[RadiusNT Digest]

radiusnt-digest-request@iea-software.com
Wed, 12 Aug 1998 00:01:14 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Dale E. Reed Jr.: "Re: MaxSessionLength in ServerAccess table"
Next message: Greg Johnson Perry-Spencer: "Re: MD5/Des Hashing"

Message 1: Radius doesn't insert in Calls table
from Jivko Jekov <jivko@bitex.com>

Message 2: MD5/Des Hashing
from "Greg Johnson" <gjohnson@psci.net>

Message 3: Re: URGENT BIG PROBLEM!
from "Rick Morgan" <eval2@gtn.net>

Message 4: Re: NTMail and RadiusNT
from "Viktors Judins" <storms@parks.lv>

Message 5:
from Ronald Wolf <rwolf@isd.ingham.k12.mi.us>

Message 6: (no subject)
from bob <bob@kep.net>

Message 7: Authentication Problem
from "Allen Mallari" <allen@fiax.net>

Message 8: Steps needed for time of day account
from Mark Colasante <mcola@exchange.netexp.net>

Message 9: Re: Steps needed for time of day account
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 10: RE: Steps needed for time of day account
from Mark Colasante <mcola@exchange.netexp.net>

Message 11: Re: Authentication Problem
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 12: Unix passwd file
from Greg Johnson Perry-Spencer <gjohnson@psci.net>

Message 13: Re: NTMail and RadiusNT
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 14: Re: Authentication Problem
from "Allen Mallari" <allen@fiax.net>

Message 15: Re: Authentication Problem
from "Allen Mallari" <allen@fiax.net>

Message 16: Re: MD5/Des Hashing
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 17: Re: Radius doesn't insert in Calls table
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 18: Re: Steps needed for time of day account
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 19: RE: Steps needed for time of day account
from Mark Colasante <mcola@exchange.netexp.net>

Message 20: Re: Authentication Problem | PLEASE REPLY ASAP!
from "Allen Mallari" <allen@fiax.net>

Message 21: Radius Settings
from "Kelly Wright" <kelly@buz.net>

Message 22: Roaming
from David Moore <dmoore@CommunityChoice.net>

Message 23: Re: Radius Settings
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 24: Re: Authentication Problem | PLEASE REPLY ASAP!
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 25: Re: Authentication Problem | PLEASE REPLY ASAP!
from "Allen Mallari" <allen@fiax.net>

Message 26: Re: MD5/Des Hashing
from Greg Johnson Perry-Spencer <gjohnson@psci.net>

Message 27: Re: MD5/Des Hashing
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 28: Re: Authentication Problem | PLEASE REPLY ASAP!
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 29: Re: Roaming
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 30: MaxSessionLength in ServerAccess table
from Mark Colasante <mcola@exchange.netexp.net>

Message 31: Re: MaxSessionLength in ServerAccess table
from "Dale E. Reed Jr." <daler@iea-software.com>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Radius doesn't insert in Calls table
From: Jivko Jekov <jivko@bitex.com>
Date: Tue, 11 Aug 1998 12:37:27 +0300

Hi,
We have RadiusNT 2.2, SQL 6.5, Emerald 2.1.11 and they work well put
together. We decide to use other powerfuler PC. We reinstall SQL,
RadiusNT and Emerald. In debug mode Radius authenticate users, insert
into RadLogs table but doesn't insert into Calls table. In debug mode
Radius -x15 doesn't appear error.
Where do we make a mistake?
Please, help us.
Thank you!
Jivko

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 2 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: MD5/Des Hashing
From: "Greg Johnson" <gjohnson@psci.net>
Date: Tue, 11 Aug 1998 08:22:26 -0600

I have a FreeBSD MD5 passwd file that I want to port to RadiusNT. Can
RadiusNT support a MD5 hashed passwd file? If not, is there a way to
convert the MD5 hashing to Des for the existing accounts in the passwd
file?

