[RADIATOR] NAS-Identifier definition in the radiator data dictionary
Hi all,
I have a problem with the NAS-Identifier attribute. In the current
configuration of the radiator for the NAS-Identifier, we use the client MAC
value which is the identity of the router.
NAS-Identifier = 00-0C-42-FA-53-30
The problem comes out when I want to change the identity of the router to
something shorter or longer such as *BBVA39XZ*. In this case I am not
receiving Accounting-On packet and I receive message on the log as* NOTICE:
Request from unknown client 217.124.187.43 http://217.124.187.43:
ignored.*
I realised that when I change the router identity as 000C42FA5330 or
ABDFDCBFFDAC I receive Accounting-On packet successfully.
*Packet length = 52*
*04 03 00 34 6f 88 bc 04 53 7b a6 53 76 eb f7 9e*
*90 2d d3 99 28 06 00 00 00 07 20 0e 41 42 44 46*
*44 43 42 46 46 44 41 43 29 06 00 00 00 00 04 06*
*d9 7c bb 2b*
*Code: Accounting-Request*
*Identifier: 3*
*Authentic: o1361884S{166Sv235247158144-211153*
*Attributes:*
* Acct-Status-Type = Accounting-On*
* NAS-Identifier = ABDFDCBFFDAC*
* Acct-Delay-Time = 0*
* NAS-IP-Address = 217.124.187.43*
* Called-Station-Id = ABDFDCBFFDAC*
Seems like only the characters defined in hexadecimal are accepted by the
radiator data dictionary. After realising this, I checked my data
dictionary and I have the following definition:
*ATTRIBUTE NAS-Identifier 32 string*
Could you please tell me, which type I should put it in order to achieve
what I want, or is there any way without changing the data dictionary?
Regards,
Bengi Saglam
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
On 28.11.2014 13.19, Bengi Sağlam wrote: I have a problem with the NAS-Identifier attribute. In the current configuration of the radiator for the NAS-Identifier, we use the client MAC value which is the identity of the router. NAS-Identifier = 00-0C-42-FA-53-30 Hello Bengi, if you have configured your Clients with MAC:... it means Radiator will check Called-Station-Id for match, not NAS-Identifier. In other words, I do not think this has anything to do with the dictionary but getting the correct value in Called-Station-Id. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
Radiator works on radius datagrams (ie examines the contents) from unknown client IPs? alan -- Sent from my Android device with K-9 Mail. Please excuse my brevity.___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
On 28.11.2014 18.00, Alan Buxey wrote: Radiator works on radius datagrams (ie examines the contents) from unknown client IPs? It will look at the Called-Station-Id if you have configured Client like this (example from ref.pdf): Client MAC:2a-1f-09-5a-25-2a # ... /Client If the Client name starts with MAC: and it is followed by a MAC address, then Called-Station-Id can be used for matching if the IP address does not match first. Thanks, Heikki -- Heikki Vatiainen h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] NAS-Identifier definition in the radiator data dictionary
Hello Heikki,
Yes you are right, I configured my Clients with MAC. Previously I had
problem I was not receiving Accounting-On packed, however I solved this
problem by making a PreClientHook. Inside the hook I am getting
Called-Station-Id.
*PreClientHook sub { my $nasId = ${$_[0]}-get_attr('NAS-Identifier'); \*
* my $stationId = ${$_[0]}-get_attr('Called-Station-Id'); \*
* ${$_[0]}-add_attr('Called-Station-Id',$nasId) unless($stationId);}So
Called-Station-Id is the copy of the NAS-Identifier. An example to
the successful Accounting-On as following.In this example I managed to set
a different NAS-Identifier value for the router identity .(router's real
identity is :MAC:00-0C-42-FA-53-30 , when I changed this to the *
*ABDFDCBFFDAC** string also it worked):*
Code: Accounting-Request
Identifier: 3
Authentic: o1361884S{166Sv235247158144-211153
Attributes:
Acct-Status-Type = Accounting-On
NAS-Identifier = ABDFDCBFFDAC
Acct-Delay-Time = 0
NAS-IP-Address = 217.124.187.43
*Called-Station-Id = ABDFDCBFFDAC*
However when I set some values which does not have the hexadecimal
representation, then it fails. For example it does not work when I set the
NAS-Identifier to the *BBVA39XZ* string. For this reason I had thought
that maybe I could play with the data dictionary and remove the restriction
about hexadecimal values and make it acceptable for all characters in the
Alphabet.
Thanks,
Bengi.
On Fri, Nov 28, 2014 at 4:53 PM, Heikki Vatiainen h...@open.com.au wrote:
On 28.11.2014 13.19, Bengi Sağlam wrote:
I have a problem with the NAS-Identifier attribute. In the current
configuration of the radiator for the NAS-Identifier, we use the client
MAC value which is the identity of the router.
NAS-Identifier = 00-0C-42-FA-53-30
Hello Bengi,
if you have configured your Clients with MAC:... it means Radiator will
check Called-Station-Id for match, not NAS-Identifier.
In other words, I do not think this has anything to do with the
dictionary but getting the correct value in Called-Station-Id.
Thanks,
Heikki
--
Heikki Vatiainen h...@open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: (RADIATOR) NAS-Identifier value
Thanx a lot, Hugh.
El 28 Aug 2001, a las 9:58, Hugh Irvine escribió:
Hello Mariano -
On Monday 27 August 2001 23:04, Mariano Absatz wrote:
Hi,
for what I understand of the standard (RFC2865 section 5.32) the NAS-
Identifier attribute is an arbitrary string used to identify the NAS.
Yes, although it is usually a fully qualified domain name, and that is what
Radiator expects it to be.
However, when I put a simple string in a ClientListSQL it complains that
it can´t resolve an address for it.
