Message 2: Re: Multilink PPP with USR Chassis and RadiusNT/Emerald
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 3: RadiusNT and SQL Questions
from postman@cp-tel.net (Postman Account)
Message 4: Need help with IPASS and ServerAccess
from David Niblett <niblettda@gru.com>
Message 5: RE: RadiusNT and the SAM
from "Mike Roberts" <mike@datawest.net>
Message 6: Dr. Watson!!!
from Christian Simard <simardc@netc.net>
Message 7: Re: Need help with IPASS and ServerAccess
from "Mourad Dahoumane" <mdahoumane@interway.lu>
Message 8: Re: Need help with IPASS and ServerAccess
from Steve Spesard <steves@webaccess.net>
Message 9: Re: RadiusNT and the SAM
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 10: Re: RadiusNT and SQL Questions
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 11: RE: RadiusNT and the SAM
from "Mike Roberts" <mike@datawest.net>
Message 12: Re: RadiusNT and the SAM
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 13: Re: Dr. Watson!!!
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 14: Re: Need help with IPASS and ServerAccess
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 15: Re: Need help with IPASS and ServerAccess
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 16: Re: Dr. Watson!!!
from simardc@netc.net
Message 17: Re: Need help with IPASS and ServerAccess
from "Mourad Dahoumane" <mdahoumane@interway.lu>
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Multilink PPP with USR Chassis and RadiusNT/Emerald
From: "Rudy Komsic" <rudyk@cyberglobe.net>
Date: Mon, 3 Aug 1998 09:27:10 -0400
we are running Quads on Netserver. we are using MPIP for interchassis
multilink protocol. to try this out, make sure you dial 1 chassis for first
link then dial the second chassis and establish a connection. You will notice
on the calls online you are connected once and when you hang up, you will have
a port 6000 when you check the time online.
-----Original Message-----
From: Lamar Townsend <lamar@shuttle.com>
To: radiusnt@iea-software.com <radiusnt@iea-software.com>
Date: July 31, 1998 8:40 PM
Subject: RE: Multilink PPP with USR Chassis and RadiusNT/Emerald
>I have not seen this problem. Are you running Quads or HyperDSPs,
>Netserver or HyperARCs? And what version of the code?
>
>
>Lamar Townsend
>VP Microgear Computers & Microgear.Net
>lamar@microgear.net
>
>
>
>
>
>Hmm... lately we have discovered a small problem with Multilink PPP and
>accounting features with connections. When a Client connects under the
>Multilink connection, it sometimes report Port 6000. This may be the port
>that the VPN connection between chassis where it will conduct the
>communications are conducted.
>Could this be a bug in the latest USR Chassis code?
>
>----
>Rudy Komsic
>President, Network Administrator - Cyberglobe Communications Inc.
>4996 Place de la Savane, Suite 200, Montreal, Quebec, H4P 1Z6
>Tel: (514)342-3883 Fax: (514)342-5139 E-Mail: rudyk@cyberglobe.net
>
>
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 2 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Multilink PPP with USR Chassis and RadiusNT/Emerald
From: "Dale E. Reed Jr." <daler@iea-software.com>
Date: Mon, 03 Aug 1998 09:56:13 -0700
Rudy Komsic wrote:
>
> we are running Quads on Netserver. we are using MPIP for interchassis
> multilink protocol. to try this out, make sure you dial 1 chassis for first
> link then dial the second chassis and establish a connection. You will notice
> on the calls online you are connected once and when you hang up, you will have
> a port 6000 when you check the time online.
In RadiusNT -x15 debug, you see an Accounting Start Packet for Port 6000
and not a stop for it? If thas correct, then it definately would be a
bug.
> -----Original Message-----
> From: Lamar Townsend <lamar@shuttle.com>
> To: radiusnt@iea-software.com <radiusnt@iea-software.com>
> Date: July 31, 1998 8:40 PM
> Subject: RE: Multilink PPP with USR Chassis and RadiusNT/Emerald
>
> >I have not seen this problem. Are you running Quads or HyperDSPs,
> >Netserver or HyperARCs? And what version of the code?
