(RADIATOR) Re: Correct IP Address Assignement problem

[Hugh Irvine]

Hello Arslan -

The problem you have is due to your configuration file and the use of 
"FramedGroup" and "FramedGroupBaseAddress" - this is because the port number 
that is reported by the NAS is used to generate the address. 

As you are already using SQL, I would instead strongly encourage you to use 
"AddressAllocatorSQL" together with an "AuthBy DYNADDRESS", which will work 
much better for you. There are examples in the file 
"goodies/addressallocator.cfg" and also have a look at sections 6.40 and 6.45 
in the Radiator 2.18 reference manual.

hth

Hugh


> Hi hugh,
>
> We are facing a strange problem. We have two NAS's (Cisco as5300 and Lucent
> Max TNT) operating at the moment with raiator (2.18). We have defined IP
> address pools in radiator , one for each NAS's. Now Radiator is sometimes
> doing real strange things with MAX TNT (its configured to use radiator
> assigned ip's). Instead of assigning IPs from the specified pools its
> assigning IP's out of the pool. For exmample we have defined ip range
> 216.252.185.187 with maxportsperclassc to 60. Now radiator sometimes picks
> 216.252.186.xxx addresses (instead of picking from 216.252.185.xxx) and
> assigns it to clients. I am sending you radius config file and trace 4
> debug. Please have a look and suggest some solution.
>
> #Radiator configuration file for  ISP Billing System
> #
> # Example Radiator configuration file that allows you to
> # authenticate from an SQL database.
> # With Radiator you can interface with almost any databse schema,
> # and there are many more configurable parameters that allow you
> # to control database fallback, select statements, column names
> # and arrangements etc etc etc.
> # See the reference manual for more details.
> =20
> Foreground
> LogStdout
> AuthPort 1645
> AcctPort 1646
> LogDir          .
> DbDir           .
> =20
> ########################################################################
> #Optional Parameters used from default
> =20
> FingerProg      /usr/bin/finger
> SnmpgetProg     /usr/bin/snmpget
> =20
> ########################################################################
> =20
> =20
> # You will probably want to change this to suit your site.
> =20
> <Client 203.135.41.131>
>         Secret          xxxxxx
>         DupInterval     3
> #       DefaultRealm    AdvISP
>         IgnoreAcctSignature
>         NasType         Cisco
>         SNMPCommunity   xxxx
>         FramedGroupBaseAddress  216.252.185.64
>         FramedGroupMaxPortsPerClassC       120
> </Client>
> =20
> <Client 203.135.41.138>
>         Secret          xxxxxxx
>         DupInterval     3
> #       DefaultRealm    AdvISP
>         IgnoreAcctSignature
>         NasType         Ascend
>         SNMPCommunity   xxxx
>         FramedGroupBaseAddress  216.252.185.187
>         FramedGroupMaxPortsPerClassC    60
> </Client>
> =20
> #<Client DEFAULT>
> #       Secret  mysecret
> #       DupInterval 0
> #</Client>
> =20
> # You can put client details in a database table
> # and get their details from there with something like this:
> #<ClientListSQL>
> #       DBSource        xxxxxxxxxxx
> #       DBUsername      xxxxxxx
> #       DBAuth          xxxxxxxxxxx
> #</ClientListSQL>
> =20
> # This will authenticate users from table SUBSCRIBERS
> <Realm DEFAULT>
>         RewriteUsername s/^([^@]+).*/$1/
>         RejectHasReason
>     <AuthBy SQL>
> =20
> #       FramedGroup 0
> =20
>         # Adjust DBSource, DBUsername, DBAuth to suit your DB
>         DBSource        xxxxxxxxxxxxxx
>         DBUsername      xxxxxxxxxxx
>         DBAuth          xxxxxxxxxxxx
> =20
>         # For Authenication from Solaris encrypted password
