[RadiusNT Digest]

radiusnt-digest-request@iea-software.com
Thu, 16 Jul 1998 00:00:55 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Greg H: "Concurency Control"
Next message: David Baxter: "Unsubscribe"

Message 1: Calls Table..
from "Syed Mohammad Talha" <smtalha@global.net.pk>

Message 2:
from "Webmestre" <webmaster@cit.qc.ca>

Message 3:
from "Scott Brandon" <scott.brandon@alpha-net.net>

Message 4: Re: Access 97 db gone wild - help!
from Scott Lagos <slagos@net1plus.com>

Message 5: Vendor-Specific Attribute
from Edsonet <administrator@yellowhead.com>

Message 6: Re: Radius Proxy
from "Gregory White" <whiteg@dnc.net>

Message 7: Re: Radius Proxy
from "Gregory White" <whiteg@dnc.net>

Message 8:
from "Scott Brandon" <scott.brandon@alpha-net.net>

Message 9: Ascend-Number-Sessions
from Bill Barnes <BBarnes@amag.com>

Message 10: Re: Ascend-Number-Sessions
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 11: 2.5 saExpireDate
from "Lorri Manning" <lorri@cowtown.net>

Message 12: Re:
from "Allen Mallari" <allen@fiax.net>

Message 13: 2ch ISDN on Ascend, Cisco
from Ted Olson <tolson@ocsnet.net>

Message 14: Re: Radius Proxy
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 15: Re: Radius Proxy
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 16: Re: Vendor-Specific Attribute
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 17: Re: Configuring Defaults for service types
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 18: Re: 2.5 saExpireDate
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 19:
from "David" <david@mail.ksi.com.tw>

Message 20: Re:
from "Allen Mallari" <allen@fiax.net>

Message 21: Re: Server port access restrictions with RadNT2.5/Emerald
from Glen Harvy <root@aquarius.com.au>

Message 22: Concurency Control
from Greg H <greg@golsyd.net.au>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Calls Table..
From: "Syed Mohammad Talha" <smtalha@global.net.pk>
Date: Wed, 15 Jul 1998 17:03:58 -0000

Hello there,

I have configured my nas with ODBC, the radius is giving the perfect
authentication but the calls table and the subaccount field of balance is
not updating. Please help me i cant understand why I am this kind of
problem. I am using SQL 6.5.

Talha.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 2 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject:
From: "Webmestre" <webmaster@cit.qc.ca>
Date: Wed, 15 Jul 1998 08:30:30 -0400

unsubscribe

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 3 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject:
From: "Scott Brandon" <scott.brandon@alpha-net.net>
Date: Wed, 15 Jul 1998 09:02:43 +0100

unsubscribe

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 4 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Access 97 db gone wild - help!
From: Scott Lagos <slagos@net1plus.com>
Date: Wed, 15 Jul 1998 12:32:42 -0400

We were running in to the same problem and as a matter of fact we still do
to a certain degree.

What we did is export the Calls table to a seperate database and have it
linked to the primary database. The only problem we have found with this
is that we have to run RADIUS on the same server as the DB because Access
does not support UNCs in the Link table function. (maybe it does but we
didnt check that closely)

The clear answer is move to SQL and thats what we are in the process of
doing now. I'm not sure if SQL will bloat the same way, but I suspect not.

Scott

At 04:25 PM 7/14/98 -0400, you wrote:
>We upgraded 7 days ago to RadiusNT 2.5.124. Access DB size was 12 MB +/- as
>we cleaned out most prior call records. All was going well until today.
>When unable to enter clients, the techs checked the db and it was over 1 GB
>in size. (It didn't grow much over the first few days we watched it) Went
>to repair and compact the db, repair failed saying the db had reached a
>maximum size. Compact failed returning an error, "Radius97 isn't an index
>in this table. Look at the indexes collection of the TableDef object to
>determine the valied index names." We can no longer open this Radius db.
>
>Just switched to a back-up copy and all is running fine again. Would like
>to know why this happened and how, if possible, we could open the db to
>retrieve calls info.
>
>Please don't say switch to MSQL, my answer is we will, but one thing at a
>time. ;->
>
>TIA,
>
>
>
>
>*********
>Michael G. Minnich, President Access Visions Corporation
>Voice: 937.593.7177 x.126 Fax: 937.592.4165
>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 5 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Vendor-Specific Attribute
From: Edsonet <administrator@yellowhead.com>
Date: Wed, 15 Jul 1998 11:14:34 -0600

I am using RadiusNT 2.5(ODBC) with several Telebit NetBlazers as RAS. I am
having a difficult time getting accurate information on how Radius
Accounting works from either end. The NetBlazer 3.3 Manual lists the
following as being sent in the Radius Accounting packet:

User-Name 1
User-Password 2
CHAP-Password 3
NAS-IP-Address 4
NAS-Port 5
Service-Type 6
Framed-Protocol 7
Login-Port 16
Vendor-Specific 26
Acct-Session-ID 44

Vendor data is supposedly sent out under the Vendor-Specific attribute.

