[ previous ] [ next ] [ threads ]
 
 From:  "Alex M" <radiussupport at lrcommunications dot net>
 To:  "'Jonathan De Graeve'" <Jonathan dot De dot Graeve at imelda dot be>
 Cc:  "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Central Dynamic Configuration for Captive Portal RADIUS
 Date:  Thu, 30 Mar 2006 16:28:13 -0500
Ok, but what if 1st acc server is down? Why is it limited to only first
server?


-----Original Message-----
From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be] 
Sent: Thursday, March 30, 2006 4:20 PM
To: Alex M
Cc: Mono Dev List
Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for Captive Portal
RADIUS


> -----Oorspronkelijk bericht-----
> Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> Verzonden: donderdag 30 maart 2006 23:14
> Aan: Jonathan De Graeve
> CC: Mono Dev List
> Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
Captive
> Portal RADIUS
> 
> I've been looking vor variable names for CP and I found that you are
using
> array:
> 
> $radiusservers[0]['ipaddr'],
> $radiusservers[0]['port'],
> $radiusservers[0]['key']);
> $radiusservers[0]['acctport'],
> 
> But, I looked through all the document and I only was that it requests
> only
> 1st line of the array, why? Isn't CP supposed to go through at lest 2
> servers if fist one is not avalible? Or you are using some different
> methid
> of getting the second line?
> 

As I said before, only the first radius server is used for ACCOUNTING.
Authentication is a different story (try the first one, go to the next
one until we get an answer or time-out)

J.

