Re: Please Help! Temporarily accept all users from a realm
Alan DeKok wrote: "Scotty B. Lowe" <[EMAIL PROTECTED]> wrote: DEFAULT Hint = "ISP", Auth-Type = Accept ^^^^^^ == := Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I tried switching the sytax as you suggested but it still does not accept it. Any other ideas? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please Help! Temporarily accept all users from a realm
I am new at this so please be patient:) I need a way to temporarily
allow all users from a certain realm to be accepted. We normally proxy
all requests to our customers radius servers, but if one of them has an
issue I need to be able to just Auth-Type == Accept every request from
that realm. Below is what I have configured. Any help as to what I am
doing wrong would be greatly appreciated as this is the lastissue I need
to get working before testing in a production environment.
From the proxy.conf file: (typically this is the only file we need to
use)
realm someisp.com {
type= radius
authhost= LOCAL
accthost= LOCAL
secret = v01c3n3t123
nostrip
}
From the hints file:
DEFAULT Suffix = "@someisp.com", Strip-User-Name = No
Hint = "ISP"
From the users file:
pools-Place-7206 Password == "somepasswd" , User-Service-Type=Outbound-User
Cisco-AVPair = "ip:pool-def#1=addr-pool xxx.xx.206.2
xxx.xx.206.254",
Cisco-AVPair = "ip:pool-def#2=someisp1 198.168.0.1
198.168.0.254",
Cisco-AVPair = "ip:pool-timeout=1440"
DEFAULT Hint = "ISP", Auth-Type = Accept
User-Service-Type = Framed-User,
Cisco-AVPair = "ip:addr-pool=someisp1",
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobson-TCP-IP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accept all requests for a realm
I need a way to set free radius to accept all requests for a certain
realm. I only use the proxy.conf file as we are only proxying requests
to isp's radius servers. If my customers radius goes down I need a way
to just accept all users from that realm for a time. I have tried
adding a hint for the realm and a default entry in the users file to
accept for that hint but it won't work. Below is an example of how I
have tried this. Any ideas as to what I am doing wrong or another way
to do this would be greatly appreciated. Thanks in advance.
From the proxy.conf file:
realm someisp.com {
type= radius
authhost= LOCAL
accthost= LOCAL
secret = v01c3n3t123
nostrip
}
From the hints file:
DEFAULT Suffix = "@someisp.com", Strip-User-Name = No
Hint = "ISP"
From the users file:
DEFAULT Hint = "ISP", Auth-Type = Accept
User-Service-Type = Framed-User,
Cisco-AVPair = "ip:addr-pool=someisp1",
Framed-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobson-TCP-IP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy by the DNIS help
Ossama Suleiman wrote: you should add your entry not to the users file but to acct_users file: DEFAULTCalled-Station-Id = "8145550010", Proxy-To-Realm := "realm.net" hope that helps regards, ossama Thanks a million Ossama.that got it! The only other question I have is about the actual DNIS. The record that comes from the Cisco includes the entire number, area code and all (i.e. 8845551234). Is it possible for FreeRadius to check only the last 4 digits or does it have to match the Called-Station-Id exactly as it comes to it. Perhaps there are some wild characters I can use in place of the first six digits? This would turn a few thousand entries into a few hundred and save me a bunch of time. Once again thanks Ossama:) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy by the DNIS help
I have read all of the archived posts about this subject and I can't seem to get this to work. Any advice would be greatly appreciated. What I need to have happen is for radius to proxy to another radius server (one of our customers) based on the DNIS regardless of realm. Some of our customers (which are ISP's) have multiple realms going to the same radius server. They would like to have us proxy to them based on where the call is coming from (i.e. the number assignments we give them). I don't want to have to add those realms to our radius server, just the DNIS numbers. If the DNIS is not found then I need for the radius server to use the realm to proxy. I have gotten proxy to work fine using the realm (In the proxy.conf file) but am unable to get proxy by DNIS to work. I am using freeradius-0.8.1 on Redhat 8.0. The RAS is a Cisco 5800 with a 7206 for the "brain". I know it is sending the Called-Station-Id in the request: rad_recv: Accounting-Request packet from host 209.163.108.19:1646, id=211, length=244 Acct-Session-Id = "018C" Framed-Protocol = PPP Framed-IP-Address = xxx.xxx.xxx.xxx X-Ascend-Connect-Progress = 60 X-Ascend-PreSession-Time = 5 X-Ascend-Xmit-Rate = 45333 X-Ascend-Data-Rate = 12000 Acct-Session-Time = 33 Connect-Info = "45333/12000 V90/V42bis/LAPM" Acct-Input-Octets = 43872 Acct-Output-Octets = 140 X-Ascend-Pre-Input-Octets = 115 X-Ascend-Pre-Output-Octets = 89 Acct-Input-Packets = 133 Acct-Output-Packets = 7 X-Ascend-Pre-Input-Packets = 4 X-Ascend-Pre-Output-Packets = 4 Acct-Terminate-Cause = User-Request X-Ascend-Disconnect-Cause = 45 Acct-Authentic = RADIUS User-Name = "[EMAIL PROTECTED]" Acct-Status-Type = Stop NAS-Port = 27 NAS-Port-Type = Async Calling-Station-Id = "async" Called-Station-Id = "8145550010" Service-Type = Framed-User NAS-IP-Address = xxx.xxx.xxx.xxx Acct-Delay-Time = 0 I have done the default install using the ./configure options to put the files into the /etc/raddb directory. I have changed nothing except adding my test realms to the proxy.conf file, adding the necessary servers to the clients.conf file, and adding the following to the users file: DEFAULTCalled-Station-Id == "8145550010", Proxy-To-Realm := "realm.net" Fall-Through = No There is a realm.net entry in the proxy.conf file but again, I don't want to add a realm there as I want it to proxy using the DNIS. I know this is quite a big question but I would greatly appreciate any help all of you could find the time to give. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
