Hello Bostjan -
I suspect the problem occured earlier in the log file and there is
probably a prerequisite Perl module missing.
You should check the messages in the log file from startup on.
regards
Hugh
On Friday, Sep 19, 2003, at 17:46 Australia/Melbourne, Bostjan Lemut
wrote:
Hello!
I
Hello William -
If you are running on a recent Redhat version, see the FAQ item here
(and you should also install the latest Radiator patches).
http://www.open.com.au/radiator/faq.html#127
Otherwise there may be a problem earlier in your configuration file.
regards
Hugh
On Friday, Sep 19, 2
Hello Edgar -
You will find a special dictionary in the latest Radiator 3.6 (plus
patches) called "dictionary.sip" that you should use in addition to the
standard dictionary when you start "radiusd":
perl radiusd -dictionary dictionary, dictionary.sip -config_file ...
regards
Hugh
On Saturd
Hello Andrea -
Yes this is always a problem if you don't get proper accounting stop
records.
Radiator is written so that the session database is maintained firstly
by the accounting starts (insert) and accounting stops (delete), but
also by the initial access request which causes a delete on t
Compilation failed in require at (eval 30) line 3.
Mon Sep 22 09:43:25 2003: INFO: Access rejected for PEAP-00409649152D:
Unsupported default EAP Response/Identity 25
Mon Sep 22 09:43:25 2003: DEBUG: Packet dump:
*** Sending to {Cisco ap IP} port 1645
Code: Access-Reject
Identifier:
Hello Mukesh -
You should send a Session-Timeout = reply attribute:
AddToReply Session-Timeout = nnn
where nnn is the number of seconds the session should last.
Note that it is the NAS that must support this attribute so you should
do some testing to verify correct operation.
regards
H
Hello Kai -
The only way to do do this would be with a custom AuthBy module I think.
Have a look at the source code in the "Radius" directory and check
section 17 in the Radiator 3.7 reference manual ("doc/ref.html").
regards
Hugh
On Tuesday, Sep 23, 2003, at 21:23 Australia/Melbourne, Freese
Hello Ingvar -
This is correct. All modules that use a specific database employ a
common connection.
regards
Hugh
On Tuesday, Sep 23, 2003, at 23:33 Australia/Melbourne, Ingvar
Bjarnason wrote:
Hi all,
It seems to me when Radiator connects to MySQL that if one handler
has
trouble conne
Hello Joseph -
You can change this behaviour by turning off "Authenticate as computer
..." in the "Connection Properties -> Authentication" panel in the
Windows XP Network control panel.
There are various 802.1x clients you can use for authentication, see
our web site:
http://www.open.com.au
Hello Benny -
You can only specify a single file name, but the file itself can
contain multiple functions and subroutines.
Otherwise you can use any other Perl modules that have been installed
in Perl, or your hook code could also load other files (like Radiator
itself does). Or you could writ
in the users file?
Regards,
William
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 20, 2003 5:47 AM
To: William Hernandez
Cc: 'Radiator'
Subject: Re: (RADIATOR) Bad attribute=value pair in 3.6
Hello William -
If you are running on a rec
lbourne, Dan Vande More
wrote:
Hugh, I don't mean to challenge, but isn't this what she wants?
Ascend-Maximum-Time="28800"
Thanks!
Dan Vande More
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 23, 2003 4:01 PM
To: Mukesh
Hello Robert -
It sounds to me like there is a typo somewhere in the existing users
file, which is causing the "end" of the file to be incorrect.
Most Radiator users employ an SQL database for user definitions and
accounting and so on. You will find example configuration files and
example tabl
Hello Nikos -
This is more likely a problem with your database which is not set up to
handle large numbers correctly.
As you can see from the trace, Radiator reports the number correctly.
Acct-Output-Octets = 3657597853
regards
Hugh
On Thursday, Sep 25, 2003, at 23:50 Australia/Melbou
Hello Wim -
Yes - my testing indicates this is the case.
regards
Hugh
On Monday, Sep 29, 2003, at 05:32 Australia/Melbourne, Wim Biemolt
wrote:
Hello,
Is it correct that radiator will see "zone.tld" as the realm
for somebody using User-Name "[EMAIL PROTECTED]@invalid"?
