(RADIATOR) Configurations dudes...

Cesar Garcia cegara at idecnet.com
Wed Aug 8 09:46:28 CDT 2001


Hi Hugh.

I am System Admin and a big proyect has been charged to me...

We have 3 nodes interconecting with ATM.
In any node, we have cisco as5300, cisco 7505 and access for ADSL,
Modems and RDSI.
Our cisco register connections as Virtual, Async and ISDN respectively.

We want based our authentification system in LDAP for accounts
information (Username,Password,Permissions...) and SQL for pool
assignement and Session DATABASE.


In a 2 month, i get that auth with LDAP, Pool with SQL and Accounting in
SQL for this kind of acceses Async, ADSLs, and ISDN 1 channel.

Now , i am probing with 2 channel ISDN(Multilink), but i can see, that
any channel i up, assing 1 IP.

The NAS, use the second IP i up for virtual, and if i shutdown the
second channel, he free the second IP, that really is in use.

I am tryng to configure Session SQL, but i dont know how, i configure
SQL table how goodies define, but in the ref.pdf file, aren't examples.


We want that one radius in any node, use a local LDAP BD (that is
replied) (this is OK).
Use a central POOL BD with secondaries Mysqls BD for if principal BD
fail.( i dont know how)
Use session Database (i cant find information about it.)
Multilink, (how can i solution the problem of ips? 

This is my config file.

# ldap.cfg
#

#Foreground
#LogStdout      


Trace   4

#El puerto de radius authentication ha cambiado a 1812, 
#a tener en cuenta para el momento
#de probar, el puerto por defecto es el 1645
#AuthPort 1812

#El puerto de radius accounting ha cambiado a 1813,
#a tener en cuenta para el momento
#de probar, el puerto por defecto es el 1646
#AcctPort 1813


LogDir          /var/log/radius

DbDir           /var/radiator

LogFile         %L/sys/%d-%m-%y-radiator.log

DictionaryFile /var/radiator/dictionary


# You will probably want to add other Clients to suit your site.
<Client DEFAULT>
        Secret  mysecret
#Como actuar en caso de llamadas simultaneas, ignorar, tomamos por
defecto.
#       DupInterval 0
</Client>

      <SessionDatabase SQL>
                # Definimos el enlace para la base de datos de sesiones.
                # Define el enlace, nombre de usuario y clave
                Identifier PRINCIPAL
                DBSource
dbi:mysql:database=acct;host=sistemas.idecnet.com
                DBUsername acct
                DBAuth h3lPm3n0w
                AddQuery insert into RADONLINE (USERNAME, \
                NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
                FRAMEDADDRESS, PORTTYPE, \
                SERVICETYPE) values ( %n ,  %N , %{NAS-Port}, 
%{Acct-Session-Id} , \
                %{Timestamp},  %{Framed-IP-Address} ,  %{Port-Type} , 
%{Service-Type} )
      </SessionDatabase>

<AddressAllocator SQL>
        # This name allows us to refer to it from inside
        # an AuthBy DYNADDRESS
        Identifier PRINCIPAL

        # For mysql, use something like this
        DBSource dbi:mysql:database=radiator;host=ldap.idecnet.com
        DBUsername      radiator
        DBAuth          mypass

        # If SessionTimeout is set by a previous AuthBy
        # then that is used as the expiry time. Otherwise
        # DefaultLeasePeriod (in seconds) is used.
        # Defaults to 1 day
        #DefaultLeasePeriod     86400

        # How often we check the database for expired leases
        # leases can expire if an acounting stop is lost
        # or if the session goes longer than the lease
        # we originally asked for. Defaults to 1 day.
        LeaseReclaimInterval 86400

        # Define the pools that are to be in our database
        # defining pools here will make AddressAllocator SQL
        # ensure that all the addresses are present in the database
        # at startup. You dont have to define pools here. If you dont,
        # AddressAllocator SQL will just use whatever addresses
        # it finds in the RADPOOL table.
        <AddressPool pool1>
                Subnetmask      255.255.255.0
                Range   212.xxx.xxx.129 212.xxx..xxx.140
        </AddressPool>
</AddressAllocator>

<Handler Acct-Status-Type = Stop >
AuthByPolicy ContinueWhileAccept
        AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle
        <AuthBy SQL>
                # Define el enlace, nombre de usuario y clave
                DBSource
dbi:mysql:database=acct;host=sistemas.idecnet.com
                DBUsername acct
                DBAuth mypass
                # Ignora los Auth y usa la tabla RADACCT para guardar
logs..
                AuthSelect
                AccountingStopsOnly
                AccountingTable PPPUSERS
                AcctColumnDef USERNAME,User-Name
                AcctColumnDef NAS,NAS-IP-Address
                AcctColumnDef ADDRESS,Framed-IP-Address
                AcctColumnDef PORT,Cisco-NAS-Port
                AcctColumnDef CALLERID,Calling-Station-Id
                AcctColumnDef CALLEDID,Called-Station-Id
                AcctColumnDef PROTOCOL,Framed-Protocol
                AcctColumnDef PKTSIN,Acct-Input-Packets,integer
                AcctColumnDef PKTSOUT,Acct-Output-Packets,integer
                AcctColumnDef BYTESIN,Acct-Input-Octets,integer
                AcctColumnDef BYTESOUT,Acct-Output-Octets,integer
                AcctColumnDef SESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef SESSION_ID,Acct-Session-Id 
                AcctColumnDef TIMESTAMP,Timestamp,integer
                AcctColumnDef DISC_CAUSE,Acct-Terminate-Cause
        </AuthBy>

