(RADIATOR) dictionary problems with CISCO and TIGRIS
Hi, we finally got radiator working fine for a while and then we started to get all these dictionary errors: Sat Sep 15 17:16:24 2001: ERR: Attribute number 77 (vendor ) is not defined in your dictionary Sat Sep 15 17:16:24 2001: ERR: Attribute number 30 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:24 2001: ERR: Attribute number 31 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:24 2001: ERR: Attribute number 32 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:24 2001: ERR: Attribute number 33 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:24 2001: ERR: Attribute number 17 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:24 2001: ERR: Attribute number 5 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:39 2001: ERR: Attribute number 18 (vendor 5) is not defined in your dictionary Sat Sep 15 17:16:39 2001: ERR: Attribute number 27 (vendor 5) is not defined in your dictionaryour NAS's are cisco 5400's and tigris i have tried the default dictionaries that came with radiator for acc and cisco, even tried the vendors dictionaries but these errors still come up. any hints? --- Roger Mangraviti Independent Service Providers Ph: 1300 304 288 mailto:[EMAIL PROTECTED] http://www.isp.net.au === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Identical Clients
Hello Todd - On Saturday 15 September 2001 03:53, Todd Dokey wrote: > I'd like to set up a client clause for each type of NAS with the Identical > clients picking up the same for same types. > > How would this look? # define Client clauses IdenticalClients 2.2.2.2, 3.3.3.3, .. .. Have a look at section 6.5.10 in the Radiator 2.18.4 reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Fwd: BOUNCE radiator@open.com.au: Non-member submission from ["baker" ]
Hello Ba - > > Currently i am testing Radiator with Emerald on MIcrosoft SQL server. I > have have seen how powerfull is the product. But simply i am not Perl > programmer otherwise, the software is just great. I facing problem with: > 1- Realm Default > with defualt the sa.login= Default for some errors not all ( such as the > over login limit). > > 2-The online users dont ever match up with the NAS users online. I have > added SNMP and > added the directionry and NASTYPE With The SNMP Agent And SNMPGET .. > i am missing anything esle or its bad luck ... > Could you please send me a copy of your configuration file (no secrets) together with a trace 4 debug showing what is happening. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) MaxSessions
Hello Todd - On Saturday 15 September 2001 03:04, Todd Dokey wrote: > MaxSessions won't work under text right? > > Don't I need a master online calls table of somekind? > Radiator always uses an Internal session database in any case, even if an external session database is not specified. > Can I use authby radius and authby text, but check accounting on Emerald's > calls table? > Yes (although there is no AuthBy TEXT). BTW - I strongly encourage you to read the rfc's and the reference manual included in the "doc" directory of the Radiator distribution (at least once). hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Identical Clients
I'd like to set up a client clause for each type of NAS with the Identical clients picking up the same for same types. How would this look? - "We sleep safe in our beds because rough men stand ready in the night to visit violence on those who would do us harm." George Orwell === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) MaxSessions
MaxSessions won't work under text right? Don't I need a master online calls table of somekind? Can I use authby radius and authby text, but check accounting on Emerald's calls table? - "We sleep safe in our beds because rough men stand ready in the night to visit violence on those who would do us harm." George Orwell === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Fwd: BOUNCE radiator@open.com.au: Non-member submission from ["baker" ]
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["baker" <[EMAIL PROTECTED]>] Date: Fri, 14 Sep 2001 04:45:01 -0500 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Fri Sep 14 04:45:00 2001 Received: from q80.net ([62.150.36.2]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f8E9ix330820 for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001 04:44:59 -0500 Message-Id: <[EMAIL PROTECTED]> Received: from Q80.net by q80.net with SMTP (MDaemon.v3.1.1.R) for <[EMAIL PROTECTED]>; Fri, 14 Sep 2001 14:09:13 +0300 Date: Fri, 14 Sep 2001 14:09:13 +0300 From: "baker" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: sa.login=DEFAULT X-Mailer: WorldClient Pro 2.2.3 X-MDRcpt-To: [EMAIL PROTECTED] X-Return-Path: [EMAIL PROTECTED] X-MDaemon-Deliver-To: [EMAIL PROTECTED] Currently i am testing Radiator with Emerald on MIcrosoft SQL server. I have have seen how powerfull is the product. But simply i am not Perl programmer otherwise, the software is just great. I facing problem with: 1- Realm Default with defualt the sa.login= Default for some errors not all ( such as the over login limit). 2-The online users dont ever match up with the NAS users online. I have added SNMP and added the directionry and NASTYPE With The SNMP Agent And SNMPGET .. i am missing anything esle or its bad luck ... thanks for your help.. Ba --- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Multiple realms in handler
