For a given realm, I need to proxy the RADIUS requests off to a remote
server not on our network. So will do that.
But what I'd like to do is store the accounting records in a SQL database on
the local RADIUS server, not just blindly forward them off.
So would nesting AuthBy SQL clauses inside
I was having trouble getting Framed-IP-Address to update in the Session
database and couldn't figure out why. I got the following response from
Cisco and thought I'd post it in case it helps anyone else.
Chris
-
I see that you are having difficulty with the aaa accounting on PPP
connections.
How would you enforce IP addresses assigned via Proxy?
In other words, if I proxy someone's realm over to their RADIUS server
(which is some other brand of radius software) and trust them to assign the
right subnet, that's *OK* but not great. Is there a way to enforce or limit
addresses that are
>From what I have seen with my own (meager) experiments with Perl threading,
it appears to behave radically different on different OSes, presumably
because every OS treats threading differently.
This may be the reason for the non-production-quality aspect.
Chris
> From: Hugh Irvine <[EMAIL PROT
Helo Emad:
Check the logs (turn on tracing message with Trace 4)
Read the manual
Read the archives for similar configs
Check out the goodies/ directory for sample configs
There has to be a lot more detail here and evidence that you've RTFM'ed
before anyone will be much help. If someone is in
At 09:01 PM 3/18/2002 -0500, you wrote:
>On Mon, 18 Mar 2002, Hugh Irvine wrote:
>
> > > Does anyone know of a way to get Radiator to respond back on the IP
> > > something came in on on a multihomed host, without apparently running a
> > > separate copy of radiator bound to each IP address? Or am
I have been reading the manual and of course working with Radiator for
awhile. I've been pretty happy with my config for the most part and
haven't had the urge to change much. I guess now I have the urge.
What I'd like to do is create two instances of Radiator, one that monitors
the accounti
I am trying to figure out how to create my own database entries so I can
create some custom columns (in a table analogous to SUBSCRIBERS in
Radiator) so I can add special authentication features.
I am a little confused by how I would go about adding columns to the
SUBSCRIBERS table (or whateve
I've started seeing this too, extremely intermittently (though not from
Qwest). I'd be interested in knowing how people "clean" RADIUS accounting
logs to remove stuff like this to avoid coloring results. Sure, we'd want
to find and fix the problem if possible as to why those are getting in
t
I'm trying to do something in my config file to intercept people that are
dialing a certain number, and rejecting their authentication attempts
completely.
I have a multi-realm config, but I'm using CalledStationId.pm like this in
one of the realms as a test:
# Log accounting fo
I keep getting this error message:
Attribute number 151 is not defined in your dictionary
But it does appear to be in the dictionary file:
# grep 151 dic*
dictionary:VALUE Ascend-Disconnect-Cause localAdmin
151
Any ideas what I should be looking for to find this issue?
Are there any tools that take the text detail files and import them into MySQL?
Chris
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
>Hiya All,
>
> IS it common for radiator to develop a plethora of zombiefied child
>processes?
>
> They seem to develop after someone tries to authenticate with
>a unusually
>long login string.
>
> Regards,
>
> Pete.
I've got this happening on two different machi
Anyone want to share their MySQL accounting database table
structure/file and a snippet of the .cfg file for accounting? I'm
going to see if I can get this to work today :) I'd like to learn
from what others have done, though the example is pretty good.
Thanks,
Chris
===
Archive at http://ww
>Hi All,
>
> We are using Radiator 2.14.1 with the iPass perl module 1.5 or 1.3.
>
> A lot of zombie children started appearing after we installed the iPass
>suite and started using it.
>
> Before I send the configs, are there any known problems relating to
>zombie children for t
Any idea why these messages appear in the log file?
Mon Jan 24 00:00:07 2000: DEBUG: SNMPAgent: received request 129, 64, public
Mon Jan 24 00:00:07 2000: WARNING: SNMPAgent: wrong community: public. Ignored
Happens a couple times a day. We're not SNMP querying anything yet.
