > > > > Sergio Alejandro Gonzalez > > Director Operativo > > SkyNet de Colombia. > > Bogota, Colombia, South America. > > 57 (+1) 6 422 020 > > 57 (+3) 7 285 094 > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > --- -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