> >
> >
> >Lamar Townsend
> >VP Microgear Computers & Microgear.Net
> >lamar@microgear.net
> >
> >
> >
> >
> >
> >Hmm... lately we have discovered a small problem with Multilink PPP and
> >accounting features with connections. When a Client connects under the
> >Multilink connection, it sometimes report Port 6000. This may be the port
> >that the VPN connection between chassis where it will conduct the
> >communications are conducted.
> >Could this be a bug in the latest USR Chassis code?
> >
> >----
> >Rudy Komsic
> >President, Network Administrator - Cyberglobe Communications Inc.
> >4996 Place de la Savane, Suite 200, Montreal, Quebec, H4P 1Z6
> >Tel: (514)342-3883 Fax: (514)342-5139 E-Mail: rudyk@cyberglobe.net
> >
> >
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 3 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RadiusNT and SQL QuestionsFrom: postman@cp-tel.net (Postman Account)Date: Mon, 03 Aug 1998 13:18:54 -0500
We recently upsized our RadiusNT Access97 database to MS SQL 6.5.
Is there an easy way to export and clear out the previous month's Calls table in SQL? (as opposed to highlighting tens of thousands of calls records manually.)
Please reply... thanks in advance.
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 4 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Need help with IPASS and ServerAccessFrom: David Niblett <niblettda@gru.com>Date: Mon, 3 Aug 1998 14:33:50 -0400
I am trying to set up so that I can use the ServerAccess feature of RadiusNT v2.5I've got the authentication working just fine from my TNT's and MAX's. The problemI am facing is with IPASS.
When I user 'check-vnas' with a known working username and password this is theresponse I get back.
-----radrecv: Request from host cf168e05 code=1, id=15, length=73 User-Name = "ipasstest" Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"Received unknown attribute 32 NAS-Port = 1rad_authenticate_ODBC() Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"
SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day, (ma.Extension+ma..OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day, sa.Extension+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login, sa.Shell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where (sa.Login='ipasstest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and sa.Active<>0 and ma.Active<>0
Decrypted Password: <secret> Database Password: <secret>Checking for duplicate logins.
SQL Statement: RadCheckOnline 'ipasstest'
ipasstest found on-line 0 time(s).Checking for port access.Incomplete authentication record. ServerAccess not possible.Sending Reject of id 15 to cf168e05 (grucom2.gru.net)User: ipasstest Time Access deniedUser: ipasstest Time Access denied SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data) VALUES (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')
Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0-----
My main concern is the 'Received unknown attribute 32'. I added in theServers table the entry for the machine that IPASS is running on. Thenadded the entry into ServerPorts and lastly ServerAccess.
However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I checkedwhat a normal record looks like and it uses attribute 4, 'NAS-Identifier.'RadCheckAccess is never called in this case since it would appear that therecord is not right.
So what I did was define attribute 32 in the tables and then I got this:-----radrecv: Request from host cf168e05 code=1, id=120, length=73 User-Name = "ipasstest" Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263" NAS-IP-Address = "i-Pass VNAS" NAS-Port = 1rad_authenticate_ODBC()Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client
rad_auth() calc_digest ret'd errorAuthenticate: from 207.22.142.5 - Security Breach: ipasstest-----
Needless to say, I'm very confused. Any thoughts or help on this wouldbe greatly appreciated.
The statistics are as follows:IPASS version 3.1 (latest)RadiusNT version 2.5.110NT v4.0
Thanks!
--David A. Niblett | Email: niblettda@gru.comSystems Programmer | Phone: (352) 334-3400Gainesville Regional Utilities | Web: http://www.gru.com/
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 5 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RE: RadiusNT and the SAMFrom: "Mike Roberts" <mike@datawest.net>Date: Mon, 3 Aug 1998 13:01:10 -0600
How long would it take to add this feature in?
*Mike Roberts*DataWest Internet, LLC*Colorado Springs - http://www.datawest.net*(719) 635-9999 - ICQ 387413
-----Original Message-----From: radiusnt-request@iea-software.com[mailto:radiusnt-request@iea-software.com]On Behalf Of Dale E. Reed Jr.Sent: Thursday, July 30, 1998 12:33 PMTo: radiusnt@iea-software.comSubject: Re: RadiusNT and the SAM
> He (and I) want(s) to authenticate out of the NT SAM, by either group, orby> whether "grant dial-in access" is given.