-Wim -/- SURFnet
===
A
Hello Claudio -
For the first case it isn't quite so simple, therefore it is probably
easier to use a two-stage proxy approach with the first stage employing
an AuthBy ROUNDROBIN clause to distribute requests evenly to a number
of targets. Each target can then be configured with AuthBy INTERNAL
Hello Claudio -
Please look at my example again:
sub
{
my $p = ${$_[0]}; # original request packet
my $rp = ${$_[1]}; # reply packet to NAS
my $handled = $_[2]; # flag to indicate ACCEPT, REJECT or IGNORE
# Only deal with authentication requests
my $code = $p->code();
r
Hello Rainer -
Here is the comment block from "Radius/Client.pm":
# In order to detect duplicate arrivals, we keep an array
# of arrivals ($self->{RecentIdentifiers})indexed by
# the IP address of the host that sent the request,
# the UDP port number (some hosts like Lucent TNT have multiple ID s
Hello Mahesh -
Unless you are using a RewriteUsername, Radiator does not do anything
with the username. I suspect that the NAS is sending an empty username,
but without seeing a copy of your configuration file (no secrets) and a
trace 4 debug from Radiator showing what is happening it is not
p
Hello Craig -
Thanks for the information.
Can you check with your vendor what is the "official" definition of
this attribute?
regards
Hugh
On Thursday, Oct 2, 2003, at 05:56 Australia/Melbourne, Craig Gittens
wrote:
Hey guys,
We moved from L2TP to plain old CVX and I started getting this i
Hello Man Meng Fei -
I suspect that Radiator is not able to run the external command.
What happens when you run the following in a MS-DOS window:
C:\Perl\bin\testcommand.pl
There is probably something wrong with either the path or the contents
of the file.
regards
Hugh
On Thursday, Oct 2,
n.
We did set "acct-drop-stop-on-auth-fail = no" to no avail.
mahesh
-Original Message-
From: Elias [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 11:10 PM
To: Mahesh Neelakanta
Cc: Hugh Irvine
Subject: Re: (RADIATOR) NULL usernames in Radius Packets
Hello John -
I think you will only be able to do this in the inner authentication,
with different Handlers for the inner and outer requests.
The general method for doing this is to add a pseudo-attribute to the
incoming request when you do the authentication, then use that in the
address alloc
Hello Bobby -
It looks like the MySQL server does not like certain requests.
You should try to run the same requests by hand to see what happens and
you should check the MySQL log files to see what is happening with the
database.
regards
Hugh
On Thursday, Oct 2, 2003, at 16:36 Australia/Melb
Hello Herman -
I will need to see a trace 4 debug to be sure, but I suspect you are
using CHAP (or MS-CHAP) passwords which cannot be decrypted.
regards
Hugh
On Thursday, Oct 2, 2003, at 20:32 Australia/Melbourne, Herman
verschooten wrote:
Hi,
I am trying to log the password in an AuthLog F
Hello Robert -
On your first point, the behaviour of CachePasswords was extended some
time ago to support the mode of operation that you are describing -
hence the change in the manual.
For your second point, it is usually easier to set up your Handlers
with specific matches for everything you
Hello Joao Pedro -
The normal AuthBy LDAP2 should not keep a persistent connection (unless
HoldServerConnection is enabled in the configuration file). This is
because some LDAP servers do not like persistent connections.
regards
Hugh
On Friday, Oct 3, 2003, at 04:57 Australia/Melbourne, Joao
Hello Wyman -
I have already replied to this mail at least once. Perhaps you have
some mail filtering that is dropping mail from me (using my home office
server)? I am sending this mail through a different mail server, so
please let me know if you receive it.
There is an example configuration
Hello John -
Can you send us a copy of the message that is displayed?
