Thanks for the suggestion Frank. I'm running 2.18.2 so I'll have to schedule an upgrade to 2.19 to try this out.
Regards, William -----Original Message----- From: Frank Danielson [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 2:02 PM To: William Hernandez; Radiator (Radiator) Subject: RE: (RADIATOR) RE: Reject access from specific Calling-Station-Id If you want to block access for all users when that combination of Calling-Station-Id and Called-Station-Id is used, why not do it in a handler? <Handler Calling-Station-Id = /^555/, Called-Station-Id = /1112222/> <AuthBy INTERNAL> AuthResult REJECT AcctStartResult ACCEPT AcctStopResult ACCEPT DefaultResult REJECT </AuthBy> AcctLogFileName /var/log/radacct/detail </Handler> Just put this before your other handlers so it will match first, see Section 6.16 in the manual for more info. Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com -----Original Message----- From: William Hernandez [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 8:28 AM To: Radiator (Radiator) Subject: (RADIATOR) RE: Reject access from specific Calling-Station-Id Hello everyone, I haven't gotten any closer on this. Does anyone have any suggestions? Thanks in advance, William -----Original Message----- From: William Hernandez [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 20, 2002 11:34 AM To: Radiator (Radiator) Subject: RE: Reject access from specific Calling-Station-Id Hello everyone, I think I'm getting closer. I changed blockcli.prw to: username Calling-Station-Id = /^555/, Called-Station-Id = /1112222/, Auth-Type = "Reject: Calling station not valid for 1112222" DEFAULT Auth-Type="Accept" And in radius.cfg I changed ContinueWhileAccept to ContinueUntilReject. # radpwtst -trace -s www -user username -password password -auth_port 1812 -acct_port 1813 -secret secret -dictionary /etc/raddb/dictionary.prw Calling-Station-Id=5556666 Called-Station-Id=1112222 sending Access-Request... Rejected Reply-Message = "Request Denied" sending Accounting-Request Start... OK sending Accounting-Request Stop... OK # /var/log/radius.log: Wed Feb 20 10:56:57 2002: INFO: Access rejected for username: Calling station not valid for 1112222 # radpwtst -trace -s www -user username -password password -auth_port 1812 -acct_port 1813 -secret secret -dictionary /etc/raddb/dictionary.prw Calling-Station-Id=3333333 Called-Station-Id=1112222 sending Access-Request... OK Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Compression = Van-Jacobson-TCP-IP Ascend-Idle-Limit = 1200 Idle-Timeout = 1200 Session-Timeout = 41580 Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1" Ascend-IP-Direct = 10.10.10.10 VPN-Neighbor = 10.10.10.10 sending Accounting-Request Start... OK sending Accounting-Request Stop... OK It seems to work, but it means that I have to define all my users in the users file. Is there an easier way? Thanks in advance, William -----Original Message----- From: William Hernandez Sent: Monday, February 18, 2002 9:38 AM To: Radiator (Radiator) Subject: Reject access from specific Calling-Station-Id Hello everyone, We're trying to configure Radiator 2.18.2 to reject access to a specific Called-Station-Id when the Calling-Station-Id is in a specific range using various ideas picked up from the archives, but the following is not working for us. # radpwtst -trace -s www -user username -password password -auth_port 1812 -acct_port 1813 -secret secret -dictionary /etc/raddb/dictionary.prw Calling-Station-Id=5556666 Called-Station-Id=1112222 sending Access-Request... OK Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Compression = Van-Jacobson-TCP-IP Ascend-Idle-Limit = 1200 Idle-Timeout = 1200 Session-Timeout = 49920 Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1" Ascend-IP-Direct = 10.10.10.10 VPN-Neighbor = 10.10.10.10 sending Accounting-Request Start... OK sending Accounting-Request Stop... OK Regards, William -------------------------- radius.cfg ---------------------------------------- ... <AuthBy FILE> Identifier Check-CLI AcceptIfMissing Filename /etc/raddb/blockcli.prw </AuthBy> ... <Handler> SessionDatabase prw-sessiondb AuthByPolicy ContinueWhileAccept AuthBy Check-CLI AuthBy Check-FILE AuthBy System PostAuthHook file:"/etc/raddb/postauthhook.prw <file:>" AcctLogFileName /var/log/radacct/detail PasswordLogFileName /var/log/radius.log ExcludeFromPasswordLog root </Handler> ... -------------------------- End of radius.cfg ----------------------------- -------------------------- blockcli.prw ------------------------------------ DEFAULT Calling-Station-Id = /^555/, \ Called-Station-Id = /1112222/, \ Auth-Type = "Reject: Calling station not valid for 