(RADIATOR) Authentication through DNIS.
Hugh Irvine
hugh at open.com.au
Tue Dec 11 22:30:12 CST 2001
Hello Wasim -
The trace 4 below (thanks for sending it) shows that your NAS is sending the
number "7159" as the value for the Called-Station-Id (note the spelling). You
can check for this in a users file as follows:
cool Password = ....., Called-Station-Id = 7159, Simultaneous-Use = 4
Service-Type = Framed-User,
Framed-Protocol = PPP
Note that Called-Station-Id is the number that the user has dialled.
If you want to check the number the user is dialling from you would do this:
cool Password = ....., Calling-Station-Id = 13155131, Simultaneous-Use = 4
Service-Type = Framed-User,
Framed-Protocol = PPP
All check items must appear on the first line of a user definition and the
reply items on the second and following lines with white space at the
beginning and a comma at the end of every reply line except the last.
Have a look at section 13 of the Radiator 2.19 reference manual.
regards
Hugh
On Sat, 8 Dec 2001 20:22, Wasim Ahmed Khan wrote:
> Hi All,
>
> I want to authenticate few of our users defined in radiator's user file
> on basis of DNIS. How can we do that through radiator. As first i try
> to pass Called-Station-ID attribute in users file but strangely it is
> not authenticating. Here is sumthing detail shows:
> It is picking "7159" as called-station-Id.
>
> Is there any other way to authenticate specific user on the basis on
> DNIS or otherwise where i m wrong in this whole scenario.
>
> Wed Dec 8 12:28:48 1999: INFO: Server started: Radiator 2.18.1 on
> netops-2
> Wed Dec 8 12:31:40 1999: DEBUG: Packet dump:
> *** Received from 202.63.217.245 port 1645 ....
> Code: Access-Request
> Identifier: 226
> Authentic:
> <155><196><19><166>uXV<235><205><168><149><236><234><152><149>$
> Attributes:
> NAS-IP-Address = 202.63.217.245
> NAS-Port = 62
> Cisco-NAS-Port = "Async62"
> NAS-Port-Type = Async
> User-Name = "cool"
> Called-Station-Id = "7159"
> Calling-Station-Id = "215219321"
> User-Password = "<240>Q<142><218><240>K<177>T?
> 1@<15><215>z<250><224>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Wed Dec 8 12:31:40 1999: DEBUG: Handling request with
> Handler 'Realm=DEFAULT'
> Wed Dec 8 12:31:40 1999: DEBUG: Deleting session for cool,
> 202.63.217.245, 62
> Wed Dec 8 12:31:40 1999: DEBUG: Handling with Radius::AuthEMERALD
> Wed Dec 8 12:31:40 1999: DEBUG: Handling with Radius::AuthEMERALD
> Wed Dec 8 12:31:40 1999: DEBUG: Query is: select DateAdd(Day,
> ma.extension+ma.overdue, maExpireDate),
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
> from masteraccounts ma, subaccounts sa
> where (sa.login = 'cool' or sa.shell = 'cool')
> and ma.customerid = sa.customerid
> and sa.active <> 0 and ma.active <> 0
>
> Wed Dec 8 12:31:41 1999: DEBUG: Query is: insert into badattempt
> (date,userid,password,cli) values ('12/8/1999
> 12:31:40','cool','ðQÚðK±T?1@×zúà','215219321')
>
> Wed Dec 8 12:31:41 1999: DEBUG: Radius::AuthEMERALD looks for match
> with cool
> Wed Dec 8 12:31:41 1999: DEBUG: Query is: select DateAdd(Day,
> ma.extension+ma.overdue, maExpireDate),
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
> from masteraccounts ma, subaccounts sa
> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> and ma.customerid = sa.customerid
> and sa.active <> 0 and ma.active <> 0
>
> Wed Dec 8 12:31:42 1999: DEBUG: Query is: insert into badattempt
> (date,userid,password,cli) values ('12/8/1999
> 12:31:41','cool','ðQÚðK±T?1@×zúà','215219321')
>
> Wed Dec 8 12:31:42 1999: DEBUG: Handling with Radius::AuthFILE
> Wed Dec 8 12:31:42 1999: DEBUG: Reading users file ./users
> Wed Dec 8 12:31:42 1999: DEBUG: Radius::AuthFILE looks for match with
> cool
> Wed Dec 8 12:31:42 1999: DEBUG: Radius::AuthFILE ACCEPT:
> Wed Dec 8 12:31:42 1999: DEBUG: Access accepted for cool
> Wed Dec 8 12:31:42 1999: WARNING: No such attribute Simultaneous-Use
> Wed Dec 8 12:31:42 1999: DEBUG: Packet dump:
> *** Sending to 202.63.217.245 port 1645 ....
> Code: Access-Accept
> Identifier: 226
> Authentic:
> <155><196><19><166>uXV<235><205><168><149><236><234><152><149>$
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Simultaneous-Use = 4
> Called-Station-Id = "13155131"
>
> Wed Dec 8 12:31:42 1999: DEBUG: Packet dump:
> *** Received from 202.63.217.245 port 1646 ....
> Code: Accounting-Request
> Identifier: 227
> Authentic: <139><232>b;:g<212>J<226><199><248><155><210>L<175><17>
> Attributes:
> NAS-IP-Address = 202.63.217.245
> NAS-Port = 62
> Cisco-NAS-Port = "Async62"
> NAS-Port-Type = Async
> User-Name = "cool"
> Called-Station-Id = "7159"
> Calling-Station-Id = "215219321"
> Acct-Status-Type = Start
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000123"
> Framed-Protocol = PPP
> Acct-Delay-Time = 0
>
> Wed Dec 8 12:31:42 1999: DEBUG: Handling request with
> Handler 'Realm=DEFAULT'
> Wed Dec 8 12:31:42 1999: DEBUG: Adding session for cool,
> 202.63.217.245, 62
> Wed Dec 8 12:31:42 1999: DEBUG: Handling with Radius::AuthEMERALD
> Wed Dec 8 12:31:42 1999: DEBUG: Handling accounting with
> Radius::AuthEMERALD
> Wed Dec 8 12:31:42 1999: DEBUG: do query is: insert into Calls
> (UserName, CallDate, AcctStatusType, AcctDelayTime,
> AcctSessionId, NASIdentifier, CallerID, NASPort)
> values
> ('cool', 'Dec 8, 1999 12:31', 1,
> 0, '00000123', '202.63.217.245', '215219321', 62)
>
> Wed Dec 8 12:31:43 1999: DEBUG: Accounting accepted
> Wed Dec 8 12:31:43 1999: DEBUG: Packet dump:
> *** Sending to 202.63.217.245 port 1646 ....
>
> Regards,
> Wasim Ahmed Khan.
> Application Programmer.
> eWorld Internet Services.
> Karachi,
> Pakistan.
> Ph:(92-21)111-246-246.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list