Thanks,
Greg Johnson

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 3 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: URGENT BIG PROBLEM!
From: "Rick Morgan" <eval2@gtn.net>
Date: Tue, 11 Aug 1998 09:31:08 -0400

Check to make sure that a "servers" file exists in your radius directory,
refer to the "servers.example" which you should find in your radius
directory
-----Original Message-----
From: Allen Mallari <allen@fiax.net>
To: radiusnt@iea-software.com <radiusnt@iea-software.com>
Date: Monday, August 10, 1998 7:29 PM
Subject: URGENT BIG PROBLEM!

>
>Hi Dale,
> I'm still having problem running my radiusnt 2.5
>it's giving me an error:
>
> (null):couldn't open server to find server.
>
>I even followed the instructions on the manual
>and no luck... please help.. my other server
>keeps on going down for some reason... and i
>can't afford to have no secondary authentication
>server.
>
>I'm using Winnt4.0, IIS4, USRobotics NAS, and
>have other radiusnt running ver 2.2 and it works fine
>I want the other server to be 2.5. PLEASEEEEE...
>give me a step by step procedure to troubleshoot
>this problem...
>
>THANKS A LOT,
>ALLEN MALLARI
>702-310-3600
>
>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 4 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: NTMail and RadiusNT
From: "Viktors Judins" <storms@parks.lv>
Date: Tue, 11 Aug 1998 17:52:46 +0300

>Whats dewauthntmail?

http://www.solutions.nu/dewauth/DewAuthNTMail.html
"DewAuth (RADIUSNT->NTMAIL) will provide for authentication between the
RadiusNT user database and the NTMail services. "

--------------------------------------
e-mail: Storms@parks.lv
http://www.parks.lv
phone: +371-9282340
--------------------------------------

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 5 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject:
From: Ronald Wolf <rwolf@isd.ingham.k12.mi.us>
Date: Tue, 11 Aug 1998 13:29:48 -0400

unsubscribe
______________________________________________________________________
Ronald Wolf E-Mail: rwolf@isd.ingham.k12.mi.us
Technology Specialist Ph: (517) 699-1657 Fax: (517) 699-4859
Capital Library Cooperative <http://cwic1.jackson.lib.mi.us/capital/>
4061 Holt Rd. Holt Michigan 48842

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 6 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: (no subject)
From: bob <bob@kep.net>
Date: Tue, 11 Aug 1998 13:54:55 -0400

unsubscribe

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 7 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Authentication Problem
From: "Allen Mallari" <allen@fiax.net>
Date: Tue, 11 Aug 1998 11:01:20 -0700

Hi,
It's me again, I tried copying the file server.example to
server in radius directory and rename the foo bar to my
secret, it works but when i tried using the radlogin to test
it, it shows me this:

Good: 0 Bad: 0 T/O: 1 Avg: 0

And when I look at the debug mode it doesn't authenticate
the user.

What could be the problem? Please help me.

Regards,
Allen Mallari

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 8 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Steps needed for time of day account
From: Mark Colasante <mcola@exchange.netexp.net>
Date: Tue, 11 Aug 1998 14:24:41 -0400

I am running Radius 2.5 and want to create an account that can only
login between 8 AM and 5 PM. Could someone please outline all the steps
needed in order to create this account? The documentation is vague I
feel in this respect. Please include which tables are needed and the
format of the time entries.

Thank You,

Mark Colasante
NetExpress

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 9 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Steps needed for time of day account
From: "Dale E. Reed Jr." <daler@iea-software.com>
Date: Tue, 11 Aug 1998 12:52:38 -0700

Mark Colasante wrote:
>
> I am running Radius 2.5 and want to create an account that can only
> login between 8 AM and 5 PM. Could someone please outline all the steps
> needed in order to create this account? The documentation is vague I
> feel in this respect. Please include which tables are needed and the
> format of the time entries.

You need to add entries into the ServerAccess table for the account
type and port they can access. Then you need to enables Server Port
Access in the RadiusNT Admin. When you enable that, all requests are
denied unless they have been granted access. Therefore, you must add
entries (without start/stop as both 0) for all other account types for
the ports.

The Start and stop times are in minutes past midnight (so 8am is 480,
etc.).

-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 10 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RE: Steps needed for time of day accountFrom: Mark Colasante <mcola@exchange.netexp.net>Date: Tue, 11 Aug 1998 16:15:16 -0400

Two questions from here then.

