This is the last portion of my config file.  The result I am looking for is
as follows.

We want to authenticate until we have an accept.  We have two ISP's so what
happens is that we try to authenticate from the primary ISP's radius server
first and if authentication fails then it moves to the second ISP's radius
server and try's to pass there.

This is an excerpt from the radius.cfg

<Handler>

    PasswordLogFileName %L/password
    AuthByPolicy        ContinueUntilAccept
    RewriteUsername     s/^([^@]+).*/$1/
    RewriteUsername     tr/-A-Za-z0-9\.\@//cd

    <AuthBy RADIUS>
        Host            radius_ip
        Secret          password

        AddToReply      Class=GRD
    </AuthBy>

    <AuthBy RADIUS>
        Host            radius_ip2
        Secret          password
    </AuthBy>

</Handler>

These are the undesired results I get from the logfile.

Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Received from 209.162.32.254 port 48630 ....

Packet length = 70
01 e0 00 46 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 08 72 6f 62 65 72 74 06 06 00 00
00 02 04 06 cb 3f 9a 01 05 06 00 00 04 d2 3d 06
00 00 00 00 02 12 60 37 8b 32 91 f3 75 0b 5b ca
46 34 73 f4 7e 66
Code:       Access-Request
Identifier: 224
Authentic:  1234567890123456
Attributes:
        User-Name = "robert"
        Service-Type = Framed-User
        Client-Id = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        User-Password = "`7<139>2<145><243>u<11>[<202>F4s<244>~f"

Mon Aug 30 10:10:59 1999: DEBUG: Check if Handler Called-Station-Id=12345
should be used to handle this request
Mon Aug 30 10:10:59 1999: DEBUG: Check if Handler Realm=lightspeed.net
should be used to handle this request
Mon Aug 30 10:10:59 1999: DEBUG: Check if Handler Class=LSN should be used
to handle this request
Mon Aug 30 10:10:59 1999: DEBUG: Check if Handler  should be used to handle
this request
Mon Aug 30 10:10:59 1999: DEBUG: Handling request with Handler ''
Mon Aug 30 10:10:59 1999: DEBUG: Rewrote user name to robert
Mon Aug 30 10:10:59 1999: DEBUG: Rewrote user name to robert
Mon Aug 30 10:10:59 1999: DEBUG: Deleting session for robert, 203.63.154.1,
1234
Mon Aug 30 10:10:59 1999: DEBUG: Handling with Radius::AuthRADIUS
Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Sending to 209.162.0.254 port 1645 ....
Code:       Access-Request
Identifier: 4
Authentic:  1234567890123456
Attributes:
        User-Name = "robert"
        Service-Type = Framed-User
        Client-Id = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        User-Password = "`7<139>2<145><243>u<11>[<202>F4s<244>~f"

Mon Aug 30 10:10:59 1999: DEBUG: Handling with Radius::AuthRADIUS
Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Sending to 209.165.6.239 port 1645 ....
Code:       Access-Request
Identifier: 4
Authentic:  1234567890123456
Attributes:
        User-Name = "robert"
        Service-Type = Framed-User
        Client-Id = 203.63.154.1
        NAS-Port = 1234
        NAS-Port-Type = Async
        User-Password = "`7<139>2<145><243>u<11>[<202>F4s<244>~f"

Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Received from 209.162.0.254 port 1645 ....

Packet length = 35
03 04 00 23 2e cb 9f b4 ba 27 5f 59 83 cc d0 55
f2 f7 b9 d3 12 0f 41 63 63 65 73 73 20 64 65 6e
69 65 64
Code:       Access-Reject
Identifier: 4
Authentic:  .<203><159><180><186>'_Y<131><204><208>U<242><247><185><211>
Attributes:
        Port-Message = "Access denied"

Mon Aug 30 10:10:59 1999: DEBUG: Received reply in AuthRADIUS for req 4 from
209.162.0.254:1645
Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Sending to 209.162.32.254 port 48630 ....
Code:       Access-Reject
Identifier: 224
Authentic:  1234567890123456
Attributes:
        Port-Message = "Access denied"
        Class = "GRD"

Mon Aug 30 10:10:59 1999: ERR: Attribute number 111 (vendor ) is not defined
in your dictionary
Mon Aug 30 10:10:59 1999: ERR: Attribute number 155 (vendor ) is not defined
in your dictionary
Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Received from 209.165.6.239 port 1645 ....

Packet length = 49
02 04 00 31 78 c0 30 44 2f a9 69 9e b7 e4 38 95
ee e4 78 2f 06 06 00 00 00 02 07 06 00 00 00 01
6f 06 00 00 00 01 9b 06 00 00 00 01 19 05 4c 53
4e
Code:       Access-Accept
Identifier: 4
Authentic:  x<192>0D/<169>i<158><183><228>8<149><238><228>x/
Attributes:
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Class = "LSN"

Mon Aug 30 10:10:59 1999: DEBUG: Received reply in AuthRADIUS for req 4 from
209.165.6.239:1645
Mon Aug 30 10:10:59 1999: DEBUG: Packet dump:
*** Sending to 209.162.32.254 port 48630 ....
Code:       Access-Accept
Identifier: 224
Authentic:  1234567890123456
Attributes:
        Port-Message = "Access denied"
        Class = "GRD"
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Class = "LSN"

The end result is it fails.

Any ideas on how to make this work properly I would appreciate it.

I would prefer that these attributes,

        Port-Message = "Access denied"
        Class = "GRD"

did not show up as well on the accept.

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to