the second AuthBy is not called.
You could set AuthByPolicy ContinueAlways in the Handler to always execute all
of the AuthBy clauses.
[cid:A5561F0C-29ED-4FB5-B132-7DDD0D907642]
Frank Danielson | Chief Technology Officer
•
fdaniel...@csky.com
On Jul 6, 2016, at 6:45 AM, Marco Marino
Hi Jim-
Have you tried FarmSize instead of Fork?
-Frank
On May 3, 2013, at 7:34 AM, Jim Tyrrell wrote:
> OK, I increased the timeout of the AuthBy RADIUS to 20 seconds and had
> to add 'UseExtendedIds', which just delays the issue occuring.
>
> It looks like the issue is with the MySQL serve
Hi Brendan-
You should look at using an AuthLog to log authorization attempts.
Identifier logfailure
Filename %L/auth.default.%d%m%Y.log
LogSuccess 0
LogFailure 1
FailureFormat %1:%U:%{Calling-Station-Id}:FAIL
SuccessFormat %1:%U:%{Calling-Station-Id}:OK
...
...
...
AuthLog logfailur
least as large as that
number, is that correct?
Frank Danielson
ClearSky Mobile Media, Inc. | fdaniel...@csky.com<mailto:fdaniel...@csky.com>
A human being should be able to change a diaper, plan an invasion, butcher a
hog, conn a ship, design a building, write a sonnet, balance accounts,
How about using-
kill '1',$$
or if you are in a hurry-
kill '9',$$
Using kill 1 should allow Radiator to execute any shutdown hooks you have
and otherwise exit normally.
-Frank
-Original Message-
From: Jerome Fleury [mailto:[EMAIL PROTECTED]
Sent: Monday, January 05, 2004 12:16 PM
To:
:[EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 4:05 PM
To: Frank Danielson
Subject: Re: (RADIATOR) Radiator ignoring some clients
I have attached my radius.cfg file. Currently, I don't have the ability
to capture a snoop showing the problem. Basically, here's what I saw
during
It's hard to say from the info you have provided. How about providing the
config file, a level 4 trace, and doing a snoop -o to capture some of this
unanswered traffic to a file and send that as well?
-Original Message-
From: Jason Signalness [mailto:[EMAIL PROTECTED]
Sent: Wednesday, Dec
Rodrigo-
If I understand you correctly, you are concerned that someone may insert
some characters or even SQL statements into the password in order to launch
some sort of attack against your database. I think the root of your issue is
the fact that you want to include the password in the queries,
It's really not that hard. You run a number of Radiator instances, with each
one having it's own connection to the LDAP, SQL, or whatever backend. Then
you front end those with an instance or two of Radiator running AuthBy
ROUNDROBIN or AuthBy LOADBALANCE to distribute the requests among them.
You
-Id=1234556 Class=someclass Acct-Session-Time=X
Where X is the amount of time elapsed for the session so far. You will most
likely need to use a different set of attributes depending on what you are
trying to test.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
Clear
$value = Radius::AttrVal::pclean($r->[1]);\
${$_[0]}->add_attr('SIP-Request',$value) if ($value
=~ /REGISTER|INVITE/);\
}\
}}
Obviously I have not tested this so proceed at your own risk.
Frank Danielson
[Infrastru
Just a guess from the last time I looked into AuthBy ROUNDROBIN but I
believe the CachePasswords directive is specific to a host if it works at
all. Try this and see if it works:
UsernameCharset [EMAIL PROTECTED]
RewriteUsername tr/A-Z/a-z/
RewriteUsername
DefaultRealm 111.222.333.555
Other client config
DefaultRealm is documented in Section 6.5.2 of my Radiator 2.19 manual and
is used to add a realm to incoming requests that do not have a realm
specified.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax
The only catch is that AuthBy SQL will open a connection to the database
when it starts up and keep that connection up unless there is a problem with
it so your round robin DNS will not do much. AuthBY SQL supports declaring a
database to use as a backup which may be a better scheme for reliability
ready taken care of
by
the routines in SqlDb.pm. As a relatively simple example of some SQL code
that
uses these routines, have a look at Radius/SessSQL.pm.
....
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
Igor-
It sounds like you are using the Oracle database for storing accounting data
only. If that is the case how about runnning an instance of Radiator on each
box for authentication and another instance of Radiator for accounting? That
way authentication should not be affected by database problem
Hi Julio-
It has been my experience that an ORA-01002 error happens when the results
of the query are no longer available, usually due to memory or TEMP space
limitations on the database server. Have a look in yor Oracle server's error
log when this happens and you should see one or more additiona
Hugh-
I can't speak for Angus but it makes sense that if you are passing
authentication reqests to an external system using AuthBy URL that you may
want to pass accounting requests to that same system.
It's something that we have looked at since we have a lot of internal talent
in developing java
is dropped.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
-Original Message-
From: Brian CHNG Sing Yong [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2003 9:07 PM
To: [EM
Hi ronnie-
How about a copy of your config file and a trace 4 debug of an authentiction
happening? This would help the people on the list see what is happening and
offer some advice.
