 


















          RADIUS-VMS
          product documentation





          This manual contains product documentation for RADIUS-
          VMS, RFC2865/RFC2866 (RFC2138/2139) compliant RADIUS
          Server software for VMS systems.

 



































          __________
          Copyright  1998-2009 Ruslan R. Laishev & StarLet
          Group.

          Trademarks info

          VMS, OpenVMS, VAX, Alpha, Integrity, DEC, DEC Server,
          DEC DATATRIEVE, Digital are trademarks of Digital
          Equipment Corporation.

          Process Software TCPWare-TCP, Multinet (TM) are
          trademark of Process Software LLC.

          MadGoat, Message Exchange, and MX are trademarks of
          MadGoat Software.

 
















































                                                              iii

 









          _______________________________________________________

          Contents

          _______________________________________________________
          CHAPTER 1  INTRODUCTION TO THE RADIUS.              1-1

                _________________________________________________
                1.1   WHAT IS RADIUS?                         1-1

                _________________________________________________
                1.2   WHAT IS RADIUS-VMS?                     1-2

                _________________________________________________
                1.3   PREREQUISITES.                          1-4


          _______________________________________________________
          CHAPTER 2  RADIUS-VMS INSTALLATION.                 2-1

                _________________________________________________
                2.1   INVOKING VMSINSTAL.                     2-1


          _______________________________________________________
          CHAPTER 3  CONFIGURATION & MANAGEMENT.              3-1

                _________________________________________________
                3.1   SERVER LOGICALS.                        3-1

                _________________________________________________
                3.2   USERS MANAGEMENT.                       3-3

                3.2.1     SYSUAF based authentication &
                          authorization.  ________________    3-5

                3.2.2     Accept or Reject all logins
                          without real authentication.  __    3-7

                3.2.3     Realms based policy.  __________    3-7


                                                              iii

 


          Contents





                3.2.4     VMS Right Id based policy.  ____    3-8

                3.2.5     Authenticaion on LANMAN or
                          Windows NT domains.  ___________    3-9

                _________________________________________________
                3.3   CLIENTS MANAGEMENT.                    3-11

                _________________________________________________
                3.4   REALMS MANAGEMENT.                     3-15

                _________________________________________________
                3.5   PROXY/FORWARDING CAPABILITIES.         3-19

                _________________________________________________
                3.6   MULTIHOME CONFIGURATION                3-20

          _______________________________________________________
          CHAPTER 4  RADIUS-VMS CONTROL.                      4-1


          _______________________________________________________
          CHAPTER 5  ACCOUNTING.                              5-1

                _________________________________________________
                5.1   A RADIUS-VMS ACCOUNTING UTILITY -
                      RADACC.EXE                              5-3


          _______________________________________________________
          CHAPTER 6  AN ADDITIONAL INFORMATION AND
                     APPENDIXES.                              6-1








          iv

 


                                                         Contents





          _______________________________________________________
          APPENDIX A  RADIUS-VMS MESSAGING &
                      TROUBLESHOOTING.                        A-1


          _______________________________________________________
          APPENDIX B  CONTACT INFORMATION.                    B-1


          _______________________________________________________
          APPENDIX C  RADIUS-VMS FILES CREATED DURING
                      INSTALLATION.                           C-1


          _______________________________________________________
          APPENDIX D  RADIUS-VMS MODIFICATION HISTORY.        D-1
























                                                                v

 
















































                                                                1

 








          _______________________________________________________

   1      Introduction to the RADIUS.



          __________________________________________________________________

   1.1    What is RADIUS?

          RADIUS is the Remote Access Dial-In User Service,
          an Authorization, Authentication, and Accounting
          client-server protocol. RADIUS is the de facto
          industry standard for remote access AAA, as well as
          an IETF standard. In general, it's a network daemon
          (network process) which performs authentication,
          authorization and accounting actions when someone
          login to Network Access Server with a dial-up (CDMA,
          GRPS, etc...) client or logout from it. Typically, a
          RADIUS server is used by Internet Service Providers
          (ISP) to performs AAA tasks (Billing , Prepayed
          access, VoIP, and so on...). But frequently, it's
          useful in a case when your need to provide any
          kind of controlled access to Internet connectivity.
          Technical specification of the basic features which
          are supported by all RADIUS servers you can find in
          RFC 2138 (ftp://ftp.isi.edu/in-notes/rfc2138.txt).
          Accounting information is specified in RFC 2139
          (ftp://ftp.isi.edu/in-notes/rfc2139.txt). Follows
          some simple explanation about main work phases which
          are illustrated functionality of a RADIUS server:

          1  Authentication phase - Network Access Server (NAS,
             PDSN, Access Server) get an username/password pair
             from user input, crypts this information with
             shared between NAS and RADIUS Server a "secret
             key" and transfers the request to a RADIUS server.
             RADIUS server receive this information extract the
             username and password and validate it against a
             local username and password database.

                                                              1-1

 


          Introduction to the RADIUS.





          2  Authorization phase - if user is valid then RADIUS
             server gets from special database some information
             and send it to NAS. For example: IP number is
             assigned for this Dial-Up client, network mask,
             allowed session time, default router, access control
             lists ID, etc.

          3  Accounting phase - when NAS gets the acknowledgement
             from RADIUS during the previous phase, NAS send
             a "Start session" packet to RADIUS server, and a
             "Stop session" packet when client is disconnected
             from NAS. The "Stop session" packet contains
             accounting information like: session time, amount
             of input/output traffic etc.

          __________________________________________________________________

   1.2    What is RADIUS-VMS?

          RADIUS-VMS project was started at 1998 yer as
          port of the Livingston RADIUS 2.x server to
          OpenVMS with introducing a lot of VMS-specific
          features. This project was sponsored by DLS Internet
          Service Inc. and performed by Ruslan R. Laishev
          (http://www.starlet.spb.ru). RADIUS-VMS - it's
          multithreaded by DEC Threads the RADIUS server,
          which was fully rewritten from the original sources
          and has been stayed under active development for
          implementation of new features. The main features
          follows:

          o  SYSUAF based authentication, using flat USERS file
             as well

          o  RADIUS DB support

          o  Security based on VMS facilities (AUDIT, Intrusion
             detection)

          o  NAS(s) & Realm(s) access authorization by right
             id(s)

          1-2

 


                                      Introduction to the RADIUS.





          o  Accounting of users/NAS/port activities in the VMS
             ACCOUNTING format as well as in the traditional
             .DETAIL format

          o  Work in mixed-cluster environment sharing data files

          o  High performance with large USERS file

          o  File I/O using RMS

          o  Network I/O using $QIO

          o  MultiHOME support

          o  Multithreaded by DEC Threads (up to 128 concurrent
             threads for every "Home"), using kernel threads
             under VMS/Alpha/IA64

          o  Realm policy authentication, and an additional
             authorization by right id(s)

          o  VMS Right Id policy authorization

          o  Full VSA (Vendor Specific Attributes) support

          o  IBM LanMan/M$ Windoze NT domain authentication
             support

          o  Internet Roaming (Proxy/Forwarding) capabilities
             support with domain-realm or IMSI-realm

          o  External authorization and accounting callouts
             (examples for ORACLE Server is provided.)

          o  Integration with MX 5.x by MadGoat Software
             (www.madgoat.com)

          o  Integration with X-Stop hardware and software
             (www.xstop.com)

          o  Support Ascend's filters.

          o  Support IMSI (Internatinal Mobile Station Identity)
             realms carried by 3GPP2-IMSI or Calling-Staion-Id.

          o  Support Digest authentication (draft-sterman-sip-
             radius-00.txt, draft-sterman-aaa-sip-00.txt)

                                                              1-3

 


          Introduction to the RADIUS.





          o  Support A12 authentication for IMT-MC-450i (CDMA 1x,
             EV-DO, Rev A. & B.)

          __________________________________________________________________

   1.3    Prerequisites.

          RADIUS-VMS requires VMS version V7.1 or later to run.

          TCP/IP package, it's tested with TCPWare-TCP 5.5-
          3 (Alpha/VMS), Multinet 4.3 (Alpha/VMS), DEC TCP/IP
          Service (UCX) 4.2, 5.x

          Optional MadGoat's MX 5.1 or later


























          1-4

 








          _______________________________________________________

   2      RADIUS-VMS installation.



          RADIUS-VMS uses VMSINSTAL for installation. If you do
          not know how to use VMSINSTAL, you should first read
          the chapter on installing software in the VMS System
          Manager's Manual. For the installation, you should be
          logged into the SYSTEM account, or another suitably
          privileged account.

          __________________________________________________________________

   2.1    Invoking VMSINSTAL.

          Invoke VMSINSTAL to install RADIUS-VMS.

                            $ @sys$update:vmsinstal RADIUSVMSvvn DDCU:

          Substitute the appropriate values for vvn and ddcu.

                            OpenVMS VAX Software Product Installation Procedure V7.1

                           It is 29-JAN-2000 at 02:58.

                           Enter a question mark (?) at any time for help.

                           %VMSINSTAL-W-NOTSYSTEM, You are not logged in to the SYSTEM account.
                           %VMSINSTAL-W-ACTIVE, The following processes are still active:
                            UCX$NTPD
                            MONITOR_SERVER
                           * Do you want to continue anyway [NO]? y
                           * Are you satisfied with the backup of your system disk [YES]?

                           The following products will be processed:

                             RADIUSVMS V2.0

                            Beginning installation of RADIUSVMS V2.0 at 02:58

                           %VMSINSTAL-I-RESTORE, Restoring product save set A ...

                                                              2-1

 


          RADIUS-VMS installation.





                                           RADIUS-VMS Installation Procedure

                                  Copyright  1998-2003, Ruslan R. Laishev.  All Rights Reserved.

                           * Where should the RADIUS-VMS top directory be located? [$1$DUA1130:[RADIUS]]:

                           %CREATE-I-EXISTS, $1$DUA1130:[RADIUS] already exists
                           * Do you want to purge files replaced by this installation [YES]?

                           %VMSINSTAL-I-RESTORE, Restoring product save set D ...
                           %VMSINSTAL-I-RESTORE, Restoring product save set E ...
                           %VMSINSTAL-I-RESTORE, Restoring product save set F ...
                           %RADIUSVMS-I-LINKING, Linking image RADIUS_SERVER.EXE ...
                           %RADIUSVMS-I-LINKING, Linking image RT.EXE ...
                           %RADIUSVMS-I-LINKING, Linking image LGI$CALLOUT_RADIUS.EXE ...
                           %CREATE-I-EXISTS, $1$DUA1130:[RADIUS.VAX_EXE] already exists
                           %CREATE-I-EXISTS, $1$DUA1130:[RADIUS.UTILS] already exists
                           %CREATE-I-EXISTS, $1$DUA1130:[RADIUS] already exists
                           %CREATE-I-EXISTS, $1$DUA1130:[RADIUS.DOCS] already exists
                           %CREATE-I-EXISTS, $1$DUA1130:[RADIUS.TEMPLATES] already exists

                            *************************************************************
                            The RADIUS-VMS software is installed at your system!!!

                              NOTE 1
                            RADIUS-VMS must be installed twice on a mixed-VMScluster: once
                            on a IA64 system and once on an Alpha system. This is necessary
                            because the RADIUS-VMS executables are linked during the
                            installation. Installing RADIUS-VMS on a IA64 produces the IA64
                            executable images and installing it on an Alpha produces the
                            Alpha images.

                              NOTE 2
                            For the first time installation refer to RADIUS-VMS documentation
                            for postinstallation tasks.

                              NOTE 3
                            For start RADIUS-VMS at system boot time you can add into
                            SYS$STARTUP:SYSTARTUP_VMS.COM the follows line:

                            $ @SYS$STARTUP:RADIUSVMS_STARTUP.COM
                            *************************************************************

                           %VMSINSTAL-I-MOVEFILES, Files will now be moved to their target directories...

          2-2

 


                                         RADIUS-VMS installation.





                            Installation of RADIUSVMS V2.0 completed at 03:01

                            VMSINSTAL procedure done at 03:01

          Before first start of RADIUS-VMS server, you need to
          preparing configuration files. If you have not your
          own variant of the RADIUS_DICTIONARY file you can just
          copy RAD_DICTIONARY.TEMPLATE to the RADIUS.DICTIONARY
          file. Also you can use RAD_USERS.TEMPLATE for creating
          your own RADIUS.USERS file, and RAD_CONFIG.TEMPLATE
          for creating a RADIUS.CONFIG file.

          All site specific logicals must be kept in RADIUS_
          LOGICALS.COM, a template for this file is provided
          also.

          Read carefully Chapter 3 for rules of configuration.