Hello Matt - On Friday 14 September 2001 10:32, Matt Scifo wrote: > Hello > > Can anyone tell me if this is possible to implement? > > Two-Stage Proxy > * All Requests initially parsed by Called-Station-Id > * Option of then parsing requests, within a single Realm to match a > set of criteria based on "@realm" username identifiers > > --- > #Use regexp for called-station-id > > #If user@realm1, then do this > > > Host host1 > Secret secret1 > > > > #If user@realm2, then do this > > > Host host2 > Secret secret2 > > > > #If user@realm3, then do this > > > Host host3 > Secret secret3 > > > > #If realm not found above > > > Host host1 > Secret secret1 > > > > You will need to specify multiple Handlers, like this: . . . . regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) RADMIN and radius
Hello Lloyd - If you specify an AuthBy RADMIN together with a SessionDatabase SQL, the management of the RADONLINE table is done automatically using the accounting requests from the NAS. Here is the relevant section from the manual: 6.7.3 AddQuery This SQL statement is executed whenever a new user session starts (i.e. when an Accounting-Request Start message is received). It is expected to record the details of the new session in the SQL database. Special formatting characters may be used (the %{attribute} ones are probably the most useful). If AddQuery is defined as an empty string, then the query will not be executed. It defaults to: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \ ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, \ SERVICETYPE) values ('%u', '%N', 0%{NAS-Port}, '%{Acct-Session-Id}',\ %{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}', \ '%{Service-Type}') If you want to include the DNIS (Called-Station-Id), you will have to modify the RADONLINE table and change the default AddQuery (shown above). regards Hugh On Friday 14 September 2001 17:08, lloyd dagoc wrote: > hi to everybody, > > im a little bit confused as to where or who does the update of the > RADONLINE table in the radmin database...we never included the update > RADONLINE statement in our radius.cfg...any ideas? is the NAS responsible > on this? if it is responsible, how come they never include the DNIS of the > user in our RADONLINE database? any ideas? > > thanks > lloyd dagoc > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Little config advice needed
Hello Sergio - On Friday 14 September 2001 02:34, Sergio Alejandro Gonzalez wrote: > Hello there. > > I recently had a problem with a config that makes me handle > dynamic address allocation. The problem is I have to > different RASes (3com and Patton). For admin purposes, some > dialup clients need to have another ip address pool > different from the RAS can assign. To do the trick, 3com > fortunately handles more than one ip pool, but Patton > doesn't. The config I've now looks like: > > > Identifier myallocator > > DBSourcedbi:mysql:radius > DBUsername X > DBAuth X > > > Subnetmask 255.255.255.0 > DNSServer aaa.bbb.ccc.ddd > Range 192.168.2.1 192.168.2.254 > > > > > > RejectHasReason > AccountingHandled > AuthByPolicy ContinueWhileAccept > > > DefaultSimultaneousUse 1 > DBSource dbi:mysql:radius > DBUsername > DBAuth > > AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \ > from SUBSCRIBERS where USERNAME = '%n' > and STATUS = 1 > > AccountingStopsOnly > AccountingTableACCOUNTING%Y%m > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer > AcctColumnDef ACCTCONNECTSPEED,Ascend-Xmit-Rate,integer > AcctColumnDef ACCTCONNECTSPEED,USR-Connect-Speed,integer > AcctColumnDef ACCTCALLINGSTATIONID,Calling-Station-Id,string > AcctColumnDef ACCTCALLEDSTATIONID,Called-Station-Id,string > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > > > Allocator myallocator > PoolHint %{Reply:Framed_IP_Address_Pool_Name} > MapAttributeyiaddr,Framed-IP-Address > MapAttributesubnetmask,Framed-IP-Netmask > > PasswordLogFileName %L/password.log > > > > > > Ok, that works, but I only the Auth DYNADDRESS work for the > Patton request. How can I achieve this? > I would suggest you use Identifiers in your Client clauses, and Handlers, like this: # define Client clauses Identifier 3com Identifier 3com Identifier Patton Identifier Patton .. .. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Taking too long.