1. Do I need to configure the table named ServerPorts? If so, whatinfo needs to be put in there? Right now mine has no entries at all.

2. Can I leave the Port field blank in ServerAccess and have all theports work?

Mark Colasante

-----Original Message-----From: Dale E. Reed Jr. [mailto:daler@iea-software.com]Sent: Tuesday, August 11, 1998 3:53 PMTo: radiusnt@iea-software.comSubject: Re: Steps needed for time of day account

Mark Colasante wrote:> > I am running Radius 2.5 and want to create an account that can only> login between 8 AM and 5 PM. Could someone please outline all thesteps> needed in order to create this account? The documentation is vague I> feel in this respect. Please include which tables are needed and the> format of the time entries.

You need to add entries into the ServerAccess table for the accounttype and port they can access. Then you need to enables Server PortAccess in the RadiusNT Admin. When you enable that, all requests aredenied unless they have been granted access. Therefore, you must addentries (without start/stop as both 0) for all other account types forthe ports.

The Start and stop times are in minutes past midnight (so 8am is 480,etc.).

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 11 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication ProblemFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Tue, 11 Aug 1998 13:32:13 -0700

Allen Mallari wrote:> > It's me again, I tried copying the file server.example to> server in radius directory and rename the foo bar to my> secret, it works but when i tried using the radlogin to test> it, it shows me this:> > Good: 0 Bad: 0 T/O: 1 Avg: 0> > And when I look at the debug mode it doesn't authenticate> the user.> > What could be the problem? Please help me.

The server file tells radlogin where to make the request to andwhat secret to use. You also have to have an entry in RadiusNTfor the machine radlogin is running on so that RadiusNT willaccept the request. I would guess you don't have the later andRadiusNT is ignoring the request (with a security breach error).Add an entry for radlogin to RadiusNT's clients file (or in theservers table for ODBC) and restart RadiusNT.

If that doesn't work, please include a cut/paste of theRadiusNT -x15 debug of the error.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 12 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Unix passwd fileFrom: Greg Johnson Perry-Spencer <gjohnson@psci.net>Date: Tue, 11 Aug 1998 15:32:12 -0500 (EST)

I have a FreeBSD Unix passwd file that I am trying to use with RadiusNT.The hashing method is MD5. All encrypted passwds in the passwd file startwith $1$. When I run radius x15 (debug mode), I see that radius reads theentry from the Unix password file and displays it on the screen:

(UNIX) User Password: password File Password: $1$.......

but the Encrypted Password line reads:

Encrypted Password: $1......

If does not contain the $ after the 1. Also, the password string is muchshorter than the Unix encrypted password string. I then get a message:

Sending Reject of id 93 to cdf3a914 (205.243.160.20).

Thanks,Greg Johnson

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 13 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: NTMail and RadiusNTFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Tue, 11 Aug 1998 13:59:48 -0700

Viktors Judins wrote:> > >Whats dewauthntmail?> > http://www.solutions.nu/dewauth/DewAuthNTMail.html> "DewAuth (RADIUSNT->NTMAIL) will provide for authentication between the> RadiusNT user database and the NTMail services. "

You should talk to them about any problems you are having with thierproducts, as we have no affiliation with them.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 14 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication ProblemFrom: "Allen Mallari" <allen@fiax.net>Date: Tue, 11 Aug 1998 14:27:25 -0700

There is no error coming out on the radius -x15it just responding to the terminal server and shows methat other users are being authenticate on the other radiusNTserver that I have which is running ver2.2.

And I even look at the logfiles and i can't see any error. Im using radius 2.5 right now..

