(RADIATOR) IP Pool

Hugh Irvine hugh at open.com.au
Wed Dec 26 15:36:27 CST 2001


Hello Chairath -

You should probably add a Handler for that NAS specifically and then add the 
AuthBy DYNADDRESS only for that NAS.

# Handler for NAS

<Handler Client-Id = ....>
	AuthByPolicy ContinueWhileAccept
	# authentication
	AuthBy ...... 
	# address allocation
	AuthBy ......
</Handler>


regards

Hugh


On Wed, 26 Dec 2001 15:22, Chairath K wrote:
> Hello Hugh,
>
> Our system will connect a new NAS , but this NAS is not smart enough  to
> choose IP Address from correct IP Pool by looking at "realm". As a result,
> we will decide to config Radiator to handle it .
>
> Well , I try to look at section 6.46 in Raidator 2.18.2 reference manual,
> but I can't find the way to use "AddreeAllocator SQL" and  "Authby
> DYNADDRESS"  with our "AuthBy RADMIN" clause in config file
>
> So how can I config radiator to handdle IP Pool like these
>
> user at test1 will get ip pool1
> user at test2 will get ip pool2
>
> Pool1
> subnetmask 255.255.255.0
> Range 192.1.1.1 192.1.1.50
> Range 192.1.1.60 192.1.1.120
>
> Pool2
> subnetmask 255.255.255.127
> Range 192.2.2.62 192.2.2.99
>
> Regards,
> Chairath
>
> P.S. Our system is running with Radiator 2.18 and Radmin 1.4
>
>
> Foreground
> LogStdout
> LogDir  d:/Radiator-2.18/log
> DbDir  d:/Radiator-2.18
> LogFile %L/logfile-%d-%m-%Y
>
> # Dont turn this up too high, since all log messages are logged
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
>
> # PreClientHook to add NAS-Port attribute
> PreClientHook file:"%D/addNASPort"
>
> # You will probably want to change this to suit your site.
> # You should list all the clients you have, and their secrets
> # If you are using the Radmin Clients table, you wil probably
> # want to disable this.
> #<Client DEFAULT>
> # Secret mysecret
> # DupInterval 0
> #</Client>
>
> # You can put additonal (or all) client details in your Radmin
> # database table
> # and get their details from there with something like this:
> # You can then use the Radmin 'Add Radius Client' to add new clients.
> <ClientListSQL>
>  DBSource dbi:ODBC:Radmin
>  DBUsername xxx
>  DBAuth  xxx
> </ClientListSQL>
>
> #<AuthBy RADIUS>
> # Identifier ProxyTofunk
> # Host 10.2.0.6
> # Secret test
> #</AuthBy>
>
> #<Realm funk>
> # strip Realm
> # RewriteUsername s/^([^@]+).*/$1/
> # AuthBy ProxyTofunk
> #</Realm>
>
> <AuthBy RADMIN>
>  Identifier RADMINAUTH
>  # Change DBSource, DBUsername, DBAuth for your database
>  # See the reference manual. You will also have to
>  # change the one in <SessionDatabse SQL> below
>  # so its the same
>  DBSource dbi:ODBC:Radmin
>  DBUsername xxx
>  DBAuth  xxx
>  DateFormat %e %m  %Y %T
>
>  #AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS from
> RADUSERS where USERNAME='%n' and BADLOGINS < 10 and VALIDFROM < %t and
> VALIDTO > %t
>
>  # You can add to or change these if you want, but you
>  # will probably want to change the database schema first
>  AccountingTable RADUSAGE
>  AcctColumnDef USERNAME,User-Name
>  AcctColumnDef TIME_STAMP,Timestamp,integer
>  AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
>  AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>  AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>  AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>  AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>  AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>  AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
>  AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>  AcctColumnDef NASIDENTIFIER,NAS-Identifier
>  AcctColumnDef NASIDENTIFIER,NAS-IP-Address
>  AcctColumnDef NASPORT,NAS-Port,integer
>  AcctColumnDef DNIS,Called-Station-Id
>  AcctColumnDef DATE,Timestamp,integer-date
>  # This updates the time and octets left
>  # for this user
>  AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> </AuthBy>
>
> <AuthBy GROUP>
>   Identifier WithIdleTimeout
>   AuthBy RADMINAUTH
>  # These are the classic things to add to each users
>  # reply to allow a PPP dialup session. It may be
>  # different for your NAS. This will add some
>  # reply items to everyone's reply
>  AddToReply Framed-Protocol = PPP,\
>   Service-Type = Framed-User,\
>          Framed-IP-Netmask = 255.255.255.255,\
>          Framed-Routing = None,\
>          Framed-MTU = 1500,\
>   Framed-Compression = Van-Jacobson-TCP-IP,\
>   Idle-Timeout = 600,\
>   Class = %{NAS-Port}
> </AuthBy>
>
> <AuthBy GROUP>
>   Identifier WithOutIdleTimeout
>   AuthBy RADMINAUTH
>  # These are the classic things to add to each users
>  # reply to allow a PPP dialup session. It may be
>  # different for your NAS. This will add some
>  # reply items to everyone's reply
>  AddToReply Framed-Protocol = PPP,\
>   Service-Type = Framed-User,\
>          Framed-IP-Netmask = 255.255.255.255,\
>          Framed-Routing = None,\
>          Framed-MTU = 1500,\
>   Framed-Compression = Van-Jacobson-TCP-IP,\
>   Class = %{NAS-Port}
> </AuthBy>
>
> <AuthBy FILE>
>  Identifier TimeZone
>  Filename %D/adsl.users
> </AuthBy>
>
> <Handler Request-Type=Accounting-Request>
>  AuthBy RADMINAUTH
> </Handler>
>
> <Handler Realm=hz.qnet>
>  AuthBy TimeZone
> </Handler>
>
> <Handler Realm=qnetcorp>
>  AuthBy WithOutIdleTimeout
> </Handler>
>
> <Handler Realm=qnetoffice>
>  AuthBy WithOutIdleTimeout
> </Handler>
>
> <Handler Realm=o64.qnet>
>  AuthBy WithOutIdleTimeout
> </Handler>
>
> <Handler Realm=o128.qnet>
>  AuthBy WithOutIdleTimeout
> </Handler>
>
> <Handler Realm=o256.qnet>
>  AuthBy WithOutIdleTimeout
> </Handler>
>
> <Handler Realm=o512.qnet>
>  AuthBy WithOutIdleTimeout
> </Handler>
>
> <Handler>
>  AuthBy WithIdleTimeout
> </Handler>
>
>
> # Handle User with NO Realm with RADMIN
> #<Realm>
> # AuthBy RADMINAUTH
> #</Realm>
>
> # Handle everyone with RADMIN
> #<Realm DEFAULT>
> # AuthBy RADMINAUTH
> #</Realm>
>
> <SessionDatabase SQL>
>  # This database spec usually should be exactly the same
>  # as in <AuthBy RADMIN> above
>  DBSource dbi:ODBC:Radmin
>  DBUsername radmin
>  DBAuth  radminpw
>  ClearNasQuery
> </SessionDatabase>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list