subject:"Re\: \(RADIATOR\) Proxy pbs"

Re: (RADIATOR) Proxy pbs

2001-10-15 Thread Romain Vergniol


Salut Hugh,

thank you for your help, the proxy works fine now.
But is this normal that the proxy sends an empty acounting-response packet
before the real one ?
Is there a way to avoid this ?


Romain VERGNIOL
CEGEDIM
Service Réseau Boulogne
Fax : +33 01 46 03 45 95
Tel  : +33 01 49 09 84 02
[EMAIL PROTECTED]



- Original Message -
From: Hugh Irvine [EMAIL PROTECTED]
To: Gustavo Moreira [EMAIL PROTECTED]; Romain Vergniol
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Saturday, October 13, 2001 5:23 AM
Subject: Re: (RADIATOR) Proxy pbs



 Salut Romain -

 The correct answer to your question is to reverse the order of your AuthBy
 RADIUS clauses so the result of the last AuthBy is the result of the
 authentication.

 # define accounting before authentication

   Realm DEFAULT
   AuthByPolicy ContinueAlways

  AuthBy RADIUS
   Host 172.29.xx.zz
   NoForwardAuthentication
   AcctPort 1646
   Secret 
   LocalAddress 172.29.yy.yy
/AuthBy

AuthBy RADIUS
   Host 172.29.xx.xx
   Host 172.29.xx.yy
   AuthPort 1645
   NoForwardAccounting
   LocalAddress 172.29.yy.yy
  Host 172.29.xx.xx
   Secret xxx
   /Host
   Host 172.29.xx.yy
  Secret xx
   /Host
   /AuthBy

   /Realm


 hth

 Hugh

 PS - you really should not use Synchronous with an AuthBy RADIUS, as the
 impact on performance can be extreme.




===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Proxy pbs

2001-10-15 Thread Hugh Irvine



Salut Romain -

On Monday 15 October 2001 20:15, Romain Vergniol wrote:
 Salut Hugh,

 thank you for your help, the proxy works fine now.
 But is this normal that the proxy sends an empty acounting-response packet
 before the real one ?
 Is there a way to avoid this ?


I am not sure I understand your question.

In the case you describe, you are sending the same accounting record to two 
different target radius hosts. In this situation, which one is the real one?

If you have a different requirement, I am sure we can come up with a suitable 
configuration for you.

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Proxy pbs

2001-10-15 Thread Romain Vergniol


Sorry, my last message wasn't clear...
In fact, the proxy replies twice to the NAS, the first accounting-response
packet is empty, the other contains the appropriate attributes.

Ex (with tcpdump listening trafic only between the proxy and the NAS):
172.29.xx.xx = NAS
172.29.yy.yy = Proxy


172.29.xx.xx.1028  172.29.yy.yy.1646:  rad-account-req 97 [id 236] Attr[
NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.}
Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137} ]

172.29.yy.yy.1646  172.29.xx.xx.1028:  rad-account-resp 20 [id 236]

172.29.yy.yy.1646  172.29.xx.xx.1028:  rad-account-resp 109 [id 236]
Attr[  NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40}
Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649}
Acct_authentic{#376}#120#121 Calling_station{143845245} Called_station{5137}
NAS_id{172.29.xx.xx} ]


Is there a way to avoid sending the first reply (rad-account-resp 20) ?

Regards

Romain VERGNIOL
CEGEDIM
Service Réseau Boulogne
Fax : +33 01 46 03 45 95
Tel  : +33 01 49 09 84 02
[EMAIL PROTECTED]


 I am not sure I understand your question.

 In the case you describe, you are sending the same accounting record to
two
 different target radius hosts. In this situation, which one is the real
one?

 If you have a different requirement, I am sure we can come up with a
suitable
 configuration for you.

 regards

 Hugh

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Proxy pbs

2001-10-15 Thread Romain Vergniol


Precisions about my last post :


 172.29.xx.xx.1028  172.29.yy.yy.1646:  rad-account-req 97 [id 236] Attr[
 NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40}
 Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.}
 Acct_authentic{#376}#120#121 Calling_station{143845245}
 Called_station{5137} ]


 172.29.yy.yy.1646  172.29.xx.xx.1028:  rad-account-resp 20 [id 236]

This packet is generated by the proxy


 172.29.yy.yy.1646  172.29.xx.xx.1028:  rad-account-resp 109 [id 236]
 Attr[  NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40}
 Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649}
 Acct_authentic{#376}#120#121 Calling_station{143845245}
Called_station{5137}
 NAS_id{172.29.xx.xx} ]

This packet is the response generated by the Radius server (and forwarded to
the NAS).


 Is there a way to avoid sending the first reply (rad-account-resp 20) ?


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Proxy pbs

2001-10-15 Thread Hugh Irvine



Salut Romain -

On Tuesday 16 October 2001 00:12, Romain Vergniol wrote:
 Precisions about my last post :
  172.29.xx.xx.1028  172.29.yy.yy.1646:  rad-account-req 97 [id 236] Attr[
  NAS_ipaddr{172.29.yy.yy} NAS_port{20106} NAS_port_type{#40}
  Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649.}
  Acct_authentic{#376}#120#121 Calling_station{143845245}
  Called_station{5137} ]
 
 
  172.29.yy.yy.1646  172.29.xx.xx.1028:  rad-account-resp 20 [id 236]

 This packet is generated by the proxy


Correct.