Allen

*********** REPLY SEPARATOR ***********

On 8/11/98, at 1:32 PM, Dale E. Reed Jr. wrote:

>Allen Mallari wrote:>> >> It's me again, I tried copying the file server.example to>> server in radius directory and rename the foo bar to my>> secret, it works but when i tried using the radlogin to test>> it, it shows me this:>> >> Good: 0 Bad: 0 T/O: 1 Avg: 0>> >> And when I look at the debug mode it doesn't authenticate>> the user.>> >> What could be the problem? Please help me.>>The server file tells radlogin where to make the request to and>what secret to use. You also have to have an entry in RadiusNT>for the machine radlogin is running on so that RadiusNT will>accept the request. I would guess you don't have the later and>RadiusNT is ignoring the request (with a security breach error).>Add an entry for radlogin to RadiusNT's clients file (or in the>servers table for ODBC) and restart RadiusNT.>>If that doesn't work, please include a cut/paste of the>RadiusNT -x15 debug of the error.>>-- >Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 15 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication ProblemFrom: "Allen Mallari" <allen@fiax.net>Date: Tue, 11 Aug 1998 14:28:29 -0700

in addition I'm using TEXT MODE not ODBC mode

*********** REPLY SEPARATOR ***********

On 8/11/98, at 1:32 PM, Dale E. Reed Jr. wrote:

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 16 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: MD5/Des HashingFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Tue, 11 Aug 1998 14:36:03 -0700

Greg Johnson wrote:> > I have a FreeBSD MD5 passwd file that I want to port to RadiusNT. Can> RadiusNT support a MD5 hashed passwd file? If not, is there a way to> convert the MD5 hashing to Des for the existing accounts in the passwd> file?

You can put the passwd file into the data directory of RadiusNTand use a Password = "UNIX" entry to authenticate against it.You can also use this entry at the bottom of your users file:

DEFAULT Password = "UNIX" atribute = values, etc...

To default all auths to the passwd file. ODBC mode also supportsUNIX as a password to indicate it to look at the passwd file as well.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 17 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Radius doesn't insert in Calls tableFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Tue, 11 Aug 1998 14:48:37 -0700

Jivko Jekov wrote:> > We have RadiusNT 2.2, SQL 6.5, Emerald 2.1.11 and they work well put> together. We decide to use other powerfuler PC. We reinstall SQL,> RadiusNT and Emerald. In debug mode Radius authenticate users, insert> into RadLogs table but doesn't insert into Calls table. In debug mode> Radius -x15 doesn't appear error.> Where do we make a mistake?

Please include the -x15 debug of the record that didn't go intothe calls table. You should have an error if the record isn'tgoing into the table.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 18 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Steps needed for time of day accountFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Tue, 11 Aug 1998 15:34:54 -0700

Mark Colasante wrote:> > Two questions from here then.> > 1. Do I need to configure the table named ServerPorts? If so, what> info needs to be put in there? Right now mine has no entries at all.

You should, but you don't have to. You should have an entry foreach ServerID from the Servers table and each port for that server.

> 2. Can I leave the Port field blank in ServerAccess and have all the> ports work?

Yes. Actually, leave it NULL.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 19 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RE: Steps needed for time of day accountFrom: Mark Colasante <mcola@exchange.netexp.net>Date: Tue, 11 Aug 1998 19:00:00 -0400

It is not working for us. We have done the following:

1. Took ServerID from Servers table and put it in ServerAccess tablefor each account type. Left Port column in ServerAcess NULL for eachserver. Put 0 for all start and stop times accept the account type thatis set for 8 AM to 5 PM.

2. Configured Servers table for all NAS devices and all ports on eachNAS. This table is working as the current user is showing up on therespective ports.

3. Stopped Radius and clicked on Server Access in ODBC Options inRadius Administrator, saved the changes, and restarted Radius.

When we tried to logon with an account type of PPP it kept asking forusername and password. The start and stop times for this account typeare set to both 0 in ServerAccess.

What are we missing?

Mark Colasante

-----Original Message-----From: Dale E. Reed Jr. [mailto:daler@iea-software.com]Sent: Tuesday, August 11, 1998 6:35 PMTo: radiusnt@iea-software.comSubject: Re: Steps needed for time of day account

Mark Colasante wrote:> > Two questions from here then.> > 1. Do I need to configure the table named ServerPorts? If so, what> info needs to be put in there? Right now mine has no entries at all.

You should, but you don't have to. You should have an entry foreach ServerID from the Servers table and each port for that server.

> 2. Can I leave the Port field blank in ServerAccess and have all the> ports work?

Yes. Actually, leave it NULL.

