Hugh, After making the changes, I am still not able to stop the incoming calls.
I have been informed the leased Clients (xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy and zzz.zzz.zzz.zzz) are not the IPs of their NASes but of their radius servers. In the logs, I show them (customers dialing the number I want to deny) to be on 3 different NAS-Identifiers. The 3 NAS-Identifiers are not in the radius.cfg. Any suggestions? bwc At 06:59 PM 4/21/2002 +1000, Hugh Irvine wrote: >Hello Barrett - > >I suspect you will find that your configuration will work properly with >Client xxx.xxx.xxx.xxx, but not yyy.yyy.yyy.yyy or zzz.zzz.zzz.zzz. If you >want to use the "Identifier theirclients", you will have to specify seperate >Client clauses. > ># define Clients > ><Client xxx.xxx.xxx.xxx> > Secret XXXXXXXXXXXX > Identifier theirclients ></Client> > ><Client >yyy.yyy.yyy.yyy > Secret XXXXXXXXXXXX > Identifier theirclients ></Client> > ><Client zzz.zzz.zzz.zzz> > Secret XXXXXXXXXXXX > Identifier theirclients ></Client> > >You should also check a trace 4 debug from Radiator to verify the format of >the Called-Station-Id you are receiving from the NAS to make sure it matches >the Handler specification. > >regards > >Hugh > > >On Sun, 21 Apr 2002 09:07, Barrett W Clark wrote: > > Hugh, > > > > I have tried to follow the example below but customers can still dial in on > > that number. > > > > Any suggestions as to what I am doing wrong would be helpful!! Also on > > improving the radius.cfg file would be greatly appreciated! > > > > regards > > > > bwc > > > > ------Begin radius.cfg----------- > > > > #Foreground > > LogStdout > > LogDir /usr/local/radius/log > > DbDir /usr/local/etc/raddb > > # User a lower trace level in production systems: > > Trace 3 > > AuthPort 1645 > > AcctPort 1646 > > > > #strip realm > > RewriteUsername s/^([^@]+).*/$1/ > > RewriteUsername s/%//g > > > > <Client localhost> > > Secret XXXXXXXX > > DupInterval 0 > > </Client> > > > > # All of our clients are listed here > > <Client host.domain.com> > > Secret XXXXXXXXXXXX > > Identifier ourclients > > > > IdenticalClients host2.domain.com host3.domain.com \ > > host4.domain.com host5.domain.com host6.domain.com \ > > host7.domain.com host8.domain.com > > </Client> > > > > <Client xxx.xxx.xxx.xxx> > > Secret XXXXXXXXXXXX > > Identifier theirclients > > > > IdenticalClients yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz > > </Client> > > > > <Handler Client-Identifier=theirclients,Called-Station-Id="##########"> > > <AuthBy INTERNAL> > > DefaultResult REJECT > > </AuthBy> > > </Handler> > > > > <Handler> > > <AuthBy DBFILE> > > Filename %D/users > > </AuthBy> > > AcctLogFileName %L/cd-%Y%m%d > > </Handler> > > > > <Realm DEFAULT> > > <AuthBy DBFILE> > > Filename %D/users > > </AuthBy> > > AcctLogFileName %L/cd-%Y%m%d > > </Realm> > > > > <SessionDatabase DBM> > > # The name of the DBM file. Defaults on %D/online > > Filename %D/online > > </SessionDatabase> > > > > -----Example of the cd-20020419------- > > > > Sat Apr 20 06:47:59 2002 > > NAS-IP-Address = xxx.xxx.xxx.xxx > > NAS-Port = $$$$ > > NAS-Port-Type = Async > > Called-Station-Id = "##########" > > Calling-Station-Id = "**********" > > Acct-Status-Type = Start > > Acct-Authentic = RADIUS > > Service-Type = Framed-User > > Acct-Session-Id = "000DDF72" > > Framed-Protocol = PPP > > Acct-Link-Count = 1 > > Ascend-Num-In-Multilink = 1 > > Acct-Multi-Session-Id = "156668" > > Framed-IP-Address = ooo.ooo.ooo.ooo > > Ascend-Multilink-ID = 156668 > > Acct-Delay-Time = 0 > > User-Name = "username" > > > > At 08:15 AM 4/17/2002 +1000, Hugh Irvine wrote: > > >Hello Barrett - > > > > > >In my example below, you would reject all calls to a particular > > >Called-Station-Id on the Clients with "Identifier somewhere". > > > > > >Ie. "######" is the number you want to deny. > > > > > ><Handler Client-Identifier = somewhere, Called-Station-Id = 12345> > > > > > >You could also use regular expressions in the <Handler ....>. > > > > > >regards > > > > > >Hugh > >-- >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >- >Nets: internetwork inventory and management - graphical, extensible, >flexible with hardware, software, platform and database independence. >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
