Re: (RADIATOR) replyattr and fixed ip's

[Mike McCauley]

On Apr 16, 10:09am, me wrote:
 Subject: Re: (RADIATOR) replyattr and fixed ip's
 Hi I understood all but part 3

I meant that you should check that your NAS will allocate an address from its
pool if and only if there was no static address sent back by Radiator. Thats
the normal behaviour for a NAS, but you should check.

Cheers.



 I assume you meant, that the pool specified in our NAS does not contain
 any of the statis IP's

 Iqbal

 Mike McCauley wrote:
 
  Hello Iqbal,
 
  On Apr 15, 11:54am, me wrote:
   Subject: (RADIATOR) replyattr and fixed ip's
   Hi
  
   I origiannly used to have asimple query which authenticated users fine
   select Password etc etc , however I now want to assign some of my users
   with fixed IP addresses (they are currently assigned from a pool in our
   NAS).
  OK, should be no problem.
 
  
   The fixed IP's used to be assigned from the flat radius users file
   Fixed-IP-Address=xxx.xxx.xxx.xxx
  I guess you mean Framed-IP-Address, but fine.
 
  
   However when i went down the sql route I cant seem to assign these fixed
   IP, the "normal" customers work fine.
  
   Then i decided to alter the Authselect statement
  
   ...select PASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where
   USERNAME='%n'
  Hmm, its a bit hard to tell without seeing your config file, but I would
  suggect this approach:
 
  1. Make a new column in your database for the framed ip address, call it,
say
  FRAMEDIPADDRESS.
 
  2. use this in your config file:
  AuthSelect select PASSWORD,FRAMEDIPADDRESS from SUBSCRIBERS \
  where USERNAME='%n'
  AuthColumnDef 0,User-Password,check
  AuthColumnDef 1,Framed-IP-Address,reply
 
  Then, whenever a user has an entry in FRAMEDIPADDRESS, it will be used to
set
  Framed-IP-Address in the reply. If FRAMEDIPADDRESS is NULL, then it will
not be
  set in the reply.
 
  3. Make sure your NAS uses a pool adddress of a static address is not
supplied
  by radius.
 
  (it _is_ possible to do something similar using REPLYATTR as you are
trying,
  but its a bit harder to set up, and wastes some space)
 
  Hope that helps.
 
  Cheers.
 
  
   now nothing gets access no dynamic IP customers or fixed.
  
   I had a look at the logfile, and in there it does say Access Accept
  
   Thu Apr 15 10:57:34 1999: DEBUG: Handling request with Handler 'Realm='
   Thu Apr 15 10:57:34 1999: DEBUG: Handling with Radius::AuthSQL
   Thu Apr 15 10:57:34 1999: DEBUG: Query is: select PASSWORD, CHECKATTR,
   REPLYATTR
  
 from SUBSCRIBERS where USERNAME='mirza'
  
   Thu Apr 15 10:57:34 1999: DEBUG: Radius::AuthSQL looks for match with
   mirza
   Thu Apr 15 10:57:34 1999: DEBUG: Packet dump:
   *** Sending to 193.218.160.68 port 3760 
   Code:   Access-Accept
   Identifier: 13
   Authentic:  721196u0u2418800M100l153
   Attributes:
   Service-Type = Framed
   Framed-Protocol = PPP
   Framed-IP-Netmask = 255.255.255.0
   Framed-Routing = None
   Framed-MTU = 1500
   Framed-Compression = Van-Jacobson-TCP-IP
  
   etc etc
  
   but they get an entry into the accounting logs, then disconnect. the
   fixed Ips dont even get that far.
  
   My CheckATTR in the db is NULL, but the replies are the ones above. I
   havent got any replies for fixed IP ones cause they dont get that far.
  
