Hi Tim,
You should use the BindAddress parameter in your radius config file to define this
(note that the AuthBy RADIUS has its own binding, as its a client).
/Ingvar
> -Original Message-
> From: Timothy G. Wells [mailto:[EMAIL PROTECTED]]
> Sent: den 30 april 2002 14:45
> To
There was a discussion on this quite recently, and Hugh's answer was to use a regex,
like /1234|1235/.
/Ingvar
> -Original Message-
> From: Muhammad Mushtaque [mailto:[EMAIL PROTECTED]]
> Sent: den 13 februari 2002 08:19
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) CLI facility on more
It's easy, you just define the two AuthBy RADIUS
Identifier Rad1
#define host
Identifier Rad2
#define host
...
AuthByPolicy ContinueAlways
AuthBy Rad1
AuthBy Rad2
/Ingvar
-Original Message-
> From: Vorbeck, Lars [mailto:[EMAIL PROTECTED]]
> Sent: den 5 dece
> Thanx :)
> God knows how long that's been there, I've only just been
> assigned this
> box...
Thought you said nothing had changed ;-)
/Ingvar
>
> Cheers,
>
> David Napier
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[
Just go ahead and use the "AcctLogFileName" option, it works.
/Ingvar
> -Original Message-
> From: Eric Castaneda [mailto:[EMAIL PROTECTED]]
> Sent: den 3 oktober 2001 14:41
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) AcctLogFileName and AuthBy LDAP2 ??
>
>
>
> We are running Rad
Hello Elias,
You probably need to supply some LDAP admin credentials for the bind, because Radiator
asks for the userpassword.
IMHO, you're better off having the LDAP server check the password, because writing the
admin name and pw in your radius cfg file is both a security problem and an up
Hello Quintin,
Isn't this defined in your LDAP schema? I.e. Radiator takes whatever case comes in and
use it in the LDAP search. Then it depends on the LDAP server if wai, WAI and Wai all
match the same entry.
Cheers
> -Original Message-
> From: Quintin Lam [mailto:[EMAIL PROTECTED]]
Hi Vadim,
It's either a Cisco or a telco issue, Radiator has no control over this.
Cheers,
Ingvar
> -Original Message-
> From: Vadim Isakov [mailto:[EMAIL PROTECTED]]
> Sent: den 5 september 2001 05:03
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) Calling-Station-Id
>
>
> Hi all,
>
>
Hi Fred,
Have you considered using ServerChecksPassword? By using that, you can remove the
admin password from the config file (and network traffic :).
/Ingvar
> -Original Message-
> From: Fred Albrecht [mailto:[EMAIL PROTECTED]]
> Sent: den 4 september 2001 16:24
> To: '[EMAIL PROTECT
Hi Julio,
We have a configuration with separate processes for authentication and accounting,
running on an Enterprise 420 box. Authentication uses iPlanet Directory 4.x, and
accounting is both to local file and to another radius server. With only
authentication, we have around 80 auths/sec, bu
When it comes to LDAP performance, that might depend on what server you use. The
iPlanet Directory caches the whole user entry, so getting one or two extra attributes
from it wont do much difference. OTOH, if you actually search the directory for a
non-indexed attribute the pereformance will dr
It is a NAS setting.
/Ingvar
-Original Message-
From: Jamie Orzechowski [mailto:[EMAIL PROTECTED]]
Sent: den 13 mars 2001 18:06
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Alive Records?
Hello ... I am noticing a bunch of "Alive" records in my details log ... is
there any way to disable
Still TBD, so that's why we have all these VSAs :-(
(All the standard attibutes are listed in RFCs 2865, 2866)
/Ingvar
-Original Message-
From: Michael Chen [mailto:[EMAIL PROTECTED]]
Sent: den 18 mars 2001 17:29
To: [EMAIL PROTECTED]
Subject: (RADIATOR) IETF specific attribute for DNS
You can take care of the accounting first in a
Then you have an unconconditional handler that picks up what's left, i.e.
authentication requests.
And while you're at it, you might consider splitting into two processes, one for
authentication (AuthPort 1812, AcctPort ) and the other for accou
I must admit that I don't see the connection, but if you want to let anyone
in:
would do it for you. If you have SQL accoutning, you could
keep it in a and then have the
in a subsequent handler.