Even though the Netblazer says that it doesn't support them, AcctSessionTime,
AcctInputOctets, and AcctOutputOctets do get logged. What I don't see in
RadiusNT is any allowance for the Vendor-Specific attribute. Do I just
create a field called VendorSpecific to get this to log?

J.A. Coutts
Systems Engineer
Edsonet/TravPro

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 6 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Radius Proxy
From: "Gregory White" <whiteg@dnc.net>
Date: Wed, 15 Jul 1998 10:39:06 -0700

> > On another possibly related note, when we first tried 2.5, several tabs
> > appeared in the RadAdmin that allowed entry of records through the GUI.
> > Now that I have installed the newest version, they don't show up, so I
> have
> > to make entries manually.
>
>
> I'm not quite sure what you are referring to here? There is an issue
> where
> if you go from test to ODBC mode, sometimes you have to save the mode
> and re-run Radadmn before the ODBC tabs will be displayed.

The tabs/fields that are not showing up are ones specifically for entering
proxy information. Maybe my memory is completely unreliable, but I could
swear I saw these previously.

>
> > * I have also tried it with an accounttype specified with the same
> results.
>
>
> Thats only for overriding the attributes received from the remote
> RADIUS server with the set of default attributes associated with the
> domain.
>
> > radrecv: Request from host ce3a7f2a code=1, id=103, length=86
> > User-Name = "test@skipnet.com"
> > Sending proxy request to: skipnet:204.202.84.10:hoohoo:85
>
>
> We received the requiest and forwarded it to the remote server.
>
> > radrecv: Request from host ccca540a code=3, id=103, length=20
> >
> > Proxy: Found Matching Proxy request for response (w/o proxy state).
> > Sending Reject of id 103 to ce3a7f2a (riker)
>
>
> Here we received a reject from the remote server (code=3) and
> forward the reject back to the client making the request.
>
>
> You didn't include the RadRoamServer/RadRoamDomain config for
> skipnet.com. Is the remote expecting test@skipnet.com or
> just test for the username?

In the dubug info, I was attempting to protect the anonymity of our client,
but it looks like I pooched that. Sorry about that. All references to the
domain in the RadRoamServer/RadRoamDomain actually refer to skipnet.com, so
test@skipnet.com is correct. He is expecting just "test" as a username.
If I have skipnet.com entered for the domain, and StripDomain selected,
will it also remove the @?

> The stripdomain option would
> reflect this option. Have you had the admin on the other side
> check to see whats going on?
>

The debug capability on his radius product apparently leaves something to
be desired.

Thank you,

Greg White
Network Operations Manager
Direct NET Communications

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 7 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Radius Proxy
From: "Gregory White" <whiteg@dnc.net>
Date: Wed, 15 Jul 1998 10:51:42 -0700

>> > On another possibly related note, when we first tried 2.5, several
tabs
>> > appeared in the RadAdmin that allowed entry of records through the
GUI.
>> > Now that I have installed the newest version, they don't show up, so I
>> have
>> > to make entries manually.
>>
>>
>> I'm not quite sure what you are referring to here? There is an issue
>> where
>> if you go from test to ODBC mode, sometimes you have to save the mode
>> and re-run Radadmn before the ODBC tabs will be displayed.
>
>The tabs/fields that are not showing up are ones specifically for entering
>proxy information. Maybe my memory is completely unreliable, but I could
>swear I saw these previously.

I just installed the new Emerald Administrator, and voila! There they are.

Thank you,

Greg White
Network Operations Manager
Direct NET Communications

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 8 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject:
From: "Scott Brandon" <scott.brandon@alpha-net.net>
Date: Wed, 15 Jul 1998 13:30:41 +0100

unsubscribe

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 9 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Ascend-Number-Sessions
From: Bill Barnes <BBarnes@amag.com>
Date: Wed, 15 Jul 1998 13:58:15 -0500

We are running version 2.2 and I would like to keep track of how many
users are on the NAS at any given time. I put the attribute
Ascend-Number-Sessions into the call table but I can't get it to update.
Any ideas ?
Thanks

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 10 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Ascend-Number-Sessions
From: "Dale E. Reed Jr." <daler@iea-software.com>
Date: Wed, 15 Jul 1998 12:34:38 -0700

Bill Barnes wrote:
>
> We are running version 2.2 and I would like to keep track of how many
> users are on the NAS at any given time. I put the attribute
> Ascend-Number-Sessions into the call table but I can't get it to update.
> Any ideas ?