  172.29.yy.yy.1646  172.29.xx.xx.1028:  rad-account-resp 109 [id 236]
  Attr[  NAS_ipaddr{172.29.xx.xx} NAS_port{20106} NAS_port_type{#40}
  Acct_status{#297} Acct_delay{00 secs} Acct_session_id{318361649}
  Acct_authentic{#376}#120#121 Calling_station{143845245}

 Called_station{5137}

  NAS_id{172.29.xx.xx} ]

 This packet is the response generated by the Radius server (and forwarded
 to the NAS).

  Is there a way to avoid sending the first reply (rad-account-resp 20) ?

As mentioned in a previous mail, the answer to this depends on what else you 
are wanting to do in the Radiator configuration file, so if you can give me a 
clear description of your requirements I will be able to make some 
suggestions on how best to implement them.

regards

Hugh



-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Proxy pbs

2001-10-12 Thread Gustavo Moreira




Romain:
 If youlikewait the 
reply and then to respond to the NAS. You would have to see the 6.29.17 item 
Synchronous

Gustavo Moreira.


  - Original Message - 
  From: 
  Romain Vergniol 
  To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] 
  
  Sent: Friday, October 12, 2001 12:23 
  PM
  Subject: (RADIATOR) Proxy pbs
  
  Hello,
  
  I'm trying to set up a proxy that would be able 
  to forward accounting to a different server.
  So I tried something like this (described in the 
  reference manual) :
  
  Realm 
  DEFAULT AuthByPolicy 
  ContinueAlways
  
   
  AuthBy 
  RADIUS 
  Host 172.29.xx.xx
   
  Host 
  172.29.xx.yy 
  AuthPort 
  1645 
  NoForwardAccounting 
  LocalAddress 
  172.29.yy.yy 
  Host 
  172.29.xx.xx 
  Secretxxx 
  /Host 
  Host 
  172.29.xx.yy 
  Secretxx 
  /Host 
  /AuthBy
  
   
  AuthBy 
  RADIUS 
  Host 
  172.29.xx.zz 
  NoForwardAuthentication 
  AcctPort 
  1646 
  Secret 
  LocalAddress 172.29.yy.yy 
  /AuthBy
  
  /Realm
  
  
  The problem is that authentication is always 
  accepted ... 
  So I tried with "IgnoreAuth..." and 
  "IgnoreAcct..." but it doesn't seem to work.
  What's the way to properly configure this proxy 
  ?
  
  Thanx
  
  Romain VERGNIOL
  
  CEGEDIMService 
  Réseau BoulogneFax : 33 01 46 03 45 95Tel : 33 01 49 09 84 
  02
  [EMAIL PROTECTED]

Re: (RADIATOR) Proxy pbs

2001-10-12 Thread Hugh Irvine



Salut Romain -

The correct answer to your question is to reverse the order of your AuthBy 
RADIUS clauses so the result of the last AuthBy is the result of the 
authentication.

# define accounting before authentication

  Realm DEFAULT
  AuthByPolicy ContinueAlways

 AuthBy RADIUS
  Host 172.29.xx.zz
  NoForwardAuthentication
  AcctPort 1646
  Secret 
  LocalAddress 172.29.yy.yy
   /AuthBy

   AuthBy RADIUS
  Host 172.29.xx.xx
  Host 172.29.xx.yy
  AuthPort 1645
  NoForwardAccounting
  LocalAddress 172.29.yy.yy
 Host 172.29.xx.xx
  Secret xxx
  /Host
  Host 172.29.xx.yy
 Secret xx
  /Host
  /AuthBy
   
  /Realm
   

hth

Hugh

PS - you really should not use Synchronous with an AuthBy RADIUS, as the 
impact on performance can be extreme.


On Saturday 13 October 2001 04:35, Gustavo Moreira wrote:
 Romain:
 If you like wait the reply and then to respond to the NAS. You would
 have to see the 6.29.17 item Synchronous

 Gustavo Moreira.

   - Original Message -
   From: Romain Vergniol
   To: [EMAIL PROTECTED] ; [EMAIL PROTECTED]
   Sent: Friday, October 12, 2001 12:23 PM
   Subject: (RADIATOR) Proxy pbs


   Hello,

   I'm trying to set up a proxy that would be able to forward accounting to
 a different server. So I tried something like this (described in the
 reference manual) :

   Realm DEFAULT
   AuthByPolicy ContinueAlways

AuthBy RADIUS
   Host 172.29.xx.xx
   Host 172.29.xx.yy
   AuthPort 1645
   NoForwardAccounting
   LocalAddress 172.29.yy.yy
  Host 172.29.xx.xx
   Secret xxx
   /Host
   Host 172.29.xx.yy
  Secret xx
   /Host
   /AuthBy

AuthBy RADIUS
   Host 172.29.xx.zz
   NoForwardAuthentication
   AcctPort 1646
   Secret 
   LocalAddress 172.29.yy.yy
/AuthBy

   /Realm


   The problem is that authentication is always accepted ...
   So I tried with IgnoreAuth... and IgnoreAcct... but it doesn't seem
 to work. What's the way to properly configure this proxy ?

   Thanx

   Romain VERGNIOL

   CEGEDIM
   Service Réseau Boulogne
   Fax : 33 01 46 03 45 95
   Tel  : 33 01 49 09 84 02
   [EMAIL PROTECTED]


Content-Type: text/html; charset=iso-8859-1; name=Attachment: 1
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Proxy pbs

Re: (RADIATOR) Proxy pbs

Re: (RADIATOR) Proxy pbs

Re: (RADIATOR) Proxy pbs

Re: (RADIATOR) Proxy pbs

Re: (RADIATOR) Proxy pbs

Re: (RADIATOR) Proxy pbs

7 matches

Site Navigation

Mail list logo

Footer information