(RADIATOR) Re: fixed ip for some user
Hugh Irvine
hugh at open.com.au
Wed Apr 10 04:20:32 CDT 2002
Hello Chairath -
You should upgrade to Radmin 1.5 and use the "per-user" reply attributes.
regards
Hugh
On Wed, 10 Apr 2002 14:17, Chairath K wrote:
> Hello Hugh
>
> How can I config radiator to allocate fixed IP address for some radius user
> which in Radmin Database (e.g. user at test3 will get IP 203.141.21.2)
>
> Thanks,
> Chairath
>
> P.S. Our system is running Radiator 2.18.2 and Radmin1.4
>
>
> Foreground
> LogStdout
> LogDir d:/Radiator-2.18/log
> DbDir d:/Radiator-2.18
> LogFile %L/logfile-%d-%m-%Y
>
> # Dont turn this up too high, since all log messages are logged
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
>
> # PreClientHook to add NAS-Port attribute
> PreClientHook file:"%D/addNASPort"
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
> #<Client DEFAULT>
> # Secret mysecret
> # DupInterval 0
> #</Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
> <ClientListSQL>
> DBSource dbi:ODBC:Radmin
> DBUsername xxx
> DBAuth xxx
> </ClientListSQL>
>
> #<AuthBy RADIUS>
> # Identifier ProxyTofunk
> # Host 10.2.0.6
> # Secret test
> #</AuthBy>
>
> #<Realm funk>
> # strip Realm
> # RewriteUsername s/^([^@]+).*/$1/
> # AuthBy ProxyTofunk
> #</Realm>
>
> <AuthBy RADMIN>
> Identifier RADMINAUTH
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:ODBC:Radmin
> DBUsername xxx
> DBAuth xxx
> DateFormat %e %m %Y %T
>
> AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS from RADUSERS
> where USERNAME='%n' and BADLOGINS < 8 and VALIDFROM < %t and VALIDTO > %t
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> AcctColumnDef DATE,Timestamp,integer-date
> # This updates the time and octets left
> # for this user
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> </AuthBy>
>
> <AddressAllocator SQL>
> # This name allows us to refer to it from inside
> # an AuthBy DYNADDRESS
> Identifier myallocator
> DBSource dbi:ODBC:Radmin
> DBUsername xxx
> DBAuth xxx
>
> # If SessionTimeout is set by a previous AuthBy
> # then that is used as the expiry time. Otherwise
> # DefaultLeasePeriod (in seconds) is used.
> # Defaults to 1 day
> #DefaultLeasePeriod 86400
>
> # How often we check the database for expired leases
> # leases can expire if an acounting stop is lost
> # or if the session goes longer than the lease
> # we originally asked for. Defaults to 1 day.
> #LeaseReclaimInterval 86400
>
> <AddressPool pool1>
> Subnetmask 255.255.255.248
> Range 203.147.46.1 203.147.46.6
> #Range 192.1.1.60 192.1.1.120
> #Range 192.1.2.0/31
> </AddressPool>
> <AddressPool pool2>
> Subnetmask 255.255.255.240
> Range 203.148.241.241 203.148.241.254
> </AddressPool>
> </AddressAllocator>
>
> <AuthBy DYNADDRESS>
> Identifier AllocateIPAddress
> Allocator myallocator
> StripFromReply PoolHint
> </AuthBy>
>
> <AuthBy GROUP>
> Identifier WithIdleTimeout
> AuthBy RADMINAUTH
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Service-Type = Framed-User,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Idle-Timeout = 7200,\
> Class = %{NAS-Port}
> </AuthBy>
>
> <AuthBy GROUP>
> Identifier WithOutIdleTimeout
> AuthBy RADMINAUTH
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Service-Type = Framed-User,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Class = %{NAS-Port}
> </AuthBy>
>
> <AuthBy GROUP>
> Identifier SelectPool1
> AuthBy RADMINAUTH
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply PoolHint = pool1,\
> Ascend-IP-Direct = 10.10.0.11,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Protocol = PPP,\
> Service-Type = Framed-User,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Idle-Timeout = 7200,\
> Class = %{NAS-Port}
> </AuthBy>
>
>
> <AuthBy GROUP>
> Identifier SelectPool2
> AuthBy RADMINAUTH
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply PoolHint = pool2,\
> Ascend-IP-Direct = 10.10.0.10,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Protocol = PPP,\
> Service-Type = Framed-User,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Idle-Timeout = 7200,\
> Class = %{NAS-Port}
> </AuthBy>
>
> <AuthBy FILE>
> Identifier TimeZone
> Filename %D/adsl.users
> </AuthBy>
>
> # Handler for accounting and address de-allocation
>
> <Handler Request-Type=Accounting-Request, Realm = test1>
> AuthByPolicy ContinueAlways
> AuthBy RADMINAUTH
> AuthBy AllocateIPAddress
> </Handler>
>
> <Handler Request-Type=Accounting-Request, Realm = test2>
> AuthByPolicy ContinueAlways
> AuthBy RADMINAUTH
> AuthBy AllocateIPAddress
> </Handler>
>
> <Handler Request-Type=Accounting-Request>
> AuthBy RADMINAUTH
> </Handler>
>
> <Handler Realm=hz.qnet>
> AuthBy TimeZone
> </Handler>
>
> <Handler Realm=test1>
> AuthByPolicy ContinueWhileAccept
> AuthBy SelectPool1
> AuthBy AllocateIPAddress
> </Handler>
>
> <Handler Realm=test2>
> AuthByPolicy ContinueWhileAccept
> AuthBy SelectPool2
> AuthBy AllocateIPAddress
> </Handler>
>
> <Handler>
> AuthBy WithIdleTimeout
> </Handler>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list