I had something like this:
==
ClientListSQL
# Client (NAS) info is in the database
include %{GlobalVar:ConfigDir}/DBUseData.cfg
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS
/ClientListSQL
==
The message in the log is:
==
Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1
Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1
==
However, in the database, NAS_IDENTIFIER is a common name (in fact, it's
the table's id field) and I have a NAS_IP_ADDRESS field.
Re-reading the manual, I see there is no place to hold the
NAS-IP-Address... should I use NAS_IP_ADDRESS as the first field in the
query?
All the fields ar taken in order? that is, it works as if it had an
implied ClientColumnDef or something like that?
Yes, the fields are taken in order.
From section 6.6.2 in the Radiator 2.18.2 reference manual:
Your database table must include at least the first and second fields (i.e.
the NAS name or IP address and the shared secret). All the other fields are
optional, but if they occur, they must occur in the same order. When they
occur, they are used to initialize the Client parameter of the same name as
shown above. The FRAMEDGROUPBASEADDRESS column may contain multiple
comma-separated base addresses.
# Our custom client table only has NAS identifier,
# shared secret and default realm in it:
GetClientQuery select NAME,SECRET,NULL,NULL,DREALM
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
--
Mariano Absatz
El Baby
--
Error, no keyboard - press F1 to continue.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS-Identifier value
Hi,
for what I understand of the standard (RFC2865 section 5.32) the NAS-
Identifier attribute is an arbitrary string used to identify the NAS.
However, when I put a simple string in a ClientListSQL it complains that it
can´t resolve an address for it.
I had something like this:
==
ClientListSQL
# Client (NAS) info is in the database
include %{GlobalVar:ConfigDir}/DBUseData.cfg
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS
/ClientListSQL
==
The message in the log is:
==
Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1
Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1
==
However, in the database, NAS_IDENTIFIER is a common name (in fact, it's the
table's id field) and I have a NAS_IP_ADDRESS field.
Re-reading the manual, I see there is no place to hold the NAS-IP-Address...
should I use NAS_IP_ADDRESS as the first field in the query?
All the fields ar taken in order? that is, it works as if it had an implied
ClientColumnDef or something like that?
TIA.
--
Mariano Absatz
El Baby
--
Your e-mail has been returned due to insufficient voltage.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS-Identifier value
Hello Mariano -
On Monday 27 August 2001 23:04, Mariano Absatz wrote:
Hi,
for what I understand of the standard (RFC2865 section 5.32) the NAS-
Identifier attribute is an arbitrary string used to identify the NAS.
Yes, although it is usually a fully qualified domain name, and that is what
Radiator expects it to be.
However, when I put a simple string in a ClientListSQL it complains that
it can´t resolve an address for it.
I had something like this:
==
ClientListSQL
# Client (NAS) info is in the database
include %{GlobalVar:ConfigDir}/DBUseData.cfg
GetClientQuery SELECT \
NAS_IDENTIFIER, NAS_SECRET, \
NAS_IGNOREACCTSIGNATURE, NAS_DUPINTERVAL, \
NAS_DEFAULTREALM, NAS_TYPE, NAS_SNMPCOMMUNITY, \
NAS_LIVINGSTONOFFS, NAS_LIVINGSTONHOLE, \
NAS_FRAMEDGROUPBASEADDRESS, NAS_FRAMEDGROUPMAXPORTSPERCLAS, \
NAS_REWRITEUSERNAME, NAS_NOIGNOREDUPLICATES, \
NAS_PREHANDLERHOOK \
FROM NAS
/ClientListSQL
==
The message in the log is:
==
Sat Aug 25 12:07:40 2001: ERR: Could not resolve an address for Client CPM1
Sat Aug 25 12:07:41 2001: INFO: Server started: Radiator 2.18.2 on radius1
==
However, in the database, NAS_IDENTIFIER is a common name (in fact, it's
the table's id field) and I have a NAS_IP_ADDRESS field.
Re-reading the manual, I see there is no place to hold the
NAS-IP-Address... should I use NAS_IP_ADDRESS as the first field in the
query?
All the fields ar taken in order? that is, it works as if it had an
implied ClientColumnDef or something like that?
Yes, the fields are taken in order.
From section 6.6.2 in the Radiator 2.18.2 reference manual:
Your database table must include at least the first and second fields (i.e.
the NAS name or IP address and the shared secret). All the other fields are
optional, but if they occur, they must occur in the same order. When they
occur, they are used to initialize the Client parameter of the same name as
shown above. The FRAMEDGROUPBASEADDRESS column may contain multiple
comma-separated base addresses.
# Our custom client table only has NAS identifier,
# shared secret and default realm in it:
GetClientQuery select NAME,SECRET,NULL,NULL,DREALM
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) NAS Identifier while running radpwtst
At 11:48 +0500 8/11/00, cistron wrote: Dear friends, While running Radiator 2.16.3 I am not getting NAS Identifier although I am specifying it nas_ip_address at the command prompt. Can we get the identifier. I will need to see a copy of your configuration file (no secrets) together with a trace 4 debug showing what is happening. thanks Hugh -- -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS Identifier while running radpwtst
Dear friends, While running Radiator 2.16.3 I am not getting NAS Identifier although I am specifying it nas_ip_address at the command prompt. Can we get the identifier. Thanks and Regards. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) NAS-Identifier
In getting Radiator to work with a Nortel CVX 1800, I found that it sends NAS-Identifier but not NAS-IP-Address. As a result Radiator doesn't do quite what you expect unless you tell the Nortel box to send its IP address in NAS-Identifier. There should probably be a warning in the manual about this, It would be nice if Radiator would write a warning or error in the logfile when it gets a NAS-Identifier that doesn't look like an IP address. Jim [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