          You can add follows line in the your LOGIN.COM (or
          SYS$MANAGER:SYLOGIN.COM), it will define some useful
          RADIUS related commands.

                            $ @radius_dir:radius_commands.com

















                                                              2-3

 








          _______________________________________________________

   3      Configuration & Management.



          This Product Documentation is not a study how RADIUS
          work at all, or how to get started with RADIUS, this
          documentation describes only specific features of
          the server. It will also describes steps which your
          probably need to get for fulfilling a particularly
          task. For beginners and admins, at Livingston's site
          lives good "old" RADIUS Administrator's Guide which
          will help you to get first steps to configuration and
          users management, you can download this manual from
          http://www.livingston.com/tech/docs/pdf/radius.pdf.

          __________________________________________________________________

   3.1    Server logicals.

          There is a number of logicals which are used for
          configuration of the RADIUS-VMS Server, good place
          for its is a RADIUS_LOGICALS.COM.

          RADIUS_DIR             Point to RADIUS's home
                                 directory.

          RADIUS_ACCOUNTING      Point to an accounting file in
                                 VMS ACCOUNTING format, if this
                                 logical is defined as NL: it
                                 will stop writting accounting
                                 records at all.

          RADIUS_DICTIONARY      Point to RADIUS dictionary file.

          RADIUS_CONFIG          Point to RADIUS clients & realms
                                 & homes configuration file.

          RADIUS_USERS           Point to RADIUS users file.

                                                              3-1

 


          Configuration & Management.






          RADIUS_ACCBIN          Starting 2.5x RADIUS-VMS
                                 store an original accounting
                                 information in the binary
                                 file which is supposed to be
                                 processed by RADACC utility to
                                 generating reports.

          Follows logicals must be defined with /SYSTEM and
          /EXECUTIVE_MODE qualifiers.

          RADIUS_DEBUG           Enables a debug output.

          RADIUS_DNS_LOOKUP      Enables a reverse DNS lookup.

          RADIUS_NUMTHREADS      It's a number of accounting
                                 and authentication execution
                                 threads, 3 accounting threads
                                 and 3 authentication threads are
                                 default values. Maximum number
                                 of threads for each "home" is
                                 128.

          RADIUS_OPCOMLVL        This logical definea a minimal
                                 severity level (it's VMS
                                 severity level) of message sent
                                 to OPCOM. Value greater than 4
                                 cause to stop sending to OPCOM
                                 any messages

          RADIUS_SESSIONTMO      Existing of this logical
                                 controling a sending of a
                                 value for the Session-Timeout
                                 attribute which will be added
                                 to an ACK packets during
                                 authentication/authorization
                                 phase.



          3-2

 


                                      Configuration & Management.






          RADIUS_PWD_EXPIRED     If this logical is defined the
                                 RADIUS-VMS checks the SYSUAF's
                                 /FLAG=PWD_EXPIRED, and will
                                 rejects logins if this flag is
                                 set.

          RADIUS_ALLOW_          If this logical is defined
          RECTRICTED             RADIUS-VMS ignores a checking
                                 of SYSUAF's /FLAG=RESTRICED.

          RADIUS_THSTACKSZ       This logical defines a thread
                                 stack size, the default and
                                 minimum size is 48000 bytes.

          RADIUS_SYSLOG          This logical defines a SYSLOG
                                 server host IP address or name
                                 and UDP port number. Format is
                                 "host:port"
          .

          Note:

           Be advised that the packet dump activated by RADIUS_
          DEBUG logical shows a plain-text password.

          __________________________________________________________________

   3.2    Users management.

          RADIUS-VMS use compatible with Livingston RADIUS
          dictionary file as well as the users file format.
          You can keep in the RADIUS_USERS file only one DEFAULT
          entry, other authorization task you can performs in
          SYSUAF or RADIUS databases only. The main attribute
          of authentication and authorization procedures is
          username. Username - is a string in form:

                             [<domain>\]<username>[['%'<suffix>]['@'<realm>]]

                                                              3-3

 


          Configuration & Management.





          See examples:

          ZyzOp%PPP@DeltaTel.RU  It's expected a SYSUAF user
                                 ZyzOp, and assumed that in
                                 RADIUS_USERS file exist entry
                                 with a check item Suffix =
                                 "PPP". For an additional
                                 authorization will be checked
                                 entry for the "DeltaTel.RU"
                                 realm in the RADIUS_CONFIG file.

          C00lZyZop@RadiusVMS.COMIt's expected a SYSUAF user
                                 C00lZyZop. For an additional
                                 authorization it will be checked
                                 entry for the "RadiusVMS.COM"
                                 realm in the RADIUS_CONFIG file.

          SysMan%TELNET          SYSUAF user SysMan, it's
                                 expected that this user want
                                 to automatically open TELNET
                                 session after login at NAS. It's
                                 assumed that in RADIUS_USERS
                                 file exist entry with Check-Item
                                 Suffix = "%TELNET".

          M$SOFT\ZyzOp           User (ZyzOp) from domain M$SOFT,
                                 it's expected that this user
                                 will authenticating against
                                 remote PDC/BDC hosts
          .

          Note:

           You can use wilcards mask in usernames in the RADIUS_
          USERS file.

          During authentication phase of login procedure server
          performs checking follows SYSUAF parameters:

          o  /FLAG=(DISUSER,RESTRICTED,PWDEXPIRED)

          o  /EXPIRATION=time

          o  /NETWORK=range

          3-4

 


                                      Configuration & Management.





          o  /DIALUP=range

          o  /PRIMEDAYS=([NO]day[,...])

          o  /PASSWORD

          o  /FLAG=PWD_EXPIRED

          If login is failed by SYSUAF then an Intrusion
          information is stored for the using at a next time.
          At successful end of login phase "last login: non-
          interactive field" will be updated for this user
          in the SYSUAF. All logins failure are stored in VMS
          AUDIT database, you can use ANALYZE/AUDIT utility for
          searching & retrieving this information.

          Note: There is some natural limitation of parameters
          length:

          username        12 bytes

          password        96 bytes

          suffix          15 bytes

          realm           63 bytes

           Using of usernames with space or tab and other control
          characters is not allowed.

          ___________________________

   3.2.1  SYSUAF based authentication & authorization.

          This feature can be turned on as default for all
          accounts or for a particular account only. For
          activate this features you can use an Auth-Type check
          item which must have value "System". See examples of
          so entry in the RADIUS_USERS file:

                            ...
                            #It's assumed that all users will be authenticate against SYSUAF
                            DEFAULT Auth-Type = System
                            ...

                                                              3-5

 


          Configuration & Management.





          or

                            ...
                             #SYSUAF SysMan will by authenticate against SYSUAF
                            SysMan Auth-Type = System

                            #password for ZyzOp stored in the RADIUS_USERS file
                            ZyZop Password = "Zadnica"

                            # All other logins will be rejected w/o any checking

                            DEFAULT Auth-Type = Reject
                            ...

          You can control an ability of a dial-in login for
          particular user by using /DIALUP option of the
          AUTHORIZE, you can also specify time range for
          additional control of allowed login time. RADIUS-
          VMS use a time range defined by /NETWORK or /DIALUP
          options for computing an allowed session time if
          RADIUS_SESSIONTMO logical is defined. For network
          users you can use /NETWORK SYSUAF's option. A
          difference between Dial-In logins and NETWORK logins
          are defined by presence of NAS-Port-Id and NAS-
          Port-Type attributes in authentication request are
          sent (or are not sent) by NAS or by *nix box (when
          a RADIUS PAM module is used for authentication
          and authorization of local users by RADIUS). Check
          your System Managers utilities guide for additional
          information about of AUTHORIZE utility and SYSUAF
          database. The SYSUAF /EXPIRATION option can be used
          for control of expiration time for particular user.
          The /FLAG=RESTRICTED SYSUAF option is equally to
          /FLAG=DISUSER only for Dial-In users (see synopsis
          of the RADIUS_ALLOW_RECTRICTED logical also).





          3-6

 


                                      Configuration & Management.




          ___________________________

   3.2.2  Accept or Reject all logins without real
          authentication.

          You can use Auth-Type = Accept or Auth-Type =
          Reject to accept all logins without real checking
          username/password pair, or reject any logins
          respectively. See example of entries below:

                            ...
                             #Accept all logins w/o authentication by RADIUS from this NAS
                            DEFAULT1 Auth-Type = Accept, NAS-IP-Address = 172.16.0.35
                             Service-Type = Login-User, Login-Service = Telnet,
                             Login-TCP-Port = 23, Login-IP-Host = StarLet.ZZTop.net

                            ...
                            #
                             #Accept all logins w/o authentication by RADIUS from this RADIUS/NAS server
                            #
                            DEFAULT2 Auth-Type = Accept, Client-IP = 172.16.0.35
                             Service-Type = Login-User, Login-Service = Telnet,
                             Login-TCP-Port = 23, Login-IP-Host = StarLet.ZZTop.net

                            ...
                            #
                             # A special default entry for a SIP Express Router/SER
                            #
                            mobile Client-IP = 172.16.0.133, Auth-Type = Digest, Password = "kalamala"
                             Sip-Rpid = "222"

                            #Reject all other logins by default
                            DEFAULT  Auth-Type = Reject
                            ...

          ___________________________

   3.2.3  Realms based policy.

          This feature give an ability to implement
          authentication and authorization policy based on a
          realm coming in the request with username. You can
          perform an additional authorization of realm by right
          id(s) in RADIUS_CONFIG file.

                                                              3-7

 


          Configuration & Management.





          Follows example of entry in the RADIUS_USERS file:

                            ...
                            !++
                            !
                            ! It assumed that all users with "@zz.top" will be authenticate against SYSUAF,
                            ! by default all users can have 33 sessions at the one time
                            !--

                            DEFAULT1 Auth-Type = System, Auth-Realm = "zz.top"
                                    Service-Type = Framed-User,
                                    Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.253,
                                    Framed-Netmask = 255.255.255.255, Framed-MTU = 1500

                            ! All other users
                            DEFAULT Auth-Type = System

          ___________________________

   3.2.4  VMS Right Id based policy.

          This feature gives an ability to implement
          authentication and authorization policy based on a
          VMS right id. The VMS right id is used as the check
          item in the RADIUS_USERS file.

          Follows example of entry in the RADIUS_USERS file:

                            ...
                            #Follows entry for the users with NET$MANAGE right id is granted
                            #in RIGHT list

                            DEFAULT1 Auth-Type = System, Right-Id = "NET$MANAGE"
                                    Service-Type = Framed-User,
                                    Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.253,
                                    Framed-Netmask = 255.255.255.255, Framed-MTU = 1500

                            DEFAULT2 Auth-Type = System, Right-Id = "NET$MANAGE", Right-Id = "NET$SECURITY"
                                    Service-Type = Framed-User,
                             Class = "xstop: R PORN I",
                                    Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.253,
                                    Framed-Netmask = 255.255.255.255, Framed-MTU = 1500

          3-8

 


                                      Configuration & Management.





                            #All other users
                            DEFAULT Auth-Type = System

          ___________________________

   3.2.5  Authenticaion on LANMAN or Windows NT domains.

          RADIUS-VMS can use users database on LANMAN or Windows
          NT hosts to performs authentication of dialup users.
          This is implemented by using NETBIOS over TCP/IP
          protocol described in RFC(s) 1001/1002 and are
          widely used by SAMBA package (www.samba.org). As an
          authentication host you can use:

          o  OpenVMS PathWorks 6.x or later

          o  OpenVMS Advanced Server 7.x

          o  SAMBA server

          o  IBM OS/2 LAN Manager 2.x

          o  Windows NT Server (3.51,4.0), PDC/BDC or standalone
             server

          Rules of configuration: in the RADIUS_CONFIG file you
          need to add a domain definition entry which use to
          find a authentication host for a particulary domain.












                                                              3-9

 


          Configuration & Management.





                            !++
                            !
                            ! define domain <domain_name> -
                            !   /dc_host=<ip_name_or_address> -
                            !   /bdc_host=<ip_name_or_address>
                            !
                            !-

                            !
                            ! Follows entry for users from M$SFOT Windows NT domain
                            !
                            !
                             define domain M$SOFT -
                              /DC_HOST=pdc.zztop.net
                              /BDC_HOST=bdc.zztop.net
                            !
                            ! Follows entry for users from domain BSOD
                            !
                             define domain BSOD -
                              /DC_HOST=172.16.0.3

          In the RADIUS_USERS file you need to define special
          entries for these domains, see example of entries in
          the RADIUS_USERS file (note that wildcards characters
          can be used):

                            M$SOFT\*_%%% Auth-Type = Domain
                            ...

                            M$SOFT\* Auth-Type = Domain, Auth-Realm = "zztop.net"
                            ...