> Does RadiusNT do this?
Not currently. I have been looking into the "grant dial-in access"and most likely group support as well.
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 6 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Dr. Watson!!!From: Christian Simard <simardc@netc.net>Date: Mon, 03 Aug 1998 15:52:06 -0400
Hi!
I run radiusnt for 2 months without any problems until now...radiusnt crashed (Dr. Watson) many times since a few days ...I was running 1.16 so I upgraded to 2.5 ans I already get it crash.here is the error message in the application log:
The application, , generated an application error The error occurred on 8/ 3/1998 @ 15:30:13.486 The exception generated was c0000005 at address 20202020 (<nosymbols>)
0000: 0d 0a 0d 0a 41 70 70 6c ....Appl0008: 69 63 61 74 69 6f 6e 20 ication.0010: 65 78 63 65 70 74 69 6f exceptio0018: 6e 20 6f 63 63 75 72 72 n.occurr0020: 65 64 3a 0d 0a 20 20 20 ed:.....0028: 20 20 20 20 20 41 70 70 .....App0030: 3a 20 20 28 70 69 64 3d :..(pid=0038: 32 33 30 29 0d 0a 20 20 230)....0040: 20 20 20 20 20 20 57 68 ......Wh0048: 65 6e 3a 20 38 2f 33 2f en:.8/3/0050: 31 39 39 38 20 40 20 31 1998.@.10058: 35 3a 33 30 3a 31 33 2e 5:30:13.0060: 34 38 36 0d 0a 20 20 20 486.....0068: 20 20 20 20 20 45 78 63 .....Exc0070: 65 70 74 69 6f 6e 20 6e eption.n0078: 75 6d 62 65 72 3a 20 63 umber:.c0080: 30 30 30 30 30 30 35 20 0000005.0088: 28 61 63 63 65 73 73 20 (access.0090: 76 69 6f 6c 61 74 69 6f violatio0098: 6e 29 0d 0a 0d 0a 2a 2d n)....*-00a0: 2d 2d 2d 3e 20 53 79 73 --->.Sys00a8: 74 65 6d 20 49 6e 66 6f tem.Info00b0: 72 6d 61 74 69 6f 6e 20 rmation.00b8: 3c 2d 2d 2d 2d 2a 0d 0a <----*..
P.S: I run radiusnt 2.5 with SQL server 6.5 ODBC mode.
thank you!
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 7 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Need help with IPASS and ServerAccessFrom: "Mourad Dahoumane" <mdahoumane@interway.lu>Date: Mon, 3 Aug 1998 22:19:32 +0200
I also use Ipass and I have the same problemIt seems Emerald/radius doesn't recognise this kind of virtual port.also you can't assign an ip pool to this vnas and you never know which ipaddresswill your roaming users have.