BTW - latest version is Radiator 3.7.1.
regards
Hugh
On Thursday, Oct 2, 2003, at 23:29 Australia/Melbourne, John McFadden
wrote:
I assume this is just a problem with the message or is the download
pointing to an old file
g Fei
Sent: Thursday, October 02, 2003 1:58 PM
To: 'Mike McCauley'; 'Hugh Irvine'
Cc: [EMAIL PROTECTED]
Subject: RE: (RADIATOR) Question in
Hi
Do i need to pass any parameter to testcommand.pl ?
MAN
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] O
Hello Andrea -
Many thanks for a very informative post.
Your solution sounds excellent (that is why we let you change
Radiator's default behaviour).
:-)
I will suggest to Mike that we include your mail as a FAQ item (with
your permission of course).
regards
Hugh
On Friday, Oct 3, 2003, at
Hello Sergio -
As far as I can see in the code, %1 should be the reject reason, so
your query looks correct.
Can you send me a copy of your configuration file (no secrets) and a
trace 4 debug showing what is happening and what gets logged in the
RADAUTHLOG table?
regards
Hugh
On Saturday, O
x27;t like persistent connections but
both ldap servers and firewalls may drop connections after some time...
If Radiator tries to reconnect immediately or can maintain a ldap
connection pool it's not a problem...
Rgds,
-GSH
- Original Message -----
From: "Hugh Irvine" <[EMAIL
Hello Benny -
You could write a StartupHook to set up the socket and then simply use
it in your PostAuthHook.
See the example hooks in "goodies/hooks.txt".
regards
Hugh
On Friday, Oct 3, 2003, at 18:08 Australia/Melbourne, Benny Chee wrote:
hi,
i m writing a sub-routine in PostAuthHook whi
Hello Terry -
You will need to have two Handlers in your configuration file:
Foreground
LogStdout
LogDir /usr/local/var/log/radius.log
LogFile %L/logfile
DbDir /usr/local/etc
Trace 4
AuthPort 1812
AcctPort 1813
NoIgnoreDuplicates Access-Challenge
trying to understand what's going on here... :-)
Thanks for the help!
- Terry
On Oct 4, 2003, at 12:39 AM, Hugh Irvine wrote:
Hello Terry -
You will need to have two Handlers in your configuration file:
Foreground
LogStdout
LogDir /usr/local/var/log/radius.log
LogFile %L/log
Hello Ivo -
The simplest thing to do is install and use the "AuthPLSQL.pm" module
from the "goodies" directory.
Then you can use an AuthBy PLSQL clause to call an Oracle stored
procedure.
See the example configuration file in "goodies/plsql.cfg".
regards
Hugh
On Tuesday, Oct 7, 2003, at 02:
Hello Robert -
From memory the MAX's have two sets of radius configuration - one for
authentication and one for accounting. You will need to adjust the
accounting radius configuration to suit.
Does anyone on the list have the exact configuration information?
regards
Hugh
On Monday, Oct 6, 20
Hello Karen -
Vendor 3076 is Altiga and neither of these attributes are in the list
of Altiga VSA's that we have in the standard dictionary.
You should check with the vendor to find out what the definitions for
these attributes should be, and please let us know when you find out so
we can add
Hello Payam -
You should read the Radius RFC's (included in the "doc" directory of
the distriubtion) and you should also read the source code in the
"Radius" directory.
regards
Hugh
On Tuesday, Oct 7, 2003, at 22:38 Australia/Melbourne, Payam Shabanian
wrote:
How Can I handle CHAP/MSCHAP re
Hello Herman -
I can see no reason why this wouldn't work, assuming you have Perl and
so on available on the CD. You will also need to have the Radiator
configuration file somewhere and you will also need to come up with a
solution for logging if you need it.
regards
Hugh
On Tuesday, Oct 7,
Hello Budi -
I am not certain of the exact SQL syntax for your database, but you
should use something like this:
AcctColumnDef ctime,
substring_index(%{cisco-h323-connect-time}, '=', -1), literal
See the examples in section 3.28.16 in the Radiator 3.7.1 reference
manual ("doc/ref.htm
more hacker-free.
Herman
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]
Sent: woensdag 8 oktober 2003 0:21
To: Herman verschooten
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Bootable CD and Radiator
Hello Herman -
I can see no reason why this wouldn't work, assuming you
Hello Karen -
This is because you have the "gdbm" library installed on your test
machine but not on the production machine.
regards
Hugh
On Thursday, Oct 9, 2003, at 01:14 Australia/Melbourne,
[EMAIL PROTECTED] wrote:
THIS WORKED PERFECTLY ON MY TEST AIX 5.1 BOX BUT FAIL ON THE PROD BOX
[ts
Hello Nicolai -
Thanks for sending these definitions.
You can add these to your current dictionary (and restart radiusd):
VENDORATTR 9 cisco-Policy-Up 37 string
VENDORATTR 9 cisco-Policy-Down 38 string
Note the spelling with small "ci
Hello Matteo -
If CHAP works and PAP doesn't, I would suspect the shared secret
between the client device and Radiator.
regards
Hugh
On Wednesday, Oct 8, 2003, at 23:29 Australia/Melbourne, Matteo Jurman
wrote:
Hi to all!
I'm having some trouble.
My server is running on win2k+mysql box, and
Hello Jesus -
If you are receiving multiple attributes with the same name (ie:
"cisco-avpair = .") then yes you will need to use a Hook to parse
them into seperate differently named attributes. Then you can use the
AcctColumnDef's in your AuthBy SQL clause.
regards
Hugh
On Friday, Oct 10
Hello Sergio -
You will need to use an AuthBy GROUP with the RewriteUsername inside:
AuthByPolicy ContinueAlways
AuthBy authBySQL_InsertCallAcct
AcctLogFileName %L/radiusd_acct-%Y%m%d.log
RewriteUsername s/^([EMAIL PROTECTED]).*/$1/
-----
- Original Message -
From: "Hugh Irvine" <[EMAIL PROTECTED]>
To: "Matteo Jurman" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, October 09, 2003 12:55 AM
Subject: Re: (RADIATOR) CHAP-Password / User-Password
If CH
Hello Man -
You are correct, Radiator will stop while the program specified by the
AuthBy EXTERNAL command executes. If the program never exits, then
Radiator will wait forever. You should add some "print ..." statements
to the code in the external program to see what it is doing.
BTW - you
Hello Andrea -
If you want to add the attributes shown below for everyone that does
not have them set in their reply attributes (ie. only have the ones
that are different in the user records) you should do something like
this:
.
AddToReplyIfNotExist
Hello Kevin -
You should really only use local disks for log files.
For remote logging you should use or .
Most operators tend to use SQL databases for user definitions,
accounting and logging.
regards
Hugh
On Saturday, Oct 11, 2003, at 04:05 Australia/Melbourne, Kevin McKee
wrote:
We are
Windows and Perl?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Friday, October 10, 2003 9:07 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Can't pass received attribute
to external program via STDIN
Hell
using evaluation
version ?
MAN
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Hugh Irvine
Sent: Monday, October 13, 2003 10:46 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) Can't pass received attribute
to external progra
Hello Andy -
I wonder if this is something to do with the DBI/DBD-Oracle versions
and/or installation?
You might want to try turning on some debug in DBI/DBD-Oracle and also
try executing the queries by hand to see if there are any problems.
regards
Hugh
On Monday, Oct 13, 2003, at 22:00 Aus
Hello Mark -
There appear to be two problems here.
The first is your configuration file which should only contain Handlers
(otherwise the Realm DEFAULT will catch everything).
Filename %D/users
EAPType PEAP,MSCHAP-V2
Hello Andy -
As mentioned previously I would check the versions of DBI/DBD and
perhaps upgrade/downgrade to a version that works correctly with your
version of Oracle.
regards
Hugh
On Tuesday, Oct 14, 2003, at 21:48 Australia/Melbourne, Andy De Petter
wrote:
Andy De Petter wrote:
Hey Hug
Hello Fernando -
There was a bug with wireless reply attributes in earlier versions of
Radiator.
You should upgrade to Radiator 3.7.1 (plus patches).
If you still have a problem please send me a copy of your configuration
file (no secrets) together with a trace 4 debug showing what is
happeni
Hello Steve -
I think I will need a bit more detail regarding your requirements, as I
am not sure I understand.
Could you also please send me a trace 4 debug from Radiator showing
what is happening.
regards
Hugh
On Wednesday, Oct 15, 2003, at 05:55 Australia/Melbourne, Steve
Caporossi wrote
Hello Adam -
All you really need to do is use a RewriteUsername and a
CaseInsensitivePasswords with a single AuthBy SQL.
regards
Hugh
On Thursday, Oct 16, 2003, at 00:27 Australia/Melbourne, Adam
Pogorzelski wrote:
Hello,
I have such a problem. I have users in mysql database, and few so
cal
Hello Terry -
There are some useful tricks that you can employ in this situation.
# define Client clause
Secret .
AddToRequest %{Class}
.
# define AuthBy clause
Identifier MyAuthBy
.
AddToReply Class = Calling-Station-Id = %{Calling
/usr/local/var/log/radius.log/accounting/
DBUsername NOT_NEEDED
DBAuth NOT_NEEDED
AcctSQLStatement insert into dot1xAccountingDB \
(\
Class\
) \
values\
(\
'%{Class}'\
)
AuthSelect
Ide
-Station-Id into
a database table when you receive the access request, then retrieve
them when you get the accounting requests. The example hook does the
same thing for the username.
regards
Hugh
Thanks!
- Terry
On Oct 16, 2003, at 12:09 AM, Hugh Irvine wrote:
Hello Terry -
It is not y
Hello Steve -
The usual way to do this is with an AuthBy GROUP:
AuthByPolicy ContinueAlways
.
# disable authentication
AuthSelect
# deal with accounting
AccountingTable ACCOUNTING
AcctCo
Hello Craig -
How and where are you using these statements in the Radiator
configuration?
regards
Hugh
On Thursday, Oct 16, 2003, at 22:27 Australia/Melbourne, Craig Gittens
wrote:
Hey guys,
The problem is fairly simple. With the following statements, I cannot
surf
or get DNS so I know tha
Hello Chanaka -
I suspect your problem is due to a mismatch in the shared secrets, or
the SQL table definitions.
When you send a request from "radpwtst" the source IP address will be
the address of the host on which it is run. You will need a Client
clause on the target Radiator host to match
Hello Steve -
You should check with your vendor to find out what the correct
definition should be (and let us know when you find out). In the
meantime you can add something like this to your dictionary (and
restart "radiusd"):
VENDORATTR 5 Acc-Bogus-9999 string
reg
Hello Frank, Hello Jesus -
Frank is quite correct (thanks as always).
If you have multiple Client clauses you might consider using a
PreClientHook instead.
And I usually keep my hook code in seperate files - see the examples in
"goodies/hooks.txt".
regards
Hugh
On Saturday, Oct 18, 2003, at
Hello Chanaka -
You will only ever receive accounting requests from valid logons. If an
access request is rejected, no session will start and hence no
accounting requests will be sent.
regards
Hugh
On Friday, Oct 17, 2003, at 21:05 Australia/Melbourne, Chanaka Mendis
wrote:
Hi ALL
I need t
Hello Sergio -
Radiator uses the time from your system, so it sounds like the time
zone is not correctly set.
regards
Hugh
On Friday, Oct 17, 2003, at 20:10 Australia/Melbourne, Sergio Gómez
((E-mail)) wrote:
Hi to all,
I have a little problem with my log files... I have been checking
Hello Craig -
Yes a debug would be useful.
You should also do some experiments with a very simple filter to start
with and work up from there. You will find a number of examples in the
"users" file in the Radiator 3.7.1 distribution.
regards
Hugh
On Friday, Oct 17, 2003, at 11:15 Australia/M
Hello Rabbie -
What you are describing is the Radius Disconnect-Request.
It is a seperate request type, not an attribute.