                            BSOD\cc_%%% Auth-Type = Domain, Suffix = "%telnet"

                            ...
                            BSOD\*  Auth-Type = Domain

          Note: The RADIUS-VMS don't support a CHAP or MS CHAP
          authentication of domain users. The RADIUS-VMS can't
          perform a checking of users's group on domain.

          3-10

 


                                      Configuration & Management.




          __________________________________________________________________

   3.3    Clients management.

          RADIUS_CONFIG file must contains the entry for
          every NAS and for every Remote RADIUS Server (see
          Section 3.5 clause) which will interoperate with your
          RADIUS. An every entry consist by NAS or Remote RADIUS
          server IP name (or IP address), a shared secret key,
          and optional right id lists. The right id can be used
          for additional authorization of user(s) access to
          particular NAS. If this right id is take place in the
          entry for NAS then user will have access to the this
          NAS if this right id is granted in SYSUAF. Follows the
          syntax of the entry definition and example entry in
          the RADIUS_CONFIG:

                            !++
                            !
                            ! define client <client_name> -
                            !   /secret="<secret_key>"
                            !   /reject_id=( < id list > )
                            !   /accept_id=( < id list > )
                            !   /NAS
                            !   /connection_info=<offset>
                            !   /reject_realm=( <DEFAULT | realm list > )
                            !   /accept_realm=( <DEFAULT | realm list > )
                            !   /group=<group_id>
                            !
                            !-











                                                             3-11

 


          Configuration & Management.




          _______________________________________________________
          Option                 Description
                                 It's a shared secret used
                                 for "encrypting" password
                                 transffered over network between
          SECRET=quoted_string___NAS_and_a_RADIUS_server.________

          REJECT_                This option define a list of
          ID=(id0,id1,...)       rights id which is used for
                                 reject logins for users which
                                 have any right id from this list
                                 in SYSUAF/RIGHTSLIST.

          ACCEPT_                This option define a list of
          ID=(id0,id1,...)       rights id which is used for
                                 accept logins for users which
                                 have any right id from this list
                                 in SYSUAF/RIGHTSLIST.

          NAS                    Treate client as NAS, see also
                                 Clients management clause.

          ACCEPT_                This option allows to server
          REALM=(realm,...)      proxy/forwarding request from
                                 the client for a specified realm
                                 suffix list.

          REJECT_                This option define a list of
          REALM=(realm,...)      realms rejected for logins at
                                 the client.

          GROUP=number           This parameter allow to grouping
                                 clients, see using of Client-
          _______________________Group-Id_check_item.____________

                            define client NAS.SomeWhere.NET -
                              /secret="01234567" -
                              /accept_id=(nas$_access,mx_mail_access)



          3-12

 


                                      Configuration & Management.





                            define client NEWS.ZZtop.NET -
                              /secret="01234567" -
                              /accept_id=(nas$_access,mx_mail_access,ftp_out)
                           !
                           ! Follow entry for my good old DEC Server 90M
                           !
                            define client TSrv.ZZtop.NET -
                              /secret="01234567" -
                              /accept_id=(nas$_access,mx_mail_access,ftp_out)
                              /NAS

                           !
                           ! Allow logins only for specified realm suffix
                           !
                            define client AS3640.ZZtop.NET -
                              /secret="01234567" -
                              /accept_realm=(DEFAULT, SkyLink.SPb.RU)

                           !
                           ! Reject logins with specified realm suffixes and allow all other
                           !
                            define client PDSN.ZZtop.NET -
                              /secret="01234567" -
                              /reject_realm=(SkyLink.MSK.RU, BelCel.BY)

                           !
                           !
                           ! My NAS send connection info in the form:
                           ! Connect-Info = "Mo.1.9.2.1.6     46667 28800 DYNAMIC PPP  CHAP V90     LAPM    V42BIS "
                           !                |------------^
                           ! 14 is the offset to the first space of the speed of connection parameter
                           !
                           !
                            define client TSrv.ZZtop.NET -
                              /secret="01234567" -
                              /accept_id=(nas$_access,mx_mail_access,ftp_out)
                              /NAS -
                              /connection_info=14


                                                             3-13

 


          Configuration & Management.





                           !
                           ! Our partners: MCC AAA, coupling all AAA into the single group with id = 73
                           !

                           define  client  aaa1.zz.ru        /secret="secret"/nonas/group=73
                           define  client  aaa2.zz.ru        /secret="secret"/nonas/group=73
                           define  client  aaa3.zz.ru        /secret="secret"/nonas/group=73

                           !
                           ! Delta Telecom/SkyLink PDSN, RNC, coupling it into the single group with id = 1
                           !

                           define  client  pdsn1.d-t.ru        /secret="secret"/nonas/group=1
                           define  client  pdsn2.d-t.ru        /secret="secret"/nonas/group=1
                           define  client  pdsn-ev-1x-1.d-t.ru /secret="secret"/nonas/group=1
                           define  client  pdsn-ev-1x-2.d-t.ru /secret="secret"/nonas/group=1
                           define  client  pdsn-ev-do-1.d-t.ru /secret="secret"/nonas/group=2
                           define  client  rnc-1.d-t.ru     /secret="secret"/nonas/group=2

          Follows example of using group and Client-Group-Id
          check item for entries in the RADIUS_USERS file:

                            ...
                            #
                            # Enrty for MCC logins
                            #

                            mobile Auth-Type = Accept, Client-Group-Id = 73
                                    Service-Type = Framed-User,
                                    Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.253,
                                    Framed-Netmask = 255.255.255.255

                            default_ev1x Auth-Type = Accept, Client-Group-Id = 1
                                    Service-Type = Framed-User,
                                    Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.253,
                                    Framed-Netmask = 255.255.255.255

                            default_evdo Auth-Type = A12, Client-Group-Id = 2
                                    Service-Type = Framed-User,
                                    Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.253,
                                    Framed-Netmask = 255.255.255.255

          Note:

          3-14

 


                                      Configuration & Management.





           A maximum number of identifiers for reject or accept
          qualifiers can't be more than 15.

          __________________________________________________________________

   3.4    Realms management.

          A RADIUS_CONFIG file must contains entry for each
          realm which must be processed during authorization
          of users. It consist realm name, optionally right
          id lists, remote radius authentication server IP
          name and UDP port, remote radius accounting server
          and UDP port, optional account name field. The right
          id (if any) can be used for authorization of local
          users by the same manner as was described in the
          Clients management clause. Account name field can
          be used when it need to consolidate all accounting
          information for particular realm account, which can
          be associated with partners for example. For provide
          accounting information it can be used /ACCOUNT option
          of the VMS ACCOUNTING utility (refer to System Manager
          utilities for information about of producing reports
          with VMS ACCOUNTING utility). See syntax of the entry
          definition and example of entries below:
















                                                             3-15

 


          Configuration & Management.





                            !++
                            ! define realm default|<realm_name> -
                            !   /IMSI -
                            !   /reject_id=( < id list > )
                            !   /accept_id=( < id list > )
                            !   /auth_host="<ip_name_or_address>:<port>"
                            !   /acct_host="<ip_name_or_address>:<port>"
                            !   /bauth_host="<ip_name_or_address>:<port>"
                            !   /bacct_host="<ip_name_or_address>:<port>"
                            !   /account=<account>
                            !
                            !-

          _______________________________________________________
          Option_________________Description_____________________

          REJECT_                This option define a list of
          ID=(id0,id1,...)       rights id which is used for
                                 reject logins for users which
                                 have any right id from this list
                                 in SYSUAF/RIGHTSLIST.

          ACCEPT_                This option define a list of
          ID=(id0,id1,...)       rights id which is used for
                                 accept logins for users which
                                 have any right id from this list
                                 in SYSUAF/RIGHTSLIST.

          AUTH_HOST=quoted_      Define a remote RADIUS server IP
          string                 address and UDP port to forward
                                 authentication requests.

          ACCT_HOST=quoted_      Define a remote RADIUS server IP
          string                 address and UDP port to forward
                                 accounting requests.

          AUTH_HOST=quoted_      Define a backup remote RADIUS
          string                 server IP address and UDP
                                 port to forward authentication
                                 requests.

          3-16

 


                                      Configuration & Management.




          _______________________________________________________
          Option_________________Description_____________________

          ACCT_HOST=quoted_      Define a backup remote RADIUS
          string                 server IP address and UDP port
                                 to forward accounting requests.

          ACCOUNT                Define a account name for
                                 storing accounting information
                                 for a realm in the local
                                 database (RADIUS_ACCOUNTING).

          IMSI                   Defines a realm name as an IMSI
          _______________________prefix._________________________

                            define realm news.zz.top -
                              /reject_id=(mx_mail_access,ftp_inc) -
                              /accept_id=(news_access)
                            !
                            !All request for this realm will be forwarded, all
                            !accounting information will be accumulated on
                            !account named "SYSMAN"
                            !

                            define realm zz2.top -
                              /auth_host="dtv3:1645" -
                              /acct_host="dtv4:1646" -
                              /account=sysman

                            !
                            ! Forward all authentication request of Moscow Cell. Company roamers
                            ! to MCC's home RADIUS.
                            !
                            define realm 25014 /IMSI -
                              /auth_host="radius.mcc.ru:1645" -
                              /acct_host="radius.mcc.ru:1646" -
                              /account=MCC




                                                             3-17

 


          Configuration & Management.





                            !
                            ! Romanian ZAPP subscribers
                            !
                            define realm 22604 /IMSI -
                              /auth_host="radius.zapp.ro:1645" -
                              /acct_host="radius.zapp.ro:1646" -
                              /account=ZAPP

                            !
                            ! The First Russian mobile operator, Delta Telecom JSC, IMT-MC-450 (CDMA2000)
                            !
                            define realm 25009 /IMSI -
                              /auth_host="StarLet.DeltaTelecom.RU:1645" -
                              /acct_host="StarLet.DeltaTelecom.RU:1646" -
                              /account=DELTATEL

                            !
                            !Forward all request from users which have not a realm suffix in username,
                            !allow to have two concurrent sessions for an user fro this realm.
                            !
                            define realm default -
                              /auth_host="dtv3:1812" -
                              /acct_host="dtv4:1813" -
                              /bauth_host="StarLet:1645" -
                              /bacct_host="StarLet.ZZTop.NET:1646" -
                              /account=sysman

          Note:

           An every remote RADIUS server host must be described
          as a client in the RADIUS_CONFIG file (see Section 3.3
          clause)

           A realm name DEFAULT can be used when you need to
          involve a realm processing for users logins which have
          not a realm suffix in username.




          3-18

 


                                      Configuration & Management.




          __________________________________________________________________

   3.5    Proxy/Forwarding capabilities.

          RADIUS-VMS can act as a PROXY server which performs
          a transparent forwarding of requests from NAS(s) to
          Remote RADIUS Server and of answers from Remote RADIUS
          Server(s) to NAS. It give an ability to implement a
          Internet global roaming concept. RADIUS-VMS Server
          use the Proxy-State attribute for keeping a special
          information which is attached to all forwarded
          requests. An attached information is removed from
          the packet when a request is returned back. RADIUS-
          VMS remove only own Proxy-State attributes, all other
          Proxy-State attributes rest in the packet w/o any
          changes or reordering. The Proxy/Forwarding capability
          is a built-in functionality of the RADIUS-VMS. Use
          the RADIUS_CONFIG file entries for PROXY/FORWARDING
          management.

          RADIUS-VMS shares a work load between primaries and
          backups authentication/authorization and accounting
          remote RADIUS(es) by maintaning some kind of "load
          factor" for RADIUS hosts defined for the realm. This
          "load factor" is computed as difference between sent
          and received requests. RADIUS-VMS selects a host with
          smallest "load factor".

          Note:

           Remote RADIUS server must be fully RFC2138 compliant.

           Keep in your mind that current implementation of
          the forwarding in the RADIUS-VMS can't performs
          any validation of the values which returned in the
          answer packets, it's mean that if in an answer packet
          contains a static IP address in Frammed-IP-Address
          attribute it can cause the problem with routing.



                                                             3-19

 


          Configuration & Management.




          __________________________________________________________________

   3.6    MultiHome configuration

          RADIUS-VMS can support additional (secondary) ip
          addresses have bound to the primary physical inerface.
          For example, under PSC TCPWare-TCP 5.4-3 you can add
          secondary interface:

                            $ netcu start/ip psd-0 172.16.0.45 255.255.0.0 ewa-0

          In RADIUS_CONFIG file you must add definition of the
          additional "home" for get it available for processing
          of requests coming to the this address. For an every
          "home" RADIUS-VMS start how many threads how many
          is defined by RADIUS_NUMTHREADS logical. Follows are
          syntax and examples of definitons:

                            !++
                            !
                            ! define home <ip_name_or_ip_address> -
                            !  /auth_port=<port_number> -
                            !  /acct_port=<port_number> -
                            !  /receive_buffer_size=<receive_buffer_size_in_bytes>
                            !
                            !-

          _______________________________________________________
          Option_________________Description_____________________

          AUTH_PORT              Define an UDP port number for
                                 the home used for receiving
                                 authentication requests.

