[RadiusNT Digest]

radiusnt-digest-request@iea-software.com
Thu, 20 Aug 1998 00:01:32 -0700

Message 1: Tracking call termination cause?
from "Zak Wolfinger" <zak@cyberlink.com>

Message 2:
from siglesias@nec.com.ar

Message 3: Re: Tracking call termination cause?
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 4: Re: CLARIFICATION RRAS AND CHAP
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 5: Re: Text backup from database - more
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 6: Re: User Restrictions
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 7: Re: Radius dicionary
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 8: RE: Text backup from database - more
from "Kurt Lange" <klange@usinternet.com>

Message 9: Re: Text backup from database - more
from "Dale E. Reed Jr." <daler@iea-software.com>

Message 10: Framed-Route
from "Ken Sorenson" <ksoren@tsi-online.com>

Message 11: Multilink
from "Ken Sorenson" <ksoren@tsi-online.com>

Message 12: Re: Multilink
from "Lamar Townsend" <lamar@shuttle.com>

Message 13: Re: Framed-Route
from "Dale E. Reed Jr." <daler@iea-software.com>

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Tracking call termination cause?
From: "Zak Wolfinger" <zak@cyberlink.com>
Date: Wed, 19 Aug 1998 14:27:03 -0500

What do I need to do to start tracking the call termination cause in
the Calls table? Can I simply add the field to the calls table? We
are using 2.5.something and Access.

Zak Wolfinger Systems Administrator
CyberLink, Inc. voice: (219) 235-1400
213 S Main Street fax: (219) 235-1599
South Bend, IN 46601 email: zak@cyberlink.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 2 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
From: siglesias@nec.com.ar
Date: Wed, 19 Aug 1998 16:29:16 -0400

unsubscribe =20

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 3 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: Tracking call termination cause?
From: "Dale E. Reed Jr." <daler@iea-software.com>
Date: Wed, 19 Aug 1998 14:55:58 -0700

Zak Wolfinger wrote:
>
> What do I need to do to start tracking the call termination cause in
> the Calls table? Can I simply add the field to the calls table? We
> are using 2.5.something and Access.

Add the field (with the correct type, int or string) and restart
RadiusNT. It will pickup the new field when it starts up.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 4 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: CLARIFICATION RRAS AND CHAPFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 19 Aug 1998 15:33:10 -0700

Terry Bomersbach wrote:> > Okay, but CHAP is returning a reject to the NAS and I can't find out why.> Nor do I even know where to look. This is the first RRAS that we are> implementing.> > Anyone have an answer as to why RadiusNT is returning a reject? The> password is showing "CHAP" in the debug mode.

RadiusNT records the password as "CHAP", since it doesn't have a cleartext password to record for the user (its one-way encrypted). Haveyou verified whether PAP works (and if its not, did you check yoursecrets and see what -x15 showed for it?). I would get PAP workingfirst.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 5 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Text backup from database - moreFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 19 Aug 1998 15:34:23 -0700

rbryn@cape-fear.net wrote:> > I must have missed something somewhere when following this thread. I was> under the impression this utility created a text backup file from DB. Where

It does.

> does it put the file and what does it call it? How can I control it's> placement?

It sends it to stdio. Just redirect it to where you want it:

radusers Emerald > c:\radius\users.new

> For the old one, include the ODBC DSN on the command line like:> > radusers emerald> > If you can't use a trusted connection (you keep getting prompted for> a username/password) then use this formation:> > radusers "emerald;uid=username;pwd=password"

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 6 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: User RestrictionsFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 19 Aug 1998 15:41:55 -0700

Tim Ballingall wrote:> > I was wondering if Radius has any facility to restrict user access to> particular hosts.> > I have a Cisco 2511 & I can put IP filters that block access from a> particular address to any other address.> > Would it be feasible to assign a specific IP address to one user & then> apply my IP filters to this address & thus the user as well ?

You should be able to specify the filter for the user and theCisco will apply it for that user (regarless of their IP) forthe duration of the call.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 7 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Radius dicionaryFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 19 Aug 1998 15:44:22 -0700

jjw@cvc.net wrote:> > I have just upgraded a Portmaster3 to ComOS 3.8b19 which requires 3> lines to be added to the dictionary as follows:> > ATTRIBUTE Class 25 string> ATTRIBUTE Vendor-Specific 26 string> VALUE Service-Type Call-Check 10> > I am running Emerald 2.1, Radius 2.5. The first two lines are in the> dictionary, where and how do I put in the 3rd line. I have been runing> in -x15 mode and keep getting a (Received unknown attribute 77) in each> record that is produced from this Portmaster.