Chris
===
Archive
Return-Path: <[EMAIL PROTECTED]>
Received: from oscar.open.com.au (oscar.open.com.au [203.63.154.1])
by tiberius (8.9.3/8.9.3) with SMTP id LAA16224
for <[EMAIL PROTECTED]>; Sat, 8 Jan 2000 11:03:35 -0500 (EST)
Received: (from majordom@localhost) by oscar.open.com.au (8.6.12/8.6.12) id CAA00374
Return-Path: <[EMAIL PROTECTED]>
Received: from perki.connect.com.au (perki.connect.com.au [192.189.54.5])
by tiberius.accn.org (8.9.3/8.9.3) with ESMTP id WAA17609
for <[EMAIL PROTECTED]>; Sun, 9 Jan 2000 22:38:51 -0500 (EST)
Received: from oscar.open.com.au (oscar.open.com.au [203.63.154.1]) b
>
>
>Try this:
>
> RewriteUsername s/\s//g
>
>In other words, "substitute (s) whitespace (/\s/) to nothing (//) everywhere
>(g - globally) in the line.
>
>To find out how to do it in Perl, I suggest the Llama book (Learning Perl from
>O'Reilly & Associates - www.ora.com).
>
>hth
>
>Hugh
Hu
>Hello Jason -
>
>On Tue, 21 Mar 2000, Jason Godsey wrote:
> > Hello again,
> >
> > I've discovered I'm quite lazy and am looking for a simple way to setup
> > SQL tables for all the records I want out of the detail file.
> >
> > Are there any utils to parse a detail file and generate a
I'm implementing SQL accounting, here are my (stupid!) questions.
1. Is a "NULL string" for AuthSelect this:
AuthSelect
or this?:
AuthSelect ""
2. Also, why bother storing these in SQL accounting tables:
# AcctColumnDef NASIDENTIFIER,NAS-Identifier
# AcctColumnD
username Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Simultaneous-Use = 2,
Port-Limit = 2,
Framed-MTU = 1500
With this use
I had a problem where a user tried "[EMAIL PROTECTED] " instead of
"[EMAIL PROTECTED]" (a trailing space). What happens in this case
is that Radiator looks for a "someplace.com " realm and in fact won't
even enter the default Realm clause because it wants to find that
realm with a trailing sp
No, you have to buy it. Don't know about anyone else but this was the best
$1K I ever spent. Hands down. I'm trying to figure out how to give these
guys more money as we speak :)
Chris
> From: Iris Silva <[EMAIL PROTECTED]>
> Date: Mon, 14 Aug 2000 10:53:30 -0600 (CST)
> To: [EMAIL PROTECTED]
I'm having trouble with AS5248's that have the NasType set to Cisco.
I get errors on the console, not in the log:
Error in packet
Reason: (noSuchName) There is no such variable name in this MIB.
This name doesn't exist: enterprises.9.2.9.2.1.18.20019
I also don't get a Framed-IP-Address and Con
ething to the
>Cisco configuration to get this additional information reported in
>the Radius accounting packets.
>
>hth
>
>Hugh
>
>
>At 7:49 PM -0600 14/8/00, Chris M wrote:
>>I'm having trouble with AS5248's that have the NasType set to Cisco.
>>
>&g
>>It works fine for PM3's though, those errors appear to be coming
>>from the Cisco boxen queries, and I think the source of trouble is
>>that 20019 which seems to be a Port number (at least that is what
>>radwho thinks):
>>
>>username 20019 0754Tue
>>Aug 15 08:14:3
I had a lot of trouble with PG but MySQL has been fine. I know for a fact
it is faster, but it may lack some features of importance to you.
I'm hardly a database expert, but I *have* looked at both of these.
Chris
> From: Robin Gruyters <[EMAIL PROTECTED]>
> Date: Thu, 17 Aug 2000 00:12:28 +02
When I first used radacct on 2.16.1 things seemed to work great.
Then I imported a whole bunch of call data to the MySQL database. The
database is about 1.4Gig in size now.
