Hello!
I have managed to solve my problem. After doing what you mentioned in your
email, I also need to add in one more set of identical DEFAULT entries but
making use of Service-Type = Login User instead of Frame User as the check item.
There is nothing wrong with the config of my Ascend MAX 4060.
Thanks alot for your assistance!
Quoting Hugh Irvine <[EMAIL PROTECTED]>:
>
> Hello Chen -
>
> > > >
> > > > I am very new to Radiator and encountered this funny problem and is
> > > > wondering if anyone can help me with it. I am using Radiator-2.14.1 .
> > > >
> > > > Basically, I have an Ascend MAX 4060 which allows users to dialin in
> and
> > > > access the Internet via PPP. Windows95 users have no problem dialing
> in
> > > > via the dialup networking BUT users who manually dialin and then type
> PPP
> > > > at the ascend% prompt after they have logined are given this message
> :-
> > > >
> > > > Requested Service is Not Authorized!
> > > >
> > > > I used to have no problems when using Radius-2.x .
> > > >
> > >
> > > Which Radius is this?
> >
> > Radius-2.0.1 from Livingston.
> >
> > > > Here is my corresponding /etc/raddb/defuser file which I included
> from my
> > > > radius.cfg :-
> > > >
> > > > DEFAULT Service-Type = Framed-User
> > > > Framed-Protocol = PPP,
> > > > Framed-IP-Netmask = 255.255.255.0,
> > > > Framed-Routing = None,
> > > > Framed-MTU = 1500,
> > > > Framed-Compression = Van-Jacobson-TCP-IP
> > > >
> > >
> > > I notice in your DEFAULT user above that the only Check item is
> > >
> > > Service-Type = Framed-User
> > >
> > > This will never match a command line request from the NAS. Also note
> that
> > > many
> >
> > Hmm... if I am making use of the authentication to a MySQL database, what
> should
> > I put in my "defuser" file for the DEFAULT entry? Auth-Type=SQL ?
> >
> > What should be the "normal" and necessary stuff that I should put in my
> defuser
> > file?
> >
> > > NAS's (Cisco's notably) also require a Reply item of
> > >
> > > Service-Type = Framed-User
> > >
> > > in addition to the rest of the Reply items.
> > >
> > >
> > > > And here is my radius.cfg :-
> > > >
> > > > Foreground
> > > > LogStdout
> > > > DbDir /etc/raddb
> > > >
> > > > <ClientListSQL>
> > > > DBSource xxxxxx
> > > > DBUsername xxxxxx
> > > > DBAuth xxxxxx
> > > > </ClientListSQL>
> > > >
> > > > <Log SQL>
> > > > DBSource xxxxxx
> > > > DBUsername xxxxxx
> > > > DBAuth xxxxxx
> > > > </Log>
> > > >
> > > > <Realm DEFAULT>
> > > > MaxSessions 1
> > > > <AuthBy SQL>
> > > > # Adjust DBSource, DBUsername, DBAuth to suit your DB
> > > > DBSource xxxxxx
> > > > DBUsername xxxxxx
> > > > DBAuth xxxxxx
> > > > AuthColumnDef 0, Encrypted-Password, check
> > > > # You may want to tailor these for your ACCOUNTING table
> > > > AccountingTable ACCOUNTING
> > > > AcctColumnDef USERNAME,User-Name
> > > > AcctColumnDef TIME_STAMP,Timestamp,integer
> > > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > > > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > > > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > > > AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > > > AcctColumnDef NASPORT,NAS-Port,integer
> > > > AcctColumnDef FRAMEDIPADDRESS,Framed-Address
> > > > </AuthBy>
> > > > <AuthBy FILE>
> > > > Filename /etc/raddb/defuser
> > > > </AuthBy>
> > > > </Realm>
> > > >
> > >
> > > I also notice in your <Realm DEFAULT> that you do not have an
> AuthByPolicy
> > > declaration - this means that you will never execute the <AuthBy FILE>.
> >
> > I added in AuthByPolicy ContinueWhileAccept in <Realm DEFAULT> but I
> still
> > cannot get to start ppp from the ascend% prompt. "Auto login" under Win95
> works
> > just as fine but this time round, I cannot even get to the ascend% prompt
> with
> > me being prompted Access Denied after I keyed in my username and
> password.
> >
> > The same goes for when I added in "Identifier System" into my <Authby
> SQL> and
> > then used Auth-Type=System in my defuser file. The above situation occurs
> with
> > the user not being able to login manually.
> >
> > Any clues?
>
> I think we should take a look at your problem from the beginning, as I am
> not
> clear on how you wish to operate Radiator. Could you tell me what
> information
> you wish to keep in your SQL database? And what other information you
> require?
> Also what different types of users you have and what they are allowed to
> do?
>
> I will be able to answer your questions much more directly with the above
> information.
>
> thanks
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
>
====================================================================
___ ___ _ _
/ __)/ __)( \/ ) Chen Shiyuan H/P : 96802564
( (__ \__ \ \ / [EMAIL PROTECTED] P/G : 92231871
\___)(___/ (__) Network Administrator Hwa Chong Junior College
====================================================================
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
