Hugh, I tried, what you had told me, it seems to work that way, however some of the static users aren't getting their ip's . This is happening at random, and i cannot tell that there is anything special about them besides being static. The nas reports that they cannot pull the ip. The trace 4 i sent previously should show the problem we're seeing. I can't seem to figure this one out. Seems like a very strange problem with it happening at random.
Thanks, Al On Thu, 4 Sep 2003, Charles Alexander McCain wrote: > > Hugh, > > What about my dynamic users ? Dialup and ADSL share the same realm. If i > have a realm with only AuthBY SQL in it, how exactly will they interact > with ldap ? I'm sure you're right, i am just curious as to how that works. > > Thanks, > Al > > > On Thu, 4 Sep 2003, Hugh Irvine wrote: > > > > > Hello Al - > > > > As I can't find your name or email address in our database, I wonder > > whether you could tell me the name of the company that has purchased > > this copy of Radiator? Please reply to me directly. > > > > I understand what you are trying to do, but your configuration file is > > not correct. > > > > The Auth-Type = CheckLDAP check item in your SQL database will cause > > Radiator to send the authentication to LDAP. Therefore you only need > > the AuthBy SQL clause in the Realm (you can think of it like a > > subroutine call). > > > > <Realm DEFAULT> > > # the AuthBy LDAP2 clause will be called from the AuthBy SQL clause > > <AuthBy SQL> > > ..... > > </AuthBy> > > ..... > > </Realm> > > > > regards > > > > Hugh > > > > > > On Wednesday, Sep 3, 2003, at 22:59 Australia/Melbourne, Charles > > Alexander McCain wrote: > > > > > Hugh, > > > > > > We store our static ip customers in the users file, dynamic customers > > > auth > > > by ldap. The static customers also auth by ldap, but get their > > > appropriate > > > attributes from the users file. Currently, we are using the users file > > > to > > > store static information, but i am trying to put it all in mysql > > > (hoping > > > for easier automation). Our current setup works perfectly this way, > > > but it > > > doesn't seem to work with the mysql database. It appears as if the > > > configuration from the old to the new is somewhat similiar. > > > So basically, I want a customer to dial in, if he is dynamic, > > > authenticate > > > him by ldap, if he is static, get his attributes from the database and > > > auth him with ldap. > > > > > > Am I making any sense? > > > > > > Thanks, > > > Al > > > > > > > > > On Wed, 3 Sep 2003, Hugh Irvine wrote: > > > > > >> > > >> Hello AL - > > >> > > >> Thanks for the information. > > >> > > >> I must confess I am a bit confused about exactly how you want your > > >> setup to operate. I can see the Auth-Type = LDAP below, and I can see > > >> multiple AuthBy clauses in your Realm clause. Can you explain to me in > > >> detail your requirements? > > >> > > >> regards > > >> > > >> Hugh > > >> > > >> > > >> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles > > >> Alexander McCain wrote: > > >> > > >>> Hugh, > > >>> > > >>> The users file entry looks something like this. I know i'm using > > >>> mysql > > >>> to > > >>> house the users file, but i just took this entry from the file. It > > >>> looks > > >>> like this in the database. If you need my actual database entry, > > >>> please > > >>> let me know. > > >>> > > >>> > > >>> user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5 > > >>> Service-Type = Framed-User, > > >>> Framed-Protocol = PPP, > > >>> Framed-IP-Address = 1.2.3.4, > > >>> Framed-IP-Netmask = 255.255.255.255, > > >>> Idle-Timeout = 0, > > >>> Session-Timeout = 0 > > >>> > > >>> And, I was wondering why i'm only seeing service type, and framed > > >>> protocol > > >>> ? > > >>> > > >>> Thanks, > > >>> AL > > >>> > > >>> On Sat, 30 Aug 2003, Hugh Irvine wrote: > > >>> > > >>>> > > >>>> Hello AL - > > >>>> > > >>>> This is what your configuration file is set up to return to the NAS: > > >>>> > > >>>> > > >>>>> *** Sending to 64.91.105.5 port 1812 .... > > >>>>> Code: Access-Accept > > >>>>> Identifier: 107 > > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d > > >>>>> Attributes: > > >>>>> Service-Type = Framed-User > > >>>>> Framed-Protocol = PPP > > >>>> > > >>>> What other attributes do you want to send? And how do you want to > > >>>> manage those attributes? > > >>>> > > >>>> regards > > >>>> > > >>>> Hugh > > >>>> > > >>>> > > >>>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles > > >>>> Alexander