Mourad DahoumaneConnexion Interway
-----Original Message-----From: David Niblett <niblettda@gru.com>To: 'radiusnt@iea-software.com' <radiusnt@iea-software.com>Date: 03 August 1998 20:34Subject: Need help with IPASS and ServerAccess
>I am trying to set up so that I can use the ServerAccess feature ofRadiusNT>v2.5>I've got the authentication working just fine from my TNT's and MAX's. The>problem>I am facing is with IPASS.>>When I user 'check-vnas' with a known working username and password thisis>the>response I get back.>>----->radrecv: Request from host cf168e05 code=1, id=15, length=73> User-Name = "ipasstest"> Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202">Received unknown attribute 32> NAS-Port = 1>rad_authenticate_ODBC()> Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202">> SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,>(ma.Extension+ma>.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,>sa.Extensi>on+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login,>sa.Sh>ell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where>(sa.Login='ipas>stest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and>sa.Active<>0> and ma.Active<>0>> Decrypted Password: <secret>> Database Password: <secret>>Checking for duplicate logins.>> SQL Statement: RadCheckOnline 'ipasstest'>> ipasstest found on-line 0 time(s).>Checking for port access.>Incomplete authentication record. ServerAccess not possible.>Sending Reject of id 15 to cf168e05 (grucom2.gru.net)>User: ipasstest Time Access denied>User: ipasstest Time Access denied> SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data)> VALUE>S (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')>>>Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0>----->>My main concern is the 'Received unknown attribute 32'. I added in the>Servers table the entry for the machine that IPASS is running on. Then>added the entry into ServerPorts and lastly ServerAccess.>>However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I>checked>what a normal record looks like and it uses attribute 4, 'NAS-Identifier.'>RadCheckAccess is never called in this case since it would appear that the>record is not right.>>So what I did was define attribute 32 in the tables and then I got this:>----->radrecv: Request from host cf168e05 code=1, id=120, length=73> User-Name = "ipasstest"> Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263"> NAS-IP-Address = "i-Pass VNAS"> NAS-Port = 1>rad_authenticate_ODBC()>Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client>>rad_auth() calc_digest ret'd error>Authenticate: from 207.22.142.5 - Security Breach: ipasstest>----->>Needless to say, I'm very confused. Any thoughts or help on this would>be greatly appreciated.>>The statistics are as follows:>IPASS version 3.1 (latest)>RadiusNT version 2.5.110>NT v4.0>>Thanks!>>-->David A. Niblett | Email: niblettda@gru.com>Systems Programmer | Phone: (352) 334-3400>Gainesville Regional Utilities | Web: http://www.gru.com/>>
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 8 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Need help with IPASS and ServerAccessFrom: Steve Spesard <steves@webaccess.net>Date: Mon, 03 Aug 1998 14:36:15 -0600
We are still running Radius V2.2 before RadiusNT dealt with IPASS. Anyway werun IPASS with NT authentication separate from RadiusNT. It works great. Thesetup was a breeze. It might be another option for those having Radiusproblems.
Steve Spesard
Mourad Dahoumane wrote:
> I also use Ipass and I have the same problem> It seems Emerald/radius doesn't recognise this kind of virtual port.> also you can't assign an ip pool to this vnas and you never know which ip> address> will your roaming users have.>> Mourad Dahoumane> Connexion Interway>> -----Original Message-----> From: David Niblett <niblettda@gru.com>> To: 'radiusnt@iea-software.com' <radiusnt@iea-software.com>> Date: 03 August 1998 20:34> Subject: Need help with IPASS and ServerAccess>> >I am trying to set up so that I can use the ServerAccess feature of> RadiusNT> >v2.5> >I've got the authentication working just fine from my TNT's and MAX's. The> >problem> >I am facing is with IPASS.> >> >When I user 'check-vnas' with a known working username and password this> is> >the> >response I get back.> >> >-----> >radrecv: Request from host cf168e05 code=1, id=15, length=73> > User-Name = "ipasstest"> > Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"> >Received unknown attribute 32> > NAS-Port = 1> >rad_authenticate_ODBC()> > Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"> >> > SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,> >(ma.Extension+ma> >.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,> >sa.Extensi> >on+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login,> >sa.Sh> >ell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where> >(sa.Login='ipas> >stest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and> >sa.Active<>0> > and ma.Active<>0> >> > Decrypted Password: <secret>> > Database Password: <secret>> >Checking for duplicate logins.> >> > SQL Statement: RadCheckOnline 'ipasstest'> >> > ipasstest found on-line 0 time(s).> >Checking for port access.> >Incomplete authentication record. ServerAccess not possible.> >Sending Reject of id 15 to cf168e05 (grucom2.gru.net)> >User: ipasstest Time Access denied> >User: ipasstest Time Access denied> > SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data)> > VALUE> >S (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')> >> >> >Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0> >-----> >> >My main concern is the 'Received unknown attribute 32'. I added in the> >Servers table the entry for the machine that IPASS is running on. Then> >added the entry into ServerPorts and lastly ServerAccess.> >> >However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I> >checked> >what a normal record looks like and it uses attribute 4, 'NAS-Identifier.'> >RadCheckAccess is never called in this case since it would appear that the> >record is not right.> >> >So what I did was define attribute 32 in the tables and then I got this:> >-----> >radrecv: Request from host cf168e05 code=1, id=120, length=73> > User-Name = "ipasstest"> > Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263"> > NAS-IP-Address = "i-Pass VNAS"> > NAS-Port = 1> >rad_authenticate_ODBC()> >Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client> >> >rad_auth() calc_digest ret'd error> >Authenticate: from 207.22.142.5 - Security Breach: ipasstest> >-----> >> >Needless to say, I'm very confused. Any thoughts or help on this would> >be greatly appreciated.> >> >The statistics are as follows:> >IPASS version 3.1 (latest)> >RadiusNT version 2.5.110> >NT v4.0> >> >Thanks!> >> >--> >David A. Niblett | Email: niblettda@gru.com> >Systems Programmer | Phone: (352) 334-3400> >Gainesville Regional Utilities | Web: http://www.gru.com/> >> >
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 9 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: RadiusNT and the SAMFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Mon, 03 Aug 1998 13:41:55 -0700
Mike Roberts wrote:> > How long would it take to add this feature in?
