[RADIATOR] Perl expressions

2013-10-21 Thread Michael Hulko 
Sorry for the noob type question...but is it possible to evaluate a perl 
expression WITHOUT wrapping the perl code in a Hook?

such as for example:


Identifier 
Authby NTLM
PostAuthHook file:"%D/xxx.hook"
AddToReply User-Vlan = $vlan = 620+int(rand(9));


Thanks


Michael Hulko
Network Analyst

Western University Canada
Network Operations Centre
Information Technology Services
1393 Western Road, SSB 3300CC
London, Ontario  N6G 1G9

tel: 519-661-2111 x81390
e-mail: mihu...@uwo.ca 





___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Perl expressions

2013-10-21 Thread Heikki Vatiainen 
On 10/21/2013 06:44 PM, Michael Hulko wrote:
> Sorry for the noob type question...but is it possible to evaluate a perl
> expression WITHOUT wrapping the perl code in a Hook?

Hello Michael,

I do not there is support for evaluate.

> such as for example:
> 
> 
> Identifier 
> Authby NTLM
> PostAuthHook file:"%D/xxx.hook"
> AddToReply User-Vlan = $vlan = 620+int(rand(9));
> 

For this particular example, I would calculate $vlan with PostAuthHook,
add it to $p (request) as e.g. X-rand-vlan and then do something like:
AddToReply User-Vlan=%{X-rand-vlan}

That would still give some hint that User-Vlan value is something special.

Thanks,
Heikki

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Howto investigate a "dropped connection" problem with Radiator and Postgres on a local connection?

2013-10-21 Thread Heikki Vatiainen 
On 10/18/2013 04:15 PM, Eike Lohmann wrote:

> we have a problem between radiator 4.9 and postgresql 9.1 on many
> machines and have had this problem with Radiator 4.7, 4.8 and
> postgressql 8.3, 8.4.
> The Problem occurs from 100k Session at a rate of less ~1% while an
> update or insert statement from Radiator, the connection is local!

Hello Eike,

I'd think this is not a SSL problem since you see it with non-SSL
connections too. Also, since you are using a local connection, the
networking problems should not be the cause.

Do you use fork? Please see this link to Pg module documentation which
mentions the error message you see:
http://search.cpan.org/~turnstep/DBD-Pg/Pg.pm#InactiveDestroy_%28boolean%29

Do you for example, fork for some slow AuthBys?

The postgresql log entry you have quoted below might be from the retry
Radiator does. If execute fails, it will retry and the PostgreSQL log
entry might be from the retry, not from the failed initial execute.

Retrying execute should also mean that even if you do get the error, the
query will succeed with the retry.

Thanks,
Heikki

> Logfile Radiator with SSL:
> "Wed Feb 22 09:43:45 2012: ERR: Execute failed for 'select
> d.DEVICELOGINPASSWORD, d.DEVICEIP from device d where d.DEVICELOGINNAME
> = 'xy' and d.DEVICEENABLED = 'Y'': SSL-Error: sslv3 alert bad record mac"
> 
> Logfile Postgres with SSL:
> 2012-02-22 09:37:09 CET LOG: 08P01: SSL-Fehler: decryption failed or bad
> record mac
> 2012-02-22 09:37:09 CET ORT: secure_read, be-secure.c:277
> 2012-02-22 09:37:09 CET LOG: 08006: konnte Daten vom Client nicht
> empfangen: Die Verbindung wurde vom Kommunikationspartner
> zurückgesetzt(no data from client, connection was reset)
> 2012-02-22 09:37:09 CET ORT: pq_recvbuf, pqcomm.c:769
> 2012-02-22 09:37:09 CET LOG: 08P01: unerwartetes EOF auf
> Client-Verbindung(unexpected EOF from client)
> 2012-02-22 09:37:09 CET ORT: SocketBackend, postgres.c:332
> 
> 
> After debugging this problem we changed the connection method from IP to
> Socket without ssl and get the same problem but now without a ssl error
> message.
> Logfile Radiator Soket:
> "Wed Feb 22 11:24:46 2012: ERR:|server closed the connection
> unexpectedly This probably means the server terminated abnormally before
> orwhileprocessing the request.|"
> 
> Logfile Postgres Soket:
> 2012-02-22 11:24:46 CET LOG: 0: Verbindung empfangen:
> Host=[local](incomming connection)
> 2012-02-22 11:24:46 CET ORT: BackendInitialize, postmaster.c:3279
> 2012-02-22 11:24:46 CET LOG: 0: Verbindung authorisiert:
> Benutzer=radius Datenbank=radius (connection authorized)
> 2012-02-22 11:24:46 CET ORT: BackendInitialize, postmaster.c:3357
> 2012-02-22 11:24:46 CET LOG: 0: Dauer: 2.930 ms (duration)
> 
> Sorry for the old and german logentries, but maybe you have some ideas
> how to investigate this problem with more details.
> 
> Thanks, Eike
> 
> 
> 
> 
> 
> 
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Cisco NX-OS TACACS+ problems

2013-10-21 Thread Heikki Vatiainen 
On 10/18/2013 03:04 PM, Caporossi, Steve G. wrote:
> I have the host entries defined on the Nexus gear.
> ip host radserver1.musc.edu 
> ip host radserver2.musc.edu 
> ip host radserver3.musc.edu 
>  
> RADIUS servers *are* defined by IP address however the Nexus gears tries to 
> resolve the hostname(s) 

Hmm, just to clarify, you have configured hostname mappings for RADIUS
servers (ip host ...) as above, but do you mean you are using IP
addresses or names with 'radius-server host ...'?

What I'm thinking is that is it known that radius server name lookup
uses the static name to ip definitions? The cisco docs do not say if all
name lookups use the local definitions.

I do not if it does or not, since I have usually seen and used 'no ip
domain-lookup' when working with IOS. I guess this is not an option at
this point? Maybe in a lab?

Thanks,
Heikki

-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Cisco NX-OS TACACS+ problems

2013-10-21 Thread Caporossi, Steve G. 


Steve
843.876.5083
Sent from my mobile device please excuse brevity and grammar.

> On Oct 21, 2013, at 3:43 PM, "Heikki Vatiainen"  wrote:
> 
>> On 10/18/2013 03:04 PM, Caporossi, Steve G. wrote:
>> I have the host entries defined on the Nexus gear.
>> ip host radserver1.musc.edu 
>> ip host radserver2.musc.edu 
>> ip host radserver3.musc.edu 
>> 
>> RADIUS servers *are* defined by IP address however the Nexus gears tries to 
>> resolve the hostname(s)
> 
> Hmm, just to clarify, you have configured hostname mappings for RADIUS
> servers (ip host ...) as above, but do you mean you are using IP
> addresses or names with 'radius-server host ...'?

Correct

IP addresses with radius-server host 

> What I'm thinking is that is it known that radius server name lookup
> uses the static name to ip definitions?

No 
> The cisco docs do not say if all
> name lookups use the local definitions.
> 
> I do not if it does or not, since I have usually seen and used 'no ip
> domain-lookup' when working with IOS. I guess this is not an option at
> this point? Maybe in a lab?
> 

I will disable domain-lookup and see if that resolves the issue

> Thanks,
> Heikki
> 
> -- 
> Heikki Vatiainen 
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator