[RadiusNT Digest]

radiusnt-digest-request@iea-software.com
Mon, 22 Jun 1998 00:00:20 -0700

Message 1: Re: Problems with upgrade!
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 2: Re: radius errors
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 3: Re: Ascend unable to assign IP to dial-up
from "Jason Chimney" <jason@cnx.net>

Message 4: Re: Ascend unable to assign IP to dial-up
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 5: Re: DELAY ?
from "Graeme Slogrove" <graeme@fdd.net>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Problems with upgrade!
From: "Dale E. Reed Jr." <daler@iea-software.com>
Date: Sat, 20 Jun 1998 23:56:04 -0700

webmaster wrote:
>
> I have upgraded RadiusNT from v2.2 to 2.5. What is the user limit for this
> version if unregistered and running in text mode? I have read in you online
> documentation that the ODBC mode allows 100 logins. What happens after
> that?

You can trial RadiusNT in text mode with up to 100 users or ODBC mode
for up to 100 authentications. You can send a reuqest to sales for a
temp key if you need to more than that.

> The system has started acting erratically, for example:
>
> We had a several users who couldn't log on. We tried several things in an
> attempt to get one user logged on. This included retyping his entry to make
> sure the spacing and tabs were in order, no success. Adding a sample user,
> no success. We then cut and pasted the one user at the top of the list, and
> he was accepted. I went into the debug mode and noticed an error for one of
> the entries above this user. I have since then corrected this. The server
> though still will not authenticate users. We have since then moved the user
> list to the MAX's internal user and password list. Is the unregistered
> software situation the problem, or has the upgrade changed features that I
> am not use to?

If RadiusNT reads an error in the users file, it stops reading the users
file. Run RadiusNT in -x15 debug mode and it will show the users being
read from the users file, and also show if there were any errors (and which
user it has a problem with).

> Also, I know to use debug, you must stop the service. Okay, after running
> the debug, the last line reads that the Radius Enterprise initialized... Is
> this OK instead of "waiting for requests"? Is CTRL C the escape from this
> mode? If so, then can you just restart the RadiusNT service?

Remove the logfile entry. RadiusNT 2.5 logs to the logfile rather than
the screen if you have a logfile defined.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 2 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: radius errorsFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Sun, 21 Jun 1998 00:16:41 -0700

rabaut wrote:> > pref_secure1_host which I set to the ip address of the radiusNT server> enable_protocol set to radius> radius_secret set to the same secret on the radiusNT clients files> made sure that the auth_port and the acct_port were set correctly.> > Are there any others that I need to concern myself with??

That should typically do it. > When I reboot the Bay RAC, I see a response from radiusNT server (dos> window). When I try to login using a username/password valid or not, it> still allows me access ... It seems to be ignoring the user database.

What does the RadiusNT -x15 debug look like for a bad authenticationwhich is being allowed in? > I assume that the server file contains the ip address of the radiusNT> server with the secret same as set in the clients file and on the RAC.

The server file is only relevant to radlogin. Its not used by RadiusNT. > I guess I would like to see generic (basic) settings so I can get it> working and auth names.

Radlogin is working, so that means you have RadiusNT working. Doesradlogin return a bad result when you test it with a bad user? Couldthere be a setting on the RAC (similiar to what Ascend has) where itcould be letting someone in no matter what the RADIUS server says?

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 3 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Ascend unable to assign IP to dial-upFrom: "Jason Chimney" <jason@cnx.net>Date: Sun, 21 Jun 1998 02:51:06 -0700

Just to clarify, are both the "Ascend-IP-Pool-Definition=" and the"User-Service=" to be of Radcheck 1, or just the "User-Service=" ones.

Thanks again,

Jason

-----Original Message-----From: Dale E. Reed Jr. <daler@iea-software.com>To: <radiusnt@iea-software.com>Date: June 20, 1998 11:41 PMSubject: Re: Ascend unable to assign IP to dial-up

>Jason Chimney wrote:>>>> pools-cnxusvanc0107m01 Password = "ascend", User-Service =Dialout-Framed-User>> Ascend-IP-Pool-Definition = "3 206.87.114.1 48">>>> I am guessing that when we get failed login attempts from>> pools-cnxusvanc0107m01 it is the ascend box trying to get the IP address>> pool, so I made the followin entries in the RadConfigs table in our MS>> Access ODBC database:>>>> RadConfigID>> AccountID>> RadAttributeID>> Data>> Value>> RadVendorID>> RadVendorType>> RadCheck>>>> 36>> 4347>> 217>> 3 206.87.114.73 96>> 0>> 0>> 0>> 0>>>> 37>> 4347>> 6>> Dialout-Framed-User>> 5>> 0>> 0>> 0>>This needs to be a CHECK attribute. You don't have the last field(RadCheck)>set to 1 (you have it set to 0, which means it is a reply attribute andwill>be sent back to the Ascend). I'm assuming here that the AccountID of 4347>has a login of pools-cnxusklwn0100m02? You need to change the User-Service>to a check attribute on the other ones as well.>>-->Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 4 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Ascend unable to assign IP to dial-upFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Sun, 21 Jun 1998 03:27:25 -0700

Jason Chimney wrote:> > Just to clarify, are both the "Ascend-IP-Pool-Definition=" and the> "User-Service=" to be of Radcheck 1, or just the "User-Service=" ones.

Just User-Service. All attributes on the first line of the userentry in the old users file formation (like Password, etc) arecheck attributes. Each line after the first line includes reply attributes.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 5 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: DELAY ?From: "Graeme Slogrove" <graeme@fdd.net>Date: Sun, 21 Jun 1998 12:32:46 +0200

On 19 Jun 98 at 15:06, Majordomo@essex1.com wrote:

> ODBC Error:S0022:207:> [Microsoft][ODBC SQL Server Driver][SQL Server]Invalid column name> 'delay'.

Upgrade to 2.5.124 - this fixes that problem.Regards, Graeme

---Graeme Slogrove, BSc (Eng) Elec (Wits)FastLight Data Distribution cchttp://www.fdd.netTel: +27-(0)11-706-0212   Fax: +27-(0)11-706-0812