McCain wrote: > > >>>> > > >>>>> Hello, > > >>>>> > > >>>>> I'm having an issue with my redbacks. They cannot allocate ip > > >>>>> addresses. > > >>>>> In my trace 4, i notice that the user is not getting the attributes > > >>>>> they > > >>>>> need. > > >>>>> How can this be fixed? > > >>>>> > > >>>>> Here is my config and trace4 > > >>>>> > > >>>>> Thanks, > > >>>>> AL > > >>>>> > > >>>>> --------- > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump: > > >>>>> *** Received from 1.2.3.4 port 1812 .... > > >>>>> Code: Access-Request > > >>>>> Identifier: 107 > > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d > > >>>>> Attributes: > > >>>>> User-Name = "user" > > >>>>> User-Password = > > >>>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:" > > >>>>> NAS-Identifier = "rb" > > >>>>> NAS-IP-Address = 1.2.3.4 > > >>>>> RB-NAS-Real-Port = 402850582 > > >>>>> Service-Type = Framed-User > > >>>>> Framed-Protocol = PPP > > >>>>> NAS-Port = 3892318919 > > >>>>> Connect-Info = "ubrc" > > >>>>> > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user: > > >>>>> syntax > > >>>>> error at (eval 1787) line 2, at EOF > > >>>>> > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use > > >>>>> string > > >>>>> ("") as a subroutine ref while "strict refs" in use at > > >>>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338. > > >>>>> > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler > > >>>>> 'Realm=DEFAULT' > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user, > > >>>>> 1.2.3.4, > > >>>>> 3892318919 > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE > > >>>>> where > > >>>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and > > >>>>> NASPORT='3892318919' > > >>>>> > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2 > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with > > >>>>> uid=searchuser,dc=domain,dc=net, password > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for > > >>>>> uid=user,ou=People,dc=domain,dc=net > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword: > > >>>>> {crypt}cgoHd/FmCIXh. > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010 > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match > > >>>>> with > > >>>>> user > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER, > > >>>>> NASPORT, > > >>>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user' > > >>>>> > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user > > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump: > > >>>>> *** Sending to 64.91.105.5 port 1812 .... > > >>>>> Code: Access-Accept > > >>>>> Identifier: 107 > > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d > > >>>>> Attributes: > > >>>>> Service-Type = Framed-User > > >>>>> Framed-Protocol = PPP > > >>>>> > > >>>>> ------------------------------------------------------------------- > > >>>>> -- > > >>>>> -- > > >>>>> ---- > > >>>>> > > >>>>> #Foreground > > >>>>> #LogStdout > > >>>>> LogDir /var/adm/radacct > > >>>>> DbDir /etc/raddb > > >>>>> PreHandlerHook file:"%D/prehook" > > >>>>> > > >>>>> SnmpgetProg /usr/local/bin/snmpget > > >>>>> Trace 4 > > >>>>> RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ > > >>>>> RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ > > >>>>> RewriteUsername s/\s+//g > > >>>>> RewriteUsername tr/A-Z/a-z/ > > >>>>> <Client DEFAULT> > > >>>>> > > >>>>> Secret ****** > > >>>>> DupInterval 0 > > >>>>> > > >>>>> </Client> > > >>>>> > > >>>>> <SessionDatabase SQL> > > >>>>> > > >>>>> DBSource dbi:mysql:radius:host > > >>>>> DBUsername radtest > > >>>>> DBAuth ****** > > >>>>> Identifier SQLS > > >>>>> > > >>>>> AddQuery insert into RADONLINE (USERNAME,\ > > >>>>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\ > > >>>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \ > > >>>>> values ('%n', '%N',\ > > >>>>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\ > > >>>>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\ > > >>>>> '%{Service-Type}','%{Called-Station-Id}') > > >>>>> > > >>>>> > > >>>>> DeleteQuery delete from RADONLINE where \ > > >>>>> USERNAME = '%n' and NASIDENTIFIER='%N' \ > > >>>>> and NASPORT='%{NAS-Port}' > > >>>>> > > >>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N' > > >>>>> > > >>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from > > >>>>> RADONLINE > > >>>>> \ > > >>>>> where ACCTSESSIONID = '%{Acct-Session-Id}' > > >>>>> > > >>>>> > > >>>>> </SessionDatabase> > > >>>>> > > >>>>> > > >>>>> <ClientListSQL> > > >>>>> > > >>>>> DBSource dbi:mysql:radius > > >>>>> DBUsername radtest > > >>>>> DBAuth ****** > > >>>>> > > >>>>> select > > >>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL, > > >>>>> \ > > >>>>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \ > > >>>>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \ > > >>>>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \ > > >>>>> NOIGNOREDUPLICATES from RADCLIENTLIST > > >>>>> > > >>>>> > > >>>>> </ClientListSQL> > > >>>>> <AuthBy UNIX> > > >>>>> > > >>>>> DefaultSimultaneousUse 1 > > >>>>> Identifier System > > >>>>> Filename /etc/shadow > > >>>>> > > >>>>> </AuthBy> > > >>>>> > > >>>>> <AuthBy LDAP2> > > >>>>> DefaultSimultaneousUse 1 > > >>>>> Identifier LDAP > > >>>>> Host 127.0.0.1 > > >>>>> Port 389 > > >>>>> AuthDN uid=searchuser,dc=domain,dc=net > > >>>>> AuthPassword ***** > > >>>>> BaseDN %0=%1,ou=people,dc=domain,dc=net > > >>>>> Scope base > > >>>>> UsernameAttr uid > > >>>>> PasswordAttr userPassword > > >>>>> HoldServerConnection > > >>>>> SearchFilter (&(gecos=active)(uid=%1)) > > >>>>> AuthAttrDef gidNumber, gid-attr, request > > >>>>> DefaultReply > > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP > > >>>>> </AuthBy> > > >>>>> <AuthBy SQL> > > >>>>> NoDefault > > >>>>> DefaultSimultaneousUse 1 > > >>>>> Identifier CheckSQL > > >>>>> > > >>>>> DBSource dbi:mysql:radius:domain > > >>>>> DBUsername radtest > > >>>>> DBAuth ******* > > >>>>> > > >>>>> > > >>>>> AccountingTable ACCOUNTING > > >>>>> AcctColumnDef USERNAME,User-Name > > >>>>> AcctColumnDef TIME_STAMP,Timestamp,integer > > >>>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > > >>>>> AcctColumnDef > > >>>>> ACCTDELAYTIME,Acct-Delay-Time,integer > > >>>>> AcctColumnDef > > >>>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer > > >>>>> AcctColumnDef > > >>>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > > >>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id > > >>>>> AcctColumnDef > > >>>>> ACCTSESSIONTIME,Acct-Session-Time,integer > > >>>>> AcctColumnDef > > >>>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause > > >>>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier > > >>>>> AcctColumnDef NASPORT,NAS-Port,integer > > >>>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > >>>>> > > >>>>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ > > >>>>> from SUBSCRIBERS \ > > >>>>> where USERNAME=%0 > > >>>>> > > >>>>> AuthColumnDef 0, User-Password, check > > >>>>> AuthColumnDef 1, GENERIC, check > > >>>>> AuthColumnDef 2, GENERIC, reply > > >>>>> DefaultReply > > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP > > >>>>> > > >>>>> > > >>>>> </AuthBy> > > >>>>> <Realm DEFAULT> > > >>>>> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ > > >>>>> > > >>>>> > > >>>>> PostAuthHook file:"%D/postHook" > > >>>>> AcctLogFileName %L/%N/detail > > >>>>> > > >>>>> > > >>>>> > > >>>>> #AuthByPolicy ContinueWhileReject > > >>>>> AuthByPolicy ContinueUntilAccept > > >>>>> AuthBy LDAP > > >>>>> AuthBy CheckSQL > > >>>>> AuthBy System > > >>>>> > > >>>>> > > >>>>> </Realm> > > >>>>> > > >>>>> === > > >>>>> Archive at http://www.open.com.au/archives/radiator/ > > >>>>> Announcements on [EMAIL PROTECTED] > > >>>>> To unsubscribe, email '[EMAIL PROTECTED]' with > > >>>>> 'unsubscribe radiator' in the body of the message. > > >>>>> > > >>>>> > > >>>> > > >>>> NB: have you included a copy of your configuration file (no > > >>>> secrets), > > >>>> together with a trace 4 debug showing what is happening? > > >>>> > > >>>> -- > > >>>> Radiator: the most portable, flexible and configurable RADIUS server > > >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X. > > >>>> - > > >>>> Nets: internetwork inventory and management - graphical, extensible, > > >>>> flexible with hardware, software, platform and database > > >>>> independence. > > >>>> > > >>>> > > >>> > > >>> > > >> > > >> NB: have you included a copy of your configuration file (no secrets), > > >> together with a trace 4 debug showing what is happening? > > >> > > >> -- > > >> Radiator: the most portable, flexible and configurable RADIUS server > > >> anywhere. Available on *NIX, *BSD, Windows, MacOS X. > > >> - > > >> Nets: internetwork inventory and management - graphical, extensible, > > >> flexible with hardware, software, platform and database independence. > > >> > > >> > > > > > > > > > > NB: have you included a copy of your configuration file (no secrets), > > together with a trace 4 debug showing what is happening? > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.