Hello Chen -
On Wed, 25 Aug 1999, Chen Shiyuan wrote:
> Hello!
>
> I am very new to Radiator and encountered this funny problem and is
> wondering if anyone can help me with it. I am using Radiator-2.14.1 .
>
> Basically, I have an Ascend MAX 4060 which allows users to dialin in and
> access the Internet via PPP. Windows95 users have no problem dialing in
> via the dialup networking BUT users who manually dialin and then type PPP
> at the ascend% prompt after they have logined are given this message :-
>
> Requested Service is Not Authorized!
>
> I used to have no problems when using Radius-2.x .
>
Which Radius is this?
> Here is my corresponding /etc/raddb/defuser file which I included from my
> radius.cfg :-
>
> DEFAULT Service-Type = Framed-User
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.0,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
>
I notice in your DEFAULT user above that the only Check item is
Service-Type = Framed-User
This will never match a command line request from the NAS. Also note that many
NAS's (Cisco's notably) also require a Reply item of
Service-Type = Framed-User
in addition to the rest of the Reply items.
> And here is my radius.cfg :-
>
> Foreground
> LogStdout
> DbDir /etc/raddb
>
> <ClientListSQL>
> DBSource xxxxxx
> DBUsername xxxxxx
> DBAuth xxxxxx
> </ClientListSQL>
>
> <Log SQL>
> DBSource xxxxxx
> DBUsername xxxxxx
> DBAuth xxxxxx
> </Log>
>
> <Realm DEFAULT>
> MaxSessions 1
> <AuthBy SQL>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource xxxxxx
> DBUsername xxxxxx
> DBAuth xxxxxx
> AuthColumnDef 0, Encrypted-Password, check
> # You may want to tailor these for your ACCOUNTING table
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-Address
> </AuthBy>
> <AuthBy FILE>
> Filename /etc/raddb/defuser
> </AuthBy>
> </Realm>
>
I also notice in your <Realm DEFAULT> that you do not have an AuthByPolicy
declaration - this means that you will never execute the <AuthBy FILE>.
See Section 6.19.1 in the Radiator 2.14.1 reference manual.
> Does anyone have any idea how I can solve my problems? I need to solve it
> urgently.
>
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.