When I run radacct.cgi I watch the raw Radiator logs and see that it is
getting a SQL Timeout. If I watch top -d I see th
Before upgrading to ComOS 3.9.1 this radius profile used to keep
people from logging in twice:
spooge Simultaneous-Use = 1, Auth-Type = System, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255
DBD::mysql::db do failed: Duplicate entry '192.168.1.1-24' for key 1 at
/usr/l
ocal/lib/perl5/site_perl/5.6.0/Radius/SqlDb.pm line 230.
Any ideas on what might be the problems?
Thanks,
Chris
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, e
I get this
Any ideas?
# /usr/bin/perl /etc/raddb/radiusd -config_file /etc/raddb/radius.cfg
Out of memory!
Callback called exit.
END failed--call queue aborted at /etc/raddb/radiusd line 12.
Chris
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscr
I'm trying to figure out how to do a couple new things with Radiator that
are well beyond what I've done before.
One thing I'd like to do is a SQL query during the authentication process.
What it would do is add up all the past time records to see if they have
exceeded their monthly limit (100 ho
Here is a snippet of my config. What I am doing is authenticating multiple
realms, with an empty AuthSelect (since I am pulling passwords out of the
shadow file, not the DB). What happens at Trace 4 is that for realm1.com it
authenticates and stuffs them into the online SessionDatabase SQL (defin
Awright this is probably obvious but my brain is crystallized on this topic,
I'm not getting anywhere anymore.
I am trying to figure out how to:
Create config files that separate auth and acct into different instances of
Radiator.
To do this it looks like I can create a radacct.cfg (1646)
>> The only problem I forsee is, how do I make the SessionDatabase
>> high-availability? In other words, is there a way to replicate
>> the DB INSERTs and DELETEs so that auth or acct radiator
>> processes talking to MySQL can have entries simultaneously
>> made in SessionDatabases on two differe
Is it possible to have multiple tags in a config file? I'd
like to maintain the client lists in separate tables for separate cities (it
simplifies some SQL queries later).
Chris
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL
+1100
> To: Chris M <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Subject: Re: (RADIATOR) question
>
>
> Hello Chris -
>
> On Monday 19 March 2001 15:13, Chris M wrote:
>> Is it possible to have multiple tags in a config file? I'd
>> like to mai
I'd be interested in hearing from anyone that implemented Radiator
password-style access to pay-per-view or secure content on their Apache web
server. Did you get it to work with just the stock mod_auth_radius.c file
or did you have to write a bunch of other routines to get things going?
The acc
>you can do this on the NAS itself.
>
>Mir Atir
Right, except you can't do this with the session database, that one has to
have high-availability if you need it for sim use checking, etc.
Chris
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscrib
I found a bugaboo or two, or some kind of configuration oddity I can't
explain.
It's 2.18.1 running on Linux, I tried 7.0 and then upgraded the box to 7.1
when that didn't work.
This config works fine on a totally different machine, which really had me
puzzled.
It seems that someplace in Config
Here is the top of a config file:
#
# radius.cfg
#
# these are the variables for the database server names
# refer to them like %{GlobalVar:database1}
DefineGlobalVar database1 hostname1.mydomain.com
DefineGlobalVar database2 hostname2.mydomain.com
# Set this to the directory where your logfil
Every so often I get messages like this on the console:
Radius::Client=HASH(0x85a81a4)Radius::Client=HASH(0x85
c0168)Radius::Client=HASH(0x85c0168)Radius::Client=HASH(0x85c0168)Radius::Cl
ient=HASH(0x85c0168)Radius::Client=HASH(0x85c0168)
Anyone know what causes this?
Thanks,
Chris
===
Archive
I assume that specifying multiple databases means that both would be
written/updated at the appropriate times, and that you wouldn't have to
figure out how to replicate them in any way
Chris
> From: Hugh Irvine <[EMAIL PROTECTED]>
> Date: Fri, 6 Jul 2001 19:34:20 +1000
> To: Janet N del Mund
I'm running Radiator on a new (meaning clean RedHat 7.1 install) box and
have some annoying things happening.