HTH,
Ingvar
-Original Message-
From: Nathan Franklin [mailto:[EMAIL PROTECTED]]
Sent: den
Are you sure you don't get CHAP password from the NAS?
/Ingvar
-Original Message-
From: Frederic Gargula [mailto:[EMAIL PROTECTED]]
Sent: den 7 februari 2001 16:26
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Robin Gruyters; Claude Iyi Dogan
Subject: (RADIATOR) LDAP with MIMEBASE64 and M
Julio,
You might try some "-timeout N" to allow for proper sequencing, i.e. wait
for the Access-Accept before sending the accounting start.
/Ingvar
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: den 2 februari 2001 09:05
To: [EMAIL PROTECTED]
Subject: RE: (
Hello Hugh,
Wouldn't it be nice with some "generic" solution to this generic problem? I.e. handle
RADIUS primary/secondary and LDAP primary/secondary in a similar way.
Some configurable time before Radiator tries the primary server again will help the
performance problem Andy is indicating, and
It seems to me that a radius server would be one of the components in an EAP
system:
http://search.metacrawler.com/crawler?general=Extensible+Authentication+Prot
ocol
For some unknown reason, the rfc (2284) assumes that CHAP is more secure
than PAP so you must use CHAP.
/Ingvar
-Original Me
I recall someone giving a description of this several months ago => go dig
the archives ;-)
/Ingvar
-Original Message-
From: Jesús M Díaz [mailto:[EMAIL PROTECTED]]
Sent: den 1 december 2000 09:17
To: [EMAIL PROTECTED]
Subject: (RADIATOR) running radiator as non root
how can i run Radi
AFAIK you configure your NAS to use CHAP, then Radiator will understand what
to do when the CHAP-Password etc comes.
/Ingvar
-Original Message-
From: Camil Samaha [mailto:[EMAIL PROTECTED]]
Sent: den 30 november 2000 23:53
To: [EMAIL PROTECTED]
Subject: (RADIATOR) CHAP, HOWTO
This is p
Hello Camil,
You have the list at
http://www.isi.edu/in-notes/iana/assignments/enterprise-numbers
/Ingvar
-Original Message-
From: Camil Samaha [mailto:[EMAIL PROTECTED]]
Sent: den 30 november 2000 18:59
To: [EMAIL PROTECTED]
Subject: (RADIATOR) vendor codes
Does anyone know where I
Can be noisy lines somewhere, try rewriting the username.
/Ingvar
-Original Message-
From: Luis Alves [mailto:[EMAIL PROTECTED]]
Sent: den 30 november 2000 15:03
To: [EMAIL PROTECTED]
Subject: (RADIATOR) What is this? A bug, a DOS attack?
Hi,
Something strange happened with my Radia
Hello Janet,
>From what I know about DSL (about $0.02), it is the DSLAM that acts as the
NAS. I.e. you should configure the DSLAM as your radius client. Anyway, who
cares? All you need to know is the IP address and thesharedsecret of
whatever is acting radius client ;-)
/Ingvar
> -Original
Hakim,
Both Cisco and Tigris are covered by the standard "dictionary" file.
/Ingvar
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
I think the hook belongs to the Realm and Handler statements.
/Ingvar
-Original Message-
From: Lisa Goulet [mailto:[EMAIL PROTECTED]]
Sent: den 17 november 2000 16:22
To: [EMAIL PROTECTED]
Subject: (RADIATOR) PreHandlerHook
Hi all,
I've implemented a PreHandlerHook for filtering out C
Sure, you just start you config file with
AuthPort
AcctPort 1813
and you have an accounting-only server.
/Ingvar
-Original Message-
From: Blake Golliher [mailto:[EMAIL PROTECTED]]
Sent: den 3 november 2000 03:21
To: '[EMAIL PROTECTED]'
Subject: (RADIATOR) stand alone accounting server.
This is what you can do if you authenticat using some LDAP variant:
# This will check Calling-Station_id against
# LDAP attribute mobile
Identifier Check-LDAP-mobile
Host ldap.your.domain
AuthDN cn=Directory Manager
AuthPassword some_password
Mike & Hugh use to recommend the LDAPSK module you can get from ActiveState.
