From cistron-radius@lists.cistron.nl Fri Aug 1 18:20:44 2003 From: cistron-radius@lists.cistron.nl (Marc Kandel) Date: Fri, 1 Aug 2003 13:20:44 -0400 Subject: performance Message-ID: This is a multi-part message in MIME format. ------_=_NextPart_001_01C35851.3D7D10C8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable hi, i'm hoping someone can give me some tips as to getting better = performance out of cistron 1.6.6. i have a primary and a secondary. the primary is on a sun e-450 with = 512M ram and plenty of swap. this box is here in our server room across = all 10M and no router. our secondary is a crappy x86 freebsd box across = a T1. the problem is that radiusd on the sun box consistently takes 3 - 5 = seconds to give a response while the freebsd is in the miliseconds. =20 any ideas as to things to look at? the radiusd process on the sun = consistently uses > 30 % of the cpu while the freebsd radiusd only uses = < 1/2 %. any suggestions are greatly appreciated, --marc Marc Kandel Senior Unix Administrator Senior Network Administrator TTLC Internet & IT Solutions http://ttlc.net ------_=_NextPart_001_01C35851.3D7D10C8 Content-Type: application/ms-tnef; name="winmail.dat" Content-Transfer-Encoding: base64 eJ8+Ii0RAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAGAAAAElQTS5NaWNy b3NvZnQgTWFpbC5Ob3RlADEIAQ2ABAACAAAAAgACAAEEgAEADAAAAHBlcmZvcm1hbmNlAJIEAQWA AwAOAAAA0wcIAAEADQAUACwABQA1AQEggAMADgAAANMHCAABAA0AFAAsAAUANQEBCYABACEAAABC QzQxMDhCOTQyRkIwNDRFQkY5OURBQkU5Q0NCMDNDRQCKBwEDkAYAWAgAADMAAAALAAIAAQAAAAMA JgAAAAAAAwA2AAAAAABAADkAyBB9PVFYwwEeAD0AAQAAAAEAAAAAAAAAAgFHAAEAAAA0AAAAYz11 czthPSA7cD1UVExDIEludGVybmV0O2w9SEVTVElBLTAzMDgwMTE3MjA0NFotMTc1AB4AcAABAAAA DAAAAHBlcmZvcm1hbmNlAAIBcQABAAAAFgAAAAHDWFCZYT5LzdtS1kWho9xHbiA5JGEAAB4AGgwB AAAADAAAAE1hcmMgS2FuZGVsAB4AHQ4BAAAADAAAAHBlcmZvcm1hbmNlAAIBCRABAAAA2gIAANYC AAATBAAATFpGdW03s+oDAAoAcmNwZzEyNRYyAPgLYG4OEDAzM08B9wKkA+MCAGNoCsBz8GV0MCAH EwKDAFAEVa8QyQhVB7ICgH0KgXYIkKR3awuAZDQMYGMAUMMLAwu1IGhpLAqiCoSRCoBpJ20WAG9w C4AoZyBzA3BlAiBlIOJjA5FnaXYYEAeAF6MsIHQFIAQgYQQgdG9vGGARMBlAF4FiGgEToXDrBJAC EHIDgWMYEAhgBUBsb2YYIAQAdANgA6AxXC42HKEWSxYAYRiRYeca0AUQAMByeRmAFMAeEU8RIAWg FMAegS4gGTBovxgQHkYEABuQA6AfAXUDoHBlLTQ1EVAD8B/gIMI1DiBNIHJhFyAewjsLUAnwdB6g G+ED4GFw9x+zIKEG4Hggkh/wCXAgkPcDoAhhHxFyGJAFwANgA3D7GYAFAG8EEQdAAyAPQCJA/R7C bhnQA2AbsASQH7ElNF8fRSCSHiAFACOgcB6geJg4NiADUAngYnMe4HMkQiY2IFQckBZKH+Rv3QJg ZRcgIKEf4GEFQCJg+GRpdSpRHGEf4iEiJEJvH0EAkBwwIwFsHqABkGvxB5EzIC0iAB8VGaQYgrMe IAlwc3AvARgQdxYQvyLwH9MqBiChJQEf4m0DEP8EADCUH7EWSgBwIIEBABmRnxmUI/EPIBmjCQBv axmA/HQ/H8QthiyBG3AEES4Jty77LcAHkT4wEBFQJRvSex/iDfB1Mi8e4C2IOmY8eRyALzI7IBzr NZIhIGf7GfAcMGkvARmAJNEJwS1Qfy+RKXEJcBwQLVAJgBY7Ld4tHnEA4BZZFTUxBdBC8fQgSx7B ZQlQFlMGYAMAzQWxVQMAJGBBZDPwAwCfHDEtUAWwRSsHwHR3BbAHN2BGTwqAVFRMQyBOSQIwBJER MCAmSdBUXwYABvAbsEAyFkRoAkBwiDovLwJAbGMuSjEvArJDmRZTFCEATiAAAB4ANRABAAAAQQAA ADxCODhEOEYxREJGNjVBMTQ3ODJBQkY1NjdENDA4MDdCQTJENjRERkBoZXN0aWEudHRsY2ludGVy bmV0LmNvbT4AAAAAAwCAEP////8LAPIQAQAAAB8A8xABAAAAIAAAAHAAZQByAGYAbwByAG0AYQBu AGMAZQAuAEUATQBMAAAACwD2EAAAAABAAAcwANdiPVFYwwFAAAgwIHN/PVFYwwEDAN4/r28AAAMA 