Hi,
i'm testing radiator to handle authentication for users with different
reply attributes. the debug file shows that radiator was able to
identify the right attributes but somehow it failed to set/send to the
NAS. no routes were being set for this particular user despite the
"Framed-Route" being specified.
BTW, the NAS are still responding to the existing Radius we are using
and like i have mentioned, i can't still get it to work with Radiator.
i must have missed something here. i really appreciate any help i can
get.
TIA.
[snip]
Code: Access-Accept
Identifier: 195
Authentic: m-!9QAiqquYuUUAU
Attributes:
Framed-Address = 208.142.165.60
Framed-Netmask = 255.255.255.255
Framed-Route = "202.78.93.240/28 208.142.165.60 1"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = None
[/snip]
below is the config file and debug info on trace 4.
<Handler Realm="skyinet.net">
AcctLogFileName /blahblah/detail
AuthByPolicy ContinueWhileReject
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/[A-Z]/[a-z]/
<AuthBy SQL>
DBSource dbi:mysql:AAA:host
DBUsername User
DBAuth Passwd
AuthSelect select r.PASS_WORD, \
r.MAXLOGINS, IF(d.NAS_ID,d.NAS_ID, '%{NAS-Identifier}'), \
IF(d.NAS_PORT,d.NAS_PORT,'%{NAS-Port}'), \
d.FRAMED_ADDRESS,
IF(d.FRAMED_NETMASK,d.FRAMED_NETMASK,'255.255.255.255'), \
d.FRAMED_ROUTE from RADUSERS r, DDUEXTENSION d \
where r.USERNAME='%n' and d.USERNAME=r.USERNAME
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Simultaneous-Use, check
AuthColumnDef 2, NAS-Identifier, check
AuthColumnDef 3, NAS-Port, check
AuthColumnDef 4, Framed-Address, reply
AuthColumnDef 5, Framed-Netmask, reply
AuthColumnDef 6, Framed-Route, reply
# Accting SQL definition
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Caller-Id
# These are the classic things to add to each users
# reply to allow a PPP dialup session.
# This will add some reply items to everyone's reply
AddToReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = None
</AuthBy>
Mon Sep 13 15:42:55 1999: DEBUG: Packet dump:
*** Received from 202.78.94.2 port 1645 ....
Code: Access-Request
Identifier: 195
Authentic: m-!9QAiqquYuUUAU
Attributes:
User-Name = "[EMAIL PROTECTED]"
Password =
"f<162><237>g7<199><166>#i<157><173><224>V3<209><148>"
NAS-Identifier = 202.78.94.2
NAS-Port = 53
Service-Type = 2
Framed-Protocol = PPP
Connect-Speed = 20
Modulation-Type = 19
Simplified-MNP-Levels = 12
Simplified-V42bis-Usage = 1
Chassis-Call-Slot = 0
Chassis-Call-Span = 2
Chassis-Call-Channel = 0
NAS-Name = "usr-mb03.cbu.skyinet.net"
Acct-Session-Id = "0e00024a"
NAS-Port-Type = Async
Mon Sep 13 15:42:55 1999: DEBUG: Check if Handler Realm="skyinet.net"
should be
used to handle this request
Mon Sep 13 15:42:55 1999: DEBUG: Handling request with Handler
'Realm="skyinet.n
et"'
Mon Sep 13 15:42:55 1999: DEBUG: Rewrote user name to von
Mon Sep 13 15:42:55 1999: DEBUG: Rewrote user name to von
Mon Sep 13 15:42:55 1999: DEBUG: Deleting session for [EMAIL PROTECTED],
202.78.9
4.2, 53
Mon Sep 13 15:42:55 1999: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='202.78.94.2' and NASPORT=53
Mon Sep 13 15:42:55 1999: DEBUG: Handling with Radius::AuthSQL
Mon Sep 13 15:42:55 1999: DEBUG: Handling with Radius::AuthSQL
Mon Sep 13 15:42:55 1999: DEBUG: Query is: select r.PASS_WORD,
r.MAXLOGINS, IF(d
.NAS_ID,d.NAS_ID, '202.78.94.2'), IF(d.NAS_PORT,d.NAS_PORT,'53'),
d.FRAMED_ADDR
ESS, IF(d.FRAMED_NETMASK,d.FRAMED_NETMASK,'255.255.255.255'),
d.FRAMED_ROUTE fro
m RADUSERS r, DDUEXTENSION d where r.USERNAME='von' and
d.USERNAME=r.USERNAME
Mon Sep 13 15:42:55 1999: DEBUG: Radius::AuthSQL looks for match with
von
Mon Sep 13 15:42:55 1999: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSE
SSIONID from RADONLINE where USERNAME='[EMAIL PROTECTED]'
Mon Sep 13 15:42:55 1999: DEBUG: Radius::AuthSQL ACCEPT:
Mon Sep 13 15:42:55 1999: DEBUG: Access accepted for von
Mon Sep 13 15:42:55 1999: DEBUG: Packet dump:
*** Sending to 202.78.94.2 port 1645 ....
Code: Access-Accept
Identifier: 195
Authentic: m-!9QAiqquYuUUAU
Attributes:
Framed-Address = 208.142.165.60
Framed-Netmask = 255.255.255.255
Framed-Route = "202.78.93.240/28 208.142.165.60 1"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = None
--
.._.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-,,
darwin a. bawasanta [EMAIL PROTECTED] pgp-id: 0x367CADAC
network security administrator SKYinternet incorporated phils
mobile: +63 917.322.6299 pager: ec# 963589 marsma|ow@IRC
.._.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-,,
"The positive thinker sees the invisible, feels the intangible,
and achieves the impossible."
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