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 20 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication Problem | PLEASE REPLY ASAP!From: "Allen Mallari" <allen@fiax.net>Date: Tue, 11 Aug 1998 16:05:38 -0700

I tried uninstalling and installing the setup again.And I tried running this steps:

radius -x15 (one command prompt) radlogin test test1 (one command prompt and using WINNT SAM text= database)

If the username and password is right:

Good: 0 Bad: 0 T/O: 1

that means to say it's timed out.But if the username and password is not correct, itshows me:

0:Bad:0

Good: 0 Bad: 1 T/O: 0 Avg: 0

I think it's being timed out. I don't know what's going on after that...= :-( PLEASEEE RESPOND!!!

thanks a lot,allenski

*********** REPLY SEPARATOR ***********

On 8/11/98, at 2:27 PM, Allen Mallari wrote:

>There is no error coming out on the radius -x15>it just responding to the terminal server and shows me>that other users are being authenticate on the other radiusNT>server that I have which is running ver2.2.>>And I even look at the logfiles and i can't see any error. >Im using radius 2.5 right now..>>Allen>>*********** REPLY SEPARATOR ***********>>On 8/11/98, at 1:32 PM, Dale E. Reed Jr. wrote: >>>Allen Mallari wrote:>>> >>> It's me again, I tried copying the file server.example to>>> server in radius directory and rename the foo bar to my>>> secret, it works but when i tried using the radlogin to test>>> it, it shows me this:>>> >>> Good: 0 Bad: 0 T/O: 1 Avg: 0>>> >>> And when I look at the debug mode it doesn't authenticate>>> the user.>>> >>> What could be the problem? Please help me.>>>>The server file tells radlogin where to make the request to and>>what secret to use. You also have to have an entry in RadiusNT>>for the machine radlogin is running on so that RadiusNT will>>accept the request. I would guess you don't have the later and>>RadiusNT is ignoring the request (with a security breach error).>>Add an entry for radlogin to RadiusNT's clients file (or in the>>servers table for ODBC) and restart RadiusNT.>>>>If that doesn't work, please include a cut/paste of the>>RadiusNT -x15 debug of the error.>>>>-- >>Dale E. Reed Jr. (daler@iea-software.com)>>_________________________________________________________________>> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs>> Internet Solutions for Today | http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 21 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Radius SettingsFrom: "Kelly Wright" <kelly@buz.net>Date: Tue, 11 Aug 1998 18:23:24 -0500

This is a multi-part message in MIME format.

------=_NextPart_000_0015_01BDC555.20D51750Content-Type: text/plain; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable

What does the Ascend Max time and Varable Login limits do in Radius =Admin? We recently are having a large number of users complaining about =being bumped off prematurely. It seems to have started since our MAX =upgrade. Any Ideas?

Kelly Wright (kelly@buz.net)BuzNet Communications=20http://www.buz.net972-644-0440

------=_NextPart_000_0015_01BDC555.20D51750Content-Type: text/html; charset="iso-8859-1"Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">

What does the Ascend Max time =and Varable=20Login limits do in Radius Admin? We recently are having a large =number of=20users complaining about being bumped off prematurely. It seems to =have=20started since our MAX upgrade. Any Ideas?

Kelly Wright (kelly@buz.net)
BuzNet =Communications
http://www.buz.net
972-644-0440=