Hello Griff - As always, a trace 4 showing what is going on is what is required. For sub-second timer resolution you should use the LogMicroseconds parameter with the Time::HiRes module from CPAN. You may find that you will have to have multiple Radiator hosts with some form of load balancing in front, and/or seperate authentication and accounting instances of Radiator on each host. hth Hugh On Friday 14 September 2001 09:16, Griff Hamlin, III wrote: > Hello, > > I am using an SQL database for authentication, Accounting, and session > database. I also am using snmpget to keep my online database consistent. > I find that when the snmpget takes a little too long, radius gets behind > and will never catch up, effectively denying all users as their > computers time out although eventually they do get authenticated on my > end. I thought about trying to fork processes, but is there no way to > limit the number of running processes that spawn off? Does anyone have > any experience with this type of problem and/or how to solve it? > > Griff Hamlin, III > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthUNIX/FILE Authentication and realms.
Hello Paul - On Thursday 13 September 2001 13:42, Paul Rolfe wrote: > Is it possible to get Radiator to authenticate based on username only, even > if the username is rewritten to include the realm? (it is required that we > rewrite to include the realm as our radius supports over 8 different > "providers" and we need to be able to account for them all based on > username@realm, we also use Called-Station-Id to map to some realms) > > All other realms are working fine as they authenticate from a custom built > authentication module which looks after this, however the below needs to be > authenticated in the following manner. > > I need to be able to authenticate based on the username portion only (for > the AuthUNIX/FILE), but to use the rewritten realm for accounting and > session database entries. > > Ideas? What am I missing? > > > If I add RewriteUsername s/^([^@]+).*/$1/ immediately after the GROUP>, then authentication works. UsernameMatchesWithoutRealm doesn't > seem to work. > > I've also tried writing seperate handlers for Authentication and > Accounting, but the problem then arises, that I can't manage the session > database (SQL) correctly with the realms. > > > > RewriteUsername tr/A-Za-z0-9_@\.-//cd > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername s/^(.*)/$1\@southwest.com.au/ > RewriteUsername s/^([^@]+)(.*)/lc($1).uc($2)/e > > UsernameMatchesWithoutRealm > AuthByPolicy ContinueWhileAccept > > UsernameMatchesWithoutRealm > Filename %D/users > RejectEmptyPassword > > > UsernameMatchesWithoutRealm > Identifier Unix > Filename /etc/passwd > GroupFilename /etc/group > RejectEmptyPassword > > > PostAuthHook file:"/etc/radiusd/radius.call" > AcctLogFileName /var/adm/radacct/%C/detail > AccountingHandled > > Can you please send me a trace 4 showing what is happening? And what version of Radiator are you running? BTW - I don't think the AuthByPolicy shown above is correct, as both AuthBy clauses will have to accept - but maybe that is what you want? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Question on Encrypted-Password/User-Password
Hello Viraj - Section 13.1.2 in the Radiator 2.18.4 reference manual. regards Hugh On Friday 14 September 2001 00:05, Viraj Alankar wrote: > > Hello, > > Is there a functional difference between the following: > > > ... > AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' > AuthColumnDef 0, User-Password, check > > > and this: > > > ... > AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' > AuthColumnDef 0, Encrypted-Password, check > > > when the result of the select returns '{crypt}crypted_password' ? In other > workds, I can use either AuthBy and it should work right? > > Thanks, > > Viraj. Content-Type: application/pgp-signature; charset="us-ascii"; name="Attachment: 1" Content-Transfer-Encoding: 7bit Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Framed-IP of 0.0.0.0
