Re: (RADIATOR) FRAMED-ROUTE problem

Mon, 13 Sep 1999 04:43:41 -0700 

Hello Darwin,

>From the Radiator point of view, that looks OK. Provided you are using the
standard dictionary, your reply attribtues should be sent back to the NAS as
stated. What I cant comment on is whether or not
     "202.78.93.240/28 208.142.165.60 1"
is a valid Framed-Route for your NAS, or whether that conflicts with

Framed-Routing = None

Anyone else?

On Sep 13,  4:32pm, Darwin A, Bawasanta wrote:
> Subject: (RADIATOR) FRAMED-ROUTE problem
> Hi,
>
>
> i'm testing radiator to handle authentication for users with different
> reply attributes.  the debug file shows that radiator was able to
> identify the right attributes but somehow it failed to set/send to the
> NAS. no routes were being set for this particular user despite the
> "Framed-Route" being specified.
>
> BTW, the NAS are still responding to the existing Radius we are using
> and like i have mentioned, i can't still get it to work with Radiator.
> i must have missed something here.  i really appreciate any help i can
> get.
>
>
> TIA.
>
>
> [snip]
> Code:       Access-Accept
> Identifier: 195
> Authentic:  m-!9QAiqquYuUUAU
> Attributes:
>         Framed-Address = 208.142.165.60
>         Framed-Netmask = 255.255.255.255
>         Framed-Route = "202.78.93.240/28 208.142.165.60 1"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = None
> [/snip]
>
> below is the config file and debug info on trace 4.
>
> <Handler Realm="skyinet.net">
>         AcctLogFileName /blahblah/detail
>         AuthByPolicy ContinueWhileReject
>         RewriteUsername s/^([^@]+).*/$1/
>         RewriteUsername tr/[A-Z]/[a-z]/
>
>         <AuthBy SQL>
>
>                 DBSource        dbi:mysql:AAA:host
>                 DBUsername      User
>                 DBAuth          Passwd
>
>
> AuthSelect select r.PASS_WORD, \
>     r.MAXLOGINS, IF(d.NAS_ID,d.NAS_ID, '%{NAS-Identifier}'),  \
> IF(d.NAS_PORT,d.NAS_PORT,'%{NAS-Port}'), \
> d.FRAMED_ADDRESS,
> IF(d.FRAMED_NETMASK,d.FRAMED_NETMASK,'255.255.255.255'), \
> d.FRAMED_ROUTE from RADUSERS r, DDUEXTENSION d \
> where r.USERNAME='%n' and d.USERNAME=r.USERNAME
>
>                 AuthColumnDef 0, User-Password, check
>                 AuthColumnDef 1, Simultaneous-Use, check
>                 AuthColumnDef 2, NAS-Identifier, check
>                 AuthColumnDef 3, NAS-Port, check
>                 AuthColumnDef 4, Framed-Address, reply
>                 AuthColumnDef 5, Framed-Netmask, reply
>                 AuthColumnDef 6, Framed-Route, reply
>
>                 # Accting SQL definition
>                 AccountingTable RADUSAGE
>                 AcctColumnDef   USERNAME,User-Name
>                 AcctColumnDef   TIME_STAMP,Timestamp,integer
>                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
>                 AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>                 AcctColumnDef
> ACCTINPUTOCTETS,Acct-Input-Octets,integer
>                 AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                 AcctColumnDef
> ACCTSESSIONTIME,Acct-Session-Time,integer
>                 AcctColumnDef
> ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
>                 AcctColumnDef   FRAMEDIPADDRESS,Framed-Address
>                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                 AcctColumnDef   NASPORT,NAS-Port,integer
>                 AcctColumnDef   DNIS,Caller-Id
>
>                 # These are the classic things to add to each users