          ACCT_PORT              Define an UDP port number for
                                 the home used for receiving
                                 accounting requests.

          RECEIVE_BUFFER_SIZE    Define a receive buffer size
                                 for every network device linked
                                 with the IP address and the UDP
                                 ports. A maximum values for the
          _______________________buffer_is_65535_bytes___________

          3-20

 


                                      Configuration & Management.





                            define home 172.16.0.45 -
                             /auth_port=1645 -
                             /acct_port=1646

                            define home 172.16.0.44 -
                             /auth_port=1812

                            define home 172.16.0.45 -
                             /acct_port=1813 -
                             /receive_buffer_size=16384

          Note:

           The maximum number of homes is 8, including default
          home.

























                                                             3-21

 








          _______________________________________________________

   4      RADIUS-VMS control.



          You can use RADCP utility for control by RADIUS-VMS
          server, follows an explanation and syntax of the RADCP
          command.

          _______________________________________________________
          RADCP_command__________Description_____________________

          HELP                   Help on RADCP utility commands.

          SHUTDOWN               This command SHUTDOWN server.

          RESET                  This command force reopening
                                 RADIUS_USERS,RADIUS_ACCOUNTING,
                                 , RADIUS_ACCBIN files.

          RESTART                This option request full restart
                                 of RADIUS-VMS server.

          /NODE=(node,...)       Sending command to RADIUS-VMS
                                 server on the specified node(s).

          /CLUSTER               It performs notifying all
                                 servers on a cluster.

          LOOP                   Performs a sending of test auth-
          _______________________request.________________________

          Example:

                            $ radcp shutdown
                            ...
                            $ radcp reset/cluster


                                                              4-1

 








          _______________________________________________________

   5      Accounting.



          RADIUS-VMS provide accounting in two formats, the
          first one is the traditional VMS ACCOUNTING format,
          and the second one is the traditional .DETAIL format
          which was inherited from Livingston RADIUS server.
          Starting 2.5x the accounting in .DETAIL format is
          not provided anymore, you can use RADACC utility to
          generating the .DETAIL format files.

          Note:

           Don't forget that under some circumstance duplicates
          can take place in the both accounting files.

          Examples of the accounting record for user session
          follows:

                            $ acc radius_accounting/id=32015396/full

                                     NETWORK Process Termination
                                     ---------------------------
                                     Username: CC_RRL                         UIC: [PUBLIC,CC_RRL]
                                     Account:                 Finish time: 29-JAN-1999 00:02:23.94
                                     Process ID: 32015396      Start time: 28-JAN-1999 23:56:58.94
                                     Owner ID:                         Elapsed time: 0 00:05:25.00
                                     Terminal name: ISDN             Processor time: 0 00:00:00.00
                                     Remote node addr:                                 Priority: 0
                                     Remote node name:                 Privilege <31-00>: 00000000
                                     Remote ID:                        Privilege <63-32>: 00000000
                                     Remote full name: modem106.somewhere.net
                                     Queue entry: 18                   Final status code: 00000001
                                     Queue name: nas806.somewhere.net
                                     Job name: PPP
                                     Final status text: %SYSTEM-S-NORMAL, normal successful completion

                                                              5-1

 


          Accounting.





                                     Page faults: 38400                             Direct IO: 404
                                     Page fault reads: 0                          Buffered IO: 363
                                     Peak working set: 0                        Volumes mounted: 0
                                     Peak page file: 0                          Images executed: 0

          Follows an original set of attributes.

                            ...
                           Fri Jan 29 00:02:23 1999
                                     Acct-Session-Id = "32015396"
                                     User-Name = "CC_RRL"
                                     NAS-IP-Address = 172.16.1.30
                                     NAS-Port = 18
                                     NAS-Port-Type = ISDN
                                     Acct-Status-Type = Stop
                                     Acct-Session-Time = 325
                                     Acct-Authentic = RADIUS
                                     Acct-Input-Octets = 404
                                     Acct-Output-Octets = 363
                                     Acct-Terminate-Cause = User-Request
                                     Connection-Info = "38400/V42bis"
                                     Vendor-Specific = 307
                                     Service-Type = Framed-User
                                     Framed-Protocol = PPP
                                     Framed-IP-Address = 172.17.1.32
                                     Acct-Delay-Time = 0
                                     Timestamp = 917589743

          In the follows table it presented fields equivalence
          and source of the information, you can producing
          reports by VMS ACCOUNTING utility, or by using
          DEC DATATRIEVE (see RADIUS_ACCOUNTING.DTR) report
          generator.

          _______________________________________________________
          RADIUS_ACCOUNTING______RADIUS_DETAIL___________________

          Username               User-Name

          Account (from SYSUAF
          or RADIUS_REALMS)

          5-2

 


                                                      Accounting.




          _______________________________________________________
          RADIUS_ACCOUNTING______RADIUS_DETAIL___________________

          UIC (from SYSUAF)

          Process ID             Acct-Session-Id

          Page faults            Connection-Speed

          Direct IO              Acct-Input-Octets

          Buffered IO            Acct-Output-Octets

          Remote full name       Framed-IP-Address or Login-Host

          Queue entry            NAS-Port

          Queue name             Client name from RADIUS_CONFIG

          Job name               Framed-Protocol or Login-Service

          Finish time            Date of record

          Start time             Computed as Date of record -
                                 Acct-Session-Time - Acct-Delay-
                                 Time

          Final_status_code______Acct-Termination-Cause__________

          Note:

           Session with zero elapsed time will be recorded
          in ACCOUNTING as a login attempt failed. Use
          /TYPE=LOGFAIL an ACCOUNTING option for selecting these
          records.

          __________________________________________________________________

   5.1    A RADIUS-VMS Accounting utility - RADACC.EXE

          Starting RADIUS-VMS version 2.5B the RADIUS_DETAIL
          file is not generating anymore, instead of this
          all accounting information is stored in a binary
          format into the RADIUS_ACCBIN file. The binary
          format get an ability to speed-up processing of
          accounting information as well as increasing RADIUS-
          VMS throughput. Follows RADACC utility options
          descriptions:

                                                              5-3

 


          Accounting.




          _______________________________________________________
          RADACC_option_________________Description______________

          /SINCE[=time]                 Selects all records time-
                                        stamped at or after the
                                        specified time.

          /BEFORE[=time]                Selects all records
                                        time-stamped before the
                                        specified time.

          /ALL                          Shows all attributes of
                                        selected records.

          /CLIENT_IP_ADRESS=<ip_        Selects all records
          address_list>                 for specified client
                                        IP address.

          /STRIP_REALM=<realm_list>     Strips specified realms
                                        from usernames.

          /OUTPUT[=filespec]            Specifies the output
                                        file.

          /APPEND                       Appends selected records
                                        to existen file.

          /CLID=<Calling Id>            Select recordds with
                                        specified Calling Id.

          /FORMAT=<CSL|TRADITIONAL>     Select comma-separated
                                        list or traditional
          ______________________________format.__________________








          5-4

 








          _______________________________________________________

   6      An additional information and appendixes.





































                                                              6-1

 








          _______________________________________________________

   A      RADIUS-VMS Messaging & Troubleshooting.



          RADIUS-VMS provide a lot of diagnostic messages which
          help to admins to performs management & maintenance
          task.



       RADIUS-I-main_CMD_SHUT,  MAIN:Shutdown is requested.

          Severity: INFORMATIONAL

          Explanation: Informational message.

          User Action: None.

       RADIUS-I-main_CMD_RSET,  MAIN:Reset is requested.

          Severity: INFORMATIONAL

          Explanation: Informational message.

          User Action: None.

       RADIUS-I-main_CMD_RSTA,  MAIN:Full restart is requested.

          Severity: INFORMATIONAL

          Explanation: Informational message.

          User Action: None.

       RADIUS-I-main_NETOPEN,  MAIN:Started listener on ip
                               address !AZ/udp port !UW

          Severity: INFORMATIONAL

          Explanation: Informational message.

          User Action: None.

                                                              A-1

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-I-main_VERSION,  MAIN:!AZ/!AZ Server, Was built at
                               !AZ

          Severity: INFORMATIONAL

          Explanation: Informational message.

          User Action: None.

       RADIUS-I-main_NTFSTS,  Command (!XL) has been sent to !AS
                              (!XL),status=%x!XL

          Severity: INFORMATIONAL

          Explanation:

          User Action:

       RADIUS-E-main_ERRNETOPEN,  MAIN:Error open network device
                                  with ip address !AZ/udp port
                                  !UW,status=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS at startup time experienced
          problem with network stuff.

          User Action: Ensuring that TCP/IP support installed,
          configured , and started. Check using of this UDP port
          by other application. An additional information can be
          obtained by status code, it's result of $QIO calls.

       RADIUS-E-main_ERREXTINIT,  MAIN:External INIT routine
                                  return status=%x!XL, external
                                  module will be not used

          Severity: ERROR

          Explanation: An external routine from external module
          return error VMS condition code. RADIUS-VMS will call
          othre routines from the external module.

          User Action: Investigate a situation by condition
          code.

          A-2

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-main_ERREXTCLEANUP,  MAIN:External CLEANUP
                                     routine return status=%x!XL

          Severity: ERROR

          Explanation: An external routine from external module
          return error VMS condition code.

          User Action: Investigate a situation by condition
          code.

       RADIUS-E-main_INVNODE,  Invalid node name !AS

          Severity: ERROR

          Explanation: A node name has been specified by the
          /NODE option is invalid or not present in the cluster.

          User Action: Check typos or cluster members by SHOW
          CLUSTER command.

       RADIUS-F-dict_CNTREAD,  DICT:Could not read file RADIUS_
                               DICTIONARY,status=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS can't open RADIUS_DICTIONARY
          file at startup time.

          User Action: Check the RADIUS_DICTIONARY logical, also
          check out a reason by examination of the status code.
          RADIUS-VMS can't work w/o RADIUS_DICTIONARY file.

       RADIUS-F-dict_INSFMEM,  DICT:Ran out of memory after
                               reading line !UL,status=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS experienced a memory
          allocation problem, it possible a quota problem for
          this process.

          User Action: Check out SYSGEN's PQL group of
          parameters. An additional information can be obtained
          from VMS ACCOUNTING by ACC /SINCE/IMAGE=RADIUS_

                                                              A-3

 


          RADIUS-VMS Messaging & Troubleshooting.





          SERVER.EXE. The status code is a result of calling
          lib$get_vm().

       RADIUS-E-dict_INVATTR,  DICT:Invalid attribute on line !UL

          Severity: ERROR

          Explanation: RADIUS-VMS during startup time performs
          parsing of the RADIUS_DICTIONARY file, load it into
          memory for fastest access.

          User Action: Check RADIUS_DICTIONARY file at line
          showed in the error message.

       RADIUS-E-dict_INVVENDOR,  DICT:Invalid vendor attribute on
                                 line !UL

          Severity: ERROR

          Explanation: RADIUS-VMS during startup time performs
          parsing of the RADIUS_DICTIONARY file, load it into
          memory for fastest access.

          User Action: Check RADIUS_DICTIONARY file at line
          showed in the error message, restart RADIUS-VMS
          server.

       RADIUS-E-dict_VNTOOLONG,  DICT:Vendor name is too long on
                                 line !UL

          Severity: ERROR

          Explanation: Name of VENDOR can't be more 31
          characters of length.

          User Action: Revise RADIUS_DICTIONARY file and reduce
          length of the vendor name, or use reduced form for the
          vendor.


          A-4

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-dict_ATOOLONG,  DICT:Attribute name too long on
                                line !UL

          Severity: ERROR

          Explanation: Name of ATTRIBUTE can't be more 31
          characters of length.

          User Action: Revise RADIUS_DICTIONARY file and reduce
          length of the attribute name, or use reduced form for
          the attribute name. For example: ATTRIBUTE Speed_of_
          Async_connections_at_DECServer_90M ... can be change
          to: ATTRIBUTE SpeedDS90M ...

       RADIUS-E-dict_VNNODIGIT,  DICT:Vendor attribute has not a
                                 numeric value on line !UL

          Severity: ERROR

          Explanation: RADIUS-VMS can't interpret given value
          as numeric. Any VENDOR attribute in RADIUS_DICTIONARY
          file must be represented by numeric value.

          User Action: Check out VENDOR entry at line number
          is showed in error message; use decimal notation for
          value.

