Hello Dan -
It is quite possible that this is due to "Service-Type = Framed-User, Framed-Protocol = PPP" not being included in the reply attributes (Cisco's especially are very picky about this).
BTW - for common sets of reply attributes you can use an "AddToReply ...." in the AuthBy clause rather than replicating all of the reply attributes for every user.
Ie:
<AuthBy SQL>
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
</AuthBy>regards
Hugh
On Friday, Aug 8, 2003, at 01:15 Australia/Melbourne, Dan Vande More wrote:
Well this is what I have after making this change.
It appears to keep re-authenticating, over and over again every 7-10 seconds.
Although it appears to give an access accepted, the modem doesn't accept it.
Keep in mind, that this works perfectly on AuthBy File, and dies on SQL.
Maybe I have something wrong in the db conversion, but I used the default table structure included with Radiator, and here is a sample record:
INSERT INTO `SUBSCRIBERS` VALUES("[EMAIL PROTECTED]", "mycorrectpassword", NULL, "Service-Type=Framed-User", "Framed-Protocol=PPP,Framed-IP-Address=200.200.132.52,Framed-IP- Netmask=255.255.255.255,Framed-Routing=None,Framed-MTU=1500,Framed- Compression=Van-Jacobson-TCP-IP", "9999999");
Debug info below.
Additionally out of a large amount of ISDN subscribers, I have one particular one I cannot seem to give a static IP to. And if I do, it still takes a dynamic.
It's db record is seen below:
INSERT INTO `SUBSCRIBERS` VALUES("[EMAIL PROTECTED]", "password", NULL, "Service-Type=Framed-User", "Framed-Protocol=PPP,Framed-IP-Address=200.200.139.207,Framed-IP- Netmask=255.255.255.255,Framed-Routing=None,Framed-MTU=1500,Session- Timeout=14400,Idle-Timeout=600,Framed-Compression=Van-Jacobson-TCP- IP", "9999999");
Here's a sample of an ISDN record that does keep the static IP every time:
INSERT INTO `SUBSCRIBERS` VALUES("[EMAIL PROTECTED]", "password", NULL, "Service-Type=Framed-User", "Framed-Protocol=PPP,Framed-IP-Address=200.200.139.132,Framed-IP- Netmask=255.255.255.255,Framed-Routing=None,Framed-MTU=1500,Framed- Compression=Van-Jacobson-TCP-IP,Session-Timeout=14400,Idle- Timeout=600", "9999999");
I'm debating the fact that it is their router. It seems they have a Cisco 803, and though there are bugs, none of them point to this issue. Nor was I able to find anything close.
Hints? Suggestions?
Thanks!
Dan Vande More
Debug info from issue #1:
Mon Aug 4 14:43:45 2003: DEBUG: Packet dump:
*** Received from 200.200.143.2 port 1645 ....
Code: Access-Request
Identifier: 48
Authentic: he^<205>]<173><3><213><231>v<130><7>p<239><211>T
Attributes:
NAS-IP-Address = 200.200.143.2
NAS-Port = 28
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
User-Password = "<229><162><139><236>I<225><225><181><150><13>W<249><155>'W<6>"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Aug 4 14:43:45 2003: DEBUG: Handling request with Handler 'Realm=dsl.mydomain.com'
Mon Aug 4 14:43:45 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 200.200.143.2, 2
8
Mon Aug 4 14:43:45 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='200.200.143
.2' and NASPORT=028':
Mon Aug 4 14:43:45 2003: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPA
DDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]'':
Mon Aug 4 14:43:45 2003: DEBUG: Handling with Radius::AuthSQL
Mon Aug 4 14:43:45 2003: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 4 14:43:45 2003: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS
where USERNAME = '[EMAIL PROTECTED]'':
Mon Aug 4 14:43:45 2003: DEBUG: Radius::AuthSQL looks for match with [EMAIL PROTECTED]
Mon Aug 4 14:43:45 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Aug 4 14:43:45 2003: DEBUG: Access accepted for [EMAIL PROTECTED]
Mon Aug 4 14:43:45 2003: DEBUG: Packet dump:
*** Sending to 200.200.143.2 port 1645 ....
Code: Access-Accept
Identifier: 48
Authentic: he^<205>]<173><3><213><231>v<130><7>p<239><211>T
Attributes:
Framed-IP-Address = 200.200.132.52
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Mon Aug 4 14:43:52 2003: DEBUG: Packet dump:
*** Received from 200.200.143.2 port 1645 ....
Code: Access-Request
Identifier: 50
Authentic: <163>0<206>I<209><251><7><159>.<166><183><143><230><173>b7
Attributes:
NAS-IP-Address = 200.200.143.2
NAS-Port = 28
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
User-Password = "rE<255><144><186>|>n<26>A<173><133>c<253>g<189>"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Aug 4 14:43:52 2003: DEBUG: Handling request with Handler 'Realm=dsl.mydomain.com'
Mon Aug 4 14:43:52 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 200.200.143.2, 2
8
Mon Aug 4 14:43:52 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='200.200.143
.2' and NASPORT=028':
Mon Aug 4 14:43:52 2003: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPA
DDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]'':
Mon Aug 4 14:43:52 2003: DEBUG: Handling with Radius::AuthSQL
Mon Aug 4 14:43:52 2003: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 4 14:43:52 2003: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS
where USERNAME = '[EMAIL PROTECTED]'':
Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL looks for match with [EMAIL PROTECTED]
Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Aug 4 14:43:52 2003: DEBUG: Access accepted for [EMAIL PROTECTED]
Mon Aug 4 14:43:52 2003: DEBUG: Packet dump:
*** Sending to 200.200.143.2 port 1645 ....
Code: Access-Accept
Identifier: 50
Authentic: <163>0<206>I<209><251><7><159>.<166><183><143><230><173>b7
Attributes:
Framed-IP-Address = 200.200.132.52
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Mon Aug 4 14:43:52 2003: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS
where USERNAME = '[EMAIL PROTECTED]'':
Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL looks for match with [EMAIL PROTECTED]
Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Aug 4 14:43:52 2003: DEBUG: Access accepted for [EMAIL PROTECTED]
Mon Aug 4 14:43:52 2003: DEBUG: Packet dump:
*** Sending to 200.200.143.2 port 1645 ....
Code: Access-Accept
Identifier: 50
Authentic: <163>0<206>I<209><251><7><159>.<166><183><143><230><173>b7
Attributes:
Framed-IP-Address = 200.200.132.52
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Mon Aug 4 14:43:58 2003: DEBUG: Packet dump:
*** Received from 200.200.143.2 port 1645 ....
Code: Access-Request
Identifier: 52
Authentic: e<209>b<205>#<227><227><200>{<127><143>"<254>q$<135>
Attributes:
NAS-IP-Address = 200.200.143.2
NAS-Port = 28
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
User-Password = "<145><148>]<203><23><6><2><205><158><228>k<180><165>8<226><209>"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Aug 4 14:43:58 2003: DEBUG: Handling request with Handler 'Realm=dsl.mydomain.com'
Mon Aug 4 14:43:58 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 200.200.143.2, 2
8
Mon Aug 4 14:43:58 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='200.200.143
.2' and NASPORT=028':
Mon Aug 4 14:43:58 2003: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPA
DDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]'':
Mon Aug 4 14:43:58 2003: DEBUG: Handling with Radius::AuthSQL
Mon Aug 4 14:43:58 2003: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 4 14:43:58 2003: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS
where USERNAME = '[EMAIL PROTECTED]'':
Mon Aug 4 14:43:58 2003: DEBUG: Radius::AuthSQL looks for match with [EMAIL PROTECTED]
Mon Aug 4 14:43:58 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Aug 4 14:43:58 2003: DEBUG: Access accepted for [EMAIL PROTECTED]
Mon Aug 4 14:43:58 2003: DEBUG: Packet dump:
*** Sending to 200.200.143.2 port 1645 ....
Code: Access-Accept
Identifier: 52
Authentic: e<209>b<205>#<227><227><200>{<127><143>"<254>q$<135>
Attributes:
Framed-IP-Address = 200.200.132.52
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Mon Aug 4 14:44:04 2003: DEBUG: Packet dump:
*** Received from 200.200.143.2 port 1645 ....
Code: Access-Request
Identifier: 54
Authentic: <22><20>t<<148><210><212><157><178>}<2><195><136><193><130>S
Attributes:
NAS-IP-Address = 200.200.143.2
NAS-Port = 28
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
User-Password = "L<253><4><209><179>7Up<219><170><192>g_<195><206>t"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Aug 4 14:44:04 2003: DEBUG: Handling request with Handler 'Realm=dsl.mydomain.com'
Mon Aug 4 14:44:04 2003: DEBUG: Deleting session for [EMAIL PROTECTED], 200.200.143.2, 2
8
Mon Aug 4 14:44:04 2003: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='200.200.143
.2' and NASPORT=028':
Mon Aug 4 14:44:04 2003: DEBUG: Query is: 'select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPA
DDRESS from RADONLINE where USERNAME='[EMAIL PROTECTED]'':
Mon Aug 4 14:44:04 2003: DEBUG: Handling with Radius::AuthSQL
Mon Aug 4 14:44:04 2003: DEBUG: Handling with Radius::AuthSQL:
Mon Aug 4 14:44:04 2003: DEBUG: Query is: 'select PASSWORD, CHECKATTR, REPLYATTR from SUBSCRIBERS
where USERNAME = '[EMAIL PROTECTED]'':
Mon Aug 4 14:44:04 2003: DEBUG: Radius::AuthSQL looks for match with [EMAIL PROTECTED]
Mon Aug 4 14:44:04 2003: DEBUG: Radius::AuthSQL ACCEPT:
Mon Aug 4 14:44:04 2003: DEBUG: Access accepted for [EMAIL PROTECTED]
Mon Aug 4 14:44:04 2003: DEBUG: Packet dump:
*** Sending to 200.200.143.2 port 1645 ....
Code: Access-Accept
Identifier: 54
Authentic: <22><20>t<<148><210><212><157><178>}<2><195><136><193><130>S
Attributes:
Framed-IP-Address = 200.200.132.52
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
-----Original Message----- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: Sunday, August 03, 2003 7:56 PM To: Dan Vande More Subject: Re: (RADIATOR) Subdomain problem
Hello Dan -
Thanks for sending the information.
I suspect the problem is with your AuthBy SQL clause, which should look more like this:
<AuthBy SQL> DBSource dbi:mysql:otherstuff DBUsername username DBAuth password AuthSelect select PASSWORD, CHECKATTR, REPLYATTR, \ from SUBSCRIBERS where USERNAME = %0 AuthColumnDef 0, Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, reply </AuthBy>
See section 6.28 in the Radiator 3.6 reference manual ("doc/ref.html").
This topic has also been discussed on the Radiator mailing list:
www.open.com.au/archives/radiator
regards
Hugh
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