1112222" -------------------------- End of blockcli.prw -------------------------- -------------------------- radius.log ---------------------------------------- Mon Feb 18 09:08:36 2002: DEBUG: Packet dump: *** Received from 10.10.10.3 port 41637 .... Code: Access-Request Identifier: 126 Authentic: 1234567890123456 Attributes: User-Name = "username" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async User-Password = "<146><208><238><158><247><22><144><5><164><133><228><17 4><1>H<30>x" Calling-Station-Id = "5556666" Called-Station-Id = "1112222" Mon Feb 18 09:08:36 2002: DEBUG: PreClientHook: Looking for Connect-Speed Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=surfea.net should be use d to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prwebtv.net should be us ed to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prdigital.com should be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Called-Station-Id=/5050$/ shou ld be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler should be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Handling request with Handler '' Mon Feb 18 09:08:36 2002: DEBUG: prw-sessiondb Deleting session for username, 203.63. 154.1, 1234 Mon Feb 18 09:08:36 2002: DEBUG: do query is: delete from RADONLINE where NASIDE NTIFIER='203.63.154.1' and NASPORT=01234 Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE looks for match with username Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE ACCEPT: Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE looks for match with username Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX looks for match with username Mon Feb 18 09:08:36 2002: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSE SSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='username' Mon Feb 18 09:08:36 2002: Login OK: [username] (www) Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX ACCEPT: Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE ACCEPT: Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX looks for match with username Mon Feb 18 09:08:36 2002: Login OK: [username] (www) Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX ACCEPT: Mon Feb 18 09:08:36 2002: DEBUG: Processing PostAuthHook:prwpostauthhook Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: username is: username Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: Called-Station-Id is: 1112222 Mon Feb 18 09:08:36 2002: DEBUG: Query is: select USERNAME,TIMEBLOCK,CLASS,DISAB LETIME,DISABLECLASS from XSTOP where USERNAME='username' Mon Feb 18 09:08:36 2002: DEBUG: Retrieved timeblock Su0700-2300,Mo0700-2300,Tu0 700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 for username Mon Feb 18 09:08:36 2002: DEBUG: User username has timeblock Su0700-2300,Mo0700-2300, Tu0700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 and timeouts in 4992 0 seconds Mon Feb 18 09:08:36 2002: DEBUG: Xstop using Ascend-IP-Direct=10.10.10.10 and VPN-Neighbor=10.10.10.10 Mon Feb 18 09:08:36 2002: DEBUG: User username has content controls of xstop: A, R A NAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1 Mon Feb 18 09:08:36 2002: DEBUG: HiperNASIpAttr: 10.10.10.11~10.10.10.12~208 .249.78.13 Mon Feb 18 09:08:36 2002: DEBUG: Access accepted for username Mon Feb 18 09:08:36 2002: DEBUG: Packet dump: *** Sending to 10.10.10.3 port 41637 .... Code: Access-Accept Identifier: 126 Authentic: 1234567890123456 Attributes: Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.255 Framed-Compression = Van-Jacobson-TCP-IP Ascend-Idle-Limit = 1200 Idle-Timeout = 1200 Session-Timeout = 49920 Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1" Ascend-IP-Direct = 10.10.10.10 VPN-Neighbor = 10.10.10.10 Mon Feb 18 09:08:36 2002: DEBUG: Packet dump: *** Received from 10.10.10.3 port 41637 .... Code: Accounting-Request Identifier: 127 Authentic: j<203><22><236><3><238><23><202><3>e<183><153>Qw<182><183> Attributes: User-Name = "username" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Calling-Station-Id = "5556666" Called-Station-Id = "1112222" Mon Feb 18 09:08:36 2002: DEBUG: PreClientHook: Looking for Connect-Speed Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=surfea.net should be use d to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prwebtv.net should be us ed to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prdigital.com should be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Called-Station-Id=/5050$/ shou ld be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler should be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Handling request with Handler '' Mon Feb 18 09:08:36 2002: DEBUG: prw-sessiondb Adding session for username, 203.63.15 