Go into the Emerald Admin. Change attribute #65 to Attribute #77 (itsthe Connect-Info attrbiute) and it will clear up that unknown attributeissue. If you don't have a 65, just add Attribute 77, NamedConnect-Info,of type string.

You will have to manually add the Service-Type to the RadValues table. Emerald 2.1 doesn't have facilities for it. However, itsnot something you will probably use anytime soon.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 8 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: RE: Text backup from database - moreFrom: "Kurt Lange" <klange@usinternet.com>Date: Wed, 19 Aug 1998 18:52:28 -0500

I was playing with radusers.exe and ran in to a problem with attributes thathave more then one parameter. It appears that attributes with a space inthem i.e. Framed Route, won't load from the text file. When I put the routein with quotes around it it will load from the file and appears to auth OKbut the route doesn't work in the NAS (it does work when NOT in quotes).

Framed Route "1.1.1.0/24 2.2.2.2 1"Loads text file in RadiusNT but doesn't work on NAS (USR TC HUB/NetServer).

Framed Route 1.1.1.0/24 2.2.2.2 1Works on NAS but RadiusNT gives the following error on load:

radius: attribute name 2.2.2.2 not foundradius: Parse error -95 for user USERNAME1778 users loaded!

Not licensed for Enterprise feature: Failover.

I think I understand the failover feature but I assume these particularusers still won't load.

-----Original Message-----From: radiusnt-request@iea-software.com[mailto:radiusnt-request@iea-software.com]On Behalf Ofrbryn@cape-fear.netSent: Tuesday, August 18, 1998 8:31 PMTo: radiusnt@iea-software.comSubject: RE: Text backup from database - more

Please ignore my ignorance :)

I must have missed something somewhere when following this thread. I wasunder the impression this utility created a text backup file from DB. Wheredoes it put the file and what does it call it? How can I control it'splacement?

ThanksRobb

-----Original Message-----From: radiusnt-request@iea-software.com[mailto:radiusnt-request@iea-software.com]On Behalf Of Dale E. Reed Jr.Sent: Tuesday, August 18, 1998 5:11 PMTo: radiusnt@iea-software.comSubject: Re: Text backup from database - more

rbryn@cape-fear.net wrote:>> What is the proper command line syntax for radusers.exe? I'de like to> schedule it but can't seem to get the right combination together to run it> without prompting me.

For the old one, include the ODBC DSN on the command line like:

radusers emerald

If you can't use a trusted connection (you keep getting prompted fora username/password) then use this formation:

radusers "emerald;uid=username;pwd=password"

--Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 9 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Text backup from database - moreFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 19 Aug 1998 20:59:28 -0700

Kurt Lange wrote:> > I was playing with radusers.exe and ran in to a problem with attributes that> have more then one parameter. It appears that attributes with a space in> them i.e. Framed Route, won't load from the text file. When I put the route> in with quotes around it it will load from the file and appears to auth OK> but the route doesn't work in the NAS (it does work when NOT in quotes).

Framed-Route should be "Framed-Route". Attriubute names can not havespaces in them. This is reall the Emerald compatability issue thatI was referring to with the newer version of radusers. > Framed Route "1.1.1.0/24 2.2.2.2 1"> Loads text file in RadiusNT but doesn't work on NAS (USR TC HUB/NetServer).> > Framed Route 1.1.1.0/24 2.2.2.2 1> Works on NAS but RadiusNT gives the following error on load:> > radius: attribute name 2.2.2.2 not found> radius: Parse error -95 for user USERNAME> 1778 users loaded!

It should be:

Framed-Route = "1.1.1.0/24 2.2.2.2 1"

For string attributes, you must include the begin/end quotes in thedata field of the RadConfigs/RadATConfigs tables.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 10 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Framed-RouteFrom: "Ken Sorenson" <ksoren@tsi-online.com>Date: Wed, 19 Aug 1998 23:20:28 -0500

Hello Dale.. I am wondering if my problem is related to this. I am trying toplace specific route in my Emerald subacounts with little success. I amusing 3com/TC Hyperarcs.. When I Place the routes statically in the Hyperarcthey work.. When I use Framed-Route in RadiusNT, It seems to disregard thewhole statement. I see it loading in -x15, however nothing changes in myroute table.

