You will have to check a debug on the Cisco to see what is happening, and you will have to check with Cisco to ascertain the correct syntax for the cisco-avpair. It may also be possible to use Ascend compatibility on the Cisco to achieve this.
I do not believe there is any way to override hard-coded DNS settings on a host, although someone else on the list may know more than I do.
regards
Hugh
On Wednesday, September 4, 2002, at 12:31 PM, Anthony Roque Adriano wrote:
Hello,
Am currently configuring RADIATOR to give a DNS entry instead of the RAS giving it. The setup is working for the ASCEND RAS but for my CISCO 5300 its not. Have gone through the mailing list and try all suggestion, but still can't get it to work, can anyone point out what i'm doing wrong.
Here's my config :
#LogStdout
LogDir /var/log/radius-log
LogFile %L/%Y-%m-%d-radiuslog
DbDir /usr/local/etc/raddb
DictionaryFile /usr/local/etc/raddb/dictionary.cisco
DictionaryFile /usr/local/etc/raddb/dictionary.ascend2
DictionaryFile /usr/local/etc/raddb/dictionary.livingston
DictionaryFile /usr/local/etc/raddb/dictionary
# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4
<AuthBy RADMIN>
Identifier Acceptmehere
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:#####
DBUsername ######
DBAuth ######
# Only one session per user at a time
#DefaultSimultaneousUse 1
# Let the user in if they have any time left
# Set the Session-timeout to timeleft
AuthSelect select PASS_WORD,STATICADDRESS,\
MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID \
from RADUSERS where (USERNAME='%n' and VALIDFROM < %t )
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Filter-Id,reply
AuthColumnDef 2,Session-Timeout,reply
AuthColumnDef 3,Simultaneous-Use,check
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
AcctColumnDef CALLERID,Calling-Station-Id
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
# Add Idle-Timeout of 15 mins
DefaultReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-IP-Netmask = 255.255.255.255, \
Framed-Routing = None, \
Framed-MTU = 1500, \
Framed-Compression = Van-Jacobson-TCP-IP, \
Idle-Timeout = 900, \
cisco-avpair= "ip:dns-servers=xxx.xxx.xxx.xxx", \
Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx,\
Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx,\
Ascend-Client-Assign-DNS = DNS-Assign-Yes
</AuthBy>
<Handler Realm=myrealm>
AuthBy Acceptmehere
# Show rejection reason to users
RejectHasReason
By the way, im using Cisco 5300,
Cisco Internetwork Operating System Software
IOS (tm) 5300 Software (C5300-IS-M), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 08-Dec-99 20:25 by phanguye
Image text-base: 0x600088F8, data-base: 0x60C6A000
And here is my RADIUS log file
Tue Sep 3 15:13:37 2002: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 33554 ....
Code: Access-Request
Identifier: 174
Authentic: E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
Attributes:
NAS-IP-Address = xxx.xxx.xxx.xxx
NAS-Port = 228
NAS-Port-Type = Virtual
User-Name = "user@myrealm"
Called-Station-Id = "xxxxxxxx"
Calling-Station-Id = "xxxxxxxx"
User-Password = "<212> <144><164>7<176><206><113><182><255><165><164><141><145><181><149>"
Service-Type = Framed-User
Framed-Protocol = PPP
Tue Sep 3 15:13:37 2002: DEBUG: Check if Handler Realm=myrealm should be used to handle this request
Tue Sep 3 15:13:37 2002: DEBUG: Handling request with Handler 'Realm=myrealm'
Tue Sep 3 15:13:37 2002: DEBUG: Deleting session for user@myrealm, xxx.xxx.xxx.xxx, 228
Tue Sep 3 15:13:37 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=0228
Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN')
Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN: Acceptmehere')
Tue Sep 3 15:13:37 2002: DEBUG: Query is: select PASS_WORD,STATICADDRESS,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID from RADUSERS where (USERNAME='user@myrealm' and VALIDFROM < 1031037217)
Tue Sep 3 15:13:37 2002: DEBUG: Query is: select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='user@myrealm' order by ITEM_TYPE
Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN looks for match with user@myrealm')
Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN ACCEPT: ')
Tue Sep 3 15:13:37 2002: DEBUG: do query is: update RADUSERS set BADLOGINS=0 where USERNAME='user@myrealm'
Tue Sep 3 15:13:37 2002: DEBUG: Access accepted for user@myrealm
Tue Sep 3 15:13:37 2002: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 33554 ....
Code: Access-Accept
Identifier: 174
Authentic: E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Idle-Timeout = 900
cisco-avpair = "ip:dns-servers=203.176.74.147 203.176.74.147"
Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx
Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx
Ascend-Client-Assign-DNS = DNS-Assign-Yes
Accounting request follows and user got connected..
Also, is there a way to overwrite what user has specified on their DNS settings for MS windows.
Thanks,
thony
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