I don't know. Currently I'm stretched pretty thin on the Emerlad2.5 release and its my main focus. I'll do some research on theAPIs to accomplish this and see what I can come up with.
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 10 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: RadiusNT and SQL QuestionsFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Mon, 03 Aug 1998 13:48:17 -0700
Postman Account wrote:> > We recently upsized our RadiusNT Access97 database> to MS SQL 6.5.> > Is there an easy way to export and clear out the previous> month's Calls table in SQL? (as opposed to highlighting> tens of thousands of calls records manually.)
Delete from Calls Where CallDate < '7/1/98'
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 11 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RE: RadiusNT and the SAMFrom: "Mike Roberts" <mike@datawest.net>Date: Mon, 3 Aug 1998 14:59:21 -0600
If you do add it here is my opinion on how it should work.
1) It should look at the GROUP the user is in and assign attributes by group2) The group attributes should be additive2) It should ignore the "grant dial-in" access check box3) It should honor the "account disabled" check box
Just my opinion.
*Mike Roberts*DataWest Internet, LLC*Colorado Springs - http://www.datawest.net*(719) 635-9999 - ICQ 387413
-----Original Message-----From: radiusnt-request@iea-software.com[mailto:radiusnt-request@iea-software.com]On Behalf Of Dale E. Reed Jr.Sent: Monday, August 03, 1998 2:42 PMTo: radiusnt@iea-software.comSubject: Re: RadiusNT and the SAM
Mike Roberts wrote:>> How long would it take to add this feature in?
I don't know. Currently I'm stretched pretty thin on the Emerlad2.5 release and its my main focus. I'll do some research on theAPIs to accomplish this and see what I can come up with.
--Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 12 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: RadiusNT and the SAMFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Mon, 03 Aug 1998 14:39:38 -0700
Mike Roberts wrote:> > If you do add it here is my opinion on how it should work.> > 1) It should look at the GROUP the user is in and assign attributes by group
This could be ue in place of the AccountType for ODBC mode.
> 2) The group attributes should be additive
Could you explain what you mean here? I don't want to guess.
> 2) It should ignore the "grant dial-in" access check box
Why?
> 3) It should honor the "account disabled" check box
As well as the expiration?
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 13 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Dr. Watson!!!From: "Dale E. Reed Jr." <daler@iea-software.com>Date: Mon, 03 Aug 1998 15:14:06 -0700
Christian Simard wrote:> > I run radiusnt for 2 months without any problems until now...> radiusnt crashed (Dr. Watson) many times since a few days ...> I was running 1.16 so I upgraded to 2.5 ans I already get it crash.> here is the error message in the application log:
Please run RadiusNT in -x15 debug mode and include the last screenfull before the Dr. Watson.
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 14 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Need help with IPASS and ServerAccessFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Mon, 03 Aug 1998 16:12:44 -0700
Steve Spesard wrote:> > We are still running Radius V2.2 before RadiusNT dealt with IPASS. Anyway we> run IPASS with NT authentication separate from RadiusNT. It works great. The> setup was a breeze. It might be another option for those having Radius> problems.
