Thanks for sending the debug information.
The following is taken from the source code in the file "Radius/AuthSQLRADIUS.pm".
The default HostSelect query is this:
$self->{HostSelect} = 'select HOST%0, SECRET, AUTHPORT, ACCTPORT,
RETRIES, RETRYTIMEOUT, USEOLDASCENDPASSWORDS, SERVERHASBROKENPORTNUMBERS,
SERVERHASBROKENADDRESSES, IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS
where TARGETNAME=\'%R\'';
Which is processed with this code:
$fp->{failurePolicy} = $row[10] if defined $row[10];
$host = Radius::Host->new
(undef, $row[0],
defined $row[1] ? (Secret => $row[1]) : (),
defined $row[2] ? (AuthPort => $row[2]) : (),
defined $row[3] ? (AcctPort => $row[3]) : (),
defined $row[4] ? (Retries => $row[4]) : (),
defined $row[5] ? (RetryTimeout => $row[5]) : (),
defined $row[6] ? (UseOldAscendPasswords => $row[6]) : (),
defined $row[7] ? (ServerHasBrokenPortNumbers => $row[7]) : (),
defined $row[8] ? (ServerHasBrokenAddresses => $row[8]) : (),
defined $row[9] ? (IgnoreReplySignature => $row[9]) : (),
);
In other words, the FailurePolicy is expected to be the 11th element of the row returned by the query.
To fix your problem the simplest thing to do is use NULL's for the elements you are not using in the query:
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, NULL, NULL, NULL, NULL, \
FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='%R'
Otherwise, you could use HostColumnDef's as described in section 6.45.3 in the Radiator 3.3.1 reference manual.
("doc/ref.html").
regards
Hugh
On Wednesday, September 11, 2002, at 10:52 PM, Mohamed Majdoubi wrote:
Hi
i am trying to use FAILUREPOLICY field in the hostselect statement. The value FAILUREPOLICY is set to 1 (see the database output), this should result in a reject to NAS if the host radius does not respond. unfortunatly this is not happening, the NAS gets still no answer from the proxy radius. i can conclude that the proxy radius does use the failure policy to send a reject instead of a ignore. below you can find configuration and the output
with kind regards
Mohamed Majdoubi
KPN Telecom
#####################################################################
radius setup
#####################################################################
|||||||||||||||||||||| |||||||||||||||||||||| ||||||||||||||||||||||
| NAS | --------------------- proxy |------------------------ radius
|||||||||||||||||||||| |||||||||||||||||||||| ||||||||||||||||||||||
#####################################################################
Configuration
#####################################################################
<AuthBy SQLRADIUS>
Identifier ProxyToOffice
FailureBackoffTime 60
DBSource dbi:mysql:ProxyDB
DBUsername root
DBAuth
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from \
RADSQLRADIUS where TARGETNAME='%R'
StripFromRequest Cisco-NAS-Port, \
NAS-Port, \
NAS-Port-Type, \
NAS-IP-Address, \
Called-Station-Id, \
Calling-Station-Id
AddToRequest Service-Class = %{Reply:Service-Class}
AllowInReply Service-Type, \
Framed-Protocol, \
Framed-IP-Netmask, \
Framed-IP-Address, \
Ascend-Client-Primary-DNS, \
Ascend-Client-Secondary-DNS, \
Loopback-Tag, \
Release-Name, \
VRF-Tag
ReplyHook file:"%D/reply.pl"
</AuthBy>
#####################################################################
Database output
#####################################################################
mysql> select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1';
+-----------+--------+----------+----------+---------+--------------+---------------+
| HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT | FAILUREPOLICY |
+-----------+--------+----------+----------+---------+--------------+---------------+
| 127.0.0.1 | kpn | 1812 | 1813 | 2 | 5 | 1 |
+-----------+--------+----------+----------+---------+--------------+---------------+
1 row in set (0.00 sec)
#####################################################################
Debug
#####################################################################
Code: Access-Request
Identifier: 2
Authentic: 1234567890123456
Attributes:
User-Name = "mohamed@office1"
Service-Type = Framed-User
User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>"
Service-Class = "office2-1.1.1.1-2222"
Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting
Wed Sep 11 11:03:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812 ....
Packet length = 83
01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66
66 69 63 65 31 06 06 00 00 00 02 02 12 a6 ba 48
31 42 79 25 de 9b 97 99 ab d8 21 55 85 95 16 6f
66 66 69 63 65 32 2d 31 2e 31 2e 31 2e 31 2d 32
32 32 32
Code: Access-Request
Identifier: 2
Authentic: 1234567890123456
Attributes:
User-Name = "mohamed@office1"
Service-Type = Framed-User
User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>"
Service-Class = "office2-1.1.1.1-2222"
Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS: No reply after 2 retransmissions to 127.0.0.1:1812 for mohamed@off
ice1 (132)
Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS could not find a working host to forward to. Ignoring
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
