(RADIATOR) Framed-Protocol - Return Item
Hi, Due to a particular network provider not support any type of routing protocol, is there any easy way to assign a Framed-Route when a customer dials in. I.E. This is what we normally have: customer@domain User-Password = 12345678 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.203.203.203, Framed-Route = 204.204.204.148/30 0.0.0.0 1 The network provider does not support the Framed-Route, therefore that subnet will not route to the customer. We thought we could do something like this, but it does not appear to work (which seems obvious), but running out of options to try. customer@domain User-Password = 12345678 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 203.203.203.203, Framed-IP-Address = 204.204.204.148, Framed-Netmask = 255.255.255.252 Is there any other way as the assigned ip and routed subnet are different? Thanks, Paul === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Rejection error
Hi, If we get a rejection we recieve the line below with the word Proxied appended. What causes this to be proxied and how can I stop it from happenning? ## LINE Thu Sep 20 13:13:30 2001: INFO: Access rejected for [EMAIL PROTECTED]: Proxied Regards, Paul === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) AccLogFileFormat
Hi,
I have set up a new AcctLogFileFormat and was wondering why I am not
getting 2 values back?
AcctLogFileName /var/log/radius/new.log
AcctLogFileFormat
%{Timestamp}|%{Acct-Session-Id}|%{Acct-Status-Type}|%{User-Name}|%{User-
Password}|%{Class}|%{NAS-IP-Address}|%{NAS-Port}|%{NAS-Port-Type}|%{Fram
ed-Protocol}|%{Framed-IP-Address}|%{Called-Station-Id}|%{Calling-Station
-Id}|%{Ascend-Disconnect-Cause}|%{Acct-Input-Octets}|%{Acct-Output-Octet
s}|%{Acct-Session-Time}|%{Reply:code}
All values are being returned except for:
%{User-Password} - Any
and
%{Reply:code} - Access Accept or Reject for example
I can do it in a hook, but the replyhook does not work in AuthBy File
I.E.
my $original_packet = ${$_[2]};
my $reply_packet = ${$_[0]};
my $debug_what = $reply_packet-code(); - Here
my $debug_pwd =
$original_packet-decode_password($original_packet-{Client}-{Secret});
Can someone please help?
Thanks,
Paul
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) RE: AccLogFileFormat
Hi,
As per previous email. I have attempted to use the AuthLog option
instead
to get the code / Pwd returned, but it looks like The AuthBy module is
not
installed. Where can I get this?
Can't locate Radius/AuthLog.pm in @INC (@INC contains: .
/usr/local/lib/perl5/5.6.1/sun4-solaris /usr/local/lib/perl5/5.6.1
/usr/local/lib/perl5/site_perl/5.6.1/sun4-solaris
/usr/local/lib/perl5/site_perl/5.6.1
/usr/local/lib/perl5/site_perl/5.005/sun4-solaris
/usr/local/lib/perl5/site_perl/5.005 /usr/local/lib/perl5/site_perl .)
at /usr/local/lib/perl5/site_perl/5.005/Radius/ServerConfig.pm line 106,
FILE line 22.
Thanks,
Paul
I have set up a new AcctLogFileFormat and was wondering why I am not
getting 2 values back?
AcctLogFileName /var/log/radius/new.log
AcctLogFileFormat
%{Timestamp}|%{Acct-Session-Id}|%{Acct-Status-Type}|%{User-Name}|%{User-
Password}|%{Class}|%{NAS-IP-Address}|%{NAS-Port}|%{NAS-Port-Type}|%{Fram
ed-Protocol}|%{Framed-IP-Address}|%{Called-Station-Id}|%{Calling-Station
-Id}|%{Ascend-Disconnect-Cause}|%{Acct-Input-Octets}|%{Acct-Output-Octet
s}|%{Acct-Session-Time}|%{Reply:code}
All values are being returned except for:
%{User-Password} - Any
and
%{Reply:code} - Access Accept or Reject for example
I can do it in a hook, but the replyhook does not work in AuthBy File
I.E.
my $original_packet = ${$_[2]};
my $reply_packet = ${$_[0]};
my $debug_what = $reply_packet-code(); - Here
my $debug_pwd =
$original_packet-decode_password($original_packet-{Client}-{Secret});
Can someone please help?
Thanks,
Paul
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Catching User's Passwords
Hi,
I have configured a pre_auth hook and am trying to capture all customers
passwords. (I.E.)
sub {
my $type = ${$_[0]}-get_attr('Acct-Status-Type');
if ($type eq 'Start') {
my $debug_username = ${$_[0]}-get_attr('User-Name');
my $debug_pwd = ${$_[0]}-get_attr('User-Password');
my $debug_called =
${$_[0]}-get_attr('Called-Station-Id');
my $debug_calling =
${$_[0]}-get_attr('Calling-Station-Id');
my $debug_NASIP = ${$_[0]}-get_attr('NAS-IP-Address');
my $debug_NASPort = ${$_[0]}-get_attr('NAS-Port');
my $debug_sessionid =
${$_[0]}-get_attr('Acct-Session-Id');
my $debug_framedip =
${$_[0]}-get_attr('Framed-IP-Address');
main::log($main::LOG_INFO, LOG: ACCT: ${type}:
$debug_username || $debug_pwd || $debug_c
alled || $debug_NASIP || $debug_NASPort || $debug_sessionid ||
$debug_calling || $debug_framedip);
}
---
This is what is captured:
Wed Sep 12 16:53:21 2001: INFO: LOG: ACCT: Start: [EMAIL PROTECTED] ||
|| 85520100 || 210.215.0.74 || 116 || 6A94 || || 210.215.30.64
For some reason the Password os not being retrieved. Can any one shed
some light on why or another
way to get the password in Clear Text
Access Request:
--
Code: Access-Request
Identifier: 123
Authentic:
151168246243172218207108224Kuw216133243[
Attributes:
User-Name = [EMAIL PROTECTED]
User-Password =
232p174231128!160s206!207%9!16117
NAS-IP-Address = 172.16.0.1
--
Thanks,
Paul
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Splitting Auth and Accounting
Hi, I have been reading the Mailing list archives in an attempt to find out how to split the Authentication and Accounting up, in order to authenticate from a flat file, but send the accounting packet to another radius server (Proxy it) I have seen one example of this, but it was not very clear. Can you please help. I was thinking, something like this might work? Handler Realm=realm.net AcctLogFileName /var/log/radacct/detail PreAuthHook file:/usr/local/etc/preauthhook.pl AuthByPolicy DoAllAuths AuthBy FILE Filename %D/auth_file /AuthBy AuthBy RADIUS Host 1.1.1.1 Secretblahblah # AuthPort 1812 # Commented out as only want to send account AcctPort 1813 ReplyHook file:/usr/local/etc/replyhook.pl /AuthBy /Handler I am guessing if the AuthBy File fails, it will reject the user completely and not send the accounting packet? If this is the right way to do it? I basically do not want the radius server to know about it unless it authenticates of the flat file correctly. Cheers, Paul Thornton. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) CHAP / PAP
Hi, Is there any way we can deny CHAP requests in Radiator and upon rejection request a PAP authentication from the client? I.E. If a customer dials in with a default authentication of CHAP and their secondary auth is PAP, we want the first method to fail and second method to be used. Regards, Paul Thornton. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