RadiusNT 2.5 still doesn't include support for IPASS. The APIis there, but nothing to talk to it on the IPASS side. :(Actually, anybody can write a DLL to talk to the API. I have beenworking on some new documentation to allow third parties to do this.I can only assume its going to be a very popular feature for thirdparty integration type stuff. > Steve Spesard> > Mourad Dahoumane wrote:> > > I also use Ipass and I have the same problem> > It seems Emerald/radius doesn't recognise this kind of virtual port.> > also you can't assign an ip pool to this vnas and you never know which ip> > address> > will your roaming users have.> >> > Mourad Dahoumane> > Connexion Interway> >> > -----Original Message-----> > From: David Niblett <niblettda@gru.com>> > To: 'radiusnt@iea-software.com' <radiusnt@iea-software.com>> > Date: 03 August 1998 20:34> > Subject: Need help with IPASS and ServerAccess> >> > >I am trying to set up so that I can use the ServerAccess feature of> > RadiusNT> > >v2.5> > >I've got the authentication working just fine from my TNT's and MAX's. The> > >problem> > >I am facing is with IPASS.> > >> > >When I user 'check-vnas' with a known working username and password this> > is> > >the> > >response I get back.> > >> > >-----> > >radrecv: Request from host cf168e05 code=1, id=15, length=73> > > User-Name = "ipasstest"> > > Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"> > >Received unknown attribute 32> > > NAS-Port = 1> > >rad_authenticate_ODBC()> > > Password = "\242F\022\333\025a?\341\337\027\221W\267|\217\202"> > >> > > SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,> > >(ma.Extension+ma> > >.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(), DateAdd(Day,> > >sa.Extensi> > >on+1, saExpireDate)), sa.AccountID, sa.AccountType, sa.Password, sa.Login,> > >sa.Sh> > >ell, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Where> > >(sa.Login='ipas> > >stest' or sa.Shell='ipasstest') AND ma.CustomerID=sa.CustomerID and> > >sa.Active<>0> > > and ma.Active<>0> > >> > > Decrypted Password: <secret>> > > Database Password: <secret>> > >Checking for duplicate logins.> > >> > > SQL Statement: RadCheckOnline 'ipasstest'> > >> > > ipasstest found on-line 0 time(s).> > >Checking for port access.> > >Incomplete authentication record. ServerAccess not possible.> > >Sending Reject of id 15 to cf168e05 (grucom2.gru.net)> > >User: ipasstest Time Access denied> > >User: ipasstest Time Access denied> > > SQL Statement: INSERT INTO RadLogs(RadLogMsgID, LogDate, Username, Data)> > > VALUE> > >S (16, GetDate(), 'ipasstest', 'Server:Unknown Port:1 (No Access)')> > >> > >> > >Resp Time: 261 Auth: 0/1 -> 1 Acct: 0/0/0 -> 0> > >-----> > >> > >My main concern is the 'Received unknown attribute 32'. I added in the> > >Servers table the entry for the machine that IPASS is running on. Then> > >added the entry into ServerPorts and lastly ServerAccess.> > >> > >However, the best I can tell is that attribute 32 is 'NAS-IP-Address'. I> > >checked> > >what a normal record looks like and it uses attribute 4, 'NAS-Identifier.'> > >RadCheckAccess is never called in this case since it would appear that the> > >record is not right.> > >> > >So what I did was define attribute 32 in the tables and then I got this:> > >-----> > >radrecv: Request from host cf168e05 code=1, id=120, length=73> > > User-Name = "ipasstest"> > > Password = "pB\325L\264\244\005\025\212\373T'6\200\351\263"> > > NAS-IP-Address = "i-Pass VNAS"> > > NAS-Port = 1> > >rad_authenticate_ODBC()> > >Calc_digest: from 207.22.142.5, ID 120 : Request from Unknown Client> > >> > >rad_auth() calc_digest ret'd error> > >Authenticate: from 207.22.142.5 - Security Breach: ipasstest> > >-----> > >> > >Needless to say, I'm very confused. Any thoughts or help on this would> > >be greatly appreciated.> > >> > >The statistics are as follows:> > >IPASS version 3.1 (latest)> > >RadiusNT version 2.5.110> > >NT v4.0> > >> > >Thanks!> > >> > >--> > >David A. Niblett | Email: niblettda@gru.com> > >Systems Programmer | Phone: (352) 334-3400> > >Gainesville Regional Utilities | Web: http://www.gru.com/> > >> > >
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 15 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Need help with IPASS and ServerAccessFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Mon, 03 Aug 1998 16:22:57 -0700
Mourad Dahoumane wrote:> > I also use Ipass and I have the same problem> It seems Emerald/radius doesn't recognise this kind of virtual port.
