(RADIATOR) Cisco AVPAIR not working

[Anthony Roque Adriano]

Hello,    Am currently configuring RADIATOR to give a DNS entry instead of the RAS giving it. The setup is working for the ASCEND RAS but for my CISCO 5300 its not.  Have gone through the mailing list and try all suggestion, but still can't get it to work, can anyone point out what i'm doing wrong.   Here's my config :    #LogStdout LogDir          /var/log/radius-log LogFile         %L/%Y-%m-%d-radiuslog DbDir           /usr/local/etc/raddb   DictionaryFile  /usr/local/etc/raddb/dictionary.cisco DictionaryFile  /usr/local/etc/raddb/dictionary.ascend2 DictionaryFile  /usr/local/etc/raddb/dictionary.livingston DictionaryFile  /usr/local/etc/raddb/dictionary   # Dont turn this up too high, since all log messages are logged # to the RADMESSAGES table in the database. 3 will give you everything # except debugging messages Trace 4   <AuthBy RADMIN>         Identifier Acceptmehere           # Change DBSource, DBUsername, DBAuth for your database         # See the reference manual. You will also have to         # change the one in <SessionDatabse SQL> below         # so its the same         DBSource        dbi:mysql:#####         DBUsername      ######         DBAuth          ######           # Only one session per user at a time         #DefaultSimultaneousUse 1           # Let the user in if they have any time left         # Set the Session-timeout to timeleft         AuthSelect select PASS_WORD,STATICADDRESS,\                 MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID \                 from RADUSERS where (USERNAME='%n' and VALIDFROM < %t )           AuthColumnDef   0,User-Password,check         AuthColumnDef   1,Filter-Id,reply         AuthColumnDef   2,Session-Timeout,reply         AuthColumnDef   3,Simultaneous-Use,check           # You can add to or change these if you want, but you         # will probably want to change the database schema first         AccountingTable RADUSAGE         AcctColumnDef   USERNAME,User-Name         AcctColumnDef   TIME_STAMP,Timestamp,integer         AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer         AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer         AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer         AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer         AcctColumnDef   ACCTSESSIONID,Acct-Session-Id         AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer         AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer         AcctColumnDef   ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer         AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address         AcctColumnDef   NASIDENTIFIER,NAS-Identifier         AcctColumnDef   NASIDENTIFIER,NAS-IP-Address         AcctColumnDef   NASPORT,NAS-Port,integer         AcctColumnDef   DNIS,Called-Station-Id         AcctColumnDef   CALLERID,Calling-Station-Id           AcctColumnDef   NASPORT,NAS-Port,integer         AcctColumnDef   DNIS,Called-Station-Id         AcctColumnDef   CALLERID,Calling-Station-Id           # These are the classic things to add to each users         # reply to allow a PPP dialup session. It may be         # different for your NAS. This will add some         # reply items to everyone's reply         # Add Idle-Timeout of 15 mins         DefaultReply Service-Type = Framed-User, \                 Framed-Protocol = PPP, \                 Framed-IP-Netmask = 255.255.255.255, \                 Framed-Routing = None, \                 Framed-MTU = 1500, \                 Framed-Compression = Van-Jacobson-TCP-IP, \                 Idle-Timeout = 900, \                 cisco-avpair= "ip:dns-servers=xxx.xxx.xxx.xxx", \                 Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx,\                 Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx,\                 Ascend-Client-Assign-DNS = DNS-Assign-Yes                   </AuthBy>       <Handler Realm=myrealm>         AuthBy Acceptmehere          # Show rejection reason to users         RejectHasReason   By the way, im using Cisco 5300,   Cisco Internetwork Operating System Software IOS (tm) 5300 Software (C5300-IS-M), Version 12.0(7)T,  RELEASE SOFTWARE (fc2) Copyright (c) 1986-1999 by cisco Systems, Inc. Compiled Wed 08-Dec-99 20:25 by phanguye Image text-base: 0x600088F8, data-base: 0x60C6A000   And here is my RADIUS log file   Tue Sep  3 15:13:37 2002: DEBUG: Packet dump: *** Received from xxx.xxx.xxx.xxx port 33554 .... Code:       Access-Request Identifier: 174 Authentic:  E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18> Attributes:         NAS-IP-Address = xxx.xxx.xxx.xxx         NAS-Port = 228         NAS-Port-Type = Virtual         User-Name = "user@myrealm"         Called-Station-Id = "xxxxxxxx"         Calling-Station-Id = "xxxxxxxx"         User-Password = "<212> <144><164>7<176><206><113><182><255><165><164><141><145><181><149>"         Service-Type = Framed-User         Framed-Protocol = PPP   Tue Sep  3 15:13:37 2002: DEBUG: Check if Handler Realm=myrealm should be used to handle this request Tue Sep  3 15:13:37 2002: DEBUG: Handling request with Handler 'Realm=myrealm' Tue Sep  3 15:13:37 2002: DEBUG:  Deleting session for user@myrealm, xxx.xxx.xxx.xxx, 228 Tue Sep  3 15:13:37 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=0228   Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN')   Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN: Acceptmehere')   Tue Sep  3 15:13:37 2002: DEBUG: Query is: select PASS_WORD,STATICADDRESS,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID from RADUSERS where (USERNAME='user@myrealm' and VALIDFROM < 1031037217)   Tue Sep  3 15:13:37 2002: DEBUG: Query is: select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='user@myrealm' order by ITEM_TYPE   Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN looks for match with user@myrealm')   Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN ACCEPT: ')   Tue Sep  3 15:13:37 2002: DEBUG: do query is: update RADUSERS set BADLOGINS=0 where USERNAME='user@myrealm'   Tue Sep  3 15:13:37 2002: DEBUG: Access accepted for user@myrealm Tue Sep  3 15:13:37 2002: DEBUG: Packet dump: *** Sending to xxx.xxx.xxx.xxx port 33554 .... Code:       Access-Accept Identifier: 174 Authentic:  E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18> Attributes:         Service-Type = Framed-User         Framed-Protocol = PPP         Framed-IP-Netmask = 255.255.255.255         Framed-Routing = None         Framed-MTU = 1500         Framed-Compression = Van-Jacobson-TCP-IP         Idle-Timeout = 900         cisco-avpair = "ip:dns-servers=203.176.74.147 203.176.74.147"         Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx         Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx         Ascend-Client-Assign-DNS = DNS-Assign-Yes           Accounting request follows and user got connected..   Also,  is there a way to overwrite what user has specified on their DNS settings for MS windows.   Thanks, thony