8T8JBAAAHgD4PwEAAAAMAAAATWFyYyBLYW5kZWwAAgH5PwEAAABkAAAAAAAAANynQMjAQhAatLkI ACsv4YIBAAAAAAAAAC9PPVRUTEMgSU5URVJORVQvT1U9RklSU1QgQURNSU5JU1RSQVRJVkUgR1JP VVAvQ049UkVDSVBJRU5UUy9DTj1NS0FOREVMAB4A+j8BAAAAFQAAAFN5c3RlbSBBZG1pbmlzdHJh dG9yAAAAAAIB+z8BAAAAHgAAAAAAAADcp0DIwEIQGrS5CAArL+GCAQAAAAAAAAAuAAAAAwAZQAAA AAADABpAAAAAAB4AMEABAAAACAAAAE1LQU5ERUwAHgAxQAEAAAAIAAAATUtBTkRFTAAeADhAAQAA AAgAAABNS0FOREVMAB4AOUABAAAAAgAAAC4AAAADAAlZAwAAAAsAZoEIIAYAAAAAAMAAAAAAAABG AAAAAA6FAAAAAAAAAwB+gQggBgAAAAAAwAAAAAAAAEYAAAAAUoUAACdqAQAeAH+BCCAGAAAAAADA AAAAAAAARgAAAABUhQAAAQAAAAQAAAA5LjAAHgCwgQggBgAAAAAAwAAAAAAAAEYAAAAAOIUAAAEA AAABAAAAAAAAAB4AsYEIIAYAAAAAAMAAAAAAAABGAAAAADeFAAABAAAAAQAAAAAAAAAeALKBCCAG AAAAAADAAAAAAAAARgAAAAA2hQAAAQAAAAEAAAAAAAAAAwDCgQggBgAAAAAAwAAAAAAAAEYAAAAA AYUAAAAAAAALAMeBCCAGAAAAAADAAAAAAAAARgAAAAADhQAAAAAAAAMAzIEIIAYAAAAAAMAAAAAA AABGAAAAABGFAAAAAAAAAwDRgQggBgAAAAAAwAAAAAAAAEYAAAAAEIUAAAAAAAADANiBCCAGAAAA AADAAAAAAAAARgAAAAAYhQAAAAAAAAsA64EIIAYAAAAAAMAAAAAAAABGAAAAAAaFAAAAAAAACwAp AAAAAAALACMAAAAAAAMABhD3VPVqAwAHEGECAAADABAQAAAAAAMAERAAAAAAHgAIEAEAAABlAAAA SEksSU1IT1BJTkdTT01FT05FQ0FOR0lWRU1FU09NRVRJUFNBU1RPR0VUVElOR0JFVFRFUlBFUkZP Uk1BTkNFT1VUT0ZDSVNUUk9OMTY2SUhBVkVBUFJJTUFSWUFOREFTRUNPTgAAAAACAX8AAQAAAEEA AAA8Qjg4RDhGMURCRjY1QTE0NzgyQUJGNTY3RDQwODA3QkEyRDY0REZAaGVzdGlhLnR0bGNpbnRl cm5ldC5jb20+AAAAAK7J ------_=_NextPart_001_01C35851.3D7D10C8-- From cistron-radius@lists.cistron.nl Fri Aug 1 18:36:12 2003 From: cistron-radius@lists.cistron.nl (Alan DeKok) Date: Fri, 01 Aug 2003 13:36:12 -0400 Subject: performance In-Reply-To: Your message of "Fri, 01 Aug 2003 13:20:44 EDT." Message-ID: "Marc Kandel" wrote: > the problem is that radiusd on the sun box consistently takes 3 - 5 > seconds to give a response while the freebsd is in the miliseconds. I'll bet it's PAM. You're doing system authentication, which on Solaris means going through PAM, and the PAM module is probably re-reading the /etc/passwd file for every password request. On FreeBSD, the passwords are (I believe) in a DB, so finding them takes near-zero time. The way to test this is to put an entry at the top of the 'users' file, for a user "bob", with password "bob". Use radtest to see how long the server takes to respond. It should be nearly instantaneous. If you're not using /etc/passwd on Solaris, then I'm not sure what the problem would be. Alan DeKok. From cistron-radius@lists.cistron.nl Fri Aug 1 18:45:12 2003 From: cistron-radius@lists.cistron.nl (Marc Kandel) Date: Fri, 1 Aug 2003 13:45:12 -0400 Subject: performance Message-ID: Alan, thanks for the advice but i don't think this is it. i tested with the username/password from the first entry in our users = file and had to wait almost 11 seconds for a reply ... only a small fraction of the users in the users file actually have = accounts on this server (me and my boss to be exact). any other ideas anyone? TIA, --marc -----Original Message----- From: Alan DeKok [mailto:aland@ox.org] Sent: Friday, August 01, 2003 1:36 PM To: cistron-radius@lists.cistron.nl Subject: Re: performance=20 "Marc Kandel" wrote: > the problem