I'm not sure what that attribute does. I also have never seen
an Ascend send it in an accounting request.

I would guess its for telling the number of sessions a MPP user has
bonded, not the total number of sessions active on the Ascend.

-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 11 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: 2.5 saExpireDateFrom: "Lorri Manning" <lorri@cowtown.net>Date: Wed, 15 Jul 1998 15:00:23 -0500

Running ver. 2.5 w/ MsAccess 97

Just searched through the archives and want to verify...Since we're using Access and not SQL server, the saExpireDate will notfuntion properly - only the maExpireDate - correct?

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^Lorri ManningEmail: lorri@cowtown.netCowtown Net, Inc., 3044 Wichita Court,Fort Worth, TX 76140(817)293-9353; (972)730-2010Fax (817)293-9076 / http://www.cowtown.net^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^"No matter how hard you try, you can't baptize cats."

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 12 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re:From: "Allen Mallari" <allen@fiax.net>Date: Wed, 15 Jul 1998 13:38:15 -0700

*********** REPLY SEPARATOR ***********

On 7/15/98, at 9:02 AM, Scott Brandon wrote:

>unsubscribe

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 13 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: 2ch ISDN on Ascend, CiscoFrom: Ted Olson <tolson@ocsnet.net>Date: Wed, 15 Jul 1998 14:44:31 -0700

We're running RadNT 1.16.49b, ODBC (Access97), NT4/SP3 ... 2 clients wantto go from 1ch ISDN to 2ch. Encaps on our NASes is set to MPP - myunderstanding is that all else that's needed on our end is to add a rec foreach account in radConfigs, radAttributeID=235, data=2, value=1. Set theirrouters for max 2ch and we're there.

Am I missing something, is there anything else? One of these clients *was*bonding two ch's on demand, but that just stopped working and they'vedropped back to 1ch. Ascend has looked at both ends and say all is config'dcorrectly. 1ch tests are fine, just can't get the second ch to kick in. I'mstarting to think telco switch (same c/o is common to both accounts), anyother suggestions?

TIA,-Ted OlsonOCS Software

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 14 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Radius ProxyFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 15 Jul 1998 14:48:53 -0700

Gregory White wrote:> > >The tabs/fields that are not showing up are ones specifically for entering> >proxy information. Maybe my memory is completely unreliable, but I could> >swear I saw these previously.> > I just installed the new Emerald Administrator, and voila! There they are.

This sounds like you are talking about Emerald 2.5. If you are, youare going against the beta agreement.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 15 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Radius ProxyFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 15 Jul 1998 14:51:49 -0700

Gregory White wrote:> > > In the dubug info, I was attempting to protect the anonymity of our client,> but it looks like I pooched that. Sorry about that. All references to the> domain in the RadRoamServer/RadRoamDomain actually refer to skipnet.com, so> test@skipnet.com is correct. He is expecting just "test" as a username.> If I have skipnet.com entered for the domain, and StripDomain selected,> will it also remove the @?

Yes. > The debug capability on his radius product apparently leaves something to> be desired.

Get him to buy RadiusNT and make the world a safer place forroaming. :)

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 16 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Vendor-Specific AttributeFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 15 Jul 1998 14:57:25 -0700

Edsonet wrote:> > I am using RadiusNT 2.5(ODBC) with several Telebit NetBlazers as RAS. I am> having a difficult time getting accurate information on how Radius> Accounting works from either end. The NetBlazer 3.3 Manual lists the> following as being sent in the Radius Accounting packet:> > User-Name 1> User-Password 2> CHAP-Password 3

If its sending 2 or 3 in accounting requests, its definately not RFC compliant. Those are for auth requests only.

> NAS-IP-Address 4> NAS-Port 5> Service-Type 6> Framed-Protocol 7> Login-Port 16> Vendor-Specific 26> Acct-Session-ID 44> > Vendor data is supposedly sent out under the Vendor-Specific attribute.> > Even though the Netblazer says that it doesn't support them, AcctSessionTime,> AcctInputOctets, and AcctOutputOctets do get logged. What I don't see in> RadiusNT is any allowance for the Vendor-Specific attribute. Do I just> create a field called VendorSpecific to get this to log?

You have to define the VSAs themself. I have been working on somenew example scripts for this. Currently VSA is only supported in ODBC mode. You need to add an entry in the RadVendors tablefor the Telebits' VSA VenedorID. Then you can add entries in theRadAttributes table for that VendorID, Attribute 26 (VSA) and VendorType(whatever they report or list to support in the VSA types).

You must restart RadiusNT for these to work correctly.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 17 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Configuring Defaults for service typesFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 15 Jul 1998 15:18:36 -0700

Glen Harvy wrote:> > I set up Emerald and had it going well with Radius 2.5 however when I tried> to add an Attribute to one of my Default Service Types, I got the following> error:-> > SQL Server Error: 213 Insert error; column name or number of supplied> values does not match table definition.> State = 4, Severity = 16.> > This obliterated the two attributes already in there and now I can't add> those that were already there?