-Original Message-
From: ronnie nyaruwabvu [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 11:16 A
You could use a PreHandlerHook in your Client clause like this->
Secret somesecret
PreHandlerHook sub
{${$_[0]}->change_attr('NAS-IP-Address','YYY.YYY.YYY.YYY');}
This may cause unintended consequences with your downstream RADIUS servers
since all requests will now appear to be
d the load and improve response time.
Why not post your config file with a more detailed explanation of what you
are trying to accomplish? A number of folks on the list are authenticating
with LDAP/SQL combinations. You can also search the mailing list archives
for examples of what others have do
->delete_attr('Framed-IP-Address'); }
LocalAddress XX.XX.XX.XXX
Then you should be able to use ContinueWhileAccept without a problem.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, F
Try a PreHandlerHook, it's in section 6.5.11 of my radiator manual. Also
look in goodies/hooks.txt for more information on writing hooks.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 3280
x27;Auth','Yes');\
} else {\
${$_[0]}->add_attr('Auth','No');\
}}
LDAP config
Def
0);\
}\
}
If you examine your data you will probably find a similar pattern that you
can detect.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
301 E. Pine St. Suite 400
Orlando, FL 32801
US
Hi-
Could you tell us what you mean by vouchers? If you mean some sort of
prepaid account the topic has been discussed many times on the mailing list
archives and an there is an example prepaid.cfg in the goodies directory
that should get you on the right track.
-Frank
-Original Message
Yes. You shut put your most detailed match first and work down to more
generic ones.
-Original Message-
From: Tom Swenson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 04, 2003 12:14 PM
To: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Auth only on same realm
Just so I understand correc
counting
Identifier acct1
Identifier acct2
Identifier acct3
# Handlers
AuthBy acct1
AuthBy acct2
AuthBy acct3
AuthByPolicy ContinueUntilAccept
AuthBy auth1
AuthBy auth2
AuthBy auth3
Frank Danielson
[Infrastructure Architect]
wireless: 407.4
eptAuthBy
auth1 AuthBy auth2 AuthBy
auth3
Frank Danielson
[Infrastructure
Architect]
wireless:
407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St.
Suite 450
Orlando, Fl
32801
http://www.dataonair.com
-Original Message-From: Oscar L. Garzón
[mailto:[EMAIL P
Hi-
As Hugh has said in the past, please send a trace 4 debug showing what's
happening during an acess-request so we can see what the problem is.
-Original Message-
From: Denis Beauchemin [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 16, 2003 12:02 PM
To: Radiator
Subject: (RADIATOR)
(http://www.ethereal.com)
or something similar that would decode the RADIUS packets for you.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com
-Original Message-
From: Marcel
The Cisco PIX firewall has the option to do RADIUS authentication before
allowing a TCP session to set up for a certain protocol. For example, if you
wanted to control who was able to Telnet into your network through the
firewall you could configure the PIX to check with your RADIUS server to see
i
that looks like this-
ATTRIBUTE Ascend-Session-svr-Key 151 string
Just stick it in with the other attributes and restart radiator to make it
take effect.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St
7;abracadabra');
For your purposes you may be able to use just changeUserName()
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com
-Original Message-
From: Bog
You can call your AuthBy SQL from a ReplyHook making the whole thing easier
than you might think. Examples are in goodies/hooks.txt.
-Original Message-
From: [EMAIL PROTECTED] [mailto:alexander.deboer@;kpn.com]
Sent: Wednesday, October 23, 2002 11:59 AM
To: [EMAIL PROTECTED]
Subject: (RADI
http://jradius-client.sourceforge.net/
>= Original Message From MURUGAN V V <[EMAIL PROTECTED]> =
>hi,
>
>anybody knows about any Java API for implementing a Radius Client.
>
>any body is using Radiator in Japan.
>
>Regards,
>Murugan
>===
>Archive at http://www.open.com.au/archives/radiat
ttp://www.open.com.au/archives/radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
Frank Danielson
[Infrastructure Architect]
wireless:407.467.7832
fax:407.515.9001
Data On Air
Why not use an AddToReply in your Client clause for this NAS? See section
6.5.18 in the manual.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 10:26 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) users database format
Hello,
I have
Yes, it's quite handy.
-Original Message-
From: Listuser [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 30, 2002 8:54 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Client Statements
Hey Folks,
Just wondering if it is possible to have multiple Client statments with the
same Identifier
I don't think there is a way to tell inside of Radiator. You can run
multiple instances of Radiator with each one bound to a different address
using the BindAddress config parameter. This will also give you the
advantage of being able to handle more traffic since you will have multiple
threads run
check item.
AuthBy RADIUS is also well documented in the manual and has been discussed
in length on the mailing list.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com
-Ori
According to the IANA website
http://www.iana.org/assignments/enterprise-numbers, 2937 is the enterprise
number for Deutsche Telekom AG. Maybe you could ask whoever is proxying
those requests to you to send you a copy of thier dictionary?
