Hello John -
On Sun, 13 Feb 2000, John Hough wrote:
> I am trying to figure out how to support different vendor access devices
> with the same user files. In this case I have Ascend TNTs that need the
> following to setup a dial on demand subnet.
>
> Service-Type=Framed,
> Framed-Protocol=PPP,
> Framed-IP-Address=216.228.86.161,
> Framed-IP-Netmask=255.255.255.224,
> Framed-Compression=Van-Jacobsen-TCP-IP,
> Framed-MTU=1500
>
> And another box that needs
>
> Service-Type=Framed,
> Framed-Protocol=PPP,
> Framed-IP-Address=216.228.86.161,
> Framed-Route=216.228.86.160/27,
> Framed-Compression=Van-Jacobsen-TCP-IP,
> Framed-MTU=1500
>
> To make it work.
>
> My preference would be to put
>
> Service-Type=Framed,
> Framed-Protocol=PPP,
> Framed-IP-Address=216.228.86.161,
> Framed-IP-Netmask=255.255.255.224,
> Framed-Route=216.228.86.160/27,
> Framed-Compression=Van-Jacobsen-TCP-IP,
> Framed-MTU=1500
>
> Into the user file and strip the appropriate lines based on the client. I
> have looked at the StripFromReply and would love to use that, however it
> does not appear to work in the client section. Any ideas are greatly
> appreciated.
>
You would do something like this:
# configure your clients
<Client xxx.xxx.xxx.xxx>
Secret xxxxx
</Client>
<Client yyy.yyy.yyy.yyy>
Secret yyyyy
</Client>
# set up AuthBy's with Identifers for later reference
<AuthBy FILE>
Identifier CheckUsers
Filename %D/users
</AuthBy>
<AuthBy FILE>
Identifier StripFramedRoute
Filename %D/users.default
StripFromReply Framed-Route
</AuthBy>
<AuthBy FILE>
Identifier StripFramedIPNetmask
Filename %D/users.default
StripFromReply Framed-IP-Netmask
</AuthBy>
# set up Handlers based on Client-Id
<Handler Client-Id = xxx.xxx.xxx.xxx>
....
AuthBy StripFramedRoute
....
</Handler>
<Handler Client-Id = yyy.yyy.yyy.yyy>
....
AuthBy StripFramedIPNetmask
....
</Handler>
Then in the users file you would have this:
NOTE: there are differences between dictionaries - Radiator uses the following
definitions for Service-Type and Framed-Compression:
(be *especially* careful with Van-Jacobson-TCP-IP!!).
# file %D/users
someuser Password = whatever
Service-Type=Framed-User,
Framed-Protocol=PPP,
Framed-IP-Address=216.228.86.161,
Framed-IP-Netmask=255.255.255.224,
Framed-Route=216.228.86.160/27,
Framed-Compression=Van-Jacobson-TCP-IP,
Framed-MTU=1500
......
And in the file users.default you would have this:
# file %D/users.default
DEFAULT Auth-Type = CheckUsers
The support for Client-Id check items was added in Radiator 2.14.1.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