You must use the Emerald 2.2 admin for this once you have upgradedyour database to work with RadiusNT 2.5.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 18 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: 2.5 saExpireDateFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 15 Jul 1998 15:36:13 -0700

Lorri Manning wrote:> > Running ver. 2.5 w/ MsAccess 97> > Just searched through the archives and want to verify...> Since we're using Access and not SQL server, the saExpireDate will not> funtion properly - only the maExpireDate - correct?

That is correct. MS Access will return an SQL Error if you set thesaExpireDate to NULL and Include that in a DateAdd function inside asingle SQL statement. I would not recommend using the saExpireDate atall.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 19 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: From: "David" <david@mail.ksi.com.tw>Date: Thu, 16 Jul 1998 08:26:17 +0800

This is a multi-part message in MIME format.

------=_NextPart_000_000A_01BDB093.67745440Content-Type: text/plain; charset="big5"Content-Transfer-Encoding: quoted-printable

unsubscribe

------=_NextPart_000_000A_01BDB093.67745440Content-Type: text/html; charset="big5"Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">

unsubscribe

------=_NextPart_000_000A_01BDB093.67745440--..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 20 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re:From: "Allen Mallari" Date: Wed, 15 Jul 1998 17:38:54 -0700*********** REPLY SEPARATOR ***********On 7/16/98, at 8:26 AM, David wrote: >unsubscribe..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 21 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Server port access restrictions with RadNT2.5/EmeraldFrom: Glen Harvy Date: Thu, 16 Jul 1998 11:59:42 +1000At 11:31 14/07/98 -0700, you wrote:The next question is .... nah, you can guess that.I've just got everything apparently working so I'll take a breather for aday or two :-)>Glen Harvy wrote:>> >> Can we allocate server ports to a service using Emerald yet?>>The configuration for this is in the Emerald 2.5 admin. :(>>Since it didn't exist when 2.2 was created, there is not>support for it in the 2.2 admin.>>-- >Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com>>Glen.--------------------------------------------------------------------AQUARIUS Communications for all your Internet<>Fidonet needs <>Full ISP services<>FrontDoor Commercial<>TransX Internet/FTSC Mailervoice(02)9977-3788<>fax(02)9977-3844<>bbs(02)9977-2855<>3:714/930http://www.aquarius.com.au <> mailto:sales@aquarius.com.au ..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 22 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Concurency ControlFrom: Greg H Date: Thu, 16 Jul 1998 15:15:10 +1000Hiyas,Radius 2.5 ,Emerald,NT.I have spent too many hours trying to get concurrncy control working,noluck yet :/Below is an excerpt form the radius manual.******************************************************************************************** Preventing a single user from logging in multiple times simultaneouslyis called concurrency control. RadiusNT uses the RADIUS Accountingrecords to maintain a list of who is currently on-line. To achievethis, you must add records into the ServerPorts table that match theServerID from the Servers table, and the Port column which matches theNAS-Port attribute in the accounting packet. You can run RadiusNT in-x15 debug mode to see examples of the NAS-Port numbers. RadiusNT willonly update the records of the ServerPorts table, and will not createthem.The CallsOnline view contains columns from both the Servers andServerPorts table. It is simply a convenient way to read and manipulatedata based on both of those tables. This view is used mainly forchecking and updating the callsonline list, as noted below.When RadiusNT receives an authentication request and concurrency controlis enabled, it will look at the number of entries in the CallsOnlineview which match the username. If you do not have variable login limitsenabled, then RadiusNT will default to only allowing the user to loginone time. If you do have variable login limits enabled, then RadiusNTwill only allow the user to login the number of times specified in theLoginLimit field. All other requests will be rejected.**********************************************************************************************It says :"To achieve this, you must add records into the ServerPorts table thatmatch the ServerID from the Servers table, and the Port column whichmatches the NAS-Port attribute in the accounting packet"Add records ? what records ?Whats the server ID from the call table ?Port column which matches the NAS-Port attribute ?I dont see how i can match those,the NAS-Port attribute for each call issimply the port number on which thatcall is being made ?Any help with this would be greatly appreciated as I have recentlyintroducedan Unlimited Plan,and a few clients are trying to share oneaccount.-- ~GolSyd~ ~GamesOnline Sydney~~ Internet Service Provider & Online Gaming ~ "SPEED DOES MATTER" http://www.golsyd.net.au ftp://ftp.golsyd.net.au/ admin@golsyd.net.au .

Previous message: Greg H: "Concurency Control"
Next message: David Baxter: "Unsubscribe"