It should work with LDAP v.3, and you use AuthBy LDAPSDK
HTH,
/Ingvar
-Original Message-
From: Lina NAKHLE [mailto:[EMAIL PROTECTED]]
Does Radiator on Win NT work with LDAP Server-side 3 (MCIS LDAP)?
If
This is a stupid behaviour that also Cisco boxes has. In the Cisco case you can
configure it to either send an update packet when the PPP negotiations are finally
done, or delay the start packet til the same point in time.
Guess there is a similar possibility with Bay?
/Ingvar
> -Original
How to implement it depends on what user db you have, Hugh will probably give you the
full answer tomorrow. If you AuthBy LDAP, then you specify a search filter to define
what user attribute should match Calling Line ID. Flat file is also real simple and
(I'm guessing here) also SQL.
Reading t
> -Original Message-
> From: Benny Chee [mailto:[EMAIL PROTECTED]]
> Sent: den 9 oktober 2000 15:15
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) AuthBy LDAP - compare ldap attributes with regex
>
>
> hi,
>
--- snip ---
> Also, is it possible to put another ldap inside the
> sam
> From: Gildas PERROT [mailto:[EMAIL PROTECTED]]
>
> - only Insert in RADONLINE for Alive packets and not Start
> packets (I am
> using Cisco AS and IP is not present in Start but Alive packets)
>
You can also configure the Cisco box to delay the accounting start until it
has finished the clien
To me this sounds like a warning message from the Ericsson Tigris, meaning that any
more users recieve a busy signal when they try to connect. Time to expand the Tigris
with more HW :)
The Radiator license is not based on number of users.
/Ingvar
-Original Message-
From: Hakim [mailto
What is the best way to write a Handler for requests containing a particular
attribute, regardless of its value?
Like
Any suggestions?
/Ingvar
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radi
Why not upgrade _all_ files, and save yourself a ton of problems. Otherwise, the next
file you need to upgrade/add is util.pm.
:-)
Ingvar
> -Original Message-
> From: Tu Nguyen [mailto:[EMAIL PROTECTED]]
> Sent: den 29 augusti 2000 00:47
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) he
How would you handle routing with a common IP pool across several NASs?
/Ingvar
> -Original Message-
> From: FlintHillsTechnical Support [mailto:[EMAIL PROTECTED]]
> Sent: den 19 augusti 2000 02:48
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) assigning ip addresses from a common pool
>
Are you running the AuthBy RADIUS synchronous, i.e. not forking? I think the default
is async.
Cheers
Ingvar
> -Original Message-
> From: Orcon Network Coordinator, Mark Mackay
> [mailto:[EMAIL PROTECTED]]
> Sent: den 11 augusti 2000 07:46
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR)
g busy hour...
/Ingvar
> -Original Message-
> From: Antonio Coloma [mailto:[EMAIL PROTECTED]]
> Sent: den 28 juli 2000 09:16
> To: Ingvar Berg (ERA)
> Subject: Re: (RADIATOR) Radiator under Sun Cluster 2.2
>
>
>
> Hi Ingvar,
>
> We have runni
Radiator itself doesn't need SunCluster. If you want to combine several servers you
can use Alteon Webswitches to do load balancing and also acheive high availability.
/Ingvar
> -Original Message-
> From: Stefanita Vilcu [mailto:[EMAIL PROTECTED]]
> Sent: den 25 juli 2000 11:44
> To: [E
>
> BTW - SQL databases are *much* better for managing user populations.
>
And the next quantum leap in this particular area is called Directory, with an LDAP
interface.
:-)
Ingvar
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EM
> -Original Message-
> From: Charles Sprickman [mailto:[EMAIL PROTECTED]]
>
SNIP -
>
> What I'd like to see is an option in the password logging to only log
> failed attempts showing the username, time, and the password the
> user entered. This would be a wonderful tool to give
I checked around a bit...
> -Original Message-
>
> I have spoken to the ACC support team.
> They had another customer trying to do this using Radiator.
> This customer also had problems.
> The fix was to upgrade Radiator to the latest level of code
> and all works well now.
> Tigris co
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
>
> Hello David -
>
> On Wed, 21 Jun 2000, David Rigby wrote:
> > Hi
> >
> > We've been using Radiator for a while in conjunction with
> ACC/Ericsson
> > Tigris RAS devices for some time, allocating the IP address from the
> > Tigris. However, I h
Hugh,
There is actually a typo in the manual: the -h printout example does not show
bind_address ;-)
/Ingvar
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: den 20 juni 2000 01:52
> To: Kai Schlichting; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) problems /w
How about an Authby BLACKLIST, rejecting the request if there is a match between
Calling-Station-ID and a number in the list? It seems to be a broad interest in this
functionality.