> #       AuthByPolicy ContinueWhileAccept
>         AuthSelect select =
> PASSWORD,CallingStationId,ServiceType,FramedProtocol,F
> ramedIPNetmask,NASPortType,SimultaneousUse,FramedIPAddress,SessionTimeout=
> ,TimeDu
> ration  from SUBSCRIBERS where Active=3D1 and  USERNAME=3D'%n'
>         AuthColumnDef 0, Encrypted-Password, check
>         AuthColumnDef 1, GENERIC, check
>         AuthColumnDef 2, Service-Type, check
>         AuthColumnDef 3, Framed-Protocol, reply
>         AuthColumnDef 4, Framed-IP-Netmask, reply
>         AuthColumnDef 5, NAS-Port-Type, check
>         AuthColumnDef 6, Simultaneous-Use, check
>         AuthColumnDef 7, GENERIC, reply
>         AuthColumnDef 8, GENERIC, reply
>         AuthColumnDef 9, GENERIC, check
>         AuthColumnDef 10, GENERIC, check
> =20
>         # You may want to tailor these for your ACCOUNTING table
>         AccountingTable TblTransaction
>         AccountingStopsOnly
>         AcctColumnDef   LoginName,User-Name
>         AcctColumnDef   TimeClose,Timestamp,formatted-date,'%Y-%m-%d =
> %H:%M:%S'
>         AcctColumnDef   RecordType,Acct-Status-Type
>         #AcctColumnDef  AcctDelayTime,Acct-Delay-Time,integer
>         AcctColumnDef   BytesIn,Acct-Input-Octets,integer
>         AcctColumnDef   BytesOut,Acct-Output-Octets,integer
>         AcctColumnDef   SessionId,Acct-Session-Id
>         AcctColumnDef   Duration,Acct-Session-Time,integer
>         AcctColumnDef   TerminationCause,Acct-Terminate-Cause
>         AcctColumnDef   NASIdentifier,NAS-Identifier
>         AcctColumnDef   NASIPAddress,NAS-IP-Address
>         AcctColumnDef   NASPort,NAS-Port,integer
>         AcctColumnDef   FramedIPAddress,Framed-IP-Address
>         AcctColumnDef   CLI,Calling-Station-Id
>         AcctColumnDef   DelayTime,Acct-Delay-Time,integer
>     </AuthBy>
> </Realm>
> =20
> =20
> <SessionDatabase SQL>
>         # Specify the SQL database to connect to is similar to AuthSQL
>         # You can specify multiple databases as fallbacks etc. See
>         # the reference manual for more details
>         DBSource   xxxxxxxxxxxxxx
>         DBUsername      xxxxxx
>         DBAuth          xxxxxxxx
>         # You can alter the SQL statements used to add, delete and count
>         # sessions with AddQuery, DeleteQuery, ClearNasQuery and
>         # CountQuery. That means you can accomodate many different
>         # SQL Session Database schemas. The defaults for these =
> parameters
>         # are suitable for the example RADONLINE table in the example =
> SQL
>         # scripts in the goodies directory.
>         # See the reference manual for more details
> =20
>         AddQuery insert into TblActiveSessions (LoginName, =
> SessionId,TimeStart,N
> ASIPAddress,FramedIPAddress,NASPort,NASPortType,CLI,NASIdentifier) =
> values \
>         =
> ('%n','%{Acct-Session-Id}',now(),'%{NAS-IP-Address}','%a','%{NAS-Port}',
> '%{NAS-Port-Type}','%{Calling-Station-Id}','%N')
> =20
>         DeleteQuery delete from TblActiveSessions where LoginName=3D'%n' =
> and \
>         NASPort=3D%{NAS-Port} and \
>         NASIdentifier=3D'%N'
> =20
>         ClearNasQuery delete from TblActiveSessions where =
> NASIdentifier=3D'%N'
>         CountQuery select NASIdentifier, NASPort, SessionId from =
> TblActiveSessio
> ns where LoginName=3D'%n'
> =20
> =20
> # Optional identifier. Its just a name
> #       Identifier SDB1
> =20
> </SessionDatabase>
> =20
> <Log SQL>
>         DBSource        xxxxxxxxxxxxxxxxx
>         DBUsername      xxxxxxxxx
>         DBAuth          xxxxxxxxxxxx
>         Table           TblRadiusLogs
> </Log>
>
> ------=_NextPart_000_000B_01C0C6D2.9B9F15E0--
>
> -------------------------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.