(RADIATOR) AuthBy DYNADDRESS and Radius Proxy

Hugh Irvine hugh at open.com.au
Tue Jul 17 00:25:36 CDT 2001 

Ciao Alessandro -

You cannot run any AuthBy clause (including an AuthBy DYNADDRESS) after an 
AuthBy RADIUS clause. This is because an AuthBy RADIUS clause returns 
immediately, without waiting for the proxy reply to come back.

The only way you can allocate IP addresses dynamically with an AuthBy RADIUS 
clause is by using a ReplyHook.

This has been discussed on the list many times.

In any case, there is an example of how to do it in the file 
"goodies/hooks.txt" in the Radiator distribution.

hth

Hugh


On Tuesday 17 July 2001 02:37, Alessandro Chiolo wrote:
> I'm trying to apply different dynamic pools to different handlers. this
> works with a local file but doesn't when proxying the request to a remote
> radius.
>
> this is the relevant part of my config:
> -------------------------------------------------
> <AddressAllocator SQL>
>     Identifier  db0
>     DBSource    dbi:mysql:radius:xxxxxxxxx
>     DBUsername  xxxxxxxxxxx
>     <AddressPool pool.x>
>         Range   x.x.x.x x.x.x.x
>     </AddressPool>
>     <AddressPool pool.y>
>         Range   y.y.y.y y.y.y.y
>     </AddressPool>
> </AddressAllocator>
>
> <Handler Client-Port-DNIS=/0101$/>
>     AuthByPolicy        ContinueWhileAccept
>     <AuthBy FILE>
>         Filename        %D/users
>         Nocache
>     </AuthBy>
>     <AuthBy DYNADDRESS>
>         Allocator       db0
>         PoolHint        pool.x
>         MapAttribute    yiaddr,Framed-Address
>         MapAttribute    subnetmask,Framed-Netmask
>     </AuthBy>
> </Handler>
>
> <Handler Client-Port-DNIS=/0102$/>
>     RewriteUsername     s/^([^@]+).*/$1/
>     AuthByPolicy        ContinueWhileAccept
>     <AuthBy RADIUS>
>         Host                    remote.radius.ip
>         Secret                  xxxxxxxx
>     </AuthBy>
>     <AuthBy DYNADDRESS>
>         Allocator       db0Pool
>         PoolHint        pool.y
>         MapAttribute    yiaddr,Framed-Address
>         MapAttribute    subnetmask,Framed-Netmask
>     </AuthBy>
> </Handler>
>
> -------------------------------------------------
>
> any hints?
>
> regards,
> A.Chiolo
>
> --
> Alessandro Chiolo <alessandro.chiolo at it.easynet.net>
> Network Manager, Easynet Italy
> "I'm Winston Wolf, I solve Problems."
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database indepenFrom owner-radiator at open.com.au Mon Jul 16 22:42:43 2001
Received: (from majordomo at localhost)
	by server1.open.com.au (8.11.0/8.11.0) id f6H3ghZ30657
	for radiatorzz-list; Mon, 16 Jul 2001 22:42:43 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8])
	by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f6H3gg330654
	for <radiator at open.com.au>; Mon, 16 Jul 2001 22:42:42 -0500
Received: from hugo (acc19-ppp253.mel.dialup.connect.net.au [210.10.138.253])
	by entoo.connect.com.au (Postfix) with SMTP
	id 9FFBFDE798; Tue, 17 Jul 2001 15:31:36 +1000 (EST)
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: "Kitabjian, Dave" <dave at netcarrier.com>,
   "'Dmitry Kopylov'" <dmitry.kopylov at bbned.nl>,
   "'radiator at open.com.au'" <radiator at open.com.au>
Subject: Re: (RADIATOR) MaxSessions issue, still a problem
Date: Tue, 17 Jul 2001 15:20:22 +1000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
  charset="iso-8859-1"
References: <F55475F2CB7AD411BA9700D0B747AFDE9768E9 at lnt4exch.netcarrier.net>
In-Reply-To: <F55475F2CB7AD411BA9700D0B747AFDE9768E9 at lnt4exch.netcarrier.net>
MIME-Version: 1.0
Message-Id: <0107171520221A.00958 at hugo>
Content-Transfer-Encoding: 8bit
Sender: owner-radiator at open.com.au
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>


Hello Dave, Hello Dmitry -

The problem is that Radiator does a delete on reception of an access request 
as well as when it gets an accounting stop. This in addition to the fact that 
by default, Radiator always uses the username string received from the NAS 
(which it must do if it is to do strict checking).

Hence my recommendation to either store both forms of the username in an SQL 
session database and use custom queries, or to rewrite the usernames prior to 
them getting to the instance of Radiator that is doing simultaneous use 
checking.

regards

Hugh


On Monday 16 July 2001 23:05, Kitabjian, Dave wrote:
> Hello,
>
> I didn't read the entire thread, but couldn't you just do this:
>
> <Handler Request-Type = Accounting-Request>
>
> 	# strip off realm:
> 	RewriteUsername s/^([^@]+).*/$1/
>
> </Handler>
>
> ? If I neglected to read something, I apologize in advance.
>
> Dave
>
> > On Friday 13 July 2001 20:58, Dmitry Kopylov wrote:
> > > Hello,
> > >
> > > and the problem here is that NAS generates the
> >
> > Access-Request in form
> >
> > > "username at realm", proxy stripes off the the realmname and
> >
> > my Radiator
> >
> > > receives just "username". Whereas the accounting request approaches
> > > the Radiator in its original form e.g. "username at realm". So the
> > > session database is built up based on the "username at realm"
> >
> > and not on
> >
> > > the "username". The question here is if it's possible to
> >
> > rewrite the
> >
> > > User-Name in Accounting request?  Or maybe there is another
> >
> > solution?
> >
> > > regards,
> > > Dmitry Kopylov
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
dence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list