/Ingvar
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 15, 2000 1:08
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: den 2 maj 2000 07:45
> To: Danny Whitesel; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Accounting database retry agressiveness...
>
>
>
>
> Radiator opens a connection to the SQL server and keeps it
> open fo
> -Original Message-
> From: tom minchin [mailto:[EMAIL PROTECTED]]
> Sent: den 28 april 2000 05:16
> To: Mark Jenks
> Cc: '[EMAIL PROTECTED]'
> Subject: Re: (RADIATOR) Prepaid services
>
>
> On Fri, Apr 28, 2000 at 09:23:41AM +1200, Mark Jenks wrote:
> > I have radiator working for pre
I had a similar problem, that was "cured" by HoldServerConnection in the AuthBy clause.
But I think that was just fixing the symptom, not the root problem.
/Ingvar
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: den 11 april 2000 09:59
> To: Taufik Kurniawan;
1. Use the date as part of the file name (Y/M or Y/M/D depending on your needs).
2. cron gzip the old files
3. ftp the really old files to archie
/Ingvar
> -Original Message-
> From: kailash [mailto:[EMAIL PROTECTED]]
> Sent: den 7 april 2000 00:51
> To: radiator
> Subject: (RADIATOR) Ho
I assume that 24 is for a T1 line, so with E1 lines it would be 30?
/Ingvar
> -Original Message-
> From: Mike McCauley [mailto:[EMAIL PROTECTED]]
> Sent: den 29 mars 2000 03:27
> To: Aaron Nabil; Stephen Roderick
> Cc: [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) TotalControlSNMP
>
>
> H
>
> > I've read in the docu that CHAP will not work when using
> > encrypted passwords (which is what I have in LDAP)
>
> That's correct, you'll have to un-encrypt the passwords
> in LDAP or use PAP. If you require encrypted passwords in
> LDAP, you should disable CHAP on the Cisco.
>
The reall
Umar,
The file dictionary.acc contains some ACC Tigris specific attributes. However, I don't
think that is your problem; it should be enough to turn on accounting from the Tigris,
as Radiator uses the standard attributes in the Stop packets for session termination.
/Ingvar
> -Original Mes
I think you're saying that those users should have Called-Station-Id as a check item...
/Ingvar
> -Original Message-
> From: Chris M [mailto:[EMAIL PROTECTED]]
> Sent: den 29 oktober 1999 15:06
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) How to limit users by NAS
>
>
> Maybe this is o
Hello Josafat
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: den 12 oktober 1999 08:06
> To: Josafat Timotius
> Cc: [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Remote Annex 6300
>
>
>
> Hello Josafat -
>
> On Tue, 12 Oct 1999, Josafat Timotius wrote:
> >
Sounds like a real nice feature.
While waiting, there is a workaround for some cases, and that is to AuthBy RADIUS for
the experimental stuff, and then run a second server with the settings you need for
development.
/Ingvar
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
>
> On Tue, 31 Aug 1999, Robert Mann wrote:
> > This is the last portion of my config file. The result I
> am looking for is
> > as follows.
> >
> > We want to authenticate until we have an accept. We have
> two ISP'
One way of handling this would be to keep the various vendor attributes in separate
files, and the standard attributes in another. Then, to make it work in a particular
installation you just "cat std usr cisco acc > mydictionary" to cover the nas types in
the network.
/Ingvar
===
Archive at h
There was aproblem to unpack when you had used a particular browser (NS or MS, can't
remember), so I used wget to download.
/Ingvar
> -Original Message-
> From: Peter van Loenhout [mailto:[EMAIL PROTECTED]]
> Sent: den 30 augusti 1999 11:15
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) U
In rfc2138 (5.33) it is defined as Proxy-State, and can contain just about anything :-)
/Ingvar
> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: den 27 augusti 1999 04:30
> To: John Coy; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) messages in my logfile
>
>
>
I think this is what you will get with AuthByTEST
/Ingvar
> -Original Message-
> From: Greg Kornatowsky [mailto:[EMAIL PROTECTED]]
>
> We want to setup radiator so that all users get authenticated
> regrdless of
> what password or username they enter. We also want to accounting. So
>
> -Original Message-
> From: Bill [mailto:[EMAIL PROTECTED]]
>
> Is there a way to log these failed auth attempts? It'd be nice to
> also have the option of logging what was entered as the password
> for failed auths. (only for failed auths, not for successfull
> auths too).
