Re: (RADIATOR) User auths if in the users file only?
This was where the problem was.thier setup did not follow this standard and was trying to assign 255.255.255.254 as the IP *sigh* This leads me to a questions. I have a mix of nas servers that I need to use on the same radius server. One needs the Framed-IP-Address = 255.255.255.254 attribute and one needs *nothing* sent. I have each nas setup seperate in client clauses. How can I choose to send the attribute out to only the nas servers that need it? -Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) User auths if in the users file only?
You could use identifiers in your client clauses like so- Client 1.2.3.4 Identifier noip /Client Client 1.2.3.5 Identifier send254 /Client Client 1.2.4.6 Identifier noip /Client Client 1.2.3.7 Identifier send254 /Client Handler Client-Identifier=noip Do auth and send no Framed-IP-Address /Handler Handler Client-Identifier=send254 Do auth and send 255.255.255.254 /Handler -Original Message- From: chris [mailto:[EMAIL PROTECTED]] Sent: Wednesday, July 10, 2002 12:32 PM To: [EMAIL PROTECTED] Subject: Re: (RADIATOR) User auths if in the users file only? This was where the problem was.thier setup did not follow this standard and was trying to assign 255.255.255.254 as the IP *sigh* This leads me to a questions. I have a mix of nas servers that I need to use on the same radius server. One needs the Framed-IP-Address = 255.255.255.254 attribute and one needs *nothing* sent. I have each nas setup seperate in client clauses. How can I choose to send the attribute out to only the nas servers that need it? -Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
Hi Chris, chris schrieb: This was where the problem was.thier setup did not follow this standard and was trying to assign 255.255.255.254 as the IP *sigh* This leads me to a questions. I have a mix of nas servers that I need to use on the same radius server. One needs the Framed-IP-Address = 255.255.255.254 attribute and one needs *nothing* sent. what NAS's do you have? Are they not able to configure them with dynamic ip address pools and you specify in the reply items just from which ip pool they shall spent an ip address? See the following axample for my ascends (in the users file): pools-foo Password = ascend, Service-Type = Outbound-User Ascend-IP-Pool-Definition = 1 10.0.0.1 254 ... ... DEFAULT Service-Type = Framed-User, Auth-Type = System Framed-Protocol = MP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Session-Timeout = 43200, Ascend-Assign-IP-Pool = 1, Ascend-Source-IP-Check = Source-IP-Check-Yes, Ascend-Link-Compression = Link-Comp-MS-Stac here you see Ascend-Assign-IP-Pool = 1, as defined in the same users file and the Ascend NAS fetches this after reboot or with a special remote config refresh. Anyway, you should spent an Idenifier in the Client Clause like: Client foo.bar.baz Identifier foo Secret mysecret /Client Client yep.bar.baz Identifier yep Secret mysecret /Client and then you can sezup different handlers for the different Clients with different users file: Handler Client-Identifier=foo AuthBy FILE Filenamefoo-users /AuthBy /Handler Handler Client-Identifier=yep AuthBy FILE Filenameyep-users /AuthBy /Handler or you use just one handler and fifferntiate in teh single users file like: DEFAULT Service-Type = Framed-User, Auth-Type = System, Client-Identifier = foo foo reply items DEFAULT Service-Type = Framed-User, Auth-Type = System, Client-Identifier = yep yep reply items Hope this helps Regards Charly -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) User auths if in the users file only?
I am having the weirdest issue. If I add a user into the users file with the simple line test123 Auth-Type = System They can authenticate and go on thier merry way If the user is not in there and gets caught by the default DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 They still auth ok(I see the user/pass combo pass the test), but it does weird things that wont let the user complete logon. What *seems* to be happening is that it is not throwing back an IP for the end user. Anyone seen this happen before? I do not want to have to add every user to the users file. TIA Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
Hi Chris, chris schrieb: I am having the weirdest issue. If I add a user into the users file with the simple line test123 Auth-Type = System They can authenticate and go on thier merry way If the user is not in there and gets caught by the default DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 They still auth ok(I see the user/pass combo pass the test), but it does weird things that wont let the user complete logon. What *seems* to be happening is that it is not throwing back an IP for the end user. Anyone seen this happen before? I do not want to have to add every user to the users file. Really, you don't have to do this for every user. If it is not a typo in your e-mail then it is in your users file. You MUST have whitespace in front of your Reply Items. Please always turn debug on and send it as partt of the questions. In the debug we could see what reply items are sent back to the NAS. Regards Charly P.S. is this really a working example with this Framed-IP-Address? -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
There is whitespace in there, its an email glitch - Original Message - From: Karl Gaissmaier [EMAIL PROTECTED] To: chris [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, July 08, 2002 3:57 PM Subject: Re: (RADIATOR) User auths if in the users file only? Hi Chris, chris schrieb: I am having the weirdest issue. If I add a user into the users file with the simple line test123 Auth-Type = System They can authenticate and go on thier merry way If the user is not in there and gets caught by the default DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 They still auth ok(I see the user/pass combo pass the test), but it does weird things that wont let the user complete logon. What *seems* to be happening is that it is not throwing back an IP for the end user. Anyone seen this happen before? I do not want to have to add every user to the users file. Really, you don't have to do this for every user. If it is not a typo in your e-mail then it is in your users file. You MUST have whitespace in front of your Reply Items. Please always turn debug on and send it as partt of the questions. In the debug we could see what reply items are sent back to the NAS. Regards Charly P.S. is this really a working example with this Framed-IP-Address? -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
Hello Chris - It looks to me like your DEFAULT entry is not correct. It should look like this (there *must* be white space at the beginning of the second and subsequent lines): DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 regards Hugh On Tue, 9 Jul 2002 07:57, chris wrote: I am having the weirdest issue. If I add a user into the users file with the simple line test123 Auth-Type = System They can authenticate and go on thier merry way If the user is not in there and gets caught by the default DEFAULT Auth-Type = System Port-Limit = 2, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Idle-Timeout = 1800, Framed-Compression = Van-Jacobson-TCP-IP, Framed-MTU = 1500 They still auth ok(I see the user/pass combo pass the test), but it does weird things that wont let the user complete logon. What *seems* to be happening is that it is not throwing back an IP for the end user. Anyone seen this happen before? I do not want to have to add every user to the users file. TIA Chris === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) User auths if in the users file only?
P.S. is this really a working example with this Framed-IP-Address? Yes, this is the DEFAULT selection, which is my understanding that is follows some rfc that states this address should be converted to one from a dynamic pool. This was where the problem was.thier setup did not follow this standard and was trying to assign 255.255.255.254 as the IP *sigh* Problem solved. Thanks, Chris P.S.Sorry about the whitespace confusion. -- Karl Gaissmaier Computing Center,University of Ulm,Germany Email:[EMAIL PROTECTED] Network Administration === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.