You will have to check a debug on the Cisco to see what is happening, and you will have to check with Cisco to ascertain the correct syntax for the cisco-avpair. It may also be possible to use Ascend compatibility on the Cisco to achieve this.
I do not believe there is any way to override hard-coded DNS settings on a host, although someone else on the list may know more than I do.
regards
Hugh
On Wednesday, September 4, 2002, at 12:31 PM, Anthony Roque Adriano wrote:
Hello,�
�
Am currently configuring RADIATOR to give a DNS entry instead of the RAS giving it.�The setup is working for the ASCEND RAS�but for my�CISCO�5300�its not.� Have gone through the mailing list and try all suggestion, but�still can't get it to work, can anyone point out what i'm doing wrong.
�
Here's my config�:
�
�#LogStdout
LogDir��������� /var/log/radius-log
LogFile�������� %L/%Y-%m-%d-radiuslog
DbDir���������� /usr/local/etc/raddb
�
DictionaryFile� /usr/local/etc/raddb/dictionary.cisco
DictionaryFile� /usr/local/etc/raddb/dictionary.ascend2
DictionaryFile� /usr/local/etc/raddb/dictionary.livingston
DictionaryFile� /usr/local/etc/raddb/dictionary
�
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
�
<AuthBy RADMIN>
������� Identifier Acceptmehere
�
������� # Change DBSource, DBUsername, DBAuth for your database
������� # See the reference manual. You will also have to
������� # change the one in <SessionDatabse SQL> below
������� # so its the same
������� DBSource������� dbi:mysql:#####
������� DBUsername����� ######
������� DBAuth��������� ######
�
������� # Only one session per user at a time
������� #DefaultSimultaneousUse 1
�
������� # Let the user in if they have any time left
������� # Set the Session-timeout to timeleft
������� AuthSelect select PASS_WORD,STATICADDRESS,\
��������������� MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID \
��������������� from RADUSERS where (USERNAME='%n' and VALIDFROM < %t )
�
������� AuthColumnDef�� 0,User-Password,check
������� AuthColumnDef�� 1,Filter-Id,reply
������� AuthColumnDef�� 2,Session-Timeout,reply
������� AuthColumnDef�� 3,Simultaneous-Use,check
�
������� # You can add to or change these if you want, but you
������� # will probably want to change the database schema first
������� AccountingTable RADUSAGE
������� AcctColumnDef�� USERNAME,User-Name
������� AcctColumnDef�� TIME_STAMP,Timestamp,integer
������� AcctColumnDef�� ACCTSTATUSTYPE,Acct-Status-Type,integer
������� AcctColumnDef�� ACCTDELAYTIME,Acct-Delay-Time,integer
������� AcctColumnDef�� ACCTINPUTOCTETS,Acct-Input-Octets,integer
������� AcctColumnDef�� ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
������� AcctColumnDef�� ACCTSESSIONID,Acct-Session-Id
������� AcctColumnDef�� ACCTSESSIONTIME,Acct-Session-Time,integer
������� AcctColumnDef�� ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
������� AcctColumnDef�� ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
������� AcctColumnDef�� FRAMEDIPADDRESS,Framed-IP-Address
������� AcctColumnDef�� NASIDENTIFIER,NAS-Identifier
������� AcctColumnDef�� NASIDENTIFIER,NAS-IP-Address
������� AcctColumnDef�� NASPORT,NAS-Port,integer
������� AcctColumnDef�� DNIS,Called-Station-Id
������� AcctColumnDef�� CALLERID,Calling-Station-Id
�
������� AcctColumnDef�� NASPORT,NAS-Port,integer
������� AcctColumnDef�� DNIS,Called-Station-Id
������� AcctColumnDef�� CALLERID,Calling-Station-Id
�
������� # These are the classic things to add to each users
������� # reply to allow a PPP dialup session. It may be
������� # different for your NAS. This will add some
������� # reply items to everyone's reply
������� # Add Idle-Timeout of 15 mins
������� DefaultReply Service-Type = Framed-User, \