------=_NextPart_000_0015_01BDC555.20D51750--..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 22 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RoamingFrom: David Moore Date: Tue, 11 Aug 1998 19:37:39 -0400I need to accept pass-through authentication from a merit system for finalauthentication against the users in RadiusNT. I want to do this in ODBCmode. the merit system passes me the user name with the realm as a suffix(i.e. username@mydomain.net). The trick I need to accomplish is to stripthe realm (suffix/domain) prior to authentication and returning the properattributes. I can make everything work without using the proxyingcapabilities if I go into the subaccounts table and add the domain to theUser field, but I don't want to do it that way. I need to know how to setup the RadRoamDomains and RadRoamServers (and Servers) tables to accomplishthis. I have the Enterprise version. I have tried every combination ofdata in the RadRoamDomain and RadRoamServers tables and checked andunchecked everything I can find in the administrator with no luck. (Yes, Ihave TreatAsLocal and StripDomain marked as yes, but I don't think therequest is getting that far.)There is a service listed under NT called "Radius Server / Proxy", but itwill not run. I get an error "ERROR 0002: The system cannot find the filespecified" when I try to start it. Is this Part of RadiusNT and should itbe running?I need to know the specific entries I need to make into the various ODBCtables to get this function to work when I receive requests from theseservers with the domain attached.It is a pass through from MegaPOP if that helps.David MoorePresidentCommunityChoice.netNow located at the Virginia Tech Corporate Research Center.2000 Kraft Drive; Suite 1101Blacksburg, VA 24060Phone: (540) 951-8118Fax: (540) 951-1133E-mail: DMoore@CommunityChoice.net..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 23 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Radius SettingsFrom: "Dale E. Reed Jr." Date: Tue, 11 Aug 1998 17:12:17 -0700> Kelly Wright wrote:> > What does the Ascend Max time and Varable Login limits do in Radius> Admin? We recently are having a large number of users complaining> about being bumped off prematurely. It seems to have started since> our MAX upgrade. Any Ideas?Ascend Max Time tells RadiusNT to use the Ascend propritary attributerather than the RADIUS standard attribute for limiting a session.Variable login limits is only relevant if you have concurrency controland tells RadiusNT to look at the LoginLimit field for the subaccount(otherwise, it uses 1).-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 24 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication Problem | PLEASE REPLY ASAP!From: "Dale E. Reed Jr." Date: Tue, 11 Aug 1998 17:13:42 -0700Allen Mallari wrote:> > I tried uninstalling and installing the setup again.> And I tried running this steps:> > radius -x15 (one command prompt)The output from this command prompt is the one that will be most helpful to resolve the problem. Please include it.-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 25 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication Problem | PLEASE REPLY ASAP!From: "Allen Mallari" Date: Tue, 11 Aug 1998 17:22:08 -0700this is what i did:1) I open up one command window for radius -x15. MSDOS: radius -x152) I open up second command window for radlogin. MSDOS: radlogin test test13) I got this message from the radlogin window: (if the password is= correct) 0:Bad:0 Good: 0 Bad: 0 T/O: 1 Avg: 04) If I use the command: radlogin test1 test (if the password is wrong) Good: 0 Bad: 1 T/O: 0 Avg: 0 meaning i got authenticated but when the username is correct, it'stiming out.Thanks,Allen*********** REPLY SEPARATOR ***********On 8/11/98, at 5:13 PM, Dale E. Reed Jr. wrote: >Allen Mallari wrote:>> >> I tried uninstalling and installing the setup again.>> And I tried running this steps:>> >> radius -x15 (one command prompt)>>The output from this command prompt is the one that will be most >helpful to resolve the problem. Please include it.>>-- >Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 26 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: MD5/Des HashingFrom: Greg Johnson Perry-Spencer Date: Tue, 11 Aug 1998 20:20:31 -0500 (EST)I did this and RadiusNT does look in the passwd file and shows theencrypted passwd string (x15 debug mode), but it also shows the encryptedpasswd it generates based upon the passwd I enter. It is encrypted, butmuch smaller and does not start with $1$.On Tue, 11 Aug 1998, Dale E. Reed Jr. wrote:> Greg Johnson wrote:> > > > I have a FreeBSD MD5 passwd file that I want to port to RadiusNT. Can> > RadiusNT support a MD5 hashed passwd file? If not, is there a way to> > convert the MD5 hashing to Des for the existing accounts in the passwd> > file?> > You can put the passwd file into the data directory of RadiusNT> and use a Password = "UNIX" entry to authenticate against it.> You can also use this entry at the bottom of your users file:> > DEFAULT Password = "UNIX"> atribute = values,> etc...