[RADIATOR] NAS-Identifier definition in the radiator data dictionary
Hi all, I have a problem with the NAS-Identifier attribute. In the current configuration of the radiator for the NAS-Identifier, we use the client MAC value which is the identity of the router. NAS-Identifier = 00-0C-42-FA-53-30 The problem comes out when I want to change the identity of the router to something shorter or longer such as *BBVA39XZ*. In this case I am not receiving Accounting-On packet and I receive message on the log as* NOTICE: Request from unknown client 217.124.187.43 http://217.124.187.43: ignored.* I realised that when I change the router identity as 000C42FA5330 or ABDFDCBFFDAC I receive Accounting-On packet successfully. *Packet length = 52* *04 03 00 34 6f 88 bc 04 53 7b a6 53 76 eb f7 9e* *90 2d d3 99 28 06 00 00 00 07 20 0e 41 42 44 46* *44 43 42 46 46 44 41 43 29 06 00 00 00 00 04 06* *d9 7c bb 2b* *Code: Accounting-Request* *Identifier: 3* *Authentic: o1361884S{166Sv235247158144-211153* *Attributes:* * Acct-Status-Type = Accounting-On* * NAS-Identifier = ABDFDCBFFDAC* * Acct-Delay-Time = 0* * NAS-IP-Address = 217.124.187.43* * Called-Station-Id = ABDFDCBFFDAC* Seems like only the characters defined in hexadecimal are accepted by the radiator data dictionary. After realising this, I checked my data dictionary and I have the following definition: *ATTRIBUTE NAS-Identifier 32 string* Could you please tell me, which type I should put it in order to achieve what I want, or is there any way without changing the data dictionary? Regards, Bengi Saglam ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
On 28.11.2014 13.19, Bengi Sağlam wrote: I have a problem with the NAS-Identifier attribute. In the current configuration of the radiator for the NAS-Identifier, we use the client MAC value which is the identity of the router. NAS-Identifier = 00-0C-42-FA-53-30 Hello Bengi, if you have configured your Clients with MAC:... it means Radiator will check Called-Station-Id for match, not NAS-Identifier. In other words, I do not think this has anything to do with the dictionary but getting the correct value in Called-Station-Id. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
Radiator works on radius datagrams (ie examines the contents) from unknown client IPs? alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
On 28.11.2014 18.00, Alan Buxey wrote: Radiator works on radius datagrams (ie examines the contents) from unknown client IPs? It will look at the Called-Station-Id if you have configured Client like this (example from ref.pdf): Client MAC:2a-1f-09-5a-25-2a # ... /Client If the Client name starts with MAC: and it is followed by a MAC address, then Called-Station-Id can be used for matching if the IP address does not match first. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
Hello Heikki, Yes you are right, I configured my Clients with MAC. Previously I had problem I was not receiving Accounting-On packed, however I solved this problem by making a PreClientHook. Inside the hook I am getting Called-Station-Id. *PreClientHook sub { my $nasId = ${$_[0]}-get_attr('NAS-Identifier'); \* * my $stationId = ${$_[0]}-get_attr('Called-Station-Id'); \* * ${$_[0]}-add_attr('Called-Station-Id',$nasId) unless($stationId);}So Called-Station-Id is the copy of the NAS-Identifier. An example to the successful Accounting-On as following.In this example I managed to set a different NAS-Identifier value for the router identity .(router's real identity is :MAC:00-0C-42-FA-53-30 , when I changed this to the * *ABDFDCBFFDAC** string also it worked):* Code: Accounting-Request Identifier: 3 Authentic: o1361884S{166Sv235247158144-211153 Attributes: Acct-Status-Type = Accounting-On NAS-Identifier = ABDFDCBFFDAC Acct-Delay-Time = 0 NAS-IP-Address = 217.124.187.43 *Called-Station-Id = ABDFDCBFFDAC* However when I set some values which does not have the hexadecimal representation, then it fails. For example it does not work when I set the NAS-Identifier to the *BBVA39XZ* string. For this reason I had thought that maybe I could play with the data dictionary and remove the restriction about hexadecimal values and make it acceptable for all characters in the Alphabet. Thanks, Bengi. On Fri, Nov 28, 2014 at 4:53 PM, Heikki Vatiainen h...@open.com.au wrote: On 28.11.2014 13.19, Bengi Sağlam wrote: I have a problem with the NAS-Identifier attribute. In the current configuration of the radiator for the NAS-Identifier, we use the client MAC value which is the identity of the router. NAS-Identifier = 00-0C-42-FA-53-30 Hello Bengi, if you have configured your Clients with MAC:... it means Radiator will check Called-Station-Id for match, not NAS-Identifier. In other words, I do not think this has anything to do with the dictionary but getting the correct value in Called-Station-Id. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: (RADIATOR) NAS-Identifier value
Thanx a lot, Hugh. El 28 Aug 2001, a las 9:58, Hugh Irvine escribió: Hello Mariano - On Monday 27 August 2001 23:04, Mariano Absatz wrote: Hi, for what I understand of the standard (RFC2865 section 5.32) the NAS- Identifier attribute is an arbitrary string used to identify the NAS. Yes, although it is usually a fully qualified domain name, and that is what Radiator expects it to be. However, when I put a simple string in a ClientListSQL it complains that it can´t resolve an address for it. I had something like this: == ClientListSQL # Client (NAS) info is in the database include %{GlobalVar:ConfigDir}/DBUseData.cfg GetClientQuery SELECT \ NAS_IDENTIFIER, NAS_SECRET, \ NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \ NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \ NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \ NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \ NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \ NAS_PREHANDLERHOOK \ FROM NAS /ClientListSQL == The message in the log is: == Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1 Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1 == However, in the database, NAS_IDENTIFIER is a common name (in fact, it's the table's id field) and I have a NAS_IP_ADDRESS field. Re-reading the manual, I see there is no place to hold the NAS-IP-Address... should I use NAS_IP_ADDRESS as the first field in the query? All the fields ar taken in order? that is, it works as if it had an implied ClientColumnDef or something like that? Yes, the fields are taken in order. From section 6.6.2 in the Radiator 2.18.2 reference manual: Your database table must include at least the first and second fields (i.e. the NAS name or IP address and the shared secret). All the other fields are optional, but if they occur, they must occur in the same order. When they occur, they are used to initialize the Client parameter of the same name as shown above. The FRAMEDGROUPBASEADDRESS column may contain multiple comma-separated base addresses. # Our custom client table only has NAS identifier, # shared secret and default realm in it: GetClientQuery select NAME,SECRET,NULL,NULL,DREALM hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. -- Mariano Absatz El Baby -- Error, no keyboard - press F1 to continue. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS-Identifier value
Hi, for what I understand of the standard (RFC2865 section 5.32) the NAS- Identifier attribute is an arbitrary string used to identify the NAS. However, when I put a simple string in a ClientListSQL it complains that it can´t resolve an address for it. I had something like this: == ClientListSQL # Client (NAS) info is in the database include %{GlobalVar:ConfigDir}/DBUseData.cfg GetClientQuery SELECT \ NAS_IDENTIFIER, NAS_SECRET, \ NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \ NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \ NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \ NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \ NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \ NAS_PREHANDLERHOOK \ FROM NAS /ClientListSQL == The message in the log is: == Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1 Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1 == However, in the database, NAS_IDENTIFIER is a common name (in fact, it's the table's id field) and I have a NAS_IP_ADDRESS field. Re-reading the manual, I see there is no place to hold the NAS-IP-Address... should I use NAS_IP_ADDRESS as the first field in the query? All the fields ar taken in order? that is, it works as if it had an implied ClientColumnDef or something like that? TIA. -- Mariano Absatz El Baby -- Your e-mail has been returned due to insufficient voltage. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS-Identifier value
Hello Mariano - On Monday 27 August 2001 23:04, Mariano Absatz wrote: Hi, for what I understand of the standard (RFC2865 section 5.32) the NAS- Identifier attribute is an arbitrary string used to identify the NAS. Yes, although it is usually a fully qualified domain name, and that is what Radiator expects it to be. However, when I put a simple string in a ClientListSQL it complains that it can´t resolve an address for it. I had something like this: == ClientListSQL # Client (NAS) info is in the database include %{GlobalVar:ConfigDir}/DBUseData.cfg GetClientQuery SELECT \ NAS_IDENTIFIER, NAS_SECRET, \ NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \ NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \ NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \ NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \ NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \ NAS_PREHANDLERHOOK \ FROM NAS /ClientListSQL == The message in the log is: == Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1 Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1 == However, in the database, NAS_IDENTIFIER is a common name (in fact, it's the table's id field) and I have a NAS_IP_ADDRESS field. Re-reading the manual, I see there is no place to hold the NAS-IP-Address... should I use NAS_IP_ADDRESS as the first field in the query? All the fields ar taken in order? that is, it works as if it had an implied ClientColumnDef or something like that? Yes, the fields are taken in order. From section 6.6.2 in the Radiator 2.18.2 reference manual: Your database table must include at least the first and second fields (i.e. the NAS name or IP address and the shared secret). All the other fields are optional, but if they occur, they must occur in the same order. When they occur, they are used to initialize the Client parameter of the same name as shown above. The FRAMEDGROUPBASEADDRESS column may contain multiple comma-separated base addresses. # Our custom client table only has NAS identifier, # shared secret and default realm in it: GetClientQuery select NAME,SECRET,NULL,NULL,DREALM hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS Identifier while running radpwtst
At 11:48 +0500 8/11/00, cistron wrote: Dear friends, While running Radiator 2.16.3 I am not getting NAS Identifier although I am specifying it nas_ip_address at the command prompt. Can we get the identifier. I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug showing what is happening. thanks Hugh -- -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS Identifier while running radpwtst
Dear friends, While running Radiator 2.16.3 I am not getting NAS Identifier although I am specifying it nas_ip_address at the command prompt. Can we get the identifier. Thanks and Regards. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS-Identifier
In getting Radiator to work with a Nortel CVX 1800, I found that it sends NAS-Identifier but not NAS-IP-Address. As a result Radiator doesn't do quite what you expect unless you tell the Nortel box to send its IP address in NAS-Identifier. There should probably be a warning in the manual about this, It would be nice if Radiator would write a warning or error in the logfile when it gets a NAS-Identifier that doesn't look like an IP address. Jim [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.