       RADIUS-E-dict_ANODIGIT,  DICT:Attribute has not a numeric
                                value on line !UL

          Severity: ERROR

          Explanation: RADIUS-VMS can't interpret given value as
          numeric. Any ATTRIBUTE in RADIUS_DICTIONARY file must
          be represented by numeric value.

          User Action: Check out ATTRIBUTE entry at line number
          is showed in error message; use decimal notation for
          value.

                                                              A-5

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-dict_INVALUE,  DICT:Invalid value entry on line
                               !UL

          Severity: ERROR

          Explanation: RADIUS-VMS can't interpret the VALUE
          definition in the RADIUS_DICTIONARY file.

          User Action: A VALUE entry must contains 4 fields,
          check out syntax for entry at line number showed in
          error message.

       RADIUS-E-dict_VTOOLONG,  DICT:Value name is too long on
                                line !UL

          Severity: ERROR

          Explanation: VALUE entry parsing problem. Name of
          VALUE can't be more 31 characters of length.

          User Action: Revise RADIUS_DICTIONARY file and reduce
          length of the value name, or use reduced form for the
          value name.

       RADIUS-E-dict_VNONDIGIT,  DICT:Value has non-numeric value
                                 on line !UL

          Severity: ERROR

          Explanation: VALUE entry parsing problem. Any VALUE
          entry in RADIUS_DICTIONARY file must be represented by
          numeric value.

          User Action: Check out VALUE entry at line number
          showed in error message; use decimal notation for
          value.




          A-6

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-dict_NOVENDOR,  DICT:VENDOR '!AZ' not found, bad
                                ATTRIBUTE line !UL

          Severity: ERROR

          Explanation: A VENDOR specific ATTRIBUTE entry in
          RADIUS_DICTIONARY file must be placed after related
          VENDOR entry.

          User Action: Examine dictionary file at line number
          showed in error message. Put the ATTRIBUTE entry after
          related VENDOR entry in the RADIUS_DICTIONARY file.

       RADIUS-E-dict_NOATTR,  DICT:Attribute '!AZ' not found, bad
                              VALUE line !UL

          Severity: ERROR

          Explanation: A VALUE entry in RADIUS_DICTIONARY file
          must be placed after related ATTRIBUTE entry.

          User Action: Examine dictionary file at line number
          showed in error message. Put the VALUE entry after
          related ATTRIBUTE entry in the RADIUS_DICTIONARY file.

       RADIUS-E-user_ZERONAME,  USER:Zero length username has
                                been rejected

          Severity: ERROR

          Explanation: Incoming authentication request not
          contains username, or length of the username string
          is zero. Commonly, it's user's typos.

          User Action: Contact user, and check user input for
          correctness. Also it can be of a remote RADIUS server
          problem in case a roaming user.



                                                              A-7

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-user_CNTPARSE,  USER:Unable to parse check-items
                                '!AZ' for user '!AD'

          Severity: ERROR

          Explanation: RADIUS-VMS server can't parse Check-Item
          data from RADIUS_USERS file during processing have
          gotten an authentication request. It can be of result
          of typos in RADIUS_USERS; also RADIUS_DICTIONARY file
          may not contains ATTRIBUTE entry for this Check-Item.

          User Action: Check that all ATTRIBUTE(s) which are
          used in the RADIUS_USERS file has been defined in the
          RADIUS_DICTIONARY file. Also check case of ATTRIBUTE
          items in the RADIUS_USERS file. After any corrections
          you need to restart RADIUS-VMS server.

       RADIUS-E-user_ERRPARSE,  USER:Unable to parse reply-items
                                '!AZ' for user '!AD'

          Severity: ERROR

          Explanation: RADIUS-VMS server can't parse Reply-Item
          data from RADIUS_USERS file during processing have
          gotten an authentication request. It can be of result
          of typos in RADIUS_USERS; also RADIUS_DICTIONARY file
          may not contains ATTRIBUTE entry for this Reply-Item.

          User Action: Check that all ATTRIBUTE(s) which are
          used in the RADIUS_USERS file has been defined in the
          RADIUS_DICTIONARY file. Also check case of ATTRIBUTE
          items in the RADIUS_USERS file. After any corrections
          you need to restart RADIUS-VMS server.

       RADIUS-E-user_INSFMEM,  USER:Ran out of
                               memory,status=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS experienced a memory
          allocation problem, it possible a quota problem for
          this process.

          User Action: Check out SYSGEN's PQL group of

          A-8

 


                         RADIUS-VMS Messaging & Troubleshooting.





          parameters. An additional information can be obtained
          from VMS ACCOUNTING by ACC /SINCE/IMAGE=RADIUS_
          SERVER.EXE.

       RADIUS-E-user_BADTIME,  USER:Can't parse date format
                               '!AZ',status=%x!XL

          Severity: ERROR

          Explanation: Check out date format, date must present
          in VMS specification. An additional information can
          be obtained from status code, it's result of $BINTIM
          system service.

          User Action: Study of a VMS date & time format by HELP
          Specify Date_Time.

       RADIUS-F-user_CNTOPEN,  USER:Could not open RADIUS_USERS
                               file, status=%x!XL, stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS could not open RADIUS_USERS
          file.

          User Action: Investigate a reason by examination of
          status and stv codes, it's result of the RMS's $OPEN
          calls. After corrections you need restart RADIUS-VMS
          server.

       RADIUS-F-user_CNTOPENS,  USER:Could not open RADIUS_
                                USERS file stream, status=%x!XL,
                                stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS could not open stream to
          RADIUS_USERS file.

          User Action: Investigate a reason by examination
          of status and stv codes, it's result of the RMS's
          $CONNECT calls.

                                                              A-9

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-F-user_CNTREAD,  USER:Could not read RADIUS_USERS
                               file, status=%x!XL, stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS experienced an error during
          read from RADIUS_USERS file, investigate a reason by
          examination of status and stv codes, it's result of
          the RMS' $GET calls.

          User Action: Check access mode of the account runing
          the RADUS-VMS.

       RADIUS-F-acct_ERRTHREAD,  ACCT:Could not create thread
                                 #!UL,errno=!AZ

          Severity: FATAL

          Explanation: RADIUS-VMS could not create a thread
          for accounting requests, errno string provides an
          additional information about of reason.

          User Action: You can increase quotas for the process,
          or reducing a number of threads (see purpose of the
          RADIUS_NUMTHREADS logicals).

       RADIUS-F-acct_NETIOERR,  ACCT:Network I/O
                                error,status=%x!XL

          Severity: FATAL

          Explanation: A network I/O error is occurred in an
          accounting thread, investigate a reason by examination
          of the status code, it's result of the $QIO system
          calls.

          User Action: Check using of this UDP port by other
          programs on the same node.


          A-10

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-F-acct_BCNTOPEN,  ACCT:Could not open RADIUS_ACCBIN
                                file, status=%x!XL, stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS's could not open RADIUS_ACCBIN
          file, investigate a reason by examination of status
          code, it's result of the RMS $OPEN calls. RADIUS-VMS
          will continue work after this error.

          User Action: Check an accessibility of the file
          pointed by RADIUS_ACCBIN file.

       RADIUS-F-acct_ERRPUTBIN,  ACCT:Can't write detail record
                                 status=%x!XL,stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS server can't write a detail
          accounting record to the RADIUS_ACCTBIN file.

          User Action: Investigate a situation with status & stv
          codes, it was a result of $PUT or $FLUSH RMS calls.

       RADIUS-E-acct_ACNTOPEN,  ACCT:Could not open RADIUS_
                                ACCOUNTING file, status=%x!XL,
                                stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS's could not open RADIUS_
          ACCOUNTING file, investigate a reason by examination
          of status code, it's result of the RMS $OPEN calls.
          RADIUS-VMS will continue work after this error.

          User Action: Check an accessibility of the file
          pointed by RADIUS_ACCOUNTING file.



                                                             A-11

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-acct_ACNTOPENS,  ACCT:Could not open stream
                                 to RADIUS_ACCOUNTING file,
                                 status=%x!XL, stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not open stream to
          RADIUS_ACCOUNTING file. RADIUS-VMS will continue work
          after this error.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $CONNECT calls.

       RADIUS-E-acct_BCNTOPENS,  ACCT:Could not open stream
                                 to RADIUS_ACCBIN file,
                                 status=%x!XL, stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not open stream to
          RADIUS_ACCBIN file. RADIUS-VMS will continue work
          after this error.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $CONNECT calls.

       RADIUS-E-acct_CCNTREADS,  ACCT:Could not read RADIUS_
                                 CURRENT record,status=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not read a record from
          RADIUS_CURRENT file.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $GET calls.




          A-12

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-acct_ERRPUTDETAL,  ACCT:Can't write detail record
                                   status=%x!XL,stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS server can't write a detail
          accounting record to the RADIUS_DETAIL file.

          User Action: Investigate a situation with status & stv
          codes, it was a result of $PUT or $FLUSH RMS calls.

       RADIUS-E-acct_ERREXTACCT,  ACCT:External ACCOUNTING
                                  routine return status=%x!XL

          Severity: ERROR

          Explanation: An external routine from external module
          return error VMS condition code.

          User Action: Investigate a situation by condition
          code.

       RADIUS-E-acct_UNKNCLNT,  ACCT:Unknown client !AZ
                                (!AZ),ignore request

          Severity: ERROR

          Explanation: RADIUS-VMS got and dropped accounting
          request from client wich had been not defined in a
          RADIUS_CONFIG.

          User Action: Investigate a situation by looking to
          IP address of incoming request, it's possible a setup
          problem at remote site.

       RADIUS-E-acct_CANTDLENTRY,  ACCT:Can't delete entry in
                                   RADIUS_CURRENT for '!AZ' at
                                   !AZ;status=%x!XL,stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS can't delete user's record
          from RADIUS_CURRENT due a some problem.

          User Action: Investigate a status & stv code it's
          result of RMS's $DELETE call.

                                                             A-13

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-acct_CCNTOPEN,  ACCT:Could not open RADIUS_
                                CURRENT file,status=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS's could not open RADIUS_
          CURRENT file.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $OPEN calls.

       RADIUS-W-acct_UNKNREALM,  ACCT:Unknown realm in '!AF',
                                 possible request droping from
                                 !AC

          Severity: WARNING

          Explanation: An username in accounting request
          contains realm suffix has been not defined in the
          RADIUS_CONFIG file.

          User Action: Investigate situation and take
          appropriate actions.

       RADIUS-W-acct_CCNTOPENS,  ACCT:Could not open RADIUS_
                                 CURRENT stream,status=%x!XL

          Severity: WARNING

          Explanation: RADIUS-VMS could not open stream to
          RADIUS_CURRENT file.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $CONNECT calls.

       RADIUS-W-acct_INVAUTH,  ACCT:Client !AC sent request with
                               invalid digest

          Severity: WARNING

          Explanation: An accounting request is contains an
          invalid digest.

          User Action: Check out a shared secret in the RADIUS_
          CONFIG file and on the NAS for matching. In some case

          A-14

 


                         RADIUS-VMS Messaging & Troubleshooting.





          wrong digest is result of using old NAS(s) like DEC
          Server 90M or USR Total Control.

       RADIUS-W-acct_NOENTRY,  ACCT:No entry in RADIUS_CURRENT
                               for '!AZ' at !AZ

          Severity: WARNING

          Explanation: RADIUS-VMS tried to delete user's record
          from the RADIUS_CURRENT file, after user logout.

          User Action: It's can be result of the network or
          performance problem.

       RADIUS-W-acct_BUSYENTRY,  ACCT:Can't delete entry in
                                 RADIUS_CURRENT for '!AZ' at
                                 !AZ;there is user = '!AD'

          Severity: WARNING

          Explanation: RADIUS-VMS don't delete user's record if
          in a RADIUS_CURRENT exist a record with other username
          with the same NAS/Port pair.

          User Action: None.

       RADIUS-W-acct_CNTENTRY,  ACCT:Error write entry in
                                RADIUS_CURRENT for '!AD' at !AD,
                                status=%x!XL, stv=%x!XL

          Severity: WARNING

          Explanation: RADIUS-VMS can't write status record to
          the RADIUS_CURRENT file.

          User Action: Investigate a reason by examination of
          status and stv codes, it's a result of the RMS's $PUT
          calls. Check access to the RADIUS_CURRENT file by
          custom applications. Stop RADIUS-VMS, delete RADIUS_
          CURRENT file, and restart RADIUS-VMS.

                                                             A-15

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-W-acct_NOUSERNM,  ACCT:Request from client !AC
                                contains no user name

          Severity: WARNING

          Explanation: Incoming accounting request has not an
          username. Or length of the username string is zero.
          Commonly, it's user's typos.

