[ previous ] [ next ] [ threads ]
 
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Alex M" <radiussupport at lrcommunications dot net>
 Cc:  "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Central Dynamic Configuration for Captive Portal RADIUS
 Date:  Thu, 30 Mar 2006 23:33:56 +0200
> -----Oorspronkelijk bericht-----
> Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> Verzonden: donderdag 30 maart 2006 23:28
> Aan: Jonathan De Graeve
> CC: Mono Dev List
> Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
Captive
> Portal RADIUS
> 
> Ok, but what if 1st acc server is down?
Then you're out of luck ;)

> Why is it limited to only first
> server?
Because in my own current setup replication in both-ways still doesn't
exist and my radius system could become out of sync by this reason

The code is ready to support all of them but ATM nobody needed it.

Possible solution

Standard behaviour: round-robin
Advanced behaviour: only first-one is used

Nobody actually ever asked to change it, so if there are systems ready
for this I will implement it

J.


> 
> 
> -----Original Message-----
> From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> Sent: Thursday, March 30, 2006 4:20 PM
> To: Alex M
> Cc: Mono Dev List
> Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for Captive
> Portal
> RADIUS
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > Verzonden: donderdag 30 maart 2006 23:14
> > Aan: Jonathan De Graeve
> > CC: Mono Dev List
> > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
> Captive
> > Portal RADIUS
> >
> > I've been looking vor variable names for CP and I found that you are
> using
> > array:
> >
> > $radiusservers[0]['ipaddr'],
> > $radiusservers[0]['port'],
> > $radiusservers[0]['key']);
> > $radiusservers[0]['acctport'],
> >
> > But, I looked through all the document and I only was that it
requests
> > only
> > 1st line of the array, why? Isn't CP supposed to go through at lest
2
> > servers if fist one is not avalible? Or you are using some different
> > methid
> > of getting the second line?
> >
> 
> As I said before, only the first radius server is used for ACCOUNTING.
> Authentication is a different story (try the first one, go to the next
> one until we get an answer or time-out)
> 
> J.
> 
> >
> >
> >
> > -----Original Message-----
> > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > Sent: Thursday, March 30, 2006 1:51 PM
> > To: Alex M
> > Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
Captive
> > Portal
> > RADIUS
> >
> > I don't know what you are up to  but it seems you are making it more
> > complicating then it actually is
> >
> > Something like this:
> > 1) Setup a webserver with dynamic page generating radius test file
> based
> > on http request GET (nas_id = $macaddress)
> > 2) m0n0wall will use PHP to fetch his radius config file after each
> > boot.
> > The URL to get the config from is stored in the config. In the
request
> > will be the macaddress to identify the nas
> > 3) system up & running
> > 4) possible cron script to redownload config lets say every
30minutes
> >
> > Don't know if this will satisfy all of your wishes and you also have
> to
> > take care of security. A compromised config repository can be pretty
a
> > PITA
> >
> > J.
> >
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > Verzonden: donderdag 30 maart 2006 20:39
> > > Aan: Jonathan De Graeve
> > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > Captive
> > > Portal RADIUS
> > >
> > > Ok, that will be a bit more of text then, any way let me do the
> > program to
> > > work with regular php web pages first, then I will convert it to
the
> > > command
> > > line functionality (don't want to install interpreter on my
laptop)
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > Sent: Thursday, March 30, 2006 12:30 PM
> > > To: Alex M
> > > Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
> Captive
> > > Portal
> > > RADIUS
> > >
> > > It doesn't have a browser so it will be in PHP
> > >
> > > J.
> > >
> > > > -----Oorspronkelijk bericht-----
> > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > Verzonden: donderdag 30 maart 2006 18:44
> > > > Aan: Jonathan De Graeve
> > > > CC: Mono Dev List
> > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > > Captive
> > > > Portal RADIUS
> > > >
> > > > Host name's are to variable... MAC would be better.. but them I
> will
> > > get
> > > > back to PHP generation.... if Captive portal requests the file
> does
> > it
> > > use
> > > > webbrowser or PHP command line?
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > Sent: Thursday, March 30, 2006 11:00 AM
> > > > To: Alex M
> > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > Captive
> > > > Portal
> > > > RADIUS
> > > >
> > > > It isn't
> > > >
> > > > You can easily write a script on your webserver that dependant
on
> > your
> > > > request (for example nas also sents hostname) generates the
config
> > > file
> > > >
> > > > Should still be easy
> > > >
> > > > J.
> > > >
> > > > --
> > > > Jonathan De Graeve
> > > > Network/System Engineer
> > > > Imelda vzw
> > > > Informatica Dienst
> > > > +32 15/50.52.98
> > > > jonathan dot de dot graeve at imelda dot be
> > > >
> > > > ---------
> > > > Always read the manual for the correct way to do things because
> the
> > > > number of incorrect ways to do things is almost infinite
> > > > ---------
> > > >
> > > > > -----Oorspronkelijk bericht-----
> > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > Verzonden: donderdag 30 maart 2006 17:22
> > > > > Aan: Jonathan De Graeve
> > > > > CC: Mono Dev List
> > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration
for
> > > > Captive
> > > > > Portal RADIUS
> > > > >
> > > > > That would be to easy :-P but let me keep the what you have
now,
> > > > except
> > > > > there will be small problem with Shared Secret, since its NAS
> > > specific
> > > > > attribute, while Radius IPs age common attribute. Obviously
> Shared
> > > > Secret
> > > > > should be the same for all servers in this case. Well let me
> write
> > > > > something
> > > > > and see what will happen.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Jonathan De Graeve [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > > Sent: Thursday, March 30, 2006 10:05 AM
> > > > > To: Alex M
> > > > > Cc: Mono Dev List
> > > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration for
> > > Captive
> > > > > Portal
> > > > > RADIUS
> > > > >
> > > > > Leave it easy:
> > > > >
> > > > > Use a normal textfile:
> > > > > $ cat /var/db/captiveportal_radius.db
> > > > > serverip,authenticationport,accountingport,sharedsecret
> > > > > serverip2,authenticationport,accountingport,sharedsecret
> > > > > serverip3,authenticationport,accountingport,sharedsecret
> > > > >
> > > > > Just downloading the file and storing under /var/db should be
> > enough
> > > > :)
> > > > >
> > > > > J.
> > > > >
> > > > > --
> > > > > Jonathan De Graeve
> > > > > Network/System Engineer
> > > > > Imelda vzw
> > > > > Informatica Dienst
> > > > > +32 15/50.52.98
> > > > > jonathan dot de dot graeve at imelda dot be
> > > > >
> > > > > ---------
> > > > > Always read the manual for the correct way to do things
because
> > the
> > > > > number of incorrect ways to do things is almost infinite
> > > > > ---------
> > > > >
> > > > > > -----Oorspronkelijk bericht-----
> > > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > > Verzonden: donderdag 30 maart 2006 16:55
> > > > > > Aan: Jonathan De Graeve
> > > > > > CC: Mono Dev List
> > > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic Configuration
> for
> > > > > Captive
> > > > > > Portal RADIUS
> > > > > >
> > > > > > Well the script should be easy to do... at this moment im
> > playing
> > > > > around
> > > > > > with different methods to obtain the configs from the file
> that
> > is
> > > > > stored
> > > > > > on
> > > > > > external web server...
> > > > > >
> > > > > > First I thought to use PHP to generate XML content from the
> > > database
> > > > > and
> > > > > > then read that "xml" ... but then I thought that if mono
will
> > > > request
> > > > > that
> > > > > > make not thought the web browser, then php will not be
> > interpreted
> > > > so
> > > > > I'll
> > > > > > get bunch of errors...
> > > > > >
> > > > > > So now I'm thinking to use php command line to request
remote
> > file
> > > > or
> > > > > > build
> > > > > > an actual xml file on the server that will be updated if
