Thanks again Hugh... as always, "You the man!" :) cheers, j
---------- Original Message ---------------------------------- From: Hugh Irvine <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Tue, 29 Jan 2002 10:45:26 +1100 > >Hello Justin - > >The problem is the AuthByPolicy in your configuration file - it should be > > AuthByPolicy ContinueWhileAccept > >The way you have it configured (ContinueUntilAccept) you will never call the >AuthBy DYNADDRESS clause. > >hth > >Hugh > > >On Tue, 29 Jan 2002 09:09, Justin Scott wrote: >> Gents, >> >> I've been thru the last 6 months of archives, and didn't find anything >> quite like what's happening to me when I'm trying to use my >> AddressAllocator SQL setup. >> >> Issue: Client wants to be able to have "hot standby" MAX 4000 chassis in >> facility where the PRIs can be moved from one MAX to another in case of >> failure. >> >> I figure using AddressAllocator SQL will eliminate the needs to have an IP >> pool defined on each of the hot standby chassis, thereby making much more >> efficient use of our Pool IP Space. >> >> Anyhow... AddressAllocator does not seem to run for any client who should >> be getting a DynIP from the SQL pool. The max takes the call, tries to >> authenticate, is not given an IP address, and disconnects the call. >> >> My test max works fine with and without Allocator configured if it is set >> with a pool defined internally. >> >> I have removed the internal pool information, changed the Answer profile to >> state "Assign Addr=No", and still when it's set with no pool, and Allocator >> is enabled, no IP is even queried from the database in RADPOOL to be >> replied back to the NAS. >> >> The log shows nothing in regards to RADPOOL table except for the reclaim >> checks during startup and every reclaim interval. It also shows nothing in >> regards to AuthBy DYNADDRESS or AddressAllocator. >> >> Here is my config file: Please tell me there is a simple error in the way >> it's been constructed, because I've given myself a monster headache trying >> to figure this one out. :) >> >> As always, I maintain that Radiator should win an award as best software of >> the new millenium or something... I have nothing but good things to say >> about it to my collegues. The only problems really are that sometimes I >> cannot seem to speak its language properly. :) >> >> cheers, >> j >> >> #Foreground >> #LogStdout >> LogDir c:/radiator/logs >> DbDir c:/radiator/raddb >> # User a lower trace level in production systems: >> #Trace 4 >> Trace 3 >> >> RewriteUsername tr/A-Z/a-z/ >> RewriteUsername s/ //g >> UsernameCharset a-zA-Z0-9\.-_@ >> >> # You will probably want to add other Clients to suit your site, >> # one for each NAS you want to work with >> <Client DEFAULT> >> Secret xxx >> DupInterval 15 >> </Client> >> >> # Ensure the SQL DynIP Pool is in a sane state >> <AddressAllocator SQL> >> Identifier SQLAllocate >> DBSource dbi:ODBC:Radiator >> DBUsername xxx >> DBAuth xxx >> # Our maximum IP Lease Time is 12 hours >> DefaultLeasePeriod 43200 >> # Check for expired Leases once every five minutes >> LeaseReclaimInterval 300 >> # Define valid pool of addresses >> <AddressPool DynIP1> >> Subnetmask 255.255.255.255 >> DNSServer 10.1.1.1 >> Range 10.4.1.1 10.4.1.254 >> </AddressPool> >> </AddressAllocator> >> >> # This is our default Realm. >> <Realm DEFAULT> >> >> AuthByPolicy ContinueUntilAccept >> RejectHasReason >> >> # We do our Authentication by SQL using ODBC >> <AuthBy SQL> >> DBSource dbi:ODBC:Radiator >> DBUsername xxx >> DBAuth xxx >> >> # These are the criteria we pull from the database to ensure we >> have # a valid user who is not expired. We use the radattr "Class" to # >> tell the maxen what the CID for this customer is for accounting # purposes >> AuthSelect select >> PASSWORD,CID,EXPIREDATE,VALIDDATE,REPLYATTR,MAXSESSIONS from tblsubscribers >> where USERNAME = %0 AuthColumnDef 0,User-Password,check >> AuthColumnDef 1,Class,reply >> AuthColumnDef 2,Expiration,check >> AuthColumnDef 3,ValidFrom,check >> AuthColumnDef 4,GENERIC,reply >> AuthColumnDef 5,Simultaneous-Use,check >> >> # We need to add some extra reply items for this realm: >> AddToReply Idle-Timeout = 900 >> AddToReply Ascend-Maximum-Time = 43200 >> >> # Set up the accounting table defenitions >> AccountingTable tblaccounting >> AcctColumnDef CID,Class >> AcctColumnDef TIME_STAMP,Timestamp,integer-date >> AcctColumnDef USERNAME,User-Name >> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type >> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer >> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer >> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer >> AcctColumnDef ACCTSESSIONID,Acct-Session-Id >> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer >> AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause >> AcctColumnDef NASIDENTIFIER,NAS-IP-Address >> AcctColumnDef NASPORT,NAS-Port,integer >> AcctColumnDef MODEMPORT,Ascend-Modem-PortNo >> AcctColumnDef MODEMSLOT,Ascend-Modem-SlotNo >> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address >> AcctColumnDef CALLER,Calling-Station-Id >> AcctColumnDef CALLING,Called-Station-Id >> AcctColumnDef XMTRATE,Ascend-Xmit-Rate >> AcctColumnDef RCVRATE,Ascend-Data-Rate >> </AuthBy> >> >> # Now we assign IP Addrs >> <AuthBy DYNADDRESS> >> Allocator SQLAllocate >> PoolHint DynIP1 >> MapAttribute yiaddr,Framed-IP-Address >> MapAttribute subnetmask,Framed-IP-Netmask >> </AuthBy> >> </Realm> >> >> <SessionDatabase SQL> >> DBSource dbi:ODBC:Radiator >> DBUsername xxx >> DBAuth xxx >> </SessionDatabase> >> >> === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. > >-- >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >- >Nets: internetwork inventory and management - graphical, extensible, >flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