   Iqbal
  
   ===
   To unsubscribe, email '[EMAIL PROTECTED]' with
   'unsubscribe radiator' in the body of the message.
  -- End of excerpt from me
 
  --
  Mike McCauley   [EMAIL PROTECTED]
  Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
  24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
  Phone +61 3 9598-0985   Fax   +61 3 9598-0955
 
  Radiator: the most portable, flexible and configurable RADIUS server
  anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
  Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody

 ===
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
-- End of excerpt from me



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) replyattr and fixed ip's

[me]

Hi

I've changed my table defs to include a coulmn for FRAMEDIPADDRESS etc,
and also changed the radius config file , but I get an error, for fixed
IP customers still.

ERR: Bad Attribute=value pair: 193.218.160.249 

And then it drops the user.

Iqbal

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) replyattr and fixed ip's

[Mike McCauley]

Hello Iqbal,

On Apr 15, 11:54am, me wrote:
 Subject: (RADIATOR) replyattr and fixed ip's
 Hi

 I origiannly used to have asimple query which authenticated users fine
 select Password etc etc , however I now want to assign some of my users
 with fixed IP addresses (they are currently assigned from a pool in our
 NAS).
OK, should be no problem.


 The fixed IP's used to be assigned from the flat radius users file
 Fixed-IP-Address=xxx.xxx.xxx.xxx
I guess you mean Framed-IP-Address, but fine.


 However when i went down the sql route I cant seem to assign these fixed
 IP, the "normal" customers work fine.

 Then i decided to alter the Authselect statement

 ...select PASSWORD,CHECKATTR,REPLYATTR from SUBSCRIBERS where
 USERNAME='%n'
Hmm, its a bit hard to tell without seeing your config file, but I would
suggect this approach:

1. Make a new column in your database for the framed ip address, call it, say
FRAMEDIPADDRESS.

2. use this in your config file:
AuthSelect select PASSWORD,FRAMEDIPADDRESS from SUBSCRIBERS \
where USERNAME='%n'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Framed-IP-Address,reply

Then, whenever a user has an entry in FRAMEDIPADDRESS, it will be used to set
Framed-IP-Address in the reply. If FRAMEDIPADDRESS is NULL, then it will not be
set in the reply.

3. Make sure your NAS uses a pool adddress of a static address is not supplied
by radius.

(it _is_ possible to do something similar using REPLYATTR as you are trying,
but its a bit harder to set up, and wastes some space)

Hope that helps.

Cheers.


 now nothing gets access no dynamic IP customers or fixed.

 I had a look at the logfile, and in there it does say Access Accept

 Thu Apr 15 10:57:34 1999: DEBUG: Handling request with Handler 'Realm='
 Thu Apr 15 10:57:34 1999: DEBUG: Handling with Radius::AuthSQL
 Thu Apr 15 10:57:34 1999: DEBUG: Query is: select PASSWORD, CHECKATTR,
 REPLYATTR

   from SUBSCRIBERS where USERNAME='mirza'

 Thu Apr 15 10:57:34 1999: DEBUG: Radius::AuthSQL looks for match with
 mirza
 Thu Apr 15 10:57:34 1999: DEBUG: Packet dump:
 *** Sending to 193.218.160.68 port 3760 
 Code:   Access-Accept
 Identifier: 13
 Authentic:  721196u0u2418800M100l153
 Attributes:
 Service-Type = Framed
 Framed-Protocol = PPP
 Framed-IP-Netmask = 255.255.255.0
 Framed-Routing = None
 Framed-MTU = 1500
 Framed-Compression = Van-Jacobson-TCP-IP

 etc etc

 but they get an entry into the accounting logs, then disconnect. the
 fixed Ips dont even get that far.

 My CheckATTR in the db is NULL, but the replies are the ones above. I
 havent got any replies for fixed IP ones cause they dont get that far.

 Iqbal

 ===
 To unsubscribe, email '[EMAIL PROTECTED]' with
 'unsubscribe radiator' in the body of the message.
-- End of excerpt from me



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.