> server
> > > > status
> > > > > are
> > > > > > changed... Which one is better?
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > From: Jonathan De Graeve
[mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > > > Sent: Thursday, March 30, 2006 9:24 AM
> > > > > > To: Alex M
> > > > > > Cc: Mono Dev List
> > > > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration
for
> > > > Captive
> > > > > > Portal
> > > > > > RADIUS
> > > > > >
> > > > > > Currently CP is freezed until after the weekend.
> > > > > >
> > > > > > What do you have in mind with the 'script'?
> > > > > >
> > > > > > J.
> > > > > >
> > > > > > --
> > > > > > Jonathan De Graeve
> > > > > > Network/System Engineer
> > > > > > Imelda vzw
> > > > > > Informatica Dienst
> > > > > > +32 15/50.52.98
> > > > > > jonathan dot de dot graeve at imelda dot be
> > > > > >
> > > > > > ---------
> > > > > > Always read the manual for the correct way to do things
> because
> > > the
> > > > > > number of incorrect ways to do things is almost infinite
> > > > > > ---------
> > > > > >
> > > > > > > -----Oorspronkelijk bericht-----
> > > > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > > > Verzonden: donderdag 30 maart 2006 16:19
> > > > > > > Aan: Jonathan De Graeve
> > > > > > > CC: Mono Dev List
> > > > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic
Configuration
> > for
> > > > > > Captive
> > > > > > > Portal RADIUS
> > > > > > >
> > > > > > > Well I'm not forcing anything, I can create major part of
> the
> > > > > script,
> > > > > > but
> > > > > > > I
> > > > > > > will need a little bit of help on integrating it to Mono.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Jonathan De Graeve
> [mailto:Jonathan dot De dot Graeve at imelda dot be]
> > > > > > > Sent: Thursday, March 30, 2006 3:06 AM
> > > > > > > To: Alex M; Steven McCoy
> > > > > > > Cc: Mono Dev List
> > > > > > > Subject: RE: [m0n0wall-dev] Central Dynamic Configuration
> for
> > > > > Captive
> > > > > > > Portal
> > > > > > > RADIUS
> > > > > > >
> > > > > > > > -----Oorspronkelijk bericht-----
> > > > > > > > Van: Alex M [mailto:radiussupport at lrcommunications dot net]
> > > > > > > > Verzonden: donderdag 30 maart 2006 3:03
> > > > > > > > Aan: 'Steven McCoy'
> > > > > > > > CC: Mono Dev List
> > > > > > > > Onderwerp: RE: [m0n0wall-dev] Central Dynamic
> Configuration
> > > for
> > > > > > > Captive
> > > > > > > > Portal RADIUS
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > > a) DNS is not yet supported
> > > > > > > what do you mean with that?
> > > > > > >
> > > > > > > > b) Current config supports only 2 servers
> > > > > > > Actually, it supports up to 10servers, but only 2 are
> > > configurable
> > > > > > from
> > > > > > > within the gui
> > > > > > >
> > > > > > > Downloading the radius configuration file from a website
> > should
> > > be
> > > > > > > relative easy to implement
> > > > > > >
> > > > > > > > c) DNS are good but you are limited only to controlling
> > where
> > > > > would
> > > > > > > and
> > > > > > > > IP,
> > > > > > > > you can not add configuration such as groups for
different
> > > > > locatios
> > > > > > > and
> > > > > > > > group switching id the server is not responding,
basically
> > > with
> > > > > DNS
> > > > > > > all
> > > > > > > > the
> > > > > > > > work will be manually. And in case of my idea it will be
> > > > > > automatically
> > > > > > > > self
> > > > > > > > existing.
> > > > > > > I don't understand the idea of groups quite good, what do
> you
> > > mean
> > > > > > with
> > > > > > > that?
> > > > > > >
> > > > > > > > If you even can add command on radius servers to
> > automatically
> > > > > > > > populate config file when the servr is up, and if server
> is
> > > not
> > > > > > > > responding,
> > > > > > > > delete it from the list and notify admins
> > > > > > > I think you're asking too much ;)
> > > > > > >
> > > > > > > Dynamically download the config: OK, but setting orders on
> > which
> > > > one
> > > > > > is
> > > > > > > the fastest to respond is also not a good idea. You should
> > > prefer
> > > > > the
> > > > > > > one with the least packet drops. It also makes things a
lot