Hello William - Note that what you show below is an accounting request that does not have a Framed-IP-Address in it at all. Also note that your proposed PostAuthHook below would serve no purpose with accounting requests. regards Hugh On Thursday 13 September 2001 23:58, William Hernandez wrote: > Thanks everyone. > > Given that we don't use FramedGroupBaseAddress in our Client > clauses, and given that the problem has been reported with > Radiator out of the picture, I'll conclude that this is a NAS > issue. > > However, before I close this issue does it make sense to write a > PostAuthHook that would check FRAMEDIPADDRESS and if matches > 0.0.0.0 change the Accept to a Reject and basically force the > user to reconnect and expect (hope) the NAS will generate a > correct IP the second time around. > > Below is a trace 4. It seems that the 0.0.0.0 address occurs when > Framed-Protocol=MP or Framed-Protocol=MPP. But I'll have to check > more cases to say for sure. > > Thanks in advance, > William > > > Mon Aug 27 14:22:24 2001: DEBUG: Packet dump: > *** Received from 208.249.78.9 port 1028 > Code: Accounting-Request > Identifier: 18 > Authentic: > (<196><208><254>x<239><243><235><22>#<196>x<166><138><182><15> > Attributes: > User-Name = "horizonmm.com" > NAS-IP-Address = 208.249.78.9 > NAS-Port = 10207 > Ascend-NAS-Port-Format = 3 > NAS-Port-Type = Sync > Acct-Status-Type = Start > Acct-Delay-Time = 0 > Acct-Session-Id = "364406391" > Acct-Authentic = RADIUS > Ascend-Multilink-ID = 1309213583 > Ascend-Num-In-Multilink = 2 > Acct-Link-Count = "<0><0><0>0" > Acct-Multi-Session-Id = "4e09038f" > Ascend-Modem-PortNo = 31 > Ascend-Modem-SlotNo = 9 > Calling-Station-Id = "7879778517" > Called-Station-Id = "6419200" > Framed-Protocol = MP > > Mon Aug 27 14:22:24 2001: DEBUG: Check if Handler > Realm=surfea.net should be use > d to handle this request > Mon Aug 27 14:22:24 2001: DEBUG: Check if Handler > Realm=prwebtv.net should be us > ed to handle this request > Mon Aug 27 14:22:24 2001: DEBUG: Check if Handler > Realm=holaplaneta.net should b > e used to handle this request > Mon Aug 27 14:22:24 2001: DEBUG: Check if Handler > Realm=prdigital.com should be > used to handle this request > Mon Aug 27 14:22:24 2001: DEBUG: Check if Handler > Called-Station-Id=/5050$/ shou > ld be used to handle this request > Mon Aug 27 14:22:24 2001: DEBUG: Check if Handler should be used > to handle this > request > Mon Aug 27 14:22:24 2001: DEBUG: Handling request with Handler '' > Mon Aug 27 14:22:24 2001: DEBUG: prw-sessiondb Adding session for > horizonmm.com, > 208.249.78.9, 10207 > Mon Aug 27 14:22:24 2001: DEBUG: do query is: delete from > RADONLINE where NASIDE > NTIFIER='208.249.78.9' and NASPORT=010207 > > Mon Aug 27 14:22:24 2001: DEBUG: do query is: insert into > RADONLINE (USERNAME, N > ASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, > FRAMEDIPADDRESS, NASPORTTYPE, > SERVICETYPE) values ('horizonmm.com', '208.249.78.9', 010207, > '364406391', 99893 > 6544, '0.0.0.0', 'Sync', '') > > Mon Aug 27 14:22:24 2001: DEBUG: Handling with Radius::AuthFILE > Mon Aug 27 14:22:24 2001: DEBUG: Processing > PostAuthHook:setSessionTimeout > Mon Aug 27 14:22:24 2001: DEBUG: setSessionTimeout: username is: > horizonmm.com > Mon Aug 27 14:22:24 2001: DEBUG: setSessionTimeout: > Called-Station-Id is: 641920 > 0 > Mon Aug 27 14:22:24 2001: DEBUG: Query is: select > USERNAME,TIMEBLOCK,CLASS,DISAB > LETIME,DISABLECLASS from XSTOP where USERNAME='horizonmm.com' > Mon Aug 27 14:22:24 2001: DEBUG: Accounting accepted > Mon Aug 27 14:22:24 2001: DEBUG: Packet dump: > *** Sending to 208.249.78.9 port 1028 > Code: Accounting-Response > Identifier: 18 > Authentic: > (<196><208><254>x<239><243><235><22>#<196>x<166><138><182><15> > Attributes: > > > -Original Message- > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 12, 2001 7:35 PM > To: William Hernandez; Radiator > Subject: Re: (RADIATOR) Framed-IP of 0.0.0.0 > > > > Hello William - > > The only way to understand what is happening is to look at a > trace 4 debug > from Radiator to see in what circumstances this occurs. As it is > the NAS that > sends the accounting packets that are used to maintain the > session database, > it is highly likely that this is a NAS issue. > > Note that we have seen similar behaviour occassionally when it is > Radiator > allocating the addresses, and one work-around is to send a copy > of the > address in a Class attribute and use a PreClientHook to restore > it. > > Obviously if it is the NAS that is allocating the addresses, you > will need to > check with the NAS vendor if there is a fix for the problem. > > regards > > Hugh > > On Thursday 13 September 2001 00:16, William Hernandez wrote: > > Hello everyone, > > > > We're using 2.18.2. Recently we sta