is that radiusd on the sun box consistently takes 3 - 5 > seconds to give a response while the freebsd is in the miliseconds. I'll bet it's PAM. You're doing system authentication, which on Solaris means going through PAM, and the PAM module is probably re-reading the /etc/passwd file for every password request. On FreeBSD, the passwords are (I believe) in a DB, so finding them takes near-zero time. The way to test this is to put an entry at the top of the 'users' file, for a user "bob", with password "bob". Use radtest to see how long the server takes to respond. It should be nearly instantaneous. If you're not using /etc/passwd on Solaris, then I'm not sure what the problem would be. Alan DeKok. -=20 List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/ From cistron-radius@lists.cistron.nl Fri Aug 1 18:43:39 2003 From: cistron-radius@lists.cistron.nl (Alan DeKok) Date: Fri, 01 Aug 2003 13:43:39 -0400 Subject: performance In-Reply-To: Your message of "Fri, 01 Aug 2003 13:45:12 EDT." Message-ID: "Marc Kandel" wrote: > i tested with the username/password from the first entry in our users = > file and had to wait almost 11 seconds for a reply ... Then run the server in debugging mode, to see where it waits. Taking even 2 seconds to respond to an entry in the 'users' file means that there is something seriously wrong in your system. Alan DeKok. From cistron-radius@lists.cistron.nl Fri Aug 1 19:37:50 2003 From: cistron-radius@lists.cistron.nl (CertaintyTech) Date: Fri, 1 Aug 2003 14:37:50 -0400 Subject: performance In-Reply-To: Message-ID: <000001c3585c$059bfbd0$0100a8c0@ED01> What commandline options so you use for radiusd on the Sun box? --- Ed Henderson Certainty Tech http://www.certainty.net/ > -----Original Message----- > From: Marc Kandel > [mailto:cistron-radius-admin@lists.cistron.nl] On Behalf Of > Marc Kandel > Sent: Friday, August 01, 2003 1:21 PM > To: Cistron-Radius (E-mail) > Subject: performance > > > hi, > > i'm hoping someone can give me some tips as to getting better > performance out of cistron 1.6.6. > > i have a primary and a secondary. the primary is on a sun > e-450 with 512M ram and plenty of swap. this box is here in > our server room across all 10M and no router. our secondary > is a crappy x86 freebsd box across a T1. > > the problem is that radiusd on the sun box consistently takes > 3 - 5 seconds to give a response while the freebsd is in the > miliseconds. > > any ideas as to things to look at? the radiusd process on > the sun consistently uses > 30 % of the cpu while the freebsd > radiusd only uses < 1/2 %. > > any suggestions are greatly appreciated, > > --marc > > Marc Kandel > Senior Unix Administrator > Senior Network Administrator > TTLC Internet & IT Solutions > http://ttlc.net > > From cistron-radius@lists.cistron.nl Fri Aug 1 21:41:09 2003 From: cistron-radius@lists.cistron.nl (Danny ter Haar) Date: Fri, 1 Aug 2003 20:41:09 +0000 (UTC) Subject: performance References: Message-ID: Marc Kandel wrote: >any other ideas anyone? host-lookup/nameserver timeout ? Danny -- I think so Brain, but why does