Ex:Framed-Route 201.92.75.11 255.255.255.255 208.167.95.3 2OrFramed-Route 201.92.75.64 255.255.255.224 208.167.95.3 2

I have utilized the Framed-Address, and Framed-Netmask...

I figure I am missing something obvious.

Also, I am getting two unknown attributes, 50 and 51. From the 3com docs itappears that 50=Account-Multi-Session-Id, 51=Account-Link-Count. How shoulddo I add these?

-----Original Message-----From: radiusnt-request@iea-software.com[mailto:radiusnt-request@iea-software.com] On Behalf Of Dale E. Reed Jr.Sent: Wednesday, August 19, 1998 10:59 PMTo: radiusnt@iea-software.comSubject: Re: Text backup from database - more

Kurt Lange wrote:>> I was playing with radusers.exe and ran in to a problem with attributesthat> have more then one parameter. It appears that attributes with a space in> them i.e. Framed Route, won't load from the text file. When I put theroute> in with quotes around it it will load from the file and appears to auth OK> but the route doesn't work in the NAS (it does work when NOT in quotes).

Framed-Route should be "Framed-Route". Attriubute names can not havespaces in them. This is reall the Emerald compatability issue thatI was referring to with the newer version of radusers.

> Framed Route "1.1.1.0/24 2.2.2.2 1"> Loads text file in RadiusNT but doesn't work on NAS (USR TCHUB/NetServer).>> Framed Route 1.1.1.0/24 2.2.2.2 1> Works on NAS but RadiusNT gives the following error on load:>> radius: attribute name 2.2.2.2 not found> radius: Parse error -95 for user USERNAME> 1778 users loaded!

It should be:

Framed-Route = "1.1.1.0/24 2.2.2.2 1"

For string attributes, you must include the begin/end quotes in thedata field of the RadConfigs/RadATConfigs tables.

--Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 11 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: MultilinkFrom: "Ken Sorenson" <ksoren@tsi-online.com>Date: Wed, 19 Aug 1998 23:30:05 -0500

Is it possible to authenticate multilink connections in RadiusNT?

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 12 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: MultilinkFrom: "Lamar Townsend" <lamar@shuttle.com>Date: Wed, 19 Aug 1998 23:39:58 -0500

Sure, Just set the Login Limit to 2 or more under that particular service.Works great!

Lamar Townsendlamar@shuttle.com

"Ken Sorenson" <ksoren@tsi-online.com> on 08/19/98 11:30:05 PM

Please respond to radiusnt@iea-software.com To: radiusnt@iea-software.com cc: (bcc: Lamar Townsend/SCOC) Subject: Multilink

Is it possible to authenticate multilink connections in RadiusNT?

..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 13 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: Framed-RouteFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Wed, 19 Aug 1998 23:35:13 -0700

Ken Sorenson wrote:> > Hello Dale.. I am wondering if my problem is related to this. I am trying to> place specific route in my Emerald subacounts with little success. I am> using 3com/TC Hyperarcs.. When I Place the routes statically in the Hyperarc> they work.. When I use Framed-Route in RadiusNT, It seems to disregard the> whole statement. I see it loading in -x15, however nothing changes in my> route table.> > Ex:> Framed-Route 201.92.75.11 255.255.255.255 208.167.95.3 2> Or> Framed-Route 201.92.75.64 255.255.255.224 208.167.95.3 2> > I have utilized the Framed-Address, and Framed-Netmask...

The format for Framed-Route is:

x.x.x.x/yy z.z.z.z

Where x.x.x.x is the source address and yy is the subnet. z.z.z.zis the gateway for it. > I figure I am missing something obvious.> > Also, I am getting two unknown attributes, 50 and 51. From the 3com docs it> appears that 50=Account-Multi-Session-Id, 51=Account-Link-Count. How should> do I add these?

Either using the Emerald Admin, Config Radius, or directory to the RadAttriutes table.

-- Dale E. Reed Jr.  (daler@iea-software.com)_________________________________________________________________       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |   http://www.iea-software.com