Guys... Im doing
some AUTHBYFILE combined with a AUTHBY RADIUS and I have a problem.. the
radius AUTHBY RADIproxying is returning an Idle-timeout and Session-Timeout
settings..... but what I need is a way to override those and put in my own...
which are passed from a AUTHBY FILE, here is the config:
<Realm
mx.inter.net>
AuthByPolicy ContinueUntilAccept
AuthBy acct
AuthBy CheckUserAttributes-mx.inter.net
</Realm>
AuthByPolicy ContinueUntilAccept
AuthBy acct
AuthBy CheckUserAttributes-mx.inter.net
</Realm>
<AuthBy
SQL>
Identifier acct
DBSource dbi:mysql:radius:localhost
DBUsername root
DBAuth net721009
AuthSelect
DateFormat %Y%m%d %T
AccountingTable accounting
# AccountingStopsOnly
AcctColumnDef username,%U,formatted
AcctColumnDef domain,%R,formatted
AcctColumnDef time_stamp,Timestamp,integer
AcctColumnDef acctstatustype,Acct-Status-Type
AcctColumnDef acctdelaytime,Acct-Delay-Time,integer
AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
AcctColumnDef acctsessionid,Acct-Session-Id
AcctColumnDef acctsessiontime,Acct-Session-Time,integer
AcctColumnDef acctterminatecause,Ascend-Disconnect-Cause
AcctColumnDef nasidentifier,NAS-IP-Address
AcctColumnDef nasport,NAS-Port,integer
AcctColumnDef framedipaddress,Framed-IP-Address
AcctColumnDef time,Timestamp,integer-date
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef calledstationid,Called-Station-Id
AcctColumnDef callingstationid,Calling-Station-Id
AcctColumnDef disconnectioncause,Ascend-Connect-Progress
AcctColumnDef telco,Class
AcctColumnDef zone,%{State},formatted
DefaultSimultaneousUse 1
</AuthBy>
Identifier acct
DBSource dbi:mysql:radius:localhost
DBUsername root
DBAuth net721009
AuthSelect
DateFormat %Y%m%d %T
AccountingTable accounting
# AccountingStopsOnly
AcctColumnDef username,%U,formatted
AcctColumnDef domain,%R,formatted
AcctColumnDef time_stamp,Timestamp,integer
AcctColumnDef acctstatustype,Acct-Status-Type
AcctColumnDef acctdelaytime,Acct-Delay-Time,integer
AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
AcctColumnDef acctsessionid,Acct-Session-Id
AcctColumnDef acctsessiontime,Acct-Session-Time,integer
AcctColumnDef acctterminatecause,Ascend-Disconnect-Cause
AcctColumnDef nasidentifier,NAS-IP-Address
AcctColumnDef nasport,NAS-Port,integer
AcctColumnDef framedipaddress,Framed-IP-Address
AcctColumnDef time,Timestamp,integer-date
AcctColumnDef nasipaddress,NAS-IP-Address
AcctColumnDef calledstationid,Called-Station-Id
AcctColumnDef callingstationid,Calling-Station-Id
AcctColumnDef disconnectioncause,Ascend-Connect-Progress
AcctColumnDef telco,Class
AcctColumnDef zone,%{State},formatted
DefaultSimultaneousUse 1
</AuthBy>
<AuthBy
FILE>
Identifier CheckUserAttributes-mx.inter.net
Filename %D/atributos-mx.inter.net
Nocache
DefaultSimultaneousUse 1
</AuthBy>
Identifier CheckUserAttributes-mx.inter.net
Filename %D/atributos-mx.inter.net
Nocache
DefaultSimultaneousUse 1
</AuthBy>
Contents of
atributos-mx.inter.net:
akrall
Auth-Type = CheckUser-nasc
Service-Type = Framed-User, Framed-Protocol = PPP
DEFAULT Auth-Type = CheckUser-nasc
Service-Type = Framed-User, Framed-Protocol = PPP, Idle-Timeout = 600, Session-Timeout = 14500
Service-Type = Framed-User, Framed-Protocol = PPP
DEFAULT Auth-Type = CheckUser-nasc
Service-Type = Framed-User, Framed-Protocol = PPP, Idle-Timeout = 600, Session-Timeout = 14500
----
The radius server
is returning something like this:
Code: Access-Accept
Identifier: 5
Authentic: T@<170>'<148><168><158><188>z+<231>,<191>|7<254>
Attributes:
Framed-IP-Address = 255.255.255.254
Port-Limit = 1
Session-Timeout = 14400
Idle-Timeout = 1800
Framed-IP-Netmask = 255.255.255.255
Class = "38616/217030/10803096/41/NASC"
Identifier: 5
Authentic: T@<170>'<148><168><158><188>z+<231>,<191>|7<254>
Attributes:
Framed-IP-Address = 255.255.255.254
Port-Limit = 1
Session-Timeout = 14400
Idle-Timeout = 1800
Framed-IP-Netmask = 255.255.255.255
Class = "38616/217030/10803096/41/NASC"
As you can see.
there is some Idle and Session timeoutouts here... but what I need to do is
replace them with the ones in atributos-mx.inter.net if the user is not found
(DEFAULT user) and if he is on the list (akrall for example) then strip all Idle
and Sesion timeouts....
Problem is that I
cant seem to override the radius sent ones... and if I use something like
StripFromReply... all idle and session attributes are stripped.. incluind mine
or the radius server sent ones....
Any
ideas?
Saludos
Anton Krall
Director de Tecnología
Inter.net México / Panamá
Director de Tecnología
Inter.net México / Panamá
Tel; 5241-7609
Directo
Tel: 5241-7600
Conmutador
Celular:
0445-105-5160 Mobile
ICQ:
4979450
email:
[EMAIL PROTECTED]
Outside
Mexico:
Office: +52(555)241-7609
PBX: +52(555)241-7600
Mobile: +52(555)105-5160
Office: +52(555)241-7609
PBX: +52(555)241-7600
Mobile: +52(555)105-5160