a forklift have to be so big if all it does is lift forks? From cistron-radius@lists.cistron.nl Mon Aug 4 15:51:12 2003 From: cistron-radius@lists.cistron.nl (Marc Kandel) Date: Mon, 4 Aug 2003 10:51:12 -0400 Subject: performance Message-ID: same as the other box: /usr/local/sbin/radiusd -w -i nn.nn.nn.nn -p 1645 -F %N/detail -F = detail.all --marc -----Original Message----- From: CertaintyTech [mailto:ed.henderson@certainty.net] Sent: Friday, August 01, 2003 2:38 PM To: cistron-radius@lists.cistron.nl Subject: RE: performance What commandline options so you use for radiusd on the Sun box? --- Ed Henderson Certainty Tech http://www.certainty.net/ > -----Original Message----- > From: Marc Kandel=20 > [mailto:cistron-radius-admin@lists.cistron.nl] On Behalf Of=20 > Marc Kandel > Sent: Friday, August 01, 2003 1:21 PM > To: Cistron-Radius (E-mail) > Subject: performance >=20 >=20 > hi, >=20 > i'm hoping someone can give me some tips as to getting better=20 > performance out of cistron 1.6.6. >=20 > i have a primary and a secondary. the primary is on a sun=20 > e-450 with 512M ram and plenty of swap. this box is here in=20 > our server room across all 10M and no router. our secondary=20 > is a crappy x86 freebsd box across a T1. >=20 > the problem is that radiusd on the sun box consistently takes=20 > 3 - 5 seconds to give a response while the freebsd is in the=20 > miliseconds. =20 >=20 > any ideas as to things to look at? the radiusd process on=20 > the sun consistently uses > 30 % of the cpu while the freebsd=20 > radiusd only uses < 1/2 %. >=20 > any suggestions are greatly appreciated, >=20 > --marc >=20 > Marc Kandel > Senior Unix Administrator > Senior Network Administrator > TTLC Internet & IT Solutions > http://ttlc.net >=20 >=20 -=20 List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/ From cistron-radius@lists.cistron.nl Mon Aug 4 15:52:03 2003 From: cistron-radius@lists.cistron.nl (Marc Kandel) Date: Mon, 4 Aug 2003 10:52:03 -0400 Subject: performance Message-ID: i thought of this as well ... where is the setting? i looked but didn't = find it. all i saw was the flag to disable lookups completely. thanks, --marc -----Original Message----- From: Danny ter Haar [mailto:dth@ncc1701.cistron.net] Sent: Friday, August 01, 2003 4:41 PM To: cistron-radius@lists.cistron.nl Subject: Re: performance=20 Marc Kandel wrote: >any other ideas anyone? host-lookup/nameserver timeout ? Danny --=20 I think so Brain, but why does a forklift=20 have to be so big if all it does is lift forks? -=20 List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/ From cistron-radius@lists.cistron.nl Mon Aug 4 16:03:31 2003 From: cistron-radius@lists.cistron.nl (Danny ter Haar) Date: Mon, 4 Aug 2003 15:03:31 +0000 (UTC) Subject: performance References: Message-ID: Marc Kandel wrote: >i thought of this as well ... where is the setting? It's not a setting in radius (daemon) but system-wide. >i looked but didn't find it. all i saw was the flag to >disable lookups completely. Under linux use something like: time host www.playboy.com www.playboy.com is