��������������� Framed-Protocol = PPP, \
��������������� Framed-IP-Netmask = 255.255.255.255, \
��������������� Framed-Routing = None, \
��������������� Framed-MTU = 1500, \
��������������� Framed-Compression = Van-Jacobson-TCP-IP, \
��������������� Idle-Timeout = 900, \
��������������� cisco-avpair= "ip:dns-servers=xxx.xxx.xxx.xxx", \
��������������� Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx,\
��������������� Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx,\
��������������� Ascend-Client-Assign-DNS = DNS-Assign-Yes
���������������
�
</AuthBy>
�
�
�
<Handler Realm=myrealm>
������� AuthBy Acceptmehere
�������
�# Show rejection reason to users
������� RejectHasReason
�
By the way, im using Cisco 5300,
�
Cisco Internetwork Operating System Software
IOS (tm) 5300 Software (C5300-IS-M), Version 12.0(7)T,� RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 08-Dec-99 20:25 by phanguye
Image text-base: 0x600088F8, data-base: 0x60C6A000
�
And here is my RADIUS log file
�
Tue Sep� 3 15:13:37 2002: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 33554 ....
Code:������ Access-Request
Identifier: 174
Authentic:� E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
Attributes:
������� NAS-IP-Address = xxx.xxx.xxx.xxx
������� NAS-Port = 228
������� NAS-Port-Type = Virtual
������� User-Name = "user@myrealm"
������� Called-Station-Id = "xxxxxxxx"
������� Calling-Station-Id = "xxxxxxxx"
������� User-Password = "<212> <144><164>7<176><206><113><182><255><165><164><141><145><181><149>"
������� Service-Type = Framed-User
������� Framed-Protocol = PPP
�
Tue Sep� 3 15:13:37 2002: DEBUG: Check if Handler Realm=myrealm should be used to handle this request
Tue Sep� 3 15:13:37 2002: DEBUG: Handling request with Handler 'Realm=myrealm'
Tue Sep� 3 15:13:37 2002: DEBUG:� Deleting session for user@myrealm, xxx.xxx.xxx.xxx, 228
Tue Sep� 3 15:13:37 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=0228
�
Tue Sep� 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN')
�
Tue Sep� 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN: Acceptmehere')
�
Tue Sep� 3 15:13:37 2002: DEBUG: Query is: select PASS_WORD,STATICADDRESS,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID from RADUSERS where (USERNAME='user@myrealm' and VALIDFROM < 1031037217)
�
Tue Sep� 3 15:13:37 2002: DEBUG: Query is: select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='user@myrealm' order by ITEM_TYPE
�
Tue Sep� 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN looks for match with user@myrealm')
�
Tue Sep� 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN ACCEPT: ')
�
Tue Sep� 3 15:13:37 2002: DEBUG: do query is: update RADUSERS set BADLOGINS=0 where USERNAME='user@myrealm'
�
Tue Sep� 3 15:13:37 2002: DEBUG: Access accepted for user@myrealm
Tue Sep� 3 15:13:37 2002: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 33554 ....
Code:������ Access-Accept
Identifier: 174
Authentic:� E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
Attributes:
������� Service-Type = Framed-User
������� Framed-Protocol = PPP
������� Framed-IP-Netmask = 255.255.255.255
������� Framed-Routing = None
������� Framed-MTU = 1500
������� Framed-Compression = Van-Jacobson-TCP-IP
������� Idle-Timeout = 900
������� cisco-avpair = "ip:dns-servers=203.176.74.147 203.176.74.147"
������� Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx
������� Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx
������� Ascend-Client-Assign-DNS = DNS-Assign-Yes
�������
�
Accounting request follows and user got connected..
�
Also,� is there a way to overwrite what user has specified on their DNS settings for MS windows.
�
Thanks,
thony
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