You can generate a Disconnect-Request using "radpwtst".
bash-2.05a$ perl radpwtst -h
usage: radpwtst [-h] [-time] [-iterations n]
[-trace [level]] [-s server] [-se
Hi Chris -
Thanks very much for sending us these - they'll be in the next release.
regards
Hugh
On Wednesday, Oct 22, 2003, at 15:00 Australia/Melbourne, Chris
Patterson wrote:
folks,
Here is a list of the latest Unisphere ERX attributes
# Define additional Unisphere ERX Family At
Hello Jeremy -
You could do something along the lines of what you show below by using
an OSC-AVPAIR, but you will need to do some experiments as Reject
handling is different and you may need to use a hook to manipulate the
reply packet. There are some example hooks in the file
"goodies/hooks.t
Hello William -
The default behaviour for Radiator is to look first for the exact
username, then DEFAULT, DEFAULT1, DEFAULT2, etc. If you do not want
this to occur you should add a NoDefault parameter to your AuthBy SQL
clause.
..
NoDefault
Hello Wesley -
You can ceratinly use a RewriteUsername to force all usernames to lower
case (for example).
If you want to reject anything other than lower case you should specify
a UsernameCharset:
# only allow usernames with lower case letters (and nothing else)
UsernameCharset a-z
See sect
Hello Deden -
You can set the "Version" parameter in your AuthBy LDAP2 clause.
See section 6.35.22 in the Radiator 3.7.1 reference manual
("doc/ref.html").
BTW - could you please tell me the userid and the name of the
registered company that has purchased this copy of Radiator? You can
reply
Hello Eyal -
You can use the special character "%I" to do this.
See section 6.2 in the Radiator 3.7.1 reference manual.
regards
Hugh
On 27/10/2003, at 1:04 AM, Eyal Cohen wrote:
Hi ,
I wanted to know whether there is a way to format Framed-IP-Address
From IP address tointeger .
As I
Hello Barry -
This sounds like Perl is crashing (probably because a Perl module is
missing).
I would suggest using restartWrapper which you can configure to send
you mail if a crash happens and the mail will contain the error output
from Perl. Alternatively you can simply run "radiusd" from th
Hello Rickard -
Thanks for your comment - the manual has been amended for the next
release.
regards
Hugh
On 28/10/2003, at 1:41 AM, Rickard Ekeroth wrote:
Hello!
Today I tried to use MD5 Hex Digest with the User-Password check
attribute.
It took me some time to figure out that the hexadecim
Hello Deden -
You do not need the "{md5}" prefix on your password, as there is
already the "$1$" prefix.
Please see section 13.1.1 in the Radiator 3.7.1 reference manual
("doc/ref.html").
regards
Hugh
On 28/10/2003, at 8:01 PM, deden purnamahadi wrote:
This is my config file :
Secr
Hello Bret -
You can use regular expressions:
regards
Hugh
On 29/10/2003, at 11:55 AM, Bret Jordan wrote:
Is there a way to do a logical OR in the handlers something like:
Bret
--
~~~
Bret Jordan Dean's O
Hello Deden -
Here is another copy of an example showing how to do this.
You will need two AuthBy clauses.
You *must* use an AuthByPolicy of ContinueAlways and the authentication
*must* be done by the second AuthBy clause.
# configuration for LDAP and SQL
AuthByPolicy ContinueAlways
Hello Rodolfo -
Missing stop packets are always a problem when trying to enforce
restrictions on simultaneous use.
The first thing to do is establish why the stop packets are missing,
and the usual reasons for this are saturated communications links
(dropped packets), incorrect configuration f
Hi Charly -
Thanks for your mail.
The Radiator 3.7.1 standard dictionary already has most of the
definitions you list below.
I will add the additional ones that you have sent, but they will have
the existing "Altiga" prefix.
I'll send you a copy of the modified dictionary in a seperate mail
Hello Andrew -
There does not appear to be a problem with Radiator 3.7.1.
