Hello Dennis.
On Sep 9, 11:30am, Dennis Khaw wrote:
> Subject: (RADIATOR) Radius Attributes
> Hi Everyone,
>
> Here's the setup. Our service provider has our users dialing in to
> their modem pool and authenticating through a Radiator server on our
> domain. They are running a radius server known as Merit and they send
> radius attributes to our Radiator server on our Solaris Box using Authby
> Unix.
OK.
>
> Here's the problem. Testing phase seems ok but when we have lots of
> users conecting, we sometimes have users calling in more than once to
> authenticate, even though the radiator logfiles say that the first
> attempts are accepted.
>
> Looking at the radiator logfile, we realize the problem. On each
> authetication, the Merit radius server sends over 10 attributes like
> Proxy-Action, NAS-IP-Address, NAS-Port ,Called-Station-Id, etc to our
> Radiator server, but our Radiator server only sends back 3 attributes to
> Merit server.
That is normal.
> Apparently, the Merit server needs vital attributes like
> the NAS port and ip address otherwise it seems to occasionally fail the
> authehtication.
Hmmm, Im not convinced thats the problem. I would not normally expect things
like NAS-Port ,Called-Station-Id etc to be returned in reply packet. And in any
case, if Merit insisted on those being in the reply (which I know it does not)
then I would expect it to fail every time, not just sometimes.
>
> NOW for the question.. (Sorry I am so long winded), how I could get
> radiator to return back all the attributes that the merit server sends
> over? Would AddToReply be the solution and if so, could anyone suggest
> an example?
Yes thats possible with AddToReply, with something like:
AddToReply NAS-Port=%{NAS-Port},\
Called-Station-Id=%{Called-Station-Id}
etc.
But I seriously think that wont fix the problem.
I am more inclined to think the problem lies upstream in their Merit server or
in the network.
You may need to work with your upstream provider to check their Merit server
logs and see if you can get any clues from there.
Hope that helps.
Cheers.
>
> Please advise..
>
> Thanks
>
> Dennis
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Dennis Khaw
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
