Hello Ricardo,
On Jul 20, 9:54am, Ricardo Kustner wrote:
> Subject: (RADIATOR) 2.14 breaks my cfg ?
> Hi,
>
> first, i had to add a line to strip something from the default realm to have
it
> working for those accounts....
At 2.14, we fixed a problem with Defaultrealm which previously didnt work for
Handlers, just Realms.
> however, when i install 2.14 with the cfg which
> worked fine with 2.13, some realms don't seem to work correctly... the users
> get authenticated (Trace 4 doesn't show anything weird) but somehow the
> connections aren't working correctly... i think it could be something wrong
> with the AddToReply's i use...
> i don't want to post my complete cfg since there's too much sensitive
> information in it, so i'll try to show some parts of the cfg which i think
may
> be the ones causing trouble... I have one default realm, which looks up users
> in the mysql database and if it doesnt find them, the requests are proxied to
> radiusd on a different server which uses the /etc/passwd overthere. There's
> also one other realm that sets the Ascend-Data-Filter's to make sure the
> accounts can only make a connections through port 25... and two other realms
> which we use for seperate mysql user databases.
> At the top of the cfg i have this :
> RewriteUsername s/^(B.*)/$1\@bsmtp/
> which means every account starting with 'B' will be converted to
Baccount@bsmtp
> and thus be handled by the bsmtp realm (will this still work with 2.14?).
>
> The bsmtp realm has the following AddToReply:
>
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR from \
> SUBSCRIBERS where USERNAME='%n' and DISABLED = 0
>
> AddToReply Ascend-Data-Filter = "ip out forward", \
> Ascend-Data-Filter = "ip in forward icmp", \
> Ascend-Data-Filter = "ip in forward udp", \
> Ascend-Data-Filter = "ip in forward tcp est", \
> Ascend-Data-Filter = "ip in forward dstip 10.1.2.3/24 tcp", \
> Ascend-Data-Filter = "ip out forward tcp srcport = smtp", \
> Ascend-Data-Filter = "ip out forward tcp dstport = smtp", \
> Ascend-Data-Filter = "ip in forward tcp srcport = smtp", \
> Ascend-Data-Filter = "ip in forward tcp dstport = smtp", \
> Ascend-Data-Filter = "ip out forward tcp srcport = 110", \
> Ascend-Data-Filter = "ip out forward tcp dstport = 110", \
> Ascend-Data-Filter = "ip in forward tcp srcport = 110", \
> Ascend-Data-Filter = "ip in forward tcp dstport = 110"
>
> (actually i'm thinking about cleaning this up by using Filter's inside
> our ascend-max but i didnt get those darn things to work like they should...
> does any1 have some examples/info?)
Those filters all seem to parse and get replied as they should. I cant see any
other problems with your setup. I think you will have to post some more
information.
Cheers.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