This test configuration:
AcctLogFileName ./detail-%G
gives this result:
detail-Oct 31, 2003 11:11:21
Have a look at the code in "Radius/Util.pm" and you will see the
entries for "A", "B", "F" and "G".
# From cu
Hello Drago -
The correct spelling is "Digest-MD4".
Also note that we believe we have now addressed any incompatibilities
with Perl 5.8 in the latest version of Radiator 3.7.1.
I am currently running ActiveState Perl 5.8 on Windows XP and I notice
that "Digest-MD4" is installed in the distribu
Hello Julio -
I will need to see a trace 4 debug from Radiator together with a copy
of your configuration file (no secrets).
It would also be useful to see the error output from Perl, which you
can do easily by running from the command line:
perl radiusd -foreground -log_stdout -trace 4 -conf
nks!!!
-Josh
Network Operations
California State University, Chico
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Karl Gaissmaier
Sent: Friday, October 31, 2003 12:30 AM
To: Hugh Irvine
Cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) VSA's (26/3076/x)
Hello Geoffrey -
The Radiator session database (internal or external) tries to be
"self-healing", which is why a "Delete" is done when any new access
request is received, using the NAS/NAS-Port combination. All existing
sessions for a NAS are removed automatically when an "Accounting-On" is
re
Hello Harrison -
This topic has been discussed on the list several times:
www.open.com.au/archives/radiator
And there are some example hooks in the file "goodies/hooks.txt".
BTW - it might be simpler to use the Class attribute when processing
the access request.
regards
Hugh
On 03/11/2003,
Hello Wesley -
What you are describing is a session database with simultaneous use
checking.
Unfortunately the accounting data is used to add and remove records to
the session database (starts add and stops remove), so if you cannot
rely on the accounting data there is not much you can do.
If
Hello Harrison -
You should use an AuthBy GROUP and an AuthBy INTERNAL:
AuthByPolicy ContinueWhileAccept
.
DefaultResult ACCEPT
AuthHook .
d %m %Y
%H:%M:%S', 'DD MM HH24:MI:SS'), '%N', '%{Called-Station-Id}',
'%{Calling-Station-Id}','%u','%P','%{Ifx-Country-Id}','%{Ifx-Visp-
Id}',1,%1,'%{GlobalVar:RadiusIP}',0)
FailureQuery insert into AUTHLOG (TIMESTAMP, NASI
=
~~~End E-Mail~~~
I don't really know what it is trying to tell me, (or how to fix it)
can anyone give me a hint? or two? :-)
Thanks!
bwc
At 05:19 PM 10/27/2003, Hugh Irvine wrote:
Hello Barry -
This sounds like Perl is crashing (probably because a Perl module is
missing).
I
Hello Jack -
If "radiusd" is crashing, there will be some Perl error messages
showing what has happened.
I will need to see a copy of your configuration file (no secrets)
together with a more complete trace 4 debug.
I will also need to see the Perl error messages which you can see by
running
Hello Vangelis -
I don't think there is anything you can do other than write a shell
script perhaps.
regards
Hugh
On 07/11/2003, at 9:24 PM, Vangelis Kyriakakis wrote:
Hello,
Is there a way to apply a total Timeout to the Simultaneous-Use
SNMP verification process? When a Router is v
Hello Rodolfo -
You will probably need to check the configuration of the NAS and set it
up to accept an IP address from Radius. Then you should make sure what
attribute is the correct one to send, although Framed-IP-Address should
be right.
You should also check a trace 4 debug from Radiator t
Hello Dan -
Yes there are many different ways of using authentication methods, ie:
multiple AuthBy clauses, cascaded AuthBy clauses, seperate Handlers,
individual Realms, etc.
Perhaps if you give us a bit more detail we can make some suggestions.
regards
Hugh
On 11/11/2003, at 10:03 AM, Dan
Hello Vangelis -
Many thanks for this contribution.
We have decided to add a new seperate "NasType CiscoSessionMIB" to
support this, and the code will do the hexadecimal to decimal
conversion directly so nothing has to change in the session database.
We will let you know when the new module is
301 - 400 of 5222 matches
Mail list logo
