Hello Dmitry -
The simplest way to deal with the Password problem is to just ignore it. Something like this: #Test account for WorldCom L2TP service uunoc Service-Type = Framed-User Tunnel-Type = L2TP, ..... regards Hugh On Mon, 3 Dec 2001 21:47, Dmitry Kopylov wrote: > Hello Hugh, > > I know this is not a best approach, and as you asked here is design: > > We termanate L2TP tunnels from Worldcom LAC (Max TNT) on our Cisco LNS. > Worldcom can only support IETF Radius Tunnelling attributes. The idea is to > keep one radius profile combining both L2TP and PPP stuff: > > # > #Test account for WorldCom L2TP service > #uunoc User-Password = "xxxxxx",Service-Type = Framed-User > # Tunnel-Type = L2TP, > # Tunnel-Medium-Type = IP, > # Tunnel-Server-Endpoint = 195.129.20.13, > # Tunnel-Password = xxxxx, > # Tunnel-Client-Auth-ID = WCOM01, > # Service-Type = Framed-User, > # Framed-Protocol = PPP, > # Framed-IP-Address = 62.177.172.10, > # Framed-IP-Netmask = 255.255.255.255 > > Fisrt time Worldcom's LAC looks up our radius and gets Tunnel attributes > and establishes l2tp tunnel. The problem starts when LNS looks up Radius > for the second time for PPP attributes. At that point we have PPP > Authorization problem, it looks like LNS doesn't correctly accept IETF > Tunnel attributes. We have already escalated this issue to Cisco and it > seems to be a bug. > > The workaround I'm thinking of is to create one generic radius account with > L2TP parameters which is common for all L2TP customers, and separately many > radius profiles with PPP parameters. Than based on the NAS-IP-Address and > the Realm in the Access-Request I can rewrite requests from LAC into > generic L2TP profile name, and from LNS - into normal PPP profiles. > > At this point I need to solve problem with password for the generic L2TP > profile. That's why I ment to replace the value of CHAP-Password attributes > in the requests designated for generic L2TP profile. > > > Best Regards, > > Dmitry Kopylov > BBned > > > -----Original Message----- > > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > > Sent: 30 November, 2001 23:47 > > To: Dmitry Kopylov; [EMAIL PROTECTED] > > Subject: Re: (RADIATOR) Value of Attribute replacement > > > > > > > > Hello Dmitry - > > > > At 19:13 +0100 01/11/30, Dmitry Kopylov wrote: > > >Hi everyone, > > > > > > > > >I've got a standard Access-Request: > > > > > >*** Received from 62.177.143.122 port 1645 .... > > >Code: Access-Request > > >Identifier: 13 > > >Authentic: 0<184><145><169><164>,<132>xsz<26>O<168><129><127><237> > > >Attributes: > > > NAS-IP-Address = 62.177.143.122 > > > NAS-Port = 1 > > > NAS-Port-Type = Virtual > > > User-Name = "[EMAIL PROTECTED]" > > > Called-Station-Id = "97532120" > > > Calling-Station-Id = "31235652175" > > > CHAP-Password = > > ><6>~<174><192><10><252>;<23><202>l<20><14>fDQ<142><179> > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > > > > > > >I need to replase the value of the CHAP-Password attribute > > > > before Radiator > > > > >will check the users file. If it's possible, what is the > > > > best way to do > > > > >this? > > > > You could use a PreAuthHook to do it. Have a look at the example > > hooks in the file "goodies/hooks.txt" in the Radiator distribution. > > > > However, I wonder if this is the best approach? If you could describe > > your requirements in a bit more detail, perhaps I can suggest a > > better way. > > > > regards > > > > Hugh > > > > -- > > > > NB: I am travelling this week, so there may be delays in our > > correspondence. > > > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. > > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.