|
Dear Sir,
We have recently got an E1 Line and we are using
Cisco AS5300 RAS for connection. The users are authenticated thru Radiator
Radius server installed on Linux 7.3 on IBM Platform. We have other one
Livingston Portmaster and one Cisco 2511 Router also and both are being used for
client dialup connection. There is no problem with these two
devices.
The problem that we are facing with AS5300 is that
we are able to connect but are not able to
browse the Net. We have verified that this problem is related to authentication
server by pointing the Radius server host on the RAS to some other ISP's and we
were able to connect and also we were able to browse the net. If we create a
user in the RAS itself and connect with that username then we were able to
connect as well as ere able to browse the Internet.
Another problem is that if we connect thru our
Authentication and after disconnecting the IP obtained from the RAS is not
released in the PC. But if we connect with the RAS's user then the IP is
released.
I am attaching my radius configuration file as well
as a radius debug file with Trace 4 level. The username tested is [EMAIL PROTECTED]
I hope to get the
solution from you asap.
Thanks in Advance
G. S. Rakhra
Manager(Technical)
Fewa Net Pvt. Ltd.
Pokhara
Nepal
|
radius.log
Description: Binary data
################################################################################ #radonlinetest.cfg Configuration File 4 Radiator Radius Current Version 2.18 .4# # Please Consult the Reference Guide at www.open.com.au/radiator # # -Rajan # ###############################################################################
# Should run in Foreground to enable restartWrapper to start the service if it s
tops
Foreground
Trace 3
AuthPort 1645
AcctPort 1646
#LogStdout
#LogDir .
LogDir /var/log/Radiator
LogFile %L/logfile-%d
DbDir /usr/local/src/Radiator-2.18.4
DictionaryFile %D/dictionary
SnmpgetProg /usr/bin/snmpget
# Disable invalid characters in username except a-z A-Z 0-9 . - _ @
UsernameCharset a-zA-Z0-9\.\--_@
#Only Email client auth_unix(IP of 2610 router)
<Client 203.91.140.135>
Identifier NASmail
Secret <SecretKey>
NasType Cisco
SNMPCommunity <CommunityName>
</Client>
#internet client AuthBy SQL(IP of 2511 router)
<Client 203.91.140.134>
Identifier NASinternet
Secret <SecretKey>
NasType Cisco
SNMPCommunity <CommunityName>
</Client>
#Internet client AuthBy SQL(IP of Cisco AS5300 RAS)
<Client 203.91.140.226>
Identifier NASinternet
Secret <SecretKey>
NasType Cisco
SNMPCommunity <CommunityName>
</Client>
#Internet client AuthBy SQL(IP of PortMaster)
<Client 203.91.140.130>
Identifier NASinternet
Secret <SecretKey>
NasType Livingston
SNMPCommunity <CommunityName>
</Client>
# You will probably want to change this to suit your site.
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
#updated accounting information
<AuthBy SQL>
Identifier auth_pkr
DBSource dbi:mysql:RADMIN
DBUsername UserName
DBAuth Password
AuthSelect select UserPwd,SimConnection,EndDate,Time,HoursLeft,ReplyItem
from dialup where UserName ="%U" and Status=1
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, Simultaneous-Use, check
AuthColumnDef 2, Expiration, check
AuthColumnDef 3, Time, check
AuthColumnDef 4, Session-Timeout, reply
AuthColumnDef 5, Session-Timeout, reply
AccountingTable pkr_Detail_%m
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-MTU = 1500, \
Filter-Id = "testing", \
Framed-Compression = Van-Jacobson-TCP-IP, \
Idle-Timeout = 900
NoDefault
FailureBackoffTime 10
AcctSQLStatement update dialup set HoursLeft=HoursLeft-0%{Acct-Session-Time}
where UserName='%U' and Scheme='surf'
</AuthBy SQL>
#internet client for fewanet handler
<Handler Realm=fewanet.com.np,Client-Identifier = NASinternet>
AuthBy auth_pkr
PostAuthHook file:"%D/checkblocktimeleft"
SessionDatabase SessSQL
</Handler>
# flat file define for ecomail user
<Handler Client-Identifier = NASmail>
<AuthBy UNIX>
# Identifier auth_unix
Filename /etc/shadow
# SessionDatabase SessSQL
</AuthBy>
</Handler>
#session DB for Internet users
<SessionDatabase SQL>
Identifier SessSQL
DBSource dbi:mysql:RADMIN
DBUsername UserName
DBAuth Password
FailureBackoffTime 60
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,
TIME_STAMP, FRAMEDIPADDRESS) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}',
%{Timestamp}, '%{Framed-IP-Address}')
DeleteQuery delete from RADONLINE where NASIDENTIFIER ='%N' and NASPORT
=0%{NAS-Port}
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from
RADONLINE where USERNAME='%u'
CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where NASIDENTIFIER =
'%N'
</SessionDatabase>
#snmp community
<SNMPAgent>
ROCommunity public
</SNMPAgent>