4.1, 1234 Mon Feb 18 09:08:36 2002: DEBUG: do query is: delete from RADONLINE where NASIDE NTIFIER='203.63.154.1' and NASPORT=01234 Mon Feb 18 09:08:36 2002: DEBUG: do query is: insert into RADONLINE (USERNAME, N ASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('username', '203.63.154.1', 01234, '00001234', 1014037716, '', ' Async', 'Framed-User') Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX Mon Feb 18 09:08:36 2002: DEBUG: Processing PostAuthHook:prwpostauthhook Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: username is: username Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: Called-Station-Id is: 1112222 Mon Feb 18 09:08:36 2002: DEBUG: Query is: select USERNAME,TIMEBLOCK,CLASS,DISAB LETIME,DISABLECLASS from XSTOP where USERNAME='username' Mon Feb 18 09:08:36 2002: DEBUG: Retrieved timeblock Su0700-2300,Mo0700-2300,Tu0 700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 for username Mon Feb 18 09:08:36 2002: DEBUG: User username has timeblock Su0700-2300,Mo0700-2300, Tu0700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 and timeouts in 4992 0 seconds Mon Feb 18 09:08:36 2002: DEBUG: Xstop using Ascend-IP-Direct=10.10.10.10 and VPN-Neighbor=10.10.10.10 Mon Feb 18 09:08:36 2002: DEBUG: User username has content controls of xstop: A, R A NAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1 Mon Feb 18 09:08:36 2002: DEBUG: HiperNASIpAttr: 10.10.10.11~10.10.10.12~208 .249.78.13 Mon Feb 18 09:08:36 2002: DEBUG: Accounting accepted Mon Feb 18 09:08:36 2002: DEBUG: Packet dump: *** Sending to 10.10.10.3 port 41637 .... Code: Accounting-Response Identifier: 127 Authentic: j<203><22><236><3><238><23><202><3>e<183><153>Qw<182><183> Attributes: Session-Timeout = 49920 Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1" Ascend-IP-Direct = 10.10.10.10 VPN-Neighbor = 10.10.10.10 Mon Feb 18 09:08:36 2002: DEBUG: Packet dump: *** Received from 10.10.10.3 port 41637 .... Code: Accounting-Request Identifier: 128 Authentic: <251>*y<148>4<144><251>1<247>M<251><240>l<168>N<211> Attributes: User-Name = "username" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Stop Acct-Delay-Time = 0 Acct-Session-Time = 1000 Acct-Input-Octets = 20000 Acct-Output-Octets = 30000 Calling-Station-Id = "5556666" Called-Station-Id = "1112222" Mon Feb 18 09:08:36 2002: DEBUG: PreClientHook: Looking for Connect-Speed Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=surfea.net should be use d to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prwebtv.net should be us ed to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prdigital.com should be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Called-Station-Id=/5050$/ shou ld be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler should be used to handle this request Mon Feb 18 09:08:36 2002: DEBUG: Handling request with Handler '' Mon Feb 18 09:08:36 2002: DEBUG: prw-sessiondb Deleting session for username, 203.63. 154.1, 1234 Mon Feb 18 09:08:36 2002: DEBUG: do query is: delete from RADONLINE where NASIDE NTIFIER='203.63.154.1' and NASPORT=01234 Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX Mon Feb 18 09:08:36 2002: DEBUG: Processing PostAuthHook:prwpostauthhook Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: username is: username Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: Called-Station-Id is: 1112222 Mon Feb 18 09:08:36 2002: DEBUG: Query is: select USERNAME,TIMEBLOCK,CLASS,DISAB LETIME,DISABLECLASS from XSTOP where USERNAME='username' Mon Feb 18 09:08:36 2002: DEBUG: Retrieved timeblock Su0700-2300,Mo0700-2300,Tu0 700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 for username Mon Feb 18 09:08:36 2002: DEBUG: User username has timeblock Su0700-2300,Mo0700-2300, Tu0700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 and timeouts in 4992 0 seconds Mon Feb 18 09:08:36 2002: DEBUG: Xstop using Ascend-IP-Direct=10.10.10.10 and VPN-Neighbor=10.10.10.10 Mon Feb 18 09:08:36 2002: DEBUG: User username has content controls of xstop: A, R A NAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1 Mon Feb 18 09:08:36 2002: DEBUG: HiperNASIpAttr: 10.10.10.11~10.10.10.12~208 .249.78.13 Mon Feb 18 09:08:36 2002: DEBUG: Accounting accepted Mon Feb 18 09:08:36 2002: DEBUG: Packet dump: *** Sending to 10.10.10.3 port 41637 .... Code: Accounting-Response Identifier: 128 Authentic: <251>*y<148>4<144><251>1<247>M<251><240>l<168>N<211> Attributes: Session-Timeout = 49920 Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1" Ascend-IP-Direct = 10.10.10.10 VPN-Neighbor = 10.10.10.10 ----------------------End of radius.log ------------------------------ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