Frank Danielson
[Infrastructure Architect]
wireless
A
simple way around it would be to use a handler that accepts the
Interim-Accounting requests and then another Handler to proxy the rest. We are
using this on a production system for similar purposes.
DefaultResult
ACCEPT
AuthBy Stuff
-Original Message-From: Steve
Title: Cisco, non-unique NAS-Ports, clobbering Online DB
How about handling it with a preclient
hook in the client clause to strip the number you want out of the
Cisco-NAS-Port attribute and stuff it into the NAS-Port
attribute.
-Original Message-From: Dave Kitabjian
[mailto:[EM
You could use identifiers in your client clauses like so-
Identifier noip
Identifier send254
Identifier noip
Identifier send254
Do auth and send no Framed-IP-Address
Do auth and send 255.255.255.254
-Original Message-
From: chris [mailto:[
Rolando-
Your best source will be the Radiator mailing list archive at Open System's
web site. Just search for 'Emerald' or 'Platypus' and you should find
everything you are looking for. There is also some information on
interfacing to these systems in the Radiator docs which are available from
t
You could use the built in MySQL function FROM_UNIXTIME() in your INSERT
statement to convert from a unix timestamp to the datetime format.
-Original Message-
From: Viraj Alankar [mailto:[EMAIL PROTECTED]]
Sent: Monday, June 03, 2002 1:57 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) AcctC
AuthLog SQL records access-requests to a database.
AuthBy SQL w /an empty AuthSelect records accounting-requests to a database.
-Frank
-Original Message-
From: radiator [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 14, 2002 12:06 AM
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) AuthBy SQL
AuthBy SQLRADIUS proxies requests to other RADIUS servers and doesn't do any
accounting explicitly. When the docs say it understands the parameters of
AuthBy SQL they are referring to the parameters that define the connectivity
to the database. If yout want to do accounting you can add an AuthB
Prxy2 listen, but the AAA's will not pick these requests
>up. There are no logs in AAA1, or AAA2 of this request even getting to
>them All four servers are at 2.19. The only thing I can think of, is
>Dictionary. I use a pure Ascend2 dictionary on the Prxy's, and a
>c
Instead of using fork and synchronous you should probably look into doing
the AuthBy DYNADDRESS in a PostReplyHook which gets run after a reply from
your remote radius server. There are some examples of performing an AuthBy
in a hook in the goodies/hooks.txt file in the distribution.
-Origina
If I understand section 13.1.6 of the manual correctly you could add a check
item of Auth-Type = Reject for the users in the DBFILE or if all of the users
in that database are to be rejected, just put the check item for the DEFAULT
user.
>= Original Message From "Jon Snyder" <[EMAIL PROTEC
DefaultResult REJECT
AcctLogFileName /var/log/radacct/detail
Just put this before your other handlers so it will match first, see Section
6.16 in the manual for more info.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E
50AuthPort
16451AcctPort 16451AuthPort 16452AcctPort
16452AuthPort
16453AcctPort 16453
Frank Danielson
[Infrastructure
Architect]
wireless:
407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St.
Suite 450
Orlando, Fl
32801
http://www.dataonair.com
Hugh-
For general education purposes could you elaborate on Radiator clearing
entries for a NAS if it sees a NAS restart? I'm not sure how Radiator would
detect that event and if some certain Client config is needed support this.
Thanks.
-Original Message-
From: Hugh Irvine [mailto:[EMA
t;> NewUser:987654321
>>
>> Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler Called-Station-Id=777
>> should be used to handle this request
>> Fri Feb 22 13:15:25 2002: DEBUG: Handling request with Handler
>> 'Called-Station-Id=777'
>> Fri Feb 22 13:15:25 2002
-Id=777'Fri Feb 22 13:15:25
2002: DEBUG: SDB1 Deleting session for qnc, 203.63.154.1, 1234Fri Feb 22
13:15:25 2002: DEBUG: Handling with AuthINTERNAL:Fri Feb 22 13:15:25 2002:
DEBUG: Access accepted for qncFri Feb 22 13:15:25 2002: DEBUG: Packet
dump:*** Sending to 10.1.10.6 port 1818
.
radwho.cgi for the session
database.
Frank Danielson
[Infrastructure
Architect]
wireless:
407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St.
Suite 450
Orlando, Fl
32801
http://www.dataonair.com
-Original Message-From: Barry Andersson
[mailto:[EMAIL
system and accepts requests from Radiator via
hooks or AuthBy EXTERNAL. My concern is the overhead introduced by this and I'm
hoping that I can do something like create a socket in a startup hook and pass
it to a preauth hook later on.
Frank Danielson
[Infrastructure
Architect]
wir
It looks like radpwtst is sending the default NAS-Port of 1234 for each
request. Since radiator sees the second call coming in on the same physical
port it assumes that the first session had to have ended. Change the
NAS-Port in the second test using the -nas_port parameter of radpwtst so it
looks
You could proabably use the Class attribute for this in your AUTH reply. The
NAS should send the Class attribute back in any accounting requests.
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
62 matches
Mail list logo