> 
> 
> 
> -----Original Message-----
> From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> Sent: Thursday, March 30, 2006 1:51 PM
> To: Alex M
> Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for Captive
> Portal
> RADIUS
> 
> I don't know what you are up to  but it seems you are making it more
> complicating then it actually is
> 
> Something like this:
> 1) Setup a webserver with dynamic page generating radius test file
based
> on http request GET (nas_id = $macaddress)
> 2) m0n0wall will use PHP to fetch his radius config file after each
> boot.
> The URL to get the config from is stored in the config. In the request
> will be the macaddress to identify the nas
> 3) system up & running
> 4) possible cron script to redownload config lets say every 30minutes
> 
> Don't know if this will satisfy all of your wishes and you also have
to
> take care of security. A compromised config repository can be pretty a
> PITA
> 
> J.
> 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > Verzonden: donderdag 30 maart 2006 20:39
> > Aan: Jonathan De Graeve
> > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
> Captive
> > Portal RADIUS
> >
> > Ok, that will be a bit more of text then, any way let me do the
> program to
> > work with regular php web pages first, then I will convert it to the
> > command
> > line functionality (don't want to install interpreter on my laptop)
> >
> >
> >
> >
> > -----Original Message-----
> > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > Sent: Thursday, March 30, 2006 12:30 PM
> > To: Alex M
> > Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
Captive
> > Portal
> > RADIUS
> >
> > It doesn't have a browser so it will be in PHP
> >
> > J.
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > Verzonden: donderdag 30 maart 2006 18:44
> > > Aan: Jonathan De Graeve
> > > CC: Mono Dev List
> > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > Captive
> > > Portal RADIUS
> > >
> > > Host name's are to variable... MAC would be better.. but them I
will
> > get
> > > back to PHP generation.... if Captive portal requests the file
does
> it
> > use
> > > webbrowser or PHP command line?
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > Sent: Thursday, March 30, 2006 11:00 AM
> > > To: Alex M
> > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
> Captive
> > > Portal
> > > RADIUS
> > >
> > > It isn't
> > >
> > > You can easily write a script on your webserver that dependant on
> your
> > > request (for example nas also sents hostname) generates the config
> > file
> > >
> > > Should still be easy
> > >
> > > J.
> > >
> > > --
> > > Jonathan De Graeve
> > > Network/System Engineer
> > > Imelda vzw
> > > Informatica Dienst
> > > +32 15/50.52.98
> > > jonathan dot de dot graeve at imelda dot be
> > >
> > > ---------
> > > Always read the manual for the correct way to do things because
the
> > > number of incorrect ways to do things is almost infinite
> > > ---------
> > >
> > > > -----Oorspronkelijk bericht-----
> > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > Verzonden: donderdag 30 maart 2006 17:22
> > > > Aan: Jonathan De Graeve
> > > > CC: Mono Dev List
> > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > > Captive
> > > > Portal RADIUS
> > > >
> > > > That would be to easy :-P but let me keep the what you have now,
> > > except
> > > > there will be small problem with Shared Secret, since its NAS
> > specific
> > > > attribute, while Radius IPs age common attribute. Obviously
Shared
> > > Secret
> > > > should be the same for all servers in this case. Well let me
write
> > > > something
> > > > and see what will happen.
> > > >
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > Sent: Thursday, March 30, 2006 10:05 AM
> > > > To: Alex M
> > > > Cc: Mono Dev List
> > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > Captive
> > > > Portal
> > > > RADIUS
> > > >
> > > > Leave it easy:
> > > >
> > > > Use a normal textfile:
> > > > $ cat /var/db/captiveportal_radius.db
> > > > serverip,authenticationport,accountingport,sharedsecret
> > > > serverip2,authenticationport,accountingport,sharedsecret
> > > > serverip3,authenticationport,accountingport,sharedsecret
> > > >
> > > > Just downloading the file and storing under /var/db should be
> enough
> > > :)
> > > >
> > > > J.
> > > >
> > > > --
> > > > Jonathan De Graeve
> > > > Network/System Engineer
> > > > Imelda vzw
> > > > Informatica Dienst
> > > > +32 15/50.52.98
> > > > jonathan dot de dot graeve at imelda dot be
> > > >
> > > > ---------
> > > > Always read the manual for the correct way to do things because
> the
> > > > number of incorrect ways to do things is almost infinite
> > > > ---------
> > > >
> > > > > -----Oorspronkelijk bericht-----
> > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > Verzonden: donderdag 30 maart 2006 16:55
> > > > > Aan: Jonathan De Graeve
> > > > > CC: Mono Dev List
> > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration
for
> > > > Captive
> > > > > Portal RADIUS
> > > > >
> > > > > Well the script should be easy to do... at this moment im
> playing
> > > > around
> > > > > with different methods to obtain the configs from the file
that
> is
> > > > stored
> > > > > on
> > > > > external web server...
> > > > >
> > > > > First I thought to use PHP to generate XML content from the
> > database
> > > > and
> > > > > then read that "xml" ... but then I thought that if mono will
> > > request
> > > > that
> > > > > make not thought the web browser, then php will not be
> interpreted
> > > so
> > > > I'll
> > > > > get bunch of errors...
> > > > >
> > > > > So now I'm thinking to use php command line to request remote
> file
> > > or
> > > > > build
> > > > > an actual xml file on the server that will be updated if
server
> > > status
> > > > are
> > > > > changed... Which one is better?
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > > Sent: Thursday, March 30, 2006 9:24 AM
> > > > > To: Alex M
> > > > > Cc: Mono Dev List
> > > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > > Captive
> > > > > Portal
> > > > > RADIUS
> > > > >
> > > > > Currently CP is freezed until after the weekend.
> > > > >
> > > > > What do you have in mind with the 'script'?
> > > > >
> > > > > J.
> > > > >
> > > > > --
> > > > > Jonathan De Graeve
> > > > > Network/System Engineer
> > > > > Imelda vzw
> > > > > Informatica Dienst
> > > > > +32 15/50.52.98
> > > > > jonathan dot de dot graeve at imelda dot be
> > > > >
> > > > > ---------
> > > > > Always read the manual for the correct way to do things
because
> > the
> > > > > number of incorrect ways to do things is almost infinite
> > > > > ---------
> > > > >
> > > > > > -----Oorspronkelijk bericht-----
> > > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > > Verzonden: donderdag 30 maart 2006 16:19
> > > > > > Aan: Jonathan De Graeve
> > > > > > CC: Mono Dev List
> > > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration
> for
> > > > > Captive
> > > > > > Portal RADIUS
> > > > > >
> > > > > > Well I'm not forcing anything, I can create major part of
the
> > > > script,
> > > > > but
> > > > > > I
> > > > > > will need a little bit of help on integrating it to Mono.
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Jonathan De Graeve
[mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > > > Sent: Thursday, March 30, 2006 3:06 AM
> > > > > > To: Alex M; Steven McCoy
> > > > > > Cc: Mono Dev List
> > > > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration
for
> > > > Captive
> > > > > > Portal
> > > > > > RADIUS
> > > > > >
> > > > > > > -----Oorspronkelijk bericht-----
> > > > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > > > Verzonden: donderdag 30 maart 2006 3:03
> > > > > > > Aan: 'Steven McCoy'
> > > > > > > CC: Mono Dev List
> > > > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic
Configuration
> > for
> > > > > > Captive
> > > > > > > Portal RADIUS
> > > > > > >
> > > > > >
> > > > > >
> > > > > > > a) DNS is not yet supported
> > > > > > what do you mean with that?
> > > > > >
> > > > > > > b) Current config supports only 2 servers
> > > > > > Actually, it supports up to 10servers, but only 2 are
> > configurable
> > > > > from
> > > > > > within the gui
> > > > > >
> > > > > > Downloading the radius configuration file from a website
> should
> > be
> > > > > > relative easy to implement
> > > > > >
> > > > > > > c) DNS are good but you are limited only to controlling
> where
> > > > would
> > > > > > and
> > > > > > > IP,
> > > > > > > you can not add configuration such as groups for different
> > > > locatios
> > > > > > and
> > > > > > > group switching id the server is not responding, basically
> > with
> > > > DNS
> > > > > > all
> > > > > > > the
> > > > > > > work will be manually. And in case of my idea it will be
> > > > > automatically
> > > > > > > self
> > > > > > > existing.
> > > > > > I don't understand the idea of groups quite good, what do
you
> > mean
> > > > > with
> > > > > > that?
> > > > > >
> > > > > > > If you even can add command on radius servers to
> automatically
> > > > > > > populate config file when the servr is up, and if server
is
> > not
> > > > > > > responding,
> > > > > > > delete it from the list and notify admins
> > > > > > I think you're asking too much ;)
> > > > > >
> > > > > > Dynamically download the config: OK, but setting orders on
> which
> > > one
> > > > > is
> > > > > > the fastest to respond is also not a good idea. You should
> > prefer
> > > > the
> > > > > > one with the least packet drops. It also makes things a lot
> > > > > complicader.
> > > > > > Also for accounting, only the first radiusserver is used
atm.
> > > > > >
> > > > > > PS Don't try to force things, if you want something please
ask
> > and
> > > > > > always remember that currently nobody gets payed todo this.
> > > > > >
> > > > > >
> > > > > > J.
> > > > > >
> > > > > > --
> > > > > > Jonathan De Graeve
> > > > > > Network/System Engineer
> > > > > > Imelda vzw
> > > > > > Informatica Dienst
> > > > > > +32 15/50.52.98
> > > > > > jonathan dot de dot graeve at imelda dot be
> > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Steven McCoy [mailto:fnjordy at gmail dot com]
> > > > > > > Sent: Wednesday, March 29, 2006 7:52 PM
> > > > > > > To: Alex M
> > > > > > > Cc: Mono Dev List
> > > > > > > Subject: Re: [m0n0wall-dev] Central Dynamic Configuration
> for
> > > > > Captive
> > > > > > > Portal
> > > > > > > RADIUS
> > > > > > >
> > > > > > > Whats wrong with using DNS for this?
> > > > > > >
> > > > > > > --
> > > > > > > Steve-o
> > > > > > >
> > > > > > > On 29/03/06, Alex M <radiussupport at lrcommunications dot net>
> > wrote:
> > > > > > > >
> > > > > > > > Hi, I'm trying to create a system where I will be able
to
> > > mange
> > > > > > hotspots
> > > > > > > > more dynamically and from central location. I want to
> begin
> > by
> > > > > > creating
> > > > > > > > "algorithm" where the list of Radius servers for captive
> > > portal
> > > > > > could be
> > > > > > > > obtained automatically from the central WEB server or
> > > secondary
> > > > > > backup
> > > > > > > > server.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > The reason for this is faster and easy management,
quality
> > of
> > > > > > service
> > > > > > > > configuration and scalability. Here is how it works: At
> > > startup
> > > > > NAS
> > > > > > > (M0n0)
> > > > > > > > connects to preset DNS URL and read config file that has
a
> > > list
> > > > of
> > > > > > > Radius
> > > > > > > > servers (and maybe other configuration) [also beside
this
> > > > dynamic
> > > > > > > function
> > > > > > > > nas should have static info on 2 radius servers, just in
> > case,
> > > > but
> > > > > > those
> > > > > > > 2
> > > > > > > > will be added et the end of the list, if connection is
ok]
> > so
> > > > > about
> > > > > > the
> > > > > > > > list. the list obtained from server will contain all
> > available
> > > > > > Radiuses,
> > > > > > > > now
> > > > > > > > when the list is obtained nas will ping all nases and
once
> > > with
> > > > > the
> > > > > > low
> > > > > > > > pings will be placed in the beginning of the list. .
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Also, there should be implementations of groups so that
we
> > can
> > > > > > assign
> > > > > > > > nases
> > > > > > > > to proper Radiuses and change the groups during
> maintenance.
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Do I make myself clear on what I want?  Do you want to
> > > implement
> > > > > my
> > > > > > > Idea?
> > > > > > > >
> > > > > > > > Does any one want to work with me on this?
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > Regards,
> > > > > > > >
> > > > > > > > Oleksandr
> > > > > > > >
> > > > > > > > LRC
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > >
> ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > > > > > > For additional commands, e-mail:
> > m0n0wall dash dev dash help at lists dot m0n0 dot ch
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > >
> >
---------------------------------------------------------------------
> > > > > > To unsubscribe, e-mail:
m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > > > > > For additional commands, e-mail:
> m0n0wall dash dev dash help at lists dot m0n0 dot ch
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >
> >
> 
> 
>