>
There i
It is probably easier to get a fix that allows your POP/IMAP server to authenticate
from an LDAP directory. And Radiator works fine with LDAP.
Regards,
Ingvar
> -Original Message-
> From: Paul Black [mailto:[EMAIL PROTECTED]]
> Sent: den 3 augusti 1999 12:52
> To: [EMAIL PROTECTED]
> Su
Maybe there is some nice filter plug-in for the mail-list sw? There SHOULD be...
/Ingvar
> May I please just take a moment to ask folks to please *not* post to
> this list in HTML?
>
> use standard-no-html.pl
>
> A lot of us using Radiator don't read email via HTML-enabled mail
> clients...
=
Hi Mike,
Well, credit for reporting the problem goes to Joost, I just added another wish to the
list...
/Ingvar
> -Original Message-
> From: Mike McCauley [mailto:[EMAIL PROTECTED]]
> Sent: den 13 juli 1999 01:28
> To: Ingvar Berg (ERA); [EMAIL PROTECTED]
> Subject
> -Original Message-
> From: Requiem Aurelien (Ext/NTC)
> [mailto:[EMAIL PROTECTED]]
> Sent: den 7 juli 1999 11:19
> To: '[EMAIL PROTECTED]'
> Subject: (RADIATOR) Best Nas
>
>
> Hello
>
> I would like to know the best Nas ( Price/Quality/Features)
> This is for testing a Wap Isp platef
Are you really using (crypt) with Netscape Directory server? Because if you
use SHA, you don't need to use Encrypted-password as Radiator understands
the {SHA} signature (once you've installed SHA support in Perl :-). Well,
maybe it is the same with {crypt}, just use PasswortAttr and let Radiator
Have you tried with some invalid attribute values for those users? Like Service-Typ
"Mail" or an IP address that just sends them to the bit bucket?
mvh,
Ingvar
-Original Message-
From: Martin Oelgemoeller [mailto:[EMAIL PROTECTED]]
Sent: den 3 juni 1999 11:32
To: [EMAIL PROTECTED]
Subj
...so I stripped off the s and tared it for you, see attachment.
/Ingvar
authldapsdk.tar
Btw...
Any progress on using the method that Netscape suggests (anonymous search for uid,
then access as uid with pw)?
;-)
Ingvar
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-
> From: Mike McCauley [mailto:[EMAIL PROTECTED]]
> Sent: den 18 maj 1999 15:25
> To: Richard Hawley; Ingvar Berg (ERA); [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Wanted: all-patches.tar.gz
>
>
> A fine suggestion.
>
> There is now a patches-2.13.1.tar.gz in the pat
Wouldn't it be nice to have all the patches in a single file and the correct directory
structure.
Yes, I know I'm lazy :-)
Ingvar
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
For a situation like this, you'd like to have a handler that monitors the
activities from this phone number, and alerts the attacked users asking them
to change their passwords (or tell them that you've changed the pw :). And
of course reject the call, so this guy tries the next username in the
li
Hi,
I just moved from testing with flat user file to LDAP with SHA-1 hashed
passwords. And gets stuck without a clue...
Can anyone see the reason for not accepting the password?
/Ingvar
radius.cfg
logfile
Your directory must have a conversion for the vendor code as well as the
attribute.
/Ingvar
-Original Message-
From: David Rosewarne [mailto:[EMAIL PROTECTED]]
Sent: den 7 mars 1999 17:27
To: [EMAIL PROTECTED]
Subject: (RADIATOR) Dictionary Problem
HI,
I have finally got my 3Com radius
>
> Cisco's are very picky about the attributes they receive in
> an Access-Accept -
> They *require* that the Service-Type in the reply match the
> Service-Type in the
> request. In the debug output we can see that the Service-Type
> = Framed-User
> arrives in the Access-Request, but the repl
76 matches
Mail list logo
