|
Hi All, Hi hugh,
My config is as below. In the past when "we"
discussed about the state column of the
RADONLINE
database not being reset appropriately resulting in
IP-address pool being exhausted, you told me to
add the following lines to my config:
DeleteQuery update RADPOOL set
STATE=0,TIME_STAMP=%t where YIADDR='%0' or
YIADDR='%{Class}'
to the AdressAllocator SQL clause and the following
line to AuthBy DYNAADDRESS clause
AddToReply Class =
%{Reply:Framed-IP-Address}
Okay, I removed them later when things seemed to
have "stabilised" but I am thinking of reintroducing them again
- please let me have your views based on the config
file below.
MAIN PROBLEMS.
I installed ipass NetServer 3.9 as stated in the
instructions and also configured radiator (below) based on ipass
instruction for configuring radiator.
The problem is that somehow, radiator is still
using the handler for my client rather than the special handler for
ipass
- <Handler Realm=myipass> which should
cause it to proxy the request to the local ipass NetServer running on
same
system.
Please note that the IP address I have radiator
running on is e.d.f.211 .
I have also disabled the apache client I had
running before because I guess there would be a conflict between apache
authentication and ipass NetServer since they both
use localhost (127.0.0.1) in the client definitions for them?
Regards,
Tunde I.
# --- RADAR
-------------------------
<Monitor> Username radar Password <mypassword> </Monitor> # Programs for Simultaneous-Use SnmpgetProg /usr/bin/snmpget # SNMP access to radiator <SNMPAgent> ROCommunity mysnmpRADsecret Port 162 Managers 127.0.0.1, 192.168.10.8 </SNMPAgent> # Online users <SessionDatabase SQL> Identifier SDB1 DBSource dbi:Oracle:radius00 DBUsername radius DBAuth radius # DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t \ # where YIADDR='%0' or YIADDR='%{Class}' </SessionDatabase> # ======================================================= <AddressAllocator SQL> Identifier mySQLallocator DBSource dbi:Oracle:radius00 DBUsername radiusgold DBAuth radiusgold # DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t \ # where YIADDR='%0' or YIADDR='%{Class}'
DefaultLeasePeriod
172800
# LeaseReclaimInterval 86400 # POOL ALLOCATION
RULES
<AddressPool viruse1> Subnetmask 255.255.255.255 Range a.b.e.31 a.b.e.60 Range a.b.e.62 a.b.e.91 </AddressPool> <AddressPool viruse2> Subnetmask 255.255.255.255 Range a.b.c.52 a.b.c.100 Range a.b.c.110 a.b.c.139 Range a.b.c.150 a.b.c.200 Range a.b.c.225 a.b.c.250 </AddressPool> </AddressAllocator> # =================== CLIENTs
=================================
<Client a.b.c.3> Secret <mypassword> DupInterval 0 SNMPCommunity public Identifier viruse2 IdenticalClients a.b.c.4 a.b.c.5 a.b.c.6 \ 172.31.1.6 172.31.1.4 172.31.1.8 192.168.10.5 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ </Client> <Client a.b.c.30> # pattonRAS Secret <mypassword> DupInterval 0 NasType Patton SNMPCommunity patt123mon Identifier viruse1 IdenticalClients a.b.c.61 a.b.c.92 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ </Client> <Client localhost> # ipass client for VNAS (incoming roamers) Secret <mypassword> Identifier ipassclient IdenticalClients d.e.f.212 RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/ </Client> #<Client 127.0.0.1> # web server on this box # Secret apache!:123 # DupInterval 0 # Identifier apache #</Client> # =================== AUTH BYs ================================= <AuthBy SQL> Identifier SQLStaffauth NoDefault DBSource dbi:Oracle:radius00 DBUsername radius DBAuth radius AuthSelect select PASSWORD, CHECKATTR from STAFF \ where USERNAME = '%n' and STATUS = 'Enabled' </Auth> <AuthBy SQL> Identifier SQLClientauth NoDefault DBSource dbi:Oracle:radius00 DBUsername radius DBAuth radius AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ from SUBSCRIBERS where USERNAME = '%n' \ and STATUS = 'Enabled' AutoMPPEKeys </Auth> <AuthBy DYNADDRESS> Identifier myIPADDRESSauth Allocator mySQLallocator # AddToReply Class = %{Reply:Framed-IP-Address} # PoolHint %{Reply:PoolHint} PoolHint %{Client:Identifier} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint # policy = 4 (40bit), 2 (128bit), 6 (any) AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6 AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key </AuthBy> <AuthBy DYNADDRESS> Identifier pattonIPADDRESSauth Allocator mySQLallocator PoolHint %{Client:Identifier} # PoolHint %{Reply:PoolHint} MapAttribute yiaddr, Framed-IP-Address MapAttribute subnetmask, Framed-IP-Netmask StripFromReply PoolHint </AuthBy> ###### proxy radius for IPASS <AuthBy RADIUS> Identifier ipassNetserver Host d.e.f.211 Secret <mypassword> AuthPort 11812 AcctPort 11813 </AuthBy> #=================== HANDLERs ================================ <Handler Realm=myipass> AcctLogFileName %L/ipass/detail RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/ AuthBy ipassNetserver </Handler> <Handler Client-Identifier=viruse2> AuthByPolicy ContinueWhileAccept # remove @domain-name RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ # UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth AuthBy myIPADDRESSauth </Handler> <Handler
Client-Identifier=ipassclient>
AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@-# MaxSessions 1 AcctLogFileName %L/account.log PasswordLogFileName %L/password.log SessionDatabase SDB1 AuthBy SQLClientauth StripFromReply Framed-IP-Address </Handler> <Handler
Client-Identifier=apache>
AuthByPolicy ContinueWhileAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ UsernameCharset a-zA-Z0-9\._@- MaxSessions 1 AuthBy SQLStaffauth </Handler> # DEFAULT HANDLER => handles any requests not in
above
<Handler> # default handler => handles any requests not in above AuthBy ipassNetserver </Handler> |
- Re: (RADIATOR) ipass Config Question Ayotunde Itayemi
- Re: (RADIATOR) ipass Config Question Hugh Irvine
