RE: (RADIATOR) VSA's (26/3076/x) for the Cisco VPN 3000 Firmware Version 4.x
I'm actually having a similar problem right now. I'm not sure if I'm not seeing the VSA's or if my VPN 3000 isn't sending them. When I get the authentication request I see: Fri Oct 31 10:06:16 2003: DEBUG: Packet dump: *** Received from 132.241.67.38 port 3323 Code: Access-Request Identifier: 189 Authentic: Attributes: User-Name = "jward" User-Password = "" NAS-Port = 10492 Service-Type = Framed-User Framed-Protocol = PPP Tunnel-Client-Endpoint = 132.241.67.22 NAS-IP-Address = 132.241.67.38 NAS-Port-Type = Virtual I know that there are other VSAs that should come in with the Access-Request, but I'm not seeing them. I'm not sure if my VPN concentrator is configured wrong or if I'm not accepting them. Any thoughts or insight? Thanks!!! -Josh Network Operations California State University, Chico -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Karl Gaissmaier Sent: Friday, October 31, 2003 12:30 AM To: Hugh Irvine Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) VSA's (26/3076/x) for the Cisco VPN 3000 Firmware Version 4.x Hi Hugh, Hugh Irvine schrieb: > > Hi Charly - > > Thanks for your mail. > > The Radiator 3.7.1 standard dictionary already has most of the > definitions you list below. > > I will add the additional ones that you have sent, but they will have > the existing "Altiga" prefix. > > I'll send you a copy of the modified dictionary in a seperate mail. thanks > > NB: have you included a copy of your configuration file (no secrets), > together with a trace 4 debug showing what is happening? I just stumled over this error in the first: Fri Oct 31 09:23:17 2003: ERR: Attribute number 32 (vendor 3076) is not defined in your dictionary Fri Oct 31 09:23:17 2003: DEBUG: Packet dump: *** Received from 134.60.112.177 port 1287 Code: Access-Request ... I can't trigger all missing attributes, since I use not all features of the VPN Concentrator. The most useful info for all new/old attributes is: http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_ tech_note09186a0080094e96.shtml from where I've the definitions and values, from the other sources I took the mnemonics for the names. Regards Charly -- Karl Gaissmaier KIZ/Infrastructure, University of Ulm, Germany Email:[EMAIL PROTECTED] Service Group Network Tel.: ++49 731 50-22499 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Authby policy question.
Here is my config for the authentication for the 'free modem services' at my university. (see below) I have a table that I'm creating through AuthbySQL that calculates the session times and then when users cross over their timelimit, are inserted into my 'overtime' table in SQL with a bogus password. I was assuming that if someone didn't have an entry in the database that Authby SQL would return an ignore, not a reject. This is not the case and this has fowled up my authentication scheme. I was going to have the users over their time rejected by that first AuthBy (why I insert a bogus password), then the other users authenticated properly with the other authby's using a AuthByPolicy ContinueWhileIgnore. Like I said, it's not working because AuthBy SQL is rejecting people not in the database. Is there anyone who has done anything similar to this? I just want to pick people off with the first one, and if they are not found, keep looking. If they had a bad password, then stop looking. Seems simple enough :-) Any ideas? -Josh (config attached below) #Free modems AuthByPolicy ContinueUntilAccept RewriteUsername s/^([^@]+).*/$1/ RewriteUsername tr/A-Z/a-z/ Identifier FreeModemService_OVERTIME DBSourcedbi:mysql:modems DBUsername -- DBAuth -- AuthSelect SELECT pw FROM overtime WHERE login='%n' AuthColumnDef 0, User-Password, check Identifier FreeModemService_File Filename /etc/radius/free_users Identifier FreeModemService_LDAP Hostdirectory.csuchico.edu AuthDN - AuthPassword- BaseDN o=California State University Chico,c=US UsernameAttruid PasswordAttruserpassword AuthAttrDef modemservicetype, X-User-MST, request PostSearchHook sub {\ my $attr = $_[4]->get_value('modemservicetype');\ if ($attr & 1) {\ $_[3]->get_check->add_attr('X-User-MST',\ $attr); \ }\ else { \ $_[3]->get_check->add_attr('X-User-MST',\ 'Denied: wrong modem service type'); \ }\ } === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Concatenating or modifying values for SQL accounting
Ok, I'm a new radiator user, so I hope this isn't a silly question. In my SQL accounting database, I have a field that I need to keep the 'connection info' in. Basically, what I'd like to stash in that field is the information about what speed the user had when the initially connected as passed in the Ascend-Data-Rate and Ascend-Xmit-Rate by my CiscoAS5300. What I need is something like: AcctColumnDef connect_info,Ascent-Data-Rate\/Ascend-Xmit-Rage So that the entry in the database would look something like: 31200/49333 Is there any way to do this? Thanks!! -Josh Josh Ward, Network Management and Design California State University, Chico === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.