When Radiator starts it logs a few messages to the Trace 4 log,.then
stops! It just quits logging to the %d log file.
I went to the Download page and didn't see any new patches ther
Is this 2.18.2? If so, I think I am having the same or similar issues.
Chris
> From: Jon Nistor <[EMAIL PROTECTED]>
> Date: Thu, 12 Jul 2001 17:36:01 -0400 (EDT)
> To: <[EMAIL PROTECTED]>
> Subject: (RADIATOR) not working on HPUX 11i =/
>
> Hey all,
>
> I've checked through the mail archives
ltants
> Reply-To: [EMAIL PROTECTED]
> Date: Fri, 13 Jul 2001 16:31:09 +1000
> To: Jon Nistor <[EMAIL PROTECTED]>, Chris M <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Subject: Re: (RADIATOR) not working on HPUX 11i =/
>
>
> Hello John, Hello C
About once a day at any random time (Linux RH 7.1 with Radiator 2.18.2)
restart wrapper has to kick the process off again.
Is there any way to figure out why it exited in the first place? Some stack
tracing of exceptions or something? The email message that restartwrapper
emails out contains al
Apparently (?) Radiator 2.18.2 is dumping its core. Anyone know how to
inspect the core to see what exception occurred?
Chris
-rw---1 root root 28639232 Jul 19 20:51 core
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscrib
OK, I have AuthBy UNIX and AuthBy DBFILE working, so now I'm
trying to turn on Realms.
I have these rules:
# turn into lowercase
RewriteUsername tr/A-Z/a-z/
AuthByPolicy ContinueWhileAccept
# strip realm name
RewriteUsername s/^([
What is the best way to get all the call stats from previous
RADIUS logs (before I started using Radiator) into an SQL
database so that AuthBy SQL can start adding records alongside
all the old records?
Thanks,
Chris
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in th
Here are 2 entries, the one "System " ortega fails!
SHouldn't Radiator ignore spaces? Livy RADIUS liked it OK. Maybe Livy is
too lax.
Still workin' the bugs out of my setup!!
Thanks,
Chris
ortega Auth-Type = "System ",
NAS-Port-Type = "Async"
Service-Type = "Framed-User",
WIth the Lucent PM3's the standard dictionary seems to work fine, but the
std dictionary gives errors with Cisco 5200's:
Fri Jun 25 08:18:10 1999: ERR: Attribute number 195 (vendor ) is not
defined in your dictionary
Fri Jun 25 08:18:10 1999: ERR: Attribute number 190 (vendor ) is not
defined in
Now that I have RADIATOR working, I'm trying to use some of the more
advanced options.
When I start RADIATOR on Linux I get:
[root]# Error:
binding to port 161: Address already in use
So I assume that some other SNMP stuff I'm running on that box is causing
trouble? Is there a way to make SNM
At 01:42 PM 5/11/99 -0500, you wrote:
>Hi Enrique.
>
>On May 10, 9:43pm, Enrique Vadillo wrote:
>> Subject: Suffix Removal?
>> Hi all,
>>
>> I would like to remove a suffix from a username, the thing is i want to
>> strip the trailing domain right after the '@' sign in my handle:
>>
>>
>>
If you use Trace 3 and something like LogFile %d-radius.log in your .cfg
file, these 3 scripts might prove useful as a cronable task on UNIX to grab
all the logfile info and copy it to a file that is on your web server. The
.html file will be refreshed so that you get a display of the denied acce
I'm doing this in the config:
# Set this to the directory where your logfile and details file are to go
LogDir /var/log/radius
LogFile %d-radius.log
On one host this works fine.
On another identically-configured machine with the same command-line it
puts the log file in /etc/raddb!
Any ideas
> I've found Lucent to be the best with modem code and performance. Some may
> disagree I'm not interested in an argument I own these three brands and I'm
> going on my personal experience dialling into them and from customer support
> calls.