        <AuthBy DYNADDRESS>
                Allocator PRINCIPAL

                PoolHint %{Reply:PoolHint}

                MapAttribute   yiaddr, Framed-IP-Address
                MapAttribute   subnetmask, Framed-IP-Netmask

                StripFromReply PoolHint
      </AuthBy>

</Handler>

#For ADSL access
<Handler NAS-Port-Type = Virtual >
   AuthByPolicy ContinueWhileAccept
        <AuthBy LDAP2>
                Host            localhost
                Port 389
                AuthDN          cn=root, o=organizarion, c=ES
                AuthPassword    mypass
                BaseDN          ou=acceso,o=organization, c=ES
                UsernameAttr    uid
                EncryptedPasswordAttr   radPassword

                #obtenemos del usuario
                AuthAttrDef     nasporttype,NAS-Port-Type,check
                AuthAttrDef     simultaneoususe,Simultaneous-Use,check
                AuthAttrDef     framedprotocol,Framed-Protocol,check

                #Enviamos al usuario
                AuthAttrDef     framedipaddress,Framed-IP-Address,reply
                AuthAttrDef     framedipnetmask,Framed-IP-Netmask,reply
                AuthAttrDef     framedroute,Framed-Route,reply
                AuthAttrDef     pool,PoolHint,reply

                #Aniadimos al final
                AddToReply      Service-Type = 2
                AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle         
        </AuthBy>

        <AuthBy DYNADDRESS>
                Allocator PRINCIPAL

                PoolHint %{Reply:PoolHint}

                MapAttribute   yiaddr, Framed-IP-Address
                MapAttribute   subnetmask, Framed-IP-Netmask

                StripFromReply PoolHint
      </AuthBy>
</Handler>
<Handler NAS-Port-Type = ISDN >
   AuthByPolicy ContinueWhileAccept
        <AuthBy LDAP2>
                Host            localhost
                Port 389
                AuthDN          cn=root, o=organization, c=ES
                AuthPassword    mypass
                BaseDN          ou=acceso,o=organization, c=ES
                UsernameAttr    uid
                EncryptedPasswordAttr   radPassword

                #obtenemos del usuario
                AuthAttrDef     nasporttype,NAS-Port-Type,check
                AuthAttrDef     simultaneoususe,Simultaneous-Use,check
                AuthAttrDef     framedprotocol,Framed-Protocol,check

                #Enviamos al usuario
                AuthAttrDef     framedipaddress,Framed-IP-Address,reply
                AuthAttrDef     framedipnetmask,Framed-IP-Netmask,reply
                AuthAttrDef     framedroute,Framed-Route,reply
                AuthAttrDef     pool,PoolHint,reply

                #Aniadimos al final
                AddToReply      Service-Type = 2
                AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle         
        </AuthBy>
        <AuthBy DYNADDRESS>
                Allocator PRINCIPAL

                PoolHint %{Reply:PoolHint}

                MapAttribute   yiaddr, Framed-IP-Address
                MapAttribute   subnetmask, Framed-IP-Netmask

                StripFromReply PoolHint
      </AuthBy>

</Handler>

<Handler>
   AuthByPolicy ContinueWhileAccept
        <AuthBy LDAP2>
                Host            localhost
                Port 389
                AuthDN          cn=root, o=organization, c=ES
                AuthPassword    mypass
                BaseDN          ou=acceso,o=organization, c=ES
                UsernameAttr    uid
                EncryptedPasswordAttr   radPassword
                #obtenemos del usuario
                #AuthAttrDef    calledstationid,Called-Station-Id,check
                #AuthAttrDef   
callingstationid,Calling-Station-Id,check
                #AuthAttrDef    nasporttype,NAS-Port-Type,check
                AuthAttrDef     simultaneoususe,Simultaneous-Use,check
                AuthAttrDef     framedprotocol,Framed-Protocol,check
                #Enviamos al usuario
                AuthAttrDef     framedipaddress,Framed-IP-Address,reply
                AuthAttrDef     framedipnetmask,Framed-IP-Netmask,reply
                AuthAttrDef     framedroute,Framed-Route,reply
                AuthAttrDef     pool,PoolHint,reply
                #Aniadimos al final
                AddToReply      Service-Type = 2
                AcctLogFileName %L/acct/framed-%Y-%m-%d.detalle         
        </AuthBy>
        <AuthBy DYNADDRESS>
                Allocator PRINCIPAL

                PoolHint %{Reply:PoolHint}

                MapAttribute   yiaddr, Framed-IP-Address
                MapAttribute   subnetmask, Framed-IP-Netmask

                StripFromReply PoolHint
      </AuthBy>
</Handler>



-- 
____________________________________________
 Cesar Garcia.
 Dept. Sistemas, IdecNet S.A.
 Edificio IdecNet. C/Juan XXIII 44,
 Centro de Gestion de Red, E-35004,
 Las Palmas de Gran Canaria,
 Islas Canarias - Spain.
 Tfn:  +34 828 111 000
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list