an alias for www.phat.playboy.com. www.phat.playboy.com has address 209.247.228.201 real 0m0.713s user 0m0.004s sys 0m0.005s Doesn't take long (even from europe ;-) Slowaris i don't know the equivalent commands Danny -- I think so Brain, but why does a forklift have to be so big if all it does is lift forks? From cistron-radius@lists.cistron.nl Mon Aug 4 16:35:13 2003 From: cistron-radius@lists.cistron.nl (Marc Kandel) Date: Mon, 4 Aug 2003 11:35:13 -0400 Subject: performance Message-ID: # time nslookup www.playboy.com Server: dns1.ttlc.net Address: 66.94.32.2 Non-authoritative answer: Name: www.phat.playboy.com Address: 209.247.228.201 Aliases: www.playboy.com 0.00u 0.02s 0:00.42 4.7% looks OK to me ... --marc -----Original Message----- From: Danny ter Haar [mailto:dth@ncc1701.cistron.net] Sent: Monday, August 04, 2003 11:04 AM To: cistron-radius@lists.cistron.nl Subject: Re: performance=20 Marc Kandel wrote: >i thought of this as well ... where is the setting?=20 It's not a setting in radius (daemon) but system-wide. >i looked but didn't find it. all i saw was the flag to >disable lookups completely. Under linux use something like: time host www.playboy.com=20 www.playboy.com is an alias for www.phat.playboy.com. www.phat.playboy.com has address 209.247.228.201 real 0m0.713s user 0m0.004s sys 0m0.005s Doesn't take long (even from europe ;-) Slowaris i don't know the equivalent commands Danny --=20 I think so Brain, but why does a forklift=20 have to be so big if all it does is lift forks? -=20 List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/ From cistron-radius@lists.cistron.nl Mon Aug 4 20:45:43 2003 From: cistron-radius@lists.cistron.nl (John Chapman) Date: 04 Aug 2003 14:45:43 -0500 Subject: allow connections to some equipment, deny others? Message-ID: <1060026343.3319.1112.camel@chapster.cleburne.com> Just curious, this is not critical, but I do have a use for it. And I have not seen any info on this that I know of. Lets suppose you have several pieces of dialup equipment. Each one has a name of course, and an IP address. Is there a way to only allow logons to a specific piece of equipment? If all incoming calls are rotated thru the equipment, currently whichever piece of equipment is hit is acceptable, and the dialup user is logged on. Is there a way to say that only when user x hits equipment y they get logged on- if they hit a, b c, or d, they get denied. Well, if this is possible, thanks for the answer. If not, that is ok too. Thanks, John C. From cistron-radius@lists.cistron.nl Mon Aug 4 22:27:57 2003 From: cistron-radius@lists.cistron.nl (Danny ter Haar) Date: Mon, 4 Aug 2003 21:27:57 +0000 (UTC) Subject: performance References: Message-ID: Marc Kandel wrote: ># time nslookup www.playboy.com >Server: dns1.ttlc.net >Address: 66.94.32.2 > >Non-authoritative answer: >Name: www.phat.playboy.com >Address: 209.247.228.201 >Aliases: www.playboy.com > >0.00u 0.02s 0:00.42 4.7% > >looks OK to me ... and now try it for ip number/host name of the dial-in range/user. Mayby the machine get's a non-authorive dns answer and