Need to be more specific. Ciscos with MICA, or Cisco
>
>
> > BTW anyone know of a good Cisco mailling list?
>
> [EMAIL PROTECTED] :)
That list is defunct. There is a new one for NAS at [EMAIL PROTECTED]
Chris
>
>
> -
> IRI [Internet Research Institute,Inc.] Naoto MATSUMOTO <[EMAIL PROTECTED]>
>
>
>
> ---End of forwarded mail from
>
>
> I have several ...
> blocks in my config file. I am not using any ...
> blocks.
>
>
> I would want to log failed authentication requests to a log file.
>
> PasswordLogFileName is probably what I am looking for.
>
> I defined "PasswordLogFileName %L/password.log"
> for one of my han
While turning on the SessionDatabase SQL feature with a Linux Postgres
database I encountered lots of errors occasionally happening on stdout:
DBD::Pg::db do failed: ERROR: parser: parse error at or near ","
DBD::Pg::db do failed: ERROR: parser: parse error at or near ""
DBD::Pg::db do failed:
I'm getting the following errors when compiling on a RedHat 4.2
system, can anyone provide any clues?
Thanks,
Chris
cc -c -I/usr/ipass/include -Dbool=char -DHAS_BOOL -O2
-DVERSION=\"1.4\" -DXS_
VERSION=\"1.4\" -fpic -I/usr/lib/perl5/i386-linux/5.00404/CORE Ipass.c
Ipass.xs: In function `XS_Ip
>Chris,
>
> I had the same problem - it's because the Ipass libraries posted
>on their site are NOT the ones that Mike used to create the module.
>Email Mike and he can hook you up with the latest Solaris and/or Linux
>libraries and header files. He is now authorized by Ipass to do so - I
>
>Hello Clement -
>
>On Thu, 14 Oct 1999, Clement wrote:
> > I thought I saw it here before but just cannot find it anywhere, include
> > the archive in thesite.com.au. Can you suggest a good mailing list for
> > Cisco NAS products?
> >
These below are all good, but the list you seek is not on t
Maybe this is obviously stated in the manual, but I'm so sleep
deprived I can barely focus my eyes. *)
I want to assign users in my users file so that users are restricted
to one set of NASes unless they have a certain Group (or some other)
check item. Is there a way to do this? For example
Is it a better practice to use IP addresses instead of names for
? What about using both (if DNS fails for some reason it can
check the IP)?
Just curious.
Chris
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the bo
I have figured out most of what I want to do in this regard.
But...
I'd like to strip leading characters including \ for users that are
using NT Domains and don't understand what they are doing on dialup :)
So WORKGROUP\myname should be rewritten to myname.
I bought the RegEx book from O'Reil
>On Sun, 31 Oct 1999, Chris M wrote:
>
> > I'd like to strip leading characters including \ for users that are
> > using NT Domains and don't understand what they are doing on dialup :)
> >
> > So WORKGROUP\myname should be rewritten to myname.
>
>Off
Anyone else seeing these problems? I haven't been able to get to the
site for quite awhile now:
# /usr/sbin/packet_loss 20 www.open.com.au
HOSTLOSS RCVD SENTBEST AVG WORST
lhotse.peakpeak.com 0%20 200.40 23.86 230
Can anyone provide an example of how the Client-Id
feature works? I am trying to use it as a Check Item and apparently the
regexp is bad
All I want to do is have an entry of the
form:
userbob Auth-Type = System,
Client-Id = /*peakpeak\.com/
The idea here being that the Client (the
Kind of advanced application I think.
I'm under the impression that I can use Client-Id to force a Check Item:
luserAuth-Type = System, Client-Id = /someplace\.com$/
This should force the RADIUS request for authentication to come from
a NAS IP address in the someplace.com domain, r
Here is more of the config and the debug output from my previous query:
# Strip leading white space
RewriteUsername s/^\s+//
# Strip trailin white space
RewriteUsername s/\s+$//
# turn into lowercase and chop domain
RewriteUsername tr/A-Z/a-z
72 matches
Mail list logo
