Hi,
Found a problem. We got a configuration with 3 AuthBy Radius. 2 are going
to the internal network and 1 is going to the internet.
Here is my configuration:
AuthPort 1645
AcctPort 1646
BindAddress 212.123.129.70
LogDir /var/log/radiusd
DbDir /usr/local/etc/raddb
LogFile %L/%d%m%Y-proxy-vtel.log
PidFile /var/run/proxy.pid
DictionaryFile %D/dictionary
RewriteUsername tr/[A-Z]/[a-z]/
Trace 3
<Client 212.123.129.68>
Secret free4all
</Client>
<Client 212.48.47.15>
Secret verwish
IdenticalClients 212.48.47.130 212.48.47.131 212.48.47.132 212.48.47.135
PreHandlerHook sub { \
my $calledid = ${$_[0]}->get_attr('Calling-Station-Id');\
if (${calledid} =~ /0302413197/) {\
${$_[0]}->add_attr('backbone','baduser'); return;\
}\
}
</Client>
<AuthBy FILE>
Identifier reject
Filename %D/reject-users
</AuthBy>
<AuthBy RADIUS>
Identifier radius
Host 10.1.0.18
AuthPort 1645
AcctPort
Secret <secret>
LocalAddress 10.1.0.12
NoForwardAccounting
</AuthBy>
<AuthBy RADIUS>
Identifier accounting
Host 10.1.0.19
AuthPort
AcctPort 1646
Secret <secret>
LocalAddress 10.1.0.12
NoForwardAuthentication
</AuthBy>
<AuthBy RADIUS>
Identifier other
Host 212.123.129.38
AuthPort
AcctPort 1299
Secret <secret>
LocalAddress 212.123.129.70
NoForwardAuthentication
Retries 1
</AuthBy>
<AuthBy RADIUS>
Identifier details
Host 10.1.0.11
AuthPort
AcctPort 1646
Secret <secret>
LocalAddress 10.1.0.12
NoForwardAuthentication
</AuthBy>
<Handler backbone="baduser">
AuthBy reject
</Handler>
<Handler User-Name = /[^a-zA-Z0-9_-]/>
AuthBy reject
</Handler>
<Handler>
AuthByPolicy ContinueWhileIgnore
AuthBy radius
AuthBy accounting
AuthBy other
</Handler>
** END **
Ok, so you can see i'm sending the information to radius then to accounting
after that to other.
If i'm starting Radiator I'll recieve on 212.123.129.38 this kind of packages:
fw01# tcpdump host 10.1.0.12
tcpdump: listening on fxp0
21:07:08.616258 10.1.0.12.4218 > 212.123.129.38.1299: udp 108
21:07:09.995647 10.1.0.12.4218 > 212.123.129.38.1299: udp 171
21:07:11.295933 10.1.0.12.4218 > 212.123.129.38.1299: udp 162
21:07:13.502698 10.1.0.12.4218 > 212.123.129.38.1299: udp 111
21:07:13.505383 10.1.0.12.4218 > 212.123.129.38.1299: udp 108
21:07:14.116588 10.1.0.12.4218 > 212.123.129.38.1299: udp 109
21:07:14.646102 10.1.0.12.4218 > 212.123.129.38.1299: udp 171
21:07:14.932085 10.1.0.12.4218 > 212.123.129.38.1299: udp 109
If I'm changing it in our configuration that the information goes first to other
then to radius and then to accounting, i'll get information on my 'Authby
radius' server:
Thu Aug 24 18:47:59 2000: DEBUG: Packet dump:
*** Sending to 10.1.0.12 port 4199 ....
Code: Access-Accept
Identifier: 183
Authentic: 1<194><159><229><21><14><190><178>>B<191><228>R<183>|b
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-MTU = 1500
Port-Limit = 2
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Client-Primary-DNS = 212.123.129.79
Ascend-Client-Secondary-DNS = 212.123.128.16
Thu Aug 24 18:48:04 2000: DEBUG: Packet dump:
*** Received from 212.123.129.70 port 4210 ....
Code: Access-Request
Identifier: 1
Authentic: >H7<192>a<252>C`Z<212><1><187>`<20>BV
Attributes:
User-Password =
"<230><173><244>p<201>A<173><205><189><180>iL<231><3><25>0"
User-Name = "jcstraver"
NAS-Identifier = "cvx_rot_03"
Called-Station-Id = "183750045"
Calling-Station-Id = "184685227"
NAS-Port = 16385
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Nortel = " $Id: Aptis.vinfo ImageName=fepmd Version=2.0.3p12
BuildNumber=1892 BuildDate=01/18/2000
BuildTime=16:32:43 Machine=BUILD02 User=Build TargetBoard=scc
TargetProcessor=PPC603 Branch=p202 Exp $
"
Thu Aug 24 18:48:04 2000: DEBUG: Check if Handler should be used to handle this
request
Thu Aug 24 18:48:04 2000: DEBUG: Handling request with Handler ''
Thu Aug 24 18:48:04 2000: DEBUG: Deleting session for jcstraver,
212.123.129.70, 16385
Thu Aug 24 18:48:04 2000: DEBUG: Handling with Radius::AuthLDAP2
Thu Aug 24 18:48:04 2000: DEBUG: LDAP got result for cn=jcstraver, o=Wish, c=NL
Thu Aug 24 18:48:04 2000: DEBUG: LDAP got userpassword:
<secret>
Thu Aug 24 18:48:04 2000: DEBUG: Radius::AuthLDAP2 looks for match with
jcstraver
Thu Aug 24 18:48:04 2000: DEBUG: Radius::AuthLDAP2 ACCEPT:
Thu Aug 24 18:48:04 2000: DEBUG: Access accepted for jcstraver
Thu Aug 24 18:48:04 2000: DEBUG: Packet dump:
*** Sending to 212.123.129.70 port 4210 ....
Code: Access-Accept
Identifier: 1
Authentic: >H7<192>a<252>C`Z<212><1><187>`<20>BV
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-MTU = 1500
Port-Limit = 2
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Client-Primary-DNS = 212.123.129.79
Ascend-Client-Secondary-DNS = 212.123.128.16
Thu Aug 24 18:48:04 2000: ERR: sendTo: send failed: No route to host
** END **
What u can see above is that normally i'll recieve packages from 10.1.0.12 but
if I restart the radius proxy, then i'll recieve auth. packages from
212.123.129.70!!!
Is this a known problem or this new problem.
--
Regards,
Robin Gruyters - [EMAIL PROTECTED] - WISH BV - nic-hdl: RG3771-RIPE
http://www.wish.nl - tel: +31(0)413242500 - fax. +31(0)208762628
PGP key ID DEB8C991 - Head Engineering / Web Designer / B.O.F.H.
BOFH excuse: Boss' kid fucked up the machine
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.