> > > > > > complicader.
> > > > > > > Also for accounting, only the first radiusserver is used
> atm.
> > > > > > >
> > > > > > > PS Don't try to force things, if you want something please
> ask
> > > and
> > > > > > > always remember that currently nobody gets payed todo
this.
> > > > > > >
> > > > > > >
> > > > > > > J.
> > > > > > >
> > > > > > > --
> > > > > > > Jonathan De Graeve
> > > > > > > Network/System Engineer
> > > > > > > Imelda vzw
> > > > > > > Informatica Dienst
> > > > > > > +32 15/50.52.98
> > > > > > > jonathan dot de dot graeve at imelda dot be
> > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > > -----Original Message-----
> > > > > > > > From: Steven McCoy [mailto:fnjordy at gmail dot com]
> > > > > > > > Sent: Wednesday, March 29, 2006 7:52 PM
> > > > > > > > To: Alex M
> > > > > > > > Cc: Mono Dev List
> > > > > > > > Subject: Re: [m0n0wall-dev] Central Dynamic
Configuration
> > for
> > > > > > Captive
> > > > > > > > Portal
> > > > > > > > RADIUS
> > > > > > > >
> > > > > > > > Whats wrong with using DNS for this?
> > > > > > > >
> > > > > > > > --
> > > > > > > > Steve-o
> > > > > > > >
> > > > > > > > On 29/03/06, Alex M <radiussupport at lrcommunications dot net>
> > > wrote:
> > > > > > > > >
> > > > > > > > > Hi, I'm trying to create a system where I will be able
> to
> > > > mange
> > > > > > > hotspots
> > > > > > > > > more dynamically and from central location. I want to
> > begin
> > > by
> > > > > > > creating
> > > > > > > > > "algorithm" where the list of Radius servers for
captive
> > > > portal
> > > > > > > could be
> > > > > > > > > obtained automatically from the central WEB server or
> > > > secondary
> > > > > > > backup
> > > > > > > > > server.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > The reason for this is faster and easy management,
> quality
> > > of
> > > > > > > service
> > > > > > > > > configuration and scalability. Here is how it works:
At
> > > > startup
> > > > > > NAS
> > > > > > > > (M0n0)
> > > > > > > > > connects to preset DNS URL and read config file that
has
> a
> > > > list
> > > > > of
> > > > > > > > Radius
> > > > > > > > > servers (and maybe other configuration) [also beside
> this
> > > > > dynamic
> > > > > > > > function
> > > > > > > > > nas should have static info on 2 radius servers, just
in
> > > case,
> > > > > but
> > > > > > > those
> > > > > > > > 2
> > > > > > > > > will be added et the end of the list, if connection is
> ok]
> > > so
> > > > > > about
> > > > > > > the
> > > > > > > > > list. the list obtained from server will contain all
> > > available
> > > > > > > Radiuses,
> > > > > > > > > now
> > > > > > > > > when the list is obtained nas will ping all nases and
> once
> > > > with
> > > > > > the
> > > > > > > low
> > > > > > > > > pings will be placed in the beginning of the list. .
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Also, there should be implementations of groups so
that
> we
> > > can
> > > > > > > assign
> > > > > > > > > nases
> > > > > > > > > to proper Radiuses and change the groups during
> > maintenance.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Do I make myself clear on what I want?  Do you want to
> > > > implement
> > > > > > my
> > > > > > > > Idea?
> > > > > > > > >
> > > > > > > > > Does any one want to work with me on this?
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > Regards,
> > > > > > > > >
> > > > > > > > > Oleksandr
> > > > > > > > >
> > > > > > > > > LRC
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > >
> > > >
> >
---------------------------------------------------------------------
> > > > > > > > To unsubscribe, e-mail:
> > m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > > > > > > > For additional commands, e-mail:
> > > m0n0wall dash dev dash help at lists dot m0n0 dot ch
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > >
> > >
> ---------------------------------------------------------------------
> > > > > > > To unsubscribe, e-mail:
> m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > > > > > > For additional commands, e-mail:
> > m0n0wall dash dev dash help at lists dot m0n0 dot ch
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> > >
> > >
> >
> >
> >
> 
> 
>