I'll check into the ServerPort Access issue with RadiusNT.
> also you can't assign an ip pool to this vnas and you never know which ip> address will your roaming users have.
Can you expand on this? Do you mean an IP Pool that RadiusNT itselfmaintains?
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 16 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Dr. Watson!!!From: simardc@netc.netDate: Mon, 03 Aug 1998 22:24:16 -0400
Here it is:
NAS-Port = 16 User-Service = Framed-User Framed-Protocol = PPPrad_authenticate_ODBC() Password = "\002\235\025\222\272\274(\027\335W1\262CK{\343"Decrypted Password: reneboilAllocating Statement...
SQL Statement: Select DateAdd(Day, ma.extension, maExpireDate), DateAdd(Day, s..extension, saExpireDate), sa.AccountID, sa.AccountType, sa.Password, sa.Login,sa.Shell, sa.TimeLeft, sa.LoginLimit From MasterAccounts ma, SubAccounts sa Whee (sa.Login='reneboil ' or s..Shell='reneboil ') AND ma.CstomerID=sa.CustomerID and sa.Active<>0 and ma.Active<>0
Database Password: reneboilFreeing SQL Statement...Checking for duplicate logins.Allocating Statement...
SQL Statement: Select Count(*) from CallsOnline Where UserName='reneboil ' and AcctStatusType=1
C:\radius>
>Christian Simard wrote:>> >> I run radiusnt for 2 months without any problems until now...>> radiusnt crashed (Dr. Watson) many times since a few days ...>> I was running 1.16 so I upgraded to 2.5 ans I already get it crash.>> here is the error message in the application log:>>Please run RadiusNT in -x15 debug mode and include the last screen>full before the Dr. Watson.> >-- >Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com>>
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 17 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Need help with IPASS and ServerAccessFrom: "Mourad Dahoumane" <mdahoumane@interway.lu>Date: Tue, 4 Aug 1998 08:38:42 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_0023_01BDBF83.49E83E60Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: 7bit
-----Original Message-----From: Dale E. Reed Jr. <daler@iea-software.com>To: radiusnt@iea-software.com <radiusnt@iea-software.com>Date: 04 August 1998 01:19Subject: Re: Need help with IPASS and ServerAccess
>Mourad Dahoumane wrote:>>>> also you can't assign an ip pool to this vnas and you never know which ip>> address will your roaming users have.>>Can you expand on this? Do you mean an IP Pool that RadiusNT itself>maintains?>
No, I mean when you create a nas in emeradmin, you assign its own ipaddress, the number of portsand the range of ip addresses it'll be using, then you populate the ports.the ports are not physically there so I guess emerald is confused.
I don't if having your known range of address there and thefact that roaming users come with a foreign ip address has an impact. One ofthe consequenceis that a roaming connection is not shown on the calls table.