>                 # reply to allow a PPP dialup session.
>                 # This will add some reply items to everyone's reply
>                 AddToReply Service-Type = Framed-User,\
>                         Framed-Protocol = PPP,\
>                         Framed-Routing = None,\
>                         Framed-MTU = 1500,\
>                         Framed-Compression = None
>         </AuthBy>
>
>
> Mon Sep 13 15:42:55 1999: DEBUG: Packet dump:
> *** Received from 202.78.94.2 port 1645 ....
> Code:       Access-Request
> Identifier: 195
> Authentic:  m-!9QAiqquYuUUAU
> Attributes:
>         User-Name = "[EMAIL PROTECTED]"
>         Password =
> "f<162><237>g7<199><166>#i<157><173><224>V3<209><148>"
>         NAS-Identifier = 202.78.94.2
>         NAS-Port = 53
>         Service-Type = 2
>         Framed-Protocol = PPP
>         Connect-Speed = 20
>         Modulation-Type = 19
>         Simplified-MNP-Levels = 12
>         Simplified-V42bis-Usage = 1
>         Chassis-Call-Slot = 0
>         Chassis-Call-Span = 2
>         Chassis-Call-Channel = 0
>         NAS-Name = "usr-mb03.cbu.skyinet.net"
>         Acct-Session-Id = "0e00024a"
>         NAS-Port-Type = Async
> Mon Sep 13 15:42:55 1999: DEBUG: Check if Handler Realm="skyinet.net"
> should be
> used to handle this request
> Mon Sep 13 15:42:55 1999: DEBUG: Handling request with Handler
> 'Realm="skyinet.n
> et"'
> Mon Sep 13 15:42:55 1999: DEBUG: Rewrote user name to von
> Mon Sep 13 15:42:55 1999: DEBUG: Rewrote user name to von
> Mon Sep 13 15:42:55 1999: DEBUG:  Deleting session for [EMAIL PROTECTED],
> 202.78.9
> 4.2, 53
> Mon Sep 13 15:42:55 1999: DEBUG: do query is: delete from RADONLINE
> where NASIDE
> NTIFIER='202.78.94.2' and NASPORT=53
>
> Mon Sep 13 15:42:55 1999: DEBUG: Handling with Radius::AuthSQL
> Mon Sep 13 15:42:55 1999: DEBUG: Handling with Radius::AuthSQL
> Mon Sep 13 15:42:55 1999: DEBUG: Query is: select r.PASS_WORD,
> r.MAXLOGINS, IF(d
> .NAS_ID,d.NAS_ID, '202.78.94.2'),  IF(d.NAS_PORT,d.NAS_PORT,'53'),
> d.FRAMED_ADDR
> ESS, IF(d.FRAMED_NETMASK,d.FRAMED_NETMASK,'255.255.255.255'),
> d.FRAMED_ROUTE fro
> m RADUSERS r, DDUEXTENSION d where r.USERNAME='von' and
> d.USERNAME=r.USERNAME
>
> Mon Sep 13 15:42:55 1999: DEBUG: Radius::AuthSQL looks for match with
> von
> Mon Sep 13 15:42:55 1999: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSE
> SSIONID from RADONLINE where USERNAME='[EMAIL PROTECTED]'
>
> Mon Sep 13 15:42:55 1999: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Sep 13 15:42:55 1999: DEBUG: Access accepted for von
> Mon Sep 13 15:42:55 1999: DEBUG: Packet dump:
> *** Sending to 202.78.94.2 port 1645 ....
> Code:       Access-Accept
> Identifier: 195
> Authentic:  m-!9QAiqquYuUUAU
> Attributes:
>         Framed-Address = 208.142.165.60
>         Framed-Netmask = 255.255.255.255
>         Framed-Route = "202.78.93.240/28 208.142.165.60 1"
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = None
>
> --
> .._.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-,,
>
> darwin a. bawasanta  [EMAIL PROTECTED]  pgp-id: 0x367CADAC
> network security administrator  SKYinternet incorporated phils
> mobile: +63 917.322.6299    pager: ec# 963589    marsma|ow@IRC
> .._.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-.,,.-"^'~=+,.__.,+=~`^"-,,
> "The positive thinker sees the invisible, feels the intangible,
>     and achieves the impossible."
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Darwin A, Bawasanta



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to