> > To default all auths to the passwd file. ODBC mode also supports> UNIX as a password to indicate it to look at the passwd file as well.> > > -- > Dale E. Reed Jr. (daler@iea-software.com)> _________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com> ..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 27 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: MD5/Des HashingFrom: "Dale E. Reed Jr." Date: Tue, 11 Aug 1998 19:52:04 -0700Greg Johnson Perry-Spencer wrote:> > I did this and RadiusNT does look in the passwd file and shows the> encrypted passwd string (x15 debug mode), but it also shows the encrypted> passwd it generates based upon the passwd I enter. It is encrypted, but> much smaller and does not start with $1$.RadiusNT supports MD5 hases in the passwd file, typically found onlinux, solaris, and unixware. I am not familiar with DES passwordencryption. Do you have information on the DES routines (and arethey free)? -- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 28 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Authentication Problem | PLEASE REPLY ASAP!From: "Dale E. Reed Jr." Date: Tue, 11 Aug 1998 20:03:31 -0700Allen Mallari wrote:> > this is what i did:> > 1) I open up one command window for radius -x15.> > MSDOS: radius -x15I need the lines in THIS window, that start with radrecv and endwith the stats line for each request. Your still just giving theradlogin results, which isn't that useful to resolving your problem. -- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 29 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: RoamingFrom: "Dale E. Reed Jr." Date: Tue, 11 Aug 1998 20:34:52 -0700David Moore wrote:> > I need to accept pass-through authentication from a merit system for final> authentication against the users in RadiusNT. I want to do this in ODBC> mode. the merit system passes me the user name with the realm as a suffix> (i.e. username@mydomain.net). The trick I need to accomplish is to strip> the realm (suffix/domain) prior to authentication and returning the proper> attributes. I can make everything work without using the proxying> capabilities if I go into the subaccounts table and add the domain to the> User field, but I don't want to do it that way. I need to know how to set> up the RadRoamDomains and RadRoamServers (and Servers) tables to accomplish> this. I have the Enterprise version. I have tried every combination of> data in the RadRoamDomain and RadRoamServers tables and checked and> unchecked everything I can find in the administrator with no luck. (Yes, I> have TreatAsLocal and StripDomain marked as yes, but I don't think the> request is getting that far.)One way to do this is use the Login and Email fields with theirrespectiveentries (user and user@my.com). If you want to use the roaming features, then you need to enable the user proxy option in the RadiusNT admin. You need to add aRadRoamServersentry and only the Name is relevent. Make Sure you set bothTreatAsLocaland StripDomain to 1. Then add a RadRoamDomains entry that points totheRadRoamServerID and has the domain you want to strip.Also, make sure your RadCheckDomain stored procedure is correct,has permissions and is returning results. > There is a service listed under NT called "Radius Server / Proxy", but it> will not run. I get an error "ERROR 0002: The system cannot find the file> specified" when I try to start it. Is this Part of RadiusNT and should it> be running?No. RadiusNT is the only relevant service for it. -- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 30 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: MaxSessionLength in ServerAccess tableFrom: Mark Colasante Date: Tue, 11 Aug 1998 23:34:52 -0400What value should be in the MaxSessionLength column in the ServerAccesstable in order to NOT limit the session lengths. I am using Radius 2.5and SQL Server database. Currently, I have this field NULL for allservers and it does not allow any access at all. I had them set to 0also but got the same denied access.Thanks,Mark ColasanteNetExpress..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 31 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: MaxSessionLength in ServerAccess tableFrom: "Dale E. Reed Jr." Date: Tue, 11 Aug 1998 23:20:09 -0700Mark Colasante wrote:> > What value should be in the MaxSessionLength column in the ServerAccess> table in order to NOT limit the session lengths. I am using Radius 2.5> and SQL Server database. Currently, I have this field NULL for all> servers and it does not allow any access at all. I had them set to 0> also but got the same denied access.Do you see the "Access allowed for xx Seconds"? If you do, then RadiusNTsees a MSL as a positive number. The value can be 0 or NULL. What doesradlogin show for the return attributes for the user?Also, check your RadCheckPort stored procedure. It should look likethis:CREATE PROCEDURE RadCheckPort @nasid varchar(16), @nasport integer, @atvarchar(15) ASSelect MaxSessionLength, StartTime, StopTime, CurrTime = (DatePart(Hour,GetDate()) * 60) + DatePart(Minute, GetDate())

Previous message: Dale E. Reed Jr.: "Re: MaxSessionLength in ServerAccess table"
Next message: Greg Johnson Perry-Spencer: "Re: MD5/Des Hashing"