Hello AL -
Thanks for the information.
I must confess I am a bit confused about exactly how you want your setup to operate. I can see the Auth-Type = LDAP below, and I can see multiple AuthBy clauses in your Realm clause. Can you explain to me in detail your requirements?
regards
Hugh
On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles Alexander McCain wrote:
Hugh,
The users file entry looks something like this. I know i'm using mysql to
house the users file, but i just took this entry from the file. It looks
like this in the database. If you need my actual database entry, please
let me know.
user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 1.2.3.4, Framed-IP-Netmask = 255.255.255.255, Idle-Timeout = 0, Session-Timeout = 0
And, I was wondering why i'm only seeing service type, and framed protocol
?
Thanks, AL
On Sat, 30 Aug 2003, Hugh Irvine wrote:
Hello AL -
This is what your configuration file is set up to return to the NAS:
*** Sending to 64.91.105.5 port 1812 .... Code: Access-Accept Identifier: 107 Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d Attributes: Service-Type = Framed-User Framed-Protocol = PPP
What other attributes do you want to send? And how do you want to manage those attributes?
regards
Hugh
On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles Alexander McCain wrote:
Hello,
I'm having an issue with my redbacks. They cannot allocate ip addresses. In my trace 4, i notice that the user is not getting the attributes they need. How can this be fixed?
Here is my config and trace4
Thanks, AL
--------- Fri Aug 29 14:08:30 2003: DEBUG: Packet dump: *** Received from 1.2.3.4 port 1812 .... Code: Access-Request Identifier: 107 Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d Attributes: User-Name = "user" User-Password = "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:" NAS-Identifier = "rb" NAS-IP-Address = 1.2.3.4 RB-NAS-Real-Port = 402850582 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 3892318919 Connect-Info = "ubrc"
Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user: syntax error at (eval 1787) line 2, at EOF
Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use string ("") as a subroutine ref while "strict refs" in use at /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
1.2.3.4,
3892318919
Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
where
USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and NASPORT='3892318919'
Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
uid=searchuser,dc=domain,dc=net, password
Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
uid=user,ou=People,dc=domain,dc=net
Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
{crypt}cgoHd/FmCIXh.
Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match with
user
Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user Fri Aug 29 14:08:30 2003: DEBUG: Packet dump: *** Sending to 64.91.105.5 port 1812 .... Code: Access-Accept Identifier: 107 Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d Attributes: Service-Type = Framed-User Framed-Protocol = PPP
--------------------------------------------------------------------- --
----
#Foreground #LogStdout LogDir /var/adm/radacct DbDir /etc/raddb PreHandlerHook file:"%D/prehook"
SnmpgetProg /usr/local/bin/snmpget Trace 4 RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ RewriteUsername s/\s+//g RewriteUsername tr/A-Z/a-z/ <Client DEFAULT>
Secret ****** DupInterval 0
</Client>
<SessionDatabase SQL>
DBSource dbi:mysql:radius:host DBUsername radtest DBAuth ****** Identifier SQLS
AddQuery insert into RADONLINE (USERNAME,\ NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\ FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \ values ('%n', '%N',\ '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\ '%{Framed-IP-Address}', '%{NAS-Port-Type}',\ '%{Service-Type}','%{Called-Station-Id}')
DeleteQuery delete from RADONLINE where \ USERNAME = '%n' and NASIDENTIFIER='%N' \ and NASPORT='%{NAS-Port}'
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
\
where ACCTSESSIONID = '%{Acct-Session-Id}'
</SessionDatabase>
<ClientListSQL>
DBSource dbi:mysql:radius DBUsername radtest DBAuth ******
select NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL, \
DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
NOIGNOREDUPLICATES from RADCLIENTLIST
</ClientListSQL> <AuthBy UNIX>
DefaultSimultaneousUse 1 Identifier System Filename /etc/shadow
</AuthBy>
<AuthBy LDAP2> DefaultSimultaneousUse 1 Identifier LDAP Host 127.0.0.1 Port 389 AuthDN uid=searchuser,dc=domain,dc=net AuthPassword ***** BaseDN %0=%1,ou=people,dc=domain,dc=net Scope base UsernameAttr uid PasswordAttr userPassword HoldServerConnection SearchFilter (&(gecos=active)(uid=%1)) AuthAttrDef gidNumber, gid-attr, request DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP </AuthBy> <AuthBy SQL> NoDefault DefaultSimultaneousUse 1 Identifier CheckSQL
DBSource dbi:mysql:radius:domain DBUsername radtest DBAuth *******
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ from SUBSCRIBERS \ where USERNAME=%0
AuthColumnDef 0, User-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, reply DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
</AuthBy> <Realm DEFAULT> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/
PostAuthHook file:"%D/postHook" AcctLogFileName %L/%N/detail
#AuthByPolicy ContinueWhileReject AuthByPolicy ContinueUntilAccept AuthBy LDAP AuthBy CheckSQL AuthBy System
</Realm>
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.