          User Action: Contact user for ensuring that user input
          right value for username.

       RADIUS-F-recv_INSFMEM,  RECV:Ran out of
                               memory,status=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS can't processing incoming
          request due problem with memory allocation.

          User Action: Investigate a reason by examination of
          the status code, it's result of the LIB$GET_VM system
          calls. Increase process memory quotas.

       RADIUS-F-recv_TOOSHORT,  RECV:Request from node !AZ:!UW is
                                too short to be real (!UW bytes)

          Severity: FATAL

          Explanation: Request was dropped due consistence
          control.

          User Action: Network problem ? Hacker attack ? Keep
          your eyes open!

       RADIUS-F-recv_INVLEN,  RECV:Request from node !AZ:!UW
                              claimed length !UW, only !UW bytes
                              found

          Severity: FATAL

          Explanation: Request was dropped due consistence
          control.

          User Action: Network problem ? Hacker attack ? Keep
          your eyes open!

          A-16

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-F-recv_ATTRTOLONG,  RECV:Received attribute !UB
                                  from node !AZ:!UW is too long,
                                  length of !UB exceed !UW

          Severity: FATAL

          Explanation: An attribute length is exceed a real data
          length in the buffer or internal limit. A paring is
          stopped and rest of attribute/value pairs will not be
          processed. The packet will be silently droped.

          User Action: Network problem ? Hacker attack ? Keep
          your eyes open!

       RADIUS-F-recv_UNKNTYPE,  RECV:Unknown request code !UB
                                from node !AZ:!UW

          Severity: FATAL

          Explanation: Request was dropped due consistence
          control. Network problem ? Hacker attack ? Keep your
          eyes open!

          User Action: Contact support staff for investigate of
          the reason for this request, ask Radius-VMS support
          group for additional explanation.

       RADIUS-W-recv_INVATTR,  RECV:Received unknown attribute
                               !UL (vendor=!UL) from node
                               !AZ:!UW, attribute is ignored

          Severity: WARNING

          Explanation: RADIUS-VMS received request which
          contains unknown attribute.

          User Action: You can manually add entry for this
          ATTRIBUTE into a RADIUS_DINCTIONARY, or download
          latest dictionary file from a support site. Check
          out docs for your equipment for obtaining correct
          definition of the ATTRIBUTE.

                                                             A-17

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-F-auth_UCNTOPENS,  AUTH:Could not open RADIUS_USERS
                                 stream,status=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS could not open stream to
          RADIUS_USERS file at startup time or during self
          restart of authentication threads.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $CONNECT calls.
          Check process quota, reduce number of threads.

       RADIUS-F-auth_CCNTOPENS,  AUTH:Could not open RADIUS_
                                 CURRENT stream,status=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS could not open stream to
          RADIUS_CURRENT file.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $CONNECT calls.

       RADIUS-F-auth_ERRTHREAD,  AUTH:Could not create thread
                                 #!UL,errno=!AZ

          Severity: FATAL

          Explanation: RADIUS-VMS could not create a thread
          for authentication requests, errno string provides an
          additional information about of reason.

          User Action: You can increase quotas for the process,
          or reducing a number of total threads (see purpose of
          RADIUS_NUMTHREADS logical).




          A-18

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-F-auth_NETIOERR,  AUTH:Network I/O
                                error,status=%x!XL

          Severity: FATAL

          Explanation: A network I/O error is occurred in an
          authentication thread.

          User Action: Investigate a reason by examination of
          the status code, it's result of the $QIO system calls.
          Check using of this UDP port by other programs on the
          same node.

       RADIUS-E-auth_UNDEFDOM,  AUTH:Undefined domain preffix in
                                username '!AF'

          Severity: ERROR

          Explanation: Domain is not defined in RADIUS_CONFIG.

          User Action: Check RADIUS_CONFIG file, add domain
          definition entry.

       RADIUS-E-auth_ERRAUTHDOM,  AUTH:Error authenticate user
                                  '!AF' in domain '!AC'

          Severity: ERROR

          Explanation: Error authenticate a user on DC, it's
          possible a network problem.

          User Action: Investigate a situation with a status
          code, it can be a network problem. Reboot DC, install
          a latest SP, kick ass BG, and reboot again the DC.

       RADIUS-E-auth_NOEXTERN,  AUTH:Can't authenticate, external
                                procedure is not defined

          Severity: ERROR

          Explanation: RADIUS-VMS can't performs authentication
          forced by Auth-Type = Extern in the RADIUS_USERS file.

          User Action: Check RADIUS_USERS file, check RADIUS'
          server log file for possible intialization errors.

                                                             A-19

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-auth_INVREQST,  AUTH:Unknown request type !UB
                                from !AZ (!AZ),request ignored

          Severity: ERROR

          Explanation: RADIUS-VMS received request with code
          which is not supported.

          User Action: Contact Radius-VMS support group.

       RADIUS-E-auth_UNKNCLNT,  AUTH:Unknown client !AZ (!AZ),
                                request ignored

          Severity: ERROR

          Explanation: RADIUS-VMS dropped request from unknown
          client.

          User Action: Investigate situation, add CLIENT entry
          for given in error message IP name/address into the
          RADIUS_CONFIG file, and restart RADIUS-VMS server.

       RADIUS-E-auth_NOUSERNM,  AUTH:Request from !AC
                                (CLID='!AD') is rejected - no
                                user name

          Severity: ERROR

          Explanation: A received request not contains username,
          or username have zero length.

          User Action: None.

       RADIUS-E-auth_BADCHAR,  AUTH:Request from !AC is
                               rejected;bad characters in
                               username '!AF'

          Severity: ERROR

          Explanation: RADIUS-VMS send reject to the client due
          presence in username of invalid characters.

          User Action: Refer to RADIUS-VMS documentaion about of
          allowed characters for username.

          A-20

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-auth_NOPASSW,  AUTH:Request from !AC (CLID='!AD')
                               for '!AD' is rejected;no password
                               or CHAP password is used

          Severity: ERROR

          Explanation: RADIUS-VMS reject any authentication
          request w/o password. It can't performs authentication
          for SYSUAF users by CHAP, because SYSUAF keep one-way
          hashed passwords only.

          User Action: Contact user and ensure that it have
          entered password, take advice do not use CHAP, or add
          entry for this user into the RADIUS_USERS file.

       RADIUS-E-auth_NOACCESS,  AUTH:Request from !AC denied for
                                unknown user '!AZ'

          Severity: ERROR

          Explanation: RADIUS-VMS can't find user in the RADIUS_
          USERS file, and in SYSUAF.

          User Action: Check an existence of the account by
          using the AUTHORIZE utility, remove all spaces and
          tabs before username in a RADIUS_USERS file.

       RADIUS-E-auth_NO56K,  AUTH:Connection speed=!UL;56K access
                             not authorized - connection denied
                             for '!AD'

          Severity: ERROR

          Explanation: User have not authorized high speed dial-
          in access.

          User Action: Refer to RADIUS-VMS docs for using of 56K
          right id.


                                                             A-21

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-auth_NOISDN,  AUTH:Connection type=!UL;ISDN
                              access not authorized - connection
                              denied for '!AD'

          Severity: ERROR

          Explanation: User have not authorized high speed ISDN
          access.

          User Action: Refer to RADIUS-VMS docs for using of
          ISDN right id.

       RADIUS-E-auth_DISAISDN,  AUTH:Analog connection type=!UL
                                denied for '!AD' with ISDN right
                                id

          Severity: ERROR

          Explanation: User with ISDN right id can't use analog
          type of connection.

          User Action: Refer to RADIUS-VMS docs for using of
          ISDN right id.

       RADIUS-E-auth_NOID,  AUTH:Access to NAS !AC is not
                            authorized by !AC;connection denied
                            for '!AD'

          Severity: ERROR

          Explanation: ID showed in error message is required
          for access to showed NAS. These restrictions is
          configured in the RADIUS_CONFIG file.

          User Action: None.

       RADIUS-E-auth_NOBYID,  AUTH:Access to NAS !AC is rejected
                              by !AC;connection denied for '!AD'

          Severity: ERROR

          Explanation: Presence of ID showed in message denied
          access for this user to the NAS.

          User Action: None.

          A-22

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-auth_LIMRATE,  AUTH:Connection rate with !UL is
                               not allowed for '!AD'

          Severity: ERROR

          Explanation: None.

          User Action: None.

       RADIUS-E-auth_NOACCREAL,  AUTH:Login from realm '!AC'
                                 is not authorized by '!AC' for
                                 '!AD'

          Severity: ERROR

          Explanation: None.

       RADIUS-E-auth_NOBYACCREAL,  AUTH:Login from realm '!AC' is
                                   rejected by '!AC' for '!AD'

          Severity: ERROR

          Explanation: None.

          User Action: None.

       RADIUS-E-auth_UNKNREALM,  AUTH:Unknown realm in
                                 '!AF',ignore request from !AC

          Severity: ERROR

          Explanation: In authentication request present realm
          suffix which is not defined in the RADIUS_CONFIG file.
          It's can be user's typos.

          User Action: None.

       RADIUS-E-auth_ILLREALM,  AUTH:Request for user '!AF' is
                                rejected due to realm block for
                                client '!AC'

          Severity: ERROR

          Explanation: In authentication request present realm
          suffix which is not allowed for the client with

                                                             A-23

 


          RADIUS-VMS Messaging & Troubleshooting.





          /ACCEPT_REALM or blocked with /REJECT_REALM.

          User Action: None.

       RADIUS-I-auth_PWDCHNG,  AUTH:Change password request for
                               '!AF'@'!AC', CLID='!AD','!AD'

          Severity: INFORMATIONAL

          Explanation: A request contains a password change
          option.

          User Action: None.

       RADIUS-E-proxy_NOSIG,  PROXY:ACK/REJECT Packet from server
                              '!AC' is ignored;no RADIUS-VMS
                              PROXY-STATE attribute

          Severity: ERROR

          Explanation: RADIUS-VMS drop packets with missing of
          PROXY-STATE attrubutes which has been attached when
          request is forwarded to remote RADIUS server. Remote
          RADIUS server must be fully RFC-compliant.

          User Action: Contact remote RADIUS support
          representative, performs additional testing in DEBUG
          mode.

       RADIUS-E-proxy_BADSIG,  PROXY:ACK/REJECT Packet from
                               server '!AC' is ignored;RADIUS-
                               VMS PROXY-STATE attribute is not
                               valid

          Severity: ERROR

          Explanation: RADIUS-VMS performs additional checking
          for validity of the packets comming from remote RADIUS
          server and drop invalid packets.

          User Action: Contact remote RADIUS support
          representative, performs additional testing in DEBUG
          mode.

          A-24

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-proxy_INVAUTH,  PROXY:Packet from server '!AC'
                                (Id=!UB,Code=!UB) sent with
                                invalid digest

          Severity: ERROR

          Explanation: RADIUS-VMS can't validate digest for
          packets arrived from remote RADIUS.

          User Action: Check out shared secret key for the
          remote RADIUS server, contact remote RADIUS support
          representative.

       RADIUS-E-proxy_UNKNCLNT,  PROXY:Packet for unknown client
                                 !AZ (!AZ,Id=!UB,Code=!UB),
                                 request ignored

          Severity: ERROR

          Explanation: RADIUS-VMS got&drop a packet for unknown
          client, hackers attack?

          User Action: Investigate situation, contact RADIUS-VMS
          support staff.

       RADIUS-E-proxy_LOOP,  PROXY:Can't forward packet from
                             client !AC (Id=!UB,Code=!UB) to
                             itself, request ignored

          Severity: ERROR

          Explanation: RADIUS-VMS prevent to loop packets to
          itself.

          User Action: Check entries in the RADIUS_CONFIG file.

       RADIUS-W-proxy_FWDREQ,  Forwarding REQuest (Id=!UB,Code=!UB,NAI='!AD',CLID='!AD')
                               from !AC to !AC (Realm=!AC,
                               LF=!SW)

          Severity: WARNING

          Explanation: RADIUS-VMS has resent a request to a
          subscriber's 'Home AAA', the 'Home AAA' has been

                                                             A-25

 


          RADIUS-VMS Messaging & Troubleshooting.





          matched by using realm 'domain' suffix or the
          CLID/IMSI prefix.

          User Action: None.

       RADIUS-W-proxy_FWDANS,  Forwarding ANSwer (Id=!UB,Code=!UB,NAI='!AD',CLID='!AD')
                               from !AC (LF=!SW) to !AC

          Severity: WARNING

          Explanation: None.

          User Action: None.

       RADIUS-F-conf_CNTREAD,  CONF:Could not read file RADIUS_
                               CONFIG, status=%x!XL, stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS experienced an error during
          read from RADIUS_CONFIG file, investigate a reason by
          examination of status and stv codes, it's result of
          the RMS $GET calls.

