On 02/19/2013 02:50 PM, Thomas Kurian wrote:
> My radiator is currently handling only accounting function .But
> authentication of users is done by another 3rd party AAA server. Both of
> these AAA servers are integrated to the cisco ISG (NAS) . My requirement
> is to further use my radiator to terminate/disconnect live user
> sessions. Can you send me an example of the configuration lines to be
> added in radius.cfg, explaining how it is done and where to place it in
> my radiator config seen below?
How to disconnect users depends on your requirements. A general approach
might be using PostAuthHook that runs system("/path/to/radpwtst ...
options") where the options depend on what NAS the requires.
The radpwtst options would probably resemble what you have below but the
details depend on the NAS.
> Please explain both scenarios with COA configuration & packet of
> disconnect configuration . Can this be done only with radpwtst command
> (explain how) or is there another method?
radpwtst has everything you need to create and send requests. Other
method might be creating a request and passing it to AuthBy RADIUS
clause so that Radiator would send (and retransmit if needed) the
request. That would be more work and calling radpwtst is a quicker way
to get this tested.
> Also explain what entries are to be entered for the respective
> attributes for the below command (saw this from old radiator archives
> but its not properly explained):-
Please see the reference manual section 8 about radpwtst. It has all the
options listed.
> radpwtst -trace 4 -bind_address 192.168.249.12 -auth_port 3799 -noauth
> -noacct -s somenas -secret somesecret -time -code Disconnect-Request
> User-Name="adc" NAS-IP-Address="192.168.238.141" Event-Timestamp=1212606218
>
>
>
> Following is my current config file: -
>
>
> AcctPort 1813
> AuthPort 1812
>
> LogDir /var/log/radius
> DbDir /etc/radiator
> # Use a low trace level in production systems. Increase
> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
> Trace 4
>
> # You will probably want to add other Clients to suit your work site,
> # one for each NAS you want to work with
>
>
> <Client DEFAULT>
> Secret ******
> DupInterval 0
> </Client>
>
>
> <Client 10.50.1.4>
> Secret *****
> DupInterval 0
> NasType Cisco
> IgnoreAcctSignature
> </Client>
>
> # Accept processing of other accounting requests of the genre stop
>
>
>
> <Realm>
> <AuthBy SQL>
>
> DBSource dbi:ODBC:*****
> DBUsername *****
> DBAuth *****
>
>
> AccountingStopsOnly
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME, User-Name
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef TIME_STAMP,Event-Timestamp,integer-date
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>
>
>
> AcctSQLStatement update quotasubscribers set monthlycounter =
> monthlycounter + 0%{Acct-Output-Octets}, totalcounter = totalcounter +
> 0%{Acct-Output-Octets}, timestamp = %{Event-Timestamp} \
> where username='%n' \
> And Type = 'Q'
>
>
>
> </AuthBy>
> #Log accounting to a detail file
> AcctLogFileName %L/detail
>
>
> </Realm>
>
>
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