stops in a loop. Earlier remark that's been made: Run de daemon in debug mode and look where it "sits & waits" Danny -- I think so Brain, but why does a forklift have to be so big if all it does is lift forks? From cistron-radius@lists.cistron.nl Tue Aug 5 18:53:03 2003 From: cistron-radius@lists.cistron.nl (Daniel Bastos) Date: Tue, 5 Aug 2003 14:53:03 -0300 Subject: Problems with client's IP Message-ID: <20030805175303.GA24986@dbastos.net> Hi ! I'm having a strange problem with Cistron Radius Server in Linux. I configured /etc/raddb/users to give to the clients the IP range 192.168.50.0. I would like it to give a class C to the clients (and believe or not, it was working until some days ago !!!) but it's not... now when it gives the 192.168.50.254, for example, the next one is 192.168.51.2..... and then it goes... after 192.168.51.254 for 192.168.52.2....... today it's in 192.168.56.xxx !!! I'm configuring it Framed-IP-Address for all domains because my provider "cuts" the domain and send to me only the usernam and password... Does anyone knows what' s happening ??? I have already looked for this problem, but I couldn't find anyone who has it.... My configuration: DEFAULT Framed-Protocol = PPP Framed-IP-Address = 192.168.50.0+, Framed-IP-Netmask = 255.255.255.0, Service-Type = Framed Thanks in advance, Best regards, -- -=(o '. | Daniel Bastos '.-.\ | Linux / Unix / Networking /| \\ | http://www.dbastos.net '| || | GPG/PGP: http://www.dbastos.net/pgpkey.txt _\_):,_ Powered by mutt ! From cistron-radius@lists.cistron.nl Tue Aug 5 19:12:03 2003 From: cistron-radius@lists.cistron.nl (Claudio M. Godoy Martin) Date: Tue, 05 Aug 2003 15:12:03 -0300 Subject: Problems with client's IP In-Reply-To: <20030805175303.GA24986@dbastos.net> Message-ID: <5.2.1.1.2.20030805150834.00a13ec0@mail.cyted.com.ar> Hi ! This happens because the line Framed-IP-Address =3D 192.168.50.0+ adds the port number to the IP address and your port numbers probably are=20 greater than 255. -- Regards. Claudio. At 05/08/2003 14:53, you wrote: >Hi ! > >I'm having a strange problem with Cistron Radius Server in Linux. >I configured /etc/raddb/users to give to the clients the IP range >192.168.50.0. I would like it to give a class C to the clients (and >believe or not, it was working until some days ago !!!) but it's not... >now when it gives the 192.168.50.254, for example, the next one is >192.168.51.2..... and then it goes... after 192.168.51.254 for >192.168.52.2....... today it's in 192.168.56.xxx !!! > >I'm configuring it Framed-IP-Address for all domains because my provider >"cuts" the domain and send to me only the usernam and password... > >Does anyone knows what' s happening ??? I have already looked for this >problem, but I couldn't find anyone who has it.... > >My configuration: > > >DEFAULT Framed-Protocol =3D PPP > Framed-IP-Address =3D 192.168.50.0+, > Framed-IP-Netmask =3D 255.255.255.0, > Service-Type =3D Framed >=20 > > >Thanks in advance, >Best regards, >-- >-=3D(o '. | Daniel Bastos > '.-.