          User Action: Check access mode of custom programs to
          this file.

       RADIUS-F-conf_CNTOPEN,  CONF:Could not open file RADIUS_
                               CONFIG,status=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS could not open RADIUS_CONFIG
          file at startup time.

          User Action: Investigate a reason by examination of
          status and stv codes, it's result of the RMS $OPEN
          calls. After corrections start RADIUS-VMS server.


          A-26

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-conf_NOCLNTENT,  CONF:Server(s) with IP addr
                                 '!AZ' has been not defined as
                                 CLIENT,entry ignored

          Severity: ERROR

          Explanation: Destination remote host for forwared
          request is not defined as CLIENT.

          User Action: Add CLIENT entry into the RADIUS_CONFIG
          file.

       RADIUS-E-conf_INVID,  CONF:Can't translate !AC right id to
                             binary format,status=%x!XL

          Severity: ERROR

          Explanation: Non-existen Right ID take place in
          RADIUS_CONFIG. An additional information can be
          obtained from status code, it's result of $ASCTOID
          system calls.

          User Action: Ensure that this right id present in the
          RIGHTSLIST.DAT file by MCR AUTHORIZE SHOW /ID id. Add
          this right id into the RIGHTSLIST.DAT by MCR AUTHORIZE
          ADD/ID id, and start RADIUS-VMS server.

       RADIUS-E-conf_INVCLNM,  CONF:Client IP name '!AZ' can't be
                               resolved

          Severity: ERROR

          Explanation: RADIUS-VMS can't resolve IP name given in
          CLIENT entry.

          User Action: Check IP name in the RADIUS_CONFIG
          file, check ability to resolve this name by NSLOOKUP
          utility, or replace IP name by IP address.


                                                             A-27

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-conf_NOKEY,  CONF:No secret key present for
                             client '!AC'

          Severity: ERROR

          Explanation: CLIENT entry must containg shared secret
          to performs request processing from/to client.

          User Action: Revise syntax, of CLIENT entries in the
          RADIUS_CONFIG file. Add /SECRET=quoted_string option
          to a CLIENT definition.

       RADIUS-E-conf_INVHOME,  CONF:Invalid IP name/address for
                               home '!AS'

          Severity: ERROR

          Explanation: RADIUS-VMS can't interpret a IP address
          or resolve IP name given in the HOME entry.

          User Action: Check RADIUS_CONFIG file, correct
          problem.

       RADIUS-E-conf_INVDCIP,  CONF:Domain Controller IP name
                               '!AZ' can't be resolved

          Severity: ERROR

          Explanation: RADIUS-VMS can't resolve IP name given in
          DOMAIN entry.

          User Action: Check IP name in the RADIUS_CONFIG
          file, check ability to resolve this name by NSLOOKUP
          utility, don't use an IP address notation because
          RADIUS server generation a NETBISO name by using the
          IP name.




          A-28

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-conf_INVINCL,  CONF:INCLIDE directive is not
                               allowed is in included file

          Severity: ERROR

          Explanation: INCLIDE directive is not allowed is in
          included file, configuration parser will skip this
          directive.

          User Action: Find and remove INCLUDE directive,
          reorganize RADIUS's configuration files.

       RADIUS-E-dom_ERRCONN,  DOM:Unable to connect to '!AC'
                              DC,status=%x!XL.

          Severity: ERROR

          Explanation: RADIUS-VMS can't open TCP-connection
          to SMB server on the DC host defined in the RADIUS_
          CONFIG.

          User Action: Contact remote DC support representative,
          performs additional testing in DEBUG mode.

       RADIUS-E-dom_REJSESSN,  DOM:'!AC' DC rejected the session
                               setup,status=%x!XL.!/SMB specific
                               error = !AZ

          Severity: ERROR

          Explanation: RADIUS-VMS can't open session to SMB
          server on the DC host defined in the RADIUS_CONFIG.

          User Action: Contact remote DC support representative,
          performs additional testing in DEBUG mode.

       RADIUS-E-dom_REJPROTNEG,  DOM:'!AC' DC rejected
                                 the negotiate
                                 protocol,status=%x!XL.!/SMB
                                 specific error = !AZ

          Severity: ERROR

          Explanation: RADIUS-VMS can't negotiate a protocol
          to SMB server on the DC host defined in the RADIUS_

                                                             A-29

 


          RADIUS-VMS Messaging & Troubleshooting.





          CONFIG.

          User Action: Contact remote DC support representative,
          performs additional testing in DEBUG mode.

       RADIUS-E-dom_REJSESSNST,  DOM:'!AC' DC rejected the
                                 session setup,status=%x!XL.!/SMB
                                 specific error = !AZ

          Severity: ERROR

          Explanation: RADIUS-VMS can't negotiate a protocol
          to SMB server on the DC host defined in the RADIUS_
          CONFIG.

          User Action: Contact remote DC support representative,
          performs additional testing in DEBUG mode.

       RADIUS-E-dom_ERRSEND,  DOM:Error send a SMB message to
                              '!AC' DC host,status=%x!XL

          Severity: ERROR

          Explanation: Error sending a packet to the DC.

          User Action: Check matching NETBIOS name and
          Internet name of the DC without a internet domain
          suffix. For example DC internet full domainname -
          sysman.deltatel.ru NETBIOS name must be SYSMAN.

       RADIUS-I-loop_REQ,  Sent REQuest (Code=!UB) ID #!UB to
                           !AZ:!UW

          Severity: INFORMATIONAL

          Explanation:

          User Action:

       RADIUS-I-loop_ANS,  Received ANSwer (Code=!UB) ID #!UB
                           from !AZ:!UW

          Severity: INFORMATIONAL

          Explanation:

          User Action:

          A-30

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-loop_IPMATCH,  IP (!AZ) server in response is not
                               match IP in request (!AZ)

          Severity: ERROR

          Explanation:

          User Action:

       RADIUS-E-loop_PORTMATCH,  Got response from UDP Port
                                 (!UW), expected from UDP Port
                                 !UW

          Severity: ERROR

          Explanation:

          User Action:

       RADIUS-E-loop_IDMATCH,  Got response with ID #!UB,
                               expected ID #!UB

          Severity: ERROR

          Explanation:

          User Action:

       RADIUS-E-loop_TIMEOUT,  Receive timeout (!%T)

          Severity: ERROR

          Explanation:

          User Action:

       RADIUS-E-loop_DIGEST,  Bad digest

          Severity: ERROR

          Explanation:

          User Action:

       RADIUS-S-REQRECV,  Got request ID #!UB, Code = !UB, from
                          !AZ:!UW

          Severity: SUCCESS

                                                             A-31

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-S-REQSENT,  Sent answer ID #!UB, Code = !UB, to
                          !AZ:!UW

          Severity: SUCCESS

       RADIUS-S-AUTHSTATUS,  Request #!UB, Code = !UB, from
                             !AZ:!UW, Username = !AD

          Severity: SUCCESS

       RADIUS-F-db_OPEN,  DB:Could not open RADIUS_DB file,
                          status=%x!XL, stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS's could not open RADIUS_DB
          file, investigate a reason by examination of status
          code, it's result of the RMS $OPEN/$CONNECT calls.
          RADIUS-VMS will continue work after this error.

          User Action: Check an accessibility of the file
          pointed by RADIUS_DB logical.

       RADIUS-F-db_CLOSE,  DB:Error closing RADIUS_DB file,
                           status=%x!XL, stv=%x!XL

          Severity: FATAL

          Explanation: RADIUS-VMS's get error status duting
          closing RADIUS_DB file, investigate a reason by
          examination of status code, it's result of the RMS
          $CLOSE calls. RADIUS-VMS will continue work after this
          error.

          User Action: Check an accessibility of the file
          pointed by RADIUS_DB logical.

       RADIUS-W-db_MISSPWD,  DB:Password attribute is missing in
                             entry at !AS:!UL, Username/NAI='!AC'

          Severity: WARNING

          Explanation: The Password attribute is missing in the
          user's entry.

          User Action: Add the Password field into the entry.

          A-32

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-W-db_AUTHVMS,  DB:SYSUAF flag is enforced for
                             Username/NAI='!AC' (!AS:!UL)

          Severity: WARNING

          Explanation: If user's entry in the source file is
          contains Auth-Type = System and there is not Password
          attribute then SYSUAF flag will be set for user entry.
          It's meant that Authentication/Authorization will be
          performed against VMS SYSUAF. Only PAP can be used for
          VMS's SYSUAF accounts.

          User Action: Add the Password field into the entry.

       RADIUS-E-db_SKIP,  DB:Skip entry at !AS:!UL

          Severity: ERROR

          Explanation: None.

          User Action: None.

       RADIUS-E-db_ERRPARSE,  DB:Unable to parse Check/Reply-
                              Items at !AS:!UL

          Severity: ERROR

          Explanation: RADIUS-VMS server can't parse
          Check/Reply-Item data from file in the RADIUS_USERS
          format during loading record from the plain-text file.
          It can be of result of typos in source file; also
          RADIUS_DICTIONARY file may not contains ATTRIBUTE
          entry for this Check/Reply-Item.

          User Action: Check that all ATTRIBUTE(s) which are
          used in the RADIUS_USERS file has been defined in the
          RADIUS_DICTIONARY file. Also check case of ATTRIBUTE
          items in the RADIUS_USERS file. After any corrections
          you need to restart RADIUS-VMS server.

                                                             A-33

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-db_CNTREAD,  DB:Could not read !AS file,
                             status=%x!XL, stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS experienced an error during
          read from RADIUS_USERS file, investigate a reason by
          examination of status and stv codes, it's result of
          the RMS calls.

          User Action: Check access mode of the account running
          the RADUS-VMS.

       RADIUS-E-db_SAVE,  DB:Could not write record for the
                          '!AC', status=%x!XL, stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not update a record
          for the user in the RADIUS_DB file. RADIUS-VMS will
          continue work after this error.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $PUT calls.

       RADIUS-E-db_GET,  DB:Could not get record for the '!AS'
                         (at '!AS',CLID='!AD'), status=%x!XL,
                         stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not find/get a record
          for the user in the RADIUS_DB file. RADIUS-VMS will
          continue work after this error.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $GET/$FIND calls.



          A-34

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-db_NILCLID,  DB:Calling station id is missing in
                             request for '!AS' (at '!AS')

          Severity: ERROR

          Explanation: RADIUS-VMS cannot performs an
          authentication of a request because the Calling-
          station-Id attribute is missing but required by
          RADDB$V_CLID entry's option.

          User Action: Remove the RADDB$V_CLID from the entry
          record or check an originator of the request.

       RADIUS-E-db_UPD,  DB:Could not update record for the
                         '!AC', status=%x!XL, stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not update a record
          for the user in the RADIUS_DB file. RADIUS-VMS will
          continue work after this error.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $UPDATE calls.

       RADIUS-E-db_NOPWD,  DB:Request for the '!AS' (at
                           '!AS',CLID='!AD') no contains CHAP-
                           Password

          Severity: ERROR

          Explanation: DB authentication cannot be performed
          without CHAP-Password.

          User Action: Check for possible general network
          problem, or intruder/hacker attacks.




                                                             A-35

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-db_DELT,  DB:Could not delete record for the
                          '!AC', status=%x!XL, stv=%x!XL

          Severity: ERROR

          Explanation: RADIUS-VMS could not delete a record
          for the user in the RADIUS_DB file. RADIUS-VMS will
          continue work after this error.

          User Action: Investigate a reason by examination of
          status code, it's result of the RMS $DELETE calls.

       RADIUS-W-db_NOCBA12,  DB:No MN ID(IMSI) has been
                             configured for '!AS' (at
                             '!AS',CLID='!AD',REALM='!AC')

          Severity: WARNING

          Explanation: A Mobile Network Id (IMSI, MN ID)
          must be returned on successful authentication, this
          information should be stored in the profile as value
          of the Callback-Id attribute. An accept of the login
          will be sent.

          User Action: Add a Callback-Id attribute & value pair
          into the user's profile.

       RADIUS-S-db_SUCCESS,  DB:The subscriber '!AS' (at
                             '!AS',CLID='!AD',REALM='!AC') has
                             been authenticated

          Severity: SUCCESS

          Explanation: None.

          User Action: None.

       RADIUS-S-db__LOAD,  DB:!AS, !UL records, entries: total =
                           !UL, skiped = !UL, stored = !UL

          Severity: SUCCESS

          Explanation: None.

          User Action: None.