Re: (RADIATOR) Cisco ADSL
Hello Quintin - Here is a PreClientHook (included in Radiator 2.18.4) that will do some of what you require. # cisco-nas-port.pl # PreClientHook to extract NAS-Port information. # # Cisco encodes information in the NAS-Port attribute as follows: # # nl-rt-sh-vpn-aer11(config)#radius-server attribute nas-port format ? #? a ?Format is type, channel, port #? b ?Either interface(16) or isdn(16), async(16) #? c ?Data format(bits): shelf(2), slot(4), port(5), channel(5) #? d ?Data format(bits): slot(4), module(1), port(3), vpi(8), vci(16) # # This hook is written for Cisco format "d" above (ATM vpi/vci). # # The encoded information is extracted and the individual data elements # are added to the request packet as pseudo-attributes. # # Hugh Irvine, Open System Consultants, 20010622 sub { my $p = ${$_[0]}; my $nasport = $p->get_attr('NAS-Port'); if (defined($nasport)) { my ($slot, $module, $port, $vpi, $vci); $vci = $nasport & 0x; $nasport = $nasport >> 16; $vpi = $nasport & 0xff; $nasport = $nasport >> 8; $port = $nasport & 0x7; $nasport = $nasport >> 3; $module = $nasport & 0x1; $nasport = $nasport >> 1; $slot = $nasport & 0xf; $p->add_attr('Cisco-NAS-Port-Vci', $vci) if defined $vci; $p->add_attr('Cisco-NAS-Port-Vpi', $vpi) if defined $vpi; $p->add_attr('Cisco-NAS-Port-Port', $port) if defined $port; $p->add_attr('Cisco-NAS-Port-Module', $module) if defined $module; $p->add_attr('Cisco-NAS-Port-Slot', $slot) if defined $slot; } } regards Hugh On Thursday 13 September 2001 20:21, Quintin Lam wrote: > Hi, > > Does anyone knows how to get the Virtual-Access Port in cisco IOS > 12.1(5)dc1. After upgrade the IOS and using format d, the accounting > record becomes > > Thu Sep 13 16:53:18 2001 > NAS-IP-Address = 192.168.200.17 > NAS-Port = 1879713553 > NAS-Port-Type = Virtual > User-Name = "tcltk" > Acct-Status-Type = Start > Acct-Authentic = RADIUS > Service-Type = Framed-User > Acct-Session-Id = "7/0/0/10.10001_00B1" > Framed-Protocol = PPP > Acct-Delay-Time = 0 > Timestamp = 1000371198 > > Can the accounting data record the Client-IP address (%C instead of %N) > too? > > The NAS-Port shows that it is not the Virtual Access Port which was using > IOS 12.1(3.15)T. > > The Acct-Session-Id is important for us and it didn't present in the old > IOS version, that's why we need this new IOS version. Moreover, the > NAS-Port is also important for us but now is not meaningful. > > Anyone who knows how to convert the NAS-Port to the "real" virtual access > port. > > Thanks a lot! > > Quintin > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > > > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Splitting Auth and Accounting
Hello Paul - There are two ways of doing this, either with Handlers or by running two instances of Radiator (one for authentication the other for accounting). Using Handlers you would do this: . . Using two instances, you would do this on the authentication server: AuthPort 1812 AcctPort and this on the accounting server: AuthPort AcctPort 1813 You would of course use the port numbers that are appropriate for your installation. hth Hugh On Thursday 13 September 2001 14:24, Paul Thorton wrote: > Hi, > > I have been reading the Mailing list archives in an attempt to find out > how > to split the Authentication and Accounting up, in order to authenticate > from > a flat file, but send the accounting packet to another radius server > (Proxy it) > > I have seen one example of this, but it was not very clear. Can you > please help. > > I was thinking, something like this might work? > > > AcctLogFileName /var/log/radacct/detail > PreAuthHook file:"/usr/local/etc/preauthhook.pl" > AuthByPolicy DoAllAuths > > Filename %D/auth_file > > > Host 1.1.1.1 > Secretblahblah > # AuthPort 1812 # Commented out as only > want to send account > AcctPort 1813 > ReplyHook file:"/usr/local/etc/replyhook.pl" > > > > I am guessing if the fails, it will reject the user > completely and > not send the accounting packet? If this is the right way to do it? I > basically > do not want the radius server to know about it unless it authenticates > of the > flat file correctly. > > Cheers, > > Paul Thornton. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.