Hi all,
I have a 3Com TotalCotrol (TCH), and a Cisco 7500. The calls are sent against the TCH,
ask Radiator and
then it must establish a L2TP tunnel against the cisco. Then the cisco ask again
Radiator (anthores
proccess of Radius Server), who determines if the user can access or it can not. The
second radius
limits the sessions for each user to 1.
The problem is that, i do not why, the user DO establish the second connection. why?
Also, at sessionsdb only appears ONE time each users, when each user have more tahn
one session active.
Configurations files for the two radius are below:
Radius NAS:
radius.cfg
<SessionDatabase DBM>
Identifier ASonline
Filename /opt/radius/as-online
</SessionDatabase>
# NAS Moraleja
<Client moras01-arc1-1>
Secret *******
NasType TotalControl
IdenticalClients moras01-nmc
IgnoreAcctSignature
# pool para usuarios de teletrabajo
FramedGroupBaseAddress 192.168.6.32
FramedGroupBaseAddress 192.168.5.32
</Client>
# vpn: maqueta
<Realm maqueta>
AcctLogFileName %L/%Y/AS-acc-maqueta-%Y%m.log
PasswordLogFileName %L/%Y/AS-aut-maqueta-%Y%m.log
<AuthBy FILE>
Filename %D/dominios-nas
</AuthBy>
</Realm>
dominios-nas
parachi@maqueta Realm = "maqueta"
Tunnel-Type = 3,
Tunnel-Medium-Type = 1,
Tunnel-Server-Endpoint = "213.201.16.1"
Second Radius:
radius.cfg
<SessionDatabase DBM>
Identifier ASonline
Filename /opt/radius/ac-online
</SessionDatabase>
# Routers MAQUETA
<Client 213.201.16.1>
IdenticalClients 213.201.16.2
Secret ********
NasType Cisco
SNMPCommunity ********
</Client>
# Dominio: maqueta
<Realm maqueta>
AcctLogFileName %L/%Y/AC-acc-maqueta-%Y%m.log
PasswordLogFileName %L/%Y/AC-aut-maqueta-%Y%m.log
MaxSessions 1
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
Filename %D/usuarios-maqueta
</AuthBy>
</Realm>
usuarios-maqueta
parachi Password = "********"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.3.1,
Framed-IP-Netmask = 255.255.255.255,
cisco-avpair = "lcp:interface-config=ppp multilink
interleave",
cisco-avpair = "lcp:interface-config=ip vrf forwarding
vpn_maqueta\nip
address 192.168.3.254 255.255.255.0"
SessionsDatabases contents:
ASonline (first radius)
nas_MOR:275|vitar@maqueta 17957101 09-06-2000 09:39:06 0.0.0.0 Framed-User ISDN
nas_MOR:277|vitar@maqueta 18087987 09-06-2000 09:39:07 0.0.0.0 Framed-User ISDN
AConline (second radius)
pe_MAQ:2 |vitar@maqueta 00000004 09-06-2000 09:39:07 Framed-User ISDN
log (second radius):
Fri Jun 9 09:39:06 2000: DEBUG: Rewrote user name to vitar@maqueta
Fri Jun 9 09:39:06 2000: DEBUG: Handling request with Handler 'Realm=maqueta'
Fri Jun 9 09:39:06 2000: DEBUG: Rewrote user name to vitar
Fri Jun 9 09:39:06 2000: DEBUG: AConline Deleting session for vitar@maqueta,
213.201.16.1, 3
Fri Jun 9 09:39:06 2000: DEBUG: Handling with Radius::AuthFILE
Fri Jun 9 09:39:06 2000: DEBUG: Radius::AuthFILE looks for match with vitar
Fri Jun 9 09:39:06 2000: DEBUG: Radius::AuthFILE ACCEPT:
Fri Jun 9 09:39:06 2000: DEBUG: Access accepted for vitar
Fri Jun 9 09:39:06 2000: DEBUG: Rewrote user name to vitar@maqueta
Fri Jun 9 09:39:06 2000: DEBUG: Handling request with Handler 'Realm=maqueta'
Fri Jun 9 09:39:06 2000: DEBUG: Rewrote user name to vitar
Fri Jun 9 09:39:06 2000: DEBUG: AConline Adding session for vitar@maqueta,
213.201.16.1, 3
Fri Jun 9 09:39:06 2000: DEBUG: Handling with Radius::AuthFILE
Fri Jun 9 09:39:06 2000: DEBUG: Accounting accepted
Fri Jun 9 09:39:07 2000: DEBUG: Rewrote user name to vitar@maqueta
Fri Jun 9 09:39:07 2000: DEBUG: Handling request with Handler 'Realm=maqueta'
Fri Jun 9 09:39:07 2000: DEBUG: Rewrote user name to vitar
Fri Jun 9 09:39:07 2000: DEBUG: AConline Deleting session for vitar@maqueta,
213.201.16.1, 2
Fri Jun 9 09:39:07 2000: DEBUG: Checking if user is still online: Cisco,
vitar@maqueta, 213.201.16.1,
3, 00000003
Fri Jun 9 09:39:07 2000: DEBUG: Running command `/usr/bin/snmpget 213.201.16.1
*********
.iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.3`
Fri Jun 9 09:39:07 2000: NOTICE: AConline Session for vitar@maqueta at 213.201.16.1:3
has gone away
Fri Jun 9 09:39:07 2000: DEBUG: AConline Deleting session for vitar@maqueta,
213.201.16.1, 3
Fri Jun 9 09:39:07 2000: DEBUG: Handling with Radius::AuthFILE
Fri Jun 9 09:39:07 2000: DEBUG: Radius::AuthFILE looks for match with vitar
Fri Jun 9 09:39:07 2000: DEBUG: Radius::AuthFILE ACCEPT:
Fri Jun 9 09:39:07 2000: DEBUG: Access accepted for vitar
Fri Jun 9 09:39:07 2000: DEBUG: Rewrote user name to vitar@maqueta
Fri Jun 9 09:39:07 2000: DEBUG: Handling request with Handler 'Realm=maqueta'
Fri Jun 9 09:39:07 2000: DEBUG: Rewrote user name to vitar
Fri Jun 9 09:39:07 2000: DEBUG: AConline Adding session for vitar@maqueta,
213.201.16.1, 2
Fri Jun 9 09:39:07 2000: DEBUG: Handling with Radius::AuthFILE
Fri Jun 9 09:39:07 2000: DEBUG: Accounting accepted
at last, sessions at the cisco:
Arriba_PE#sh vpdn session
L2TP Session Information Total tunnels 2 sessions 2
LocID RemID TunID Intf Username State Last Chg Fastswitch
5 408 1358 Vi2 vitar@maqueta est 00:06:11 enabled
4 407 45899 Vi3 vitar@maqueta est 00:06:12 enabled
%No active L2F tunnels
%No active PPPoE tunnels
Arriba_PE#
Jesus M Diaz <[EMAIL PROTECTED]>
Telia Iberia, S.A.
Planificaci�n y Dise�o de Red
Tfno: +34 91 623 2909
Fax: +34 91 623 2950
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
