1998/10/22 RADIUS for Windows NT 2.01b14 Open Beta Note Lucent Remote Access RADIUS for Windows NT 2.01b14 is available for open beta for Microsoft Windows NT 4.0 servers or workstations to any customer owning a PortMaster(R). If you have any questions regarding RADIUS NT 2.01b14, please contact Lucent Remote Access Technical Support. Contents New Features Bugs Fixed How Accounting Database Logging Works Limitations Requirements for Installation Downloading and Installing Contacting Technical Support New Features Lucent RADIUS for Windows NT 2.01b14 includes the following features: Open Database Connectivity (ODBC) Support The accounting start and stop records received by RADIUS can be captured to an ODBC data source. Configure this feature from the Accounting tab in the RADIUS Options dialog box. You can customize the data source for the accounting records. NOTE! For Lucent RADIUS for Windows NT to work properly, the latest Microsoft Data Access Components 2.0 must be used. This package includes the updated ODBC administration drivers and is available from the Microsoft website. See "Requirements for Installation." You can log accounting information to an alternate database, such as Oracle, MS SQL Server, MS Excel, MS Exchange Server, or any other ODBC-compliant DBMS. To do so, you create a table composed of columns, with names corresponding to the attribute names used in the detail files. The utility program raddbutil.exe (from the RADIUS Control Panel, select Tools->Datasource Table Copy Utility) duplicates the selected table schema from any ODBC data source to a new data source. You can use this utility to create a customized target ODBC data source for accounting records. Configurable UDP Port You can change the RADIUS authentication UDP port from the default RADIUS port number of 1645. Enter a different port number in the Ports tab in the RADIUS Options dialog box. The RADIUS accounting UDP port defaults to the authentication UDP port + 1. Support for Encrypted Passwords The Crypt-Password check item is now supported in the users file. Configurable Queue Size You can change the RADIUS server queue size from the default queue size of 100. Enter a different queue size in the Queue tab in the RADIUS Options dialog box. You should do this only if instructed to do so by Lucent Technical Support. Configurable Queue Timeout You can change the server queue timeout from the default timeout of 30 seconds. This has no effect on the RADIUS client timeout. Enter a different timeout value in seconds in the Timeout tab in the RADIUS Options dialog box. You should do this only if instructed to do so by Lucent Technical Support. Other Changes Disabled the automatic database compact on RADIUS startup. In non-singlethreaded mode, accounting packets trigger a new thread to be spawned to handle the processing of the accounting packet. Removed mfc42.dll and msvcrt.dll from install program. Bugs Fixed Logging is enabled only if requested by the administrator. As a diagnosis aid, symbols have been added to drw logs. Safeguards against memory leaks have been added. Control of multiple threads accessing memory has been fixed. Limitations * The uninstall program removes files only from the default directory, C:\Winnt\system32\drivers\etc\raddb. If you run RADIUS in a different location, then you must remove those files manually when you install a new version of RADIUS for Windows NT. * RADIUS for Windows NT 2.0.1 conforms to the following NT convention: - Usernames are case-insensitive. - Passwords are case-sensitive. If you have an entry in the users file that uses a local password, the username must be entered in exactly the same case as it appears in the users file, or the user cannot be authenticated. However, if an entry in the users file has Auth-Type = System as a check item, then this user can be authenticated regardless of the case used when the username is entered. * Radlogin2.exe (select Tools->Authentication Test Utility from the RADIUS Control Panel) does not simulate accounting packets normally sent from a PortMaster. * RADIUS for Windows NT does not compact or compress either the RADIUSDS or RADACCTDS data sources. The RADACCTDS data source must be compacted, archived, or both on a regular basis. The RADACCTDS data source must also be either emptied or replaced on a regular basis. To compact the data source, perform the following steps: 1. From the Windows NT Start Menu, select Start->Settings->Control Panel->ODBC. 2. Select RADACCTDS in the browser of the User DSN tab. 3. Click Configure.... 4. Click Compact.... 