------=_NextPart_000_0023_01BDBF83.49E83E60Content-Type: application/x-pkcs7-signature; name="smime.p7s"Content-Transfer-Encoding: base64Content-Disposition: attachment; filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIII5zCCAj0wggGmAhEA89Rlkw7kxx7NbwoREVZYszANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAI8hmbFWfUmFqrxcd4rPPR45MGwIzdflF75tHsbEroDU20VJwacm7pfOTW5Jg+WR+8cE/6dEV8dLAF72knReu4QfPuoGWxK5xGfbOZL+nGfVVKH98M9bCubfrJSn9KfhicEEx3cMH2xJTFmDQnQf5AGX8jWwYUCC3Z9x+/XBLLQ8wggJ5MIIB4qADAgECAhBSHzUd8nB+ACu+ylmHBNU5MA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NjA2MjcwMDAwMDBaFw05OTA2MjcyMzU5NTlaMGIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAthSmz03QBQ3YyiPQb6q0KZJjjiz4b5bXLp12SxGxNo1XycP9HMa6/h4IujPKleq+41vNBqi3eR1EKu1z8rFSg2gQcGSR1z5r+fddnRRDm26XRZiBR9Ety927ctdMP3Gq4kDyVDm8Fu7PfOy62z9sKrMWsYYSna6TNNW41dD3PqkCAwEAAaMzMDEwDwYDVR0TBAgwBgEB/wIBATALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgEGMA0GCSqGSIb3DQEBAgUAA4GBAMH69wLnV8oRdcacDPord0+HRRc749LB2g9YOY6ulZkDoaihOP55mpMXC5eGOcfKaDRmu8eIRfbIDAXuvpcl7+DUbuR/nXZczn26FKKuC5/7Z1tIpWclrxlkiPZy2CknqjcSarEoryeDGGVsje1Ank3EeKiG7OksUL+m+Q3bsKZKMIIEJTCCA46gAwIBAgIQKBqlY4qD1idMLiIcU8RcLzANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTgwNTI3MDAwMDAwWhcNOTkwNTI4MjM1OTU5WjCCASIxETAPBgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5NjE0MDIGA1UECxMrRGlnaXRhbCBJRCBDbGFzcyAxIC0gTWljcm9zb2Z0IEZ1bGwgU2VydmljZTEZMBcGA1UEAxMQTW91cmFkIERhaG91bWFuZTElMCMGCSqGSIb3DQEJARYWbWRhaG91bWFuZUBpbnRlcndheS5sdTBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQH8LzA7TCCYfIbB79imxp1eue3nQKPSJ0rkQvHBmiDuLtC0aNWY5t2wwThere/Bj3rCvvtoMe8jSFrxipy4yqBECAwEAAaOCAV0wggFZMAkGA1UdEwQCMAAwga8GA1UdIASBpzCAMIAGC2CGSAGG+EUBBwEBMIAwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMwYgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBpbmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduAAAAAAAAMBEGCWCGSAGG+EIBAQQEAwIHgDCBhgYKYIZIAYb4RQEGAwR4FnZkNDY1MmJkNjNmMjA0NzAyOTI5ODc2M2M5ZDJmMjc1MDY5YzczNTliZWQxYjA1OWRhNzViYzRiYzk3MDE3NDdkYTVjNGU0MTQxYmVhZGIyYmQyZTg5MjZhYWM2ZmY2ZDQxMTQ4OWZhMWIyNDNmNGU1OTU2NTQxMA0GCSqGSIb3DQEBBAUAA4GBAHb0b0ycwECnJIlxpPf7JnU7+08v+Vbx8XgGJFLbB13xroEd/5jHBIVIWg8iGoQ2RG/B9wgAh2uaaC/Lf+qlHV8BpS4cmvsoMgx2u1dIKytP5Bs/bX3RztSUh9MlkQcZ0ETxEHzP9hGCCTCxUGLrTknmujNnYcUcGaWEXqjG8SwYMYIBVDCCAVACAQEwdjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICECgapWOKg9YnTC4iHFPEXC8wCQYFKw4DAhoFAKB3MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwGAYJKoZIhvcNAQkPMQswCTAHBgUrDgMCHTAcBgkqhkiG9w0BCQUxDxcNOTgwODA0MDgzODQyWjAjBgkqhkiG9w0BCQQxFgQUTxk0OzQ3iQHkJmDH3XsDUYgTPm8wDQYJKoZIhvcNAQEBBQAEQHeRi210F4McrKr3lAAvXtvW/tRft8KTTEmhu1d/QoUN2Mz+lsHlhp56XlQ7Q3lj45mPEsCa6o7cBRx7izomItoAAAAAAAA=
------=_NextPart_000_0023_01BDBF83.49E83E60--