          A-36

 


                         RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-S-db_ACCEPT,  DB:Accept login for '!AS' (at
                            '!AS',CLID='!AD',REALM='!AC')

          Severity: SUCCESS

       RADIUS-S-db_LOGGED,  DB:'!AS' has been logged (at
                            '!AS',CLID='!AD',REALM='!AC')

          Severity: SUCCESS

       RADIUS-E-db_BADHOUR,  DB:Login at this time has not
                             been authorized for '!AS' (at
                             '!AS',CLID='!AD',REALM='!AC')

          Severity: ERROR

       RADIUS-E-db_REJECT,  DB:Reject login for '!AS' (at
                            '!AS',CLID='!AD',REALM='!AC')

          Severity: ERROR

       RADIUS-E-db_INVPWD,  DB:Wrong CHAP-Password in access-
                            request for the '!AS' (at
                            '!AS',CLID='!AD',REALM='!AC')

          Severity: ERROR

       RADIUS-E-db_DISUSER,  DB:The subscriber '!AS' (at
                             '!AS',CLID='!AD',REALM='!AC') has
                             been disabled

          Severity: ERROR

       RADIUS-E-db_NOIROAM,  DB:International Roaming has
                             not allowed for '!AS' (at
                             '!AS',CLID='!AD',REALM='!AC')

          Severity: ERROR

       RADIUS-E-db_NONROAM,  DB:National Roaming has
                             not allowed for '!AS' (at
                             '!AS',CLID='!AD',REALM='!AC')

          Severity: ERROR

                                                             A-37

 


          RADIUS-VMS Messaging & Troubleshooting.





       RADIUS-E-db_CHAPLEN,  DB:Request for the '!AS' (at '!AS')
                             contains invalid CHAP-Password
                             length(!UL)

          Severity: ERROR

          Explanation: RADIUS-VMS checked that CHAP-Password
          length is invalid, RADIUS-VMS will continue work after
          this error.

          User Action: Check for possible general network
          problem, or intruder/hacker attacks.




























          A-38

 








          _______________________________________________________

   B      Contact information.




          Author:                                    Ruslan R.
                                                     Laishev
                                                     - Lai-
                                                     shev@StarLet.SPb.RU,
                                                     Lai-
                                                     shev@DeltaTelecom.RU

          Phone:                                     Mobile:+7
                                                     (812) 716-
                                                     3222

          Web Site:                                  http://www.StarLet.SPb.RU/RadiusVMS/





















                                                              B-1

 








          _______________________________________________________

   C      RADIUS-VMS files created during installation.



          _______________________________________________________
          File_name_____________________Description______________

          __________________Files_in_RADIUS_DIR:_________________

          [.<VAX|ALPHA>_EXE]RADIUS_     RADIUS-VMS Server.
          SERVER.EXE

          [.<VAX|ALPHA>_EXE]RADCP.EXE   RADIUS Control Program.

          [.<VAX|ALPHA>_EXE]RADIUS_     RADIUS VMS Sharaeable
          SHR.EXE                       Image.

          [.<VAX|ALPHA>_                RADIUS-VMS Accounting
          EXE]RADACC.EXE                utility.

          [.UTILS]PMAS_RADIUS.C         Authentication module for
                                        PMAS.

          [.UTILS]PMAS_RADIUS_          Authentication module for
          STARTUP.COM                   PMAS startup procedure.

          [.UTILS]RADIUS_               DEC DATATRIEVE
          ACCOUNTING.DTR                definitions.

          [.UTILS]RADIUS_               A Rdb/VMS Record
          ACCOUNTING.RRD                Definition file.

          [.UTILS]RADIUS_               A Rdb/VMS Script for
          ACCOUNTING.RDB_SQL            initial creating a
                                        database.

          [.UTILS]RAD_EXT_AUTH.C        An example of external
                                        authorization module.

          [.UTILS]RAD_EXT_ACCT.C        An example of external
                                        accounting module.

                                                              C-1

 


          RADIUS-VMS files created during installation.




          _______________________________________________________
          File_name_____________________Description______________

          __________________Files_in_RADIUS_DIR:_________________

          [.UTILS]RAD_EXT_AUTH2ORA.*    An example of external
                                        authorization module
                                        which work with Oracle
                                        Server.

          [.UTILS]RAD_EXT_ACCT2ORA.*    An example of external
                                        accounting module which
                                        work with Oracle Server.

          [.UTILS]VOIP_AUTH.TCL         An example of TCL
                                        (version 1.0) procedure
                                        for Cisco VoIP platforms
                                        to implementing
                                        authentication of
                                        subscribers against
                                        RADIUS Server database.

          RADIUS_STARTUP.COM            A RADIUS-VMS main startup
                                        procedure.

          RADIUS_COMMANDS.COM           A RADIUS-VMS commands
                                        definitions.

          [.TEMPLATES]RAD_*.TEMPLATE    Templates RADIUS.USERS,RADIUS.CONFIG,
                                        RADIUS.DICTIONARY,RADIUS_
                                        LOGICALS.COM.

          [.DOCS]RADIUS_DOC.TXT         Documentation in TEXT
                                        format.

          [.DOCS]RADIUS_DOC.DECW*       Documentation in
                                        DECWindows BookReader
                                        format.

          [.DOCS]RADIUS_DOC*.HTML       Documentation in HTML
                                        format.

          [.DOCS]RADIUS_                RADIUS-VMS HELP/MESSAGE
          MSG.MSGHLP$DATA               Library.

          [.DOCS]RAD_CP_HELP.HLB        RADCP utility help
                                        library.

          C-2

 


                    RADIUS-VMS files created during installation.




          _______________________________________________________
          File_name_____________________Description______________

          _________________Files_in_SYS$STARTUP:_________________

          RADIUSVMS_STARTUP.COM         RADIUS-VMS Startup
                                        procedure.

          RADIUSVMS_SHUTDOWN.COM        RADIUS-VMS Shutdown
          ______________________________procedure._______________































                                                              C-3

 








          _______________________________________________________

   D      RADIUS-VMS Modification history.



                           **       4-OCT-1999     RRL     Version 2.0.31 which performs a session limit
                           **                              check per client basis.
                           **       2-NOV-1999     RRL     Version 2.0.32, added aditional key for
                           **                              using with conjuction with MX for real-
          time
                           **                              relay allowed checking for roaming users.
                           **       6-DEC-
          1999     RRL     Version 2.0.33 -
          internal release, added login time timestamp
                           **                              in the RADIUS_
          CURRENT file.
                           **       6-DEC-
          1999     RRL     Version 2.0.34
                           **       6-
          DEC-1999     RRL     Add RADIUS_
          OPCOMLVL logical name, which control
                           **                              by severity level of message sending to OPCOM
                           **      20-DEC-
          1999     RRL     Add multiHOME support.
                           **      19-JAN-2000     RRL     Fixed problem with threads cancelation.
                           **      24-JAN-
          2000     RRL     Version 2.0.35
                           **       1-FEB-
          2000     RRL     Version 2.0.36
                           **      11-FEB-
          2000     RRL     Add external AAA callouts support.
                           **      21-MAR-
          2000     RRL     Add RADIUS_SESSIONTMO.
                           **      21-FEB-
          2000     RRL     Version 2.0.37
                           **      27-FEB-
          2000     RRL     Version 2.10 (VSA support)
                           **       5-APR-

                                                              D-1

 


          RADIUS-VMS Modification history.





          2000     RRL     Version 2.11 (RADCP)
                           **       7-APR-
          2000     RRL     Move RADCP to RAD_CP.C
                           **      24-APR-
          2000     RRL     Version 2.12
                           **      17-MAY-
          2000     RRL     Version 2.13
                           **      15-JUN-
          2000     RRL     Version 2.14
                           **      18-JUN-
          2000     RRL     Fix for using TCPIP$INET_HOSTADDR
                           **      15-JUN-
          2000     RRL     Version 2.15, SYSUAF password change
                           **       5-AUG-
          2000     RRL     Increased a thread stack size.
                           **       5-AUG-
          2000     RRL     Version 2.16
                           **      12-AUG-
          2000     RRL     Version 2.17, maintenace update.
                           **      27-AUG-2000     RRL     Version 2.3, NT Domain authentication.
                           **       6-SEP-
          2000     RRL     /FLAG=PWD_EXPIRED
                           **      18-SEP-
          2000     RRL     Version 2.31,/FLAG=PWD_EXPIRED.
                           **      21-SEP-
          2000     RRL     Version 2.32,maintenace update.
                           **      30-SEP-2000     RRL     Version 2.33,no case sensivity wild cards comparing,
                           **                              global buffering option for RADIUS_
          USERS.
                           **       2-NOV-
          2000     RRL     Version 2.34,RADIUS_ALLOW_RECTRICTED
                           **      10-NOV-
          2000     RRL     Version 2.35
                           **      23-NOV-2000     RRL     Version 2.36, realm checking in the RADIUS_
          CURRENT file.
                           **       6-JAN-
          2001     RRL     Version 2.4 - USR VSA support.
                           **      16-JAN-
          2001     RRL     Fixed a problem with SS$_DUPLNAME.
                           **      18-FEB-

          D-2

 


                                 RADIUS-VMS Modification history.





          2001     RRL     Version 2.4, release.
                           **      19-MAR-2001     RRL     Version 2.4A, cosmetic changes for an external accounting.
                           **      30-MAR-2001     RRL     Version 2.4B, disable file I/O operations if RADIUS_
          ACCCOUNTING
                           **                              file cannot be oppened.
                           **      11-APR-
          2001     RRL     Version 2.4C, fixed bug in the put_
          attribute() and incorrect truncation of the
                           **                              AVP list in reply.
                           **       4-AUG-2001     RRL     Added a specfic handling of an USR VSA to provide a speed of
                           **                              connection authorization and accounting.
                           **      28-DEC-
          2001     RRL     Some fixes in the RAD_ACCT.C
                           **      11-JAN-
          2002     RRL     Some fixes in the RAD_UTIL.C
                           **      18-JAN-
          2002     RRL     Version 2.5A, added Ascend IP-
          filters support.
                           **      28-FEB-2002     RRL     Version 2.5B, all configuration logicals must be defined with
                           **                              /SYSTEM/EXEC.
                           **      20-MAR-2002     RRL     Added an additional checking of used buffers.
                           **       5-JUN-
          2002     RRL     Some optimization:update last-
          login date after accept is sent.
                           **      11-JUN-
          2002     RRL     Some other optimization.
                           **       9-AUG-
          2002     RRL     Added backup host for realms support.
                           **       2-SEP-2002     RRL     Version 2.6A, Added IMSI realms support.
                           **      13-NOV-2002     RRL     Version 2.6B, fixed problem with threads exit, it cause
                           **                              a hunging server in HIB state.
                           **      20-JAN-2003     RRL     Version 2.6C, Some changes of the threads cancelation.
                           **      19-FEB-2003     RRL     Version 2.6D, Fixed a bug with reseting of the server.
                           **      14-MAR-
          2003     RRL     Version 2.6E, RESET & RESTART -
          > RESTART.
                           **      17-MAR-
          2003     RRL     Version 2.7, Now it's just full-
          function version.
                           **       4-JUN-

                                                              D-3

 


          RADIUS-VMS Modification history.





          2003     RRL     Version 2.7A, Now Client-
          Id is a special non-protocol attribute.
                           **      18-AUG-
          2003     RRL     Version 2.7B, fixed bug in the RAD_
          UTIL.C.
                           **      30-SEP-
          2003     RRL     Version 2.7C, added Auth-
          Type = Digest support.
                           **      23-OCT-
          2003     RRL     Version 2.7D, added client's /ACCEPT_
          REALM and /REJECT_REALM options.
                           **       6-NOV-2003     RRL     Version 2.7E, restore RESET functionality.
                           **      25-NOV-2003     RRL     Version 2.7G, backup/proxy/forwarding.
                           **      12-FEB-2003     RRL     Version 2.7H, Calling Station Id = IMSI.
                           **      16-FEB-
          2004     RRL     Version 2.7I, Added loging to SYSLOG
                           **      19-FEB-
          2004     RRL     Version 2.7I, Added RADIUS_
          THSTACKSZ logicals.
                           **      31-MAY-2004     RRL     Version 2.7K, Added INCLUDE directive in the
                           **                              RADIUS_
          CONFIG file syntax.
                           **      26-AUG-2004     RRL     Version 3.0A, Removed RAD$DUALPORT, RAD$56K, RAD$ISDN rights id
                           **                              and corresp. code.
                           **       1-OCT-
          2004     RRL     Version 3.0B, Added Calling-Station-
          Id to responses to help Cisco CSG
                           **                              tracks users' session.
                           **      13-APR-
          2005     RRL     Version 3.1A, Added A12 support.
                           **      20-MAY-2004     RRL     Version 3.1B, Added Client Group ID handling









          D-4
