(RADIATOR) Configurations dudes...
Cesar Garcia
cegara at idecnet.com
Wed Aug 8 09:46:28 CDT 2001
Hi Hugh.
I am System Admin and a big proyect has been charged to me...
We have 3 nodes interconecting with ATM.
In any node, we have cisco as5300, cisco 7505 and access for ADSL,
Modems and RDSI.
Our cisco register connections as Virtual, Async and ISDN respectively.
We want based our authentification system in LDAP for accounts
information (Username,Password,Permissions...) and SQL for pool
assignement and Session DATABASE.
In a 2 month, i get that auth with LDAP, Pool with SQL and Accounting in
SQL for this kind of acceses Async, ADSLs, and ISDN 1 channel.
Now , i am probing with 2 channel ISDN(Multilink), but i can see, that
any channel i up, assing 1 IP.
The NAS, use the second IP i up for virtual, and if i shutdown the
second channel, he free the second IP, that really is in use.
I am tryng to configure Session SQL, but i dont know how, i configure
SQL table how goodies define, but in the ref.pdf file, aren't examples.
We want that one radius in any node, use a local LDAP BD (that is
replied) (this is OK).
Use a central POOL BD with secondaries Mysqls BD for if principal BD
fail.( i dont know how)
Use session Database (i cant find information about it.)
Multilink, (how can i solution the problem of ips?
This is my config file.
# ldap.cfg
#
#Foreground
#LogStdout
Trace 4
#El puerto de radius authentication ha cambiado a 1812,
#a tener en cuenta para el momento
#de probar, el puerto por defecto es el 1645
#AuthPort 1812
#El puerto de radius accounting ha cambiado a 1813,
#a tener en cuenta para el momento
#de probar, el puerto por defecto es el 1646
#AcctPort 1813
LogDir /var/log/radius
DbDir /var/radiator
LogFile %L/sys/%d-%m-%y-radiator.log
DictionaryFile /var/radiator/dictionary
# You will probably want to add other Clients to suit your site.
<Client DEFAULT>
Secret mysecret
#Como actuar en caso de llamadas simultaneas, ignorar, tomamos por
defecto.
# DupInterval 0
</Client>
<SessionDatabase SQL>
# Definimos el enlace para la base de datos de sesiones.
# Define el enlace, nombre de usuario y clave
Identifier PRINCIPAL
DBSource
dbi:mysql:database=acct;host=sistemas.idecnet.com
DBUsername acct
DBAuth h3lPm3n0w
AddQuery insert into RADONLINE (USERNAME, \
NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
FRAMEDADDRESS, PORTTYPE, \
SERVICETYPE) values ( %n , %N , %{NAS-Port},
%{Acct-Session-Id} , \
%{Timestamp}, %{Framed-IP-Address} , %{Port-Type} ,
%{Service-Type} )
</SessionDatabase>
<AddressAllocator SQL>
# This name allows us to refer to it from inside
# an AuthBy DYNADDRESS
Identifier PRINCIPAL
# For mysql, use something like this
DBSource dbi:mysql:database=radiator;host=ldap.idecnet.com
DBUsername radiator
DBAuth mypass
# If SessionTimeout is set by a previous AuthBy
# then that is used as the expiry time. Otherwise
# DefaultLeasePeriod (in seconds) is used.
# Defaults to 1 day
#DefaultLeasePeriod 86400
# How often we check the database for expired leases
# leases can expire if an acounting stop is lost
# or if the session goes longer than the lease
# we originally asked for. Defaults to 1 day.
LeaseReclaimInterval 86400
# Define the pools that are to be in our database
# defining pools here will make AddressAllocator SQL
# ensure that all the addresses are present in the database
# at startup. You dont have to define pools here. If you dont,
# AddressAllocator SQL will just use whatever addresses
# it finds in the RADPOOL table.
<AddressPool pool1>
Subnetmask 255.255.255.0
Range 212.xxx.xxx.129 212.xxx..xxx.140
</AddressPool>
</AddressAllocator>
<Handler Acct-Status-Type = Stop >
AuthByPolicy ContinueWhileAccept
AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle
<AuthBy SQL>
# Define el enlace, nombre de usuario y clave
DBSource
dbi:mysql:database=acct;host=sistemas.idecnet.com
DBUsername acct
DBAuth mypass
# Ignora los Auth y usa la tabla RADACCT para guardar
logs..