\ | Linux / Unix / Networking > /| \\ | http://www.dbastos.net > '| || | GPG/PGP: http://www.dbastos.net/pgpkey.txt > _\_):,_ >Powered by mutt ! > > > > > > > >=20 > > >- >List info/subscribe/unsubscribe? See http://www.radius.cistron.nl/list/ . : Ing. Claudio M. Godoy Mart=EDn : E-Mail: cmgodoy@cgmi.com.ar `----------------------------------------------------------------- From cistron-radius@lists.cistron.nl Tue Aug 5 23:47:45 2003 From: cistron-radius@lists.cistron.nl (Brian Castro) Date: Tue, 5 Aug 2003 17:47:45 -0500 Subject: Grouping Users Problem In-Reply-To: <5.2.1.1.2.20030805150834.00a13ec0@mail.cyted.com.ar> Message-ID: <00b601c35ba3$99a28e30$df07a8c0@brian> Hello, I am trying to limit "Email Only" accounts so that they can not dial in to get access to the net. Now I know the first thing you are all going to say is to read the Docs, which I have. I have also spent hours combing the newsgroups for the answer so here it goes: DEFAULT Auth-Type = Reject Group = emailonly DEFAULT Auth-Type = System Service-Type = Framed, Framed-Protocol = PPP, Ascend-Maximum-Call-Duration = 240, Ascend-Idle-Limit = 1200, Fall-Through = Yes We use all Ascend products. I have a group on the system called "emailonly" and have I have email only users in it. When I start Cistron using the above config, no one can authenticate except those that have a radius entry. We only use radius entries for ISDN and DSL customers. Dial up users are authenticated via System. All Dial up users are in a group called "netdial". I have even tried adding Group = netdial, to the second DEFAULT thinking that both entries needed a Group listing but that didn't work either. Right now any customer with a cheap email only account can dial up and surf the net. Any ideas as to what I am doing wrong? Brian Castro DiscoverNet, Inc. Network Administrator http://www.discover-net.net admin@discover-net.net (715)830-1500 ext 105 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.507 / Virus Database: 304 - Release Date: 8/4/2003 From cistron-radius@lists.cistron.nl Wed Aug 6 03:22:50 2003 From: cistron-radius@lists.cistron.nl (Bob McClure Jr) Date: Tue, 5 Aug 2003 21:22:50 -0500 Subject: Grouping Users Problem In-Reply-To: <00b601c35ba3$99a28e30$df07a8c0@brian> References: <5.2.1.1.2.20030805150834.00a13ec0@mail.cyted.com.ar> <00b601c35ba3$99a28e30$df07a8c0@brian> Message-ID: <20030806022250.GC6247@yak.cumbytel.com> On Tue, Aug 05, 2003 at 05:47:45PM -0500, Brian Castro wrote: > Hello, > > I am trying to limit "Email Only" accounts so that they can not dial in > to get access to the net. Now I know the first thing you are all going > to say is to read the Docs, which I have. I have also spent hours > combing the newsgroups for the answer so here it goes: > > DEFAULT Auth-Type = Reject > Group = emailonly I'm a bit of a newb, but I think the above entry should be DEFAULT Group = emailonly, Auth-Type = Reject Reply-Message = "Your account is for email only." That's largely from an example in the /etc/raddb/users file. Don't know if that action line is required, but I don't think it will hurt. As I understand the structure, each "stanza" is