5. Click OK. 6. Click OK. How Accounting Database Logging Works You can enable or disable Accounting Database logging. The Microsoft Access database file radacct.mdb is created when RADIUS is installed. radacct.mdb contains the table Accounting Log which is composed of table columns. Each table column name corresponds to the attribute names contained in the accounting detail file. For information on which attribute names appear in the accounting detail file, refer to http://www.livingston.com/tech/docs/radius/guide/7account.html The data source defaults to RADACCTDS. RADACCTDS is created when RADIUS is installed. RADACCTDS refers to the actual Access database radacct.mdb. To avoid misconfiguration, the RADACCTDS data source is rebuilt if necessary when RADIUS is started. For more information, see the context-sensitive help linked to the Accounting tab in the RADIUS Options dialog box. Requirements for Installation Lucent RADIUS for Windows NT will not work properly unless you first do the following: 1. Install Service Pack 3 on your Microsoft Windows NT host. 2. Install Microsoft MDAC 2.0 Redistribution on your Microsoft Windows NT host. First read the information presented at http://www.microsoft.com/data/mdac2.htm. Then download the Microsoft Data Access Components 2.0 Redistribution for x86 (typical setup) from http://www.microsoft.com/data/download2.htm. 3. Uninstall any earlier version of Lucent RADIUS for Windows NT from your Microsoft Windows NT host. The uninstall program of RADIUS for Windows NT 2.0.1b14 removes the radius.mdb database file C:\Winnt\system32\drivers\etc\raddb. The RADIUS for Windows NT 2.0.1b14 install program provides an up-to-date radsvc.ini file in the C:\Winnt directory by overwriting the previously installed file. 4. To install and run RADIUS for Windows NT 2.01b14, you must log in to your NT server or workstation as an Administrator with the following User Rights: * Act as part of the operating system * Increase quotas * Replace a process level token If you start the RADIUS service and any of these User Rights are not configured for the Administrator account, an alert dialog box displays the User Rights that you must configure before you can start the RADIUS service. Downloading and Installing The default installation path for RADIUS for Windows NT is C:\winnt\system32\drivers\etc\raddb. To download RADIUS for Windows NT 2.01b14, enter the following: ftp ftp.livingston.com (Enter anonymous.) (Enter your e-mail address; it will not echo.) binary cd /pub/le/software/pc/beta get radiusnt.exe get radiusnt.txt To install RADIUS for Windows NT 2.01b14, perform the following steps: 1. Enter radiusnt.exe at the DOS prompt or double-click on the radiusnt.exe file in the Windows NT Explorer. The self-extracting file generates the setup files for RADIUS for Windows NT. 2. Enter setup.exe at the DOS prompt or double-click on the setup.exe file in the Windows NT Explorer. The setup program then guides you through the installation of RADIUS for Windows NT. 3. You can edit the RADIUS users, clients, and dictionary files by selecting the desired file from the Edit menu on the RADIUS control panel. You can view the RADIUS log file by selecting it in the View menu on the RADIUS control panel. ________________________________________________________________________ Copyright and Trademarks Copyright 1998 Lucent Technologies. All rights reserved. PortMaster, ComOS, and ChoiceNet are registered trademarks of Lucent Technologies, Inc. RADIUS ABM, PMVision, and IRX are trademarks of Lucent Technologies, Inc. All other marks are the property of their respective owners. Notices Lucent Technologies, Inc. makes no representations or warranties with respect to the contents or use of this publication, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Lucent Technologies., Inc. reserves the right to revise this publication and to make changes to its content, any time, without obligation to notify any person or entity of such revisions or changes. Contacting Technical Support Lucent Technologies Remote Access Business Unit (previously Livingston Enterprises) provides technical support via voice, fax, electronic mail, or through the World Wide Web at http://www.livingston.com/. Please specify that you are running RADIUS for Windows NT 2.01b14 when reporting problems with this release. Internet service providers (ISPs) and other end users in Europe, the Middle East, Africa, India, and Pakistan should contact their authorized Lucent Remote Access sales channel partner for technical support; see http://www.livingston.com/International/EMEA/distributors.html. For North and South America and Asia Pacific customers, technical support is available Monday through Friday from 7 a.m. to 5 p.m. U.S. Pacific Time (GMT -8). Dial 1-800-458-9966 within the United States (including Alaska and Hawaii), Canada, and the Caribbean, or 1-925-737-2100 from elsewhere, for voice support. Otherwise, fax to 1-925-737-2110, or send email to support@livingston.com (asia-support@livingston.com for Asia Pacific customers).