AuthSelect
AccountingStopsOnly
AccountingTable PPPUSERS
AcctColumnDef USERNAME,User-Name
AcctColumnDef NAS,NAS-IP-Address
AcctColumnDef ADDRESS,Framed-IP-Address
AcctColumnDef PORT,Cisco-NAS-Port
AcctColumnDef CALLERID,Calling-Station-Id
AcctColumnDef CALLEDID,Called-Station-Id
AcctColumnDef PROTOCOL,Framed-Protocol
AcctColumnDef PKTSIN,Acct-Input-Packets,integer
AcctColumnDef PKTSOUT,Acct-Output-Packets,integer
AcctColumnDef BYTESIN,Acct-Input-Octets,integer
AcctColumnDef BYTESOUT,Acct-Output-Octets,integer
AcctColumnDef SESSIONTIME,Acct-Session-Time,integer
AcctColumnDef SESSION_ID,Acct-Session-Id
AcctColumnDef TIMESTAMP,Timestamp,integer
AcctColumnDef DISC_CAUSE,Acct-Terminate-Cause
</AuthBy>
<AuthBy DYNADDRESS>
Allocator PRINCIPAL
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
</Handler>
#For ADSL access
<Handler NAS-Port-Type = Virtual >
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
Host localhost
Port 389
AuthDN cn=root, o=organizarion, c=ES
AuthPassword mypass
BaseDN ou=acceso,o=organization, c=ES
UsernameAttr uid
EncryptedPasswordAttr radPassword
#obtenemos del usuario
AuthAttrDef nasporttype,NAS-Port-Type,check
AuthAttrDef simultaneoususe,Simultaneous-Use,check
AuthAttrDef framedprotocol,Framed-Protocol,check
#Enviamos al usuario
AuthAttrDef framedipaddress,Framed-IP-Address,reply
AuthAttrDef framedipnetmask,Framed-IP-Netmask,reply
AuthAttrDef framedroute,Framed-Route,reply
AuthAttrDef pool,PoolHint,reply
#Aniadimos al final
AddToReply Service-Type = 2
AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle
</AuthBy>
<AuthBy DYNADDRESS>
Allocator PRINCIPAL
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
</Handler>
<Handler NAS-Port-Type = ISDN >
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
Host localhost
Port 389
AuthDN cn=root, o=organization, c=ES
AuthPassword mypass
BaseDN ou=acceso,o=organization, c=ES
UsernameAttr uid
EncryptedPasswordAttr radPassword
#obtenemos del usuario
AuthAttrDef nasporttype,NAS-Port-Type,check
AuthAttrDef simultaneoususe,Simultaneous-Use,check
AuthAttrDef framedprotocol,Framed-Protocol,check
#Enviamos al usuario
AuthAttrDef framedipaddress,Framed-IP-Address,reply
AuthAttrDef framedipnetmask,Framed-IP-Netmask,reply
AuthAttrDef framedroute,Framed-Route,reply
AuthAttrDef pool,PoolHint,reply
#Aniadimos al final
AddToReply Service-Type = 2
AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle
</AuthBy>
<AuthBy DYNADDRESS>
Allocator PRINCIPAL
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
</Handler>
<Handler>
AuthByPolicy ContinueWhileAccept
<AuthBy LDAP2>
Host localhost
Port 389
AuthDN cn=root, o=organization, c=ES
AuthPassword mypass
BaseDN ou=acceso,o=organization, c=ES
UsernameAttr uid
EncryptedPasswordAttr radPassword
#obtenemos del usuario
#AuthAttrDef calledstationid,Called-Station-Id,check
#AuthAttrDef
callingstationid,Calling-Station-Id,check
#AuthAttrDef nasporttype,NAS-Port-Type,check
AuthAttrDef simultaneoususe,Simultaneous-Use,check
AuthAttrDef framedprotocol,Framed-Protocol,check
#Enviamos al usuario
AuthAttrDef framedipaddress,Framed-IP-Address,reply
AuthAttrDef framedipnetmask,Framed-IP-Netmask,reply
AuthAttrDef framedroute,Framed-Route,reply
AuthAttrDef pool,PoolHint,reply
#Aniadimos al final
AddToReply Service-Type = 2
AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle
</AuthBy>
<AuthBy DYNADDRESS>
Allocator PRINCIPAL
PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
</Handler>
--
____________________________________________
Cesar Garcia.
Dept. Sistemas, IdecNet S.A.
Edificio IdecNet. C/Juan XXIII 44,
Centro de Gestion de Red, E-35004,
Las Palmas de Gran Canaria,
Islas Canarias - Spain.
Tfn: +34 828 111 000
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list