(RADIATOR) Static IP address/Framed-IP-Address Simultaneous-Use = 1 attribute

Mike McCauley mikem at open.com.au
Sun Jun 3 08:35:38 CDT 2001


--- Forwarded mail from owner-radiator at open.com.au

From: owner-radiator at open.com.au
Date: Sat, 2 Jun 2001 15:01:29 -0500
To: radiator-approval at open.com.au
Subject: BOUNCE radiator at open.com.au:    Non-member submission from ["Steve
Hardin" <steveh at digicove.com>]

>From mikem at server1.open.com.au Sat Jun  2 15:01:29 2001
Received: from phoenix.aye.net (phoenix.aye.net [198.7.192.5])
	by server1.open.com.au (8.11.0/8.11.0) with SMTP id f52K1TD07841
	for <radiator at open.com.au>; Sat, 2 Jun 2001 15:01:29 -0500
Received: (qmail 36702 invoked from network); 2 Jun 2001 21:57:31 -0000
Received: from hpcw.hpcisp.com (HELO CTO) (208.149.144.9)
  by phoenix.aye.net with SMTP; 2 Jun 2001 21:57:31 -0000
Reply-To: <steveh at digicove.com>
From: "Steve Hardin" <steveh at digicove.com>
To: <radiator at open.com.au>
Cc: <rick at hpcisp.com>
Subject: Static IP address/Framed-IP-Address Simultaneous-Use = 1 attribute
Date: Sat, 2 Jun 2001 17:59:53 -0400
Message-ID: <PFEKLILAANJDNLECMMHPAEBGCAAA.steveh at digicove.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300

Hi,

We are testing out Radiator and so far it seems easy to set up and get
working.  I seem to be having a problem  with a few items however I believe
they are all connected.

I'm trying a simple set up with one realm (DEFAULT) with cisco 5300.  I
would like to use Simultaneous-Use only for most users but not all.  I would
like to add static ip's for some users with Framed-IP-Address
Simultaneous-Use = 1 authentication from SQL Database.

The basic username password authentication is working fine only when forcing
the AddToReplyIfNotExist directive in the config file.

It seems that the reply attributes are not being sent back to the 5300 so
the same users can log on multiple times.  When using the
DefaultSimultaneousUse  statement only one user at a time can log on.
However when setting that attribute and value in the SQL database and
removing   DefaultSimultaneousUse from the config file, the same user can
log on multiple times.

I'm seeing a similar problem with assigning a static ip.  Defined in the
database does not get assigned to the access server.

Additionally I must use the AddToReplyIfNotExist in my config or else I get
a no appropriate authorization type for user.
Here is my sql.config and some debugs.  One for a the user fred and one for
the user xyz.  Xyz is a user set up for static ip and fred is a basic user
that can only log on once.



Sql.cfg

# common-sql.cfg
#
# Example Radiator configuration file that allows you to
# authenticate from an SQL database.
# With Radiator you can interface with almost any databse schema,
# and there are many more configurable parameters that allow you
# to control database fallback, select statements, column names
# and arrangements etc etc etc.
# See the reference manual for more details.
# This is a very simple exmaple to get you started. It will
# work with the tables created by the goodies/*.sql scripts.
#
# You should consider this file to be a starting point only
# $Id: sql.cfg,v 1.5 2000/11/07 21:18:05 mikem Exp $

Foreground
LogStdout
LogDir		.
DictionaryFile ./dictionary.cisco
DbDir		.

Trace    4

<Client as2.hpcisp.com>
        Secret xxx
</Client>




<SessionDatabase SQL>
        DBSource        dbi:mysql:xxxxx
        DBUsername      xxxxx
        DBAuth          xxxxxxx
</SessionDatabase SQL>


# This will authenticate users from SUBSCRIBERS
<Realm DEFAULT>
    <AuthBy SQL>
	# Adjust DBSource, DBUsername, DBAuth to suit your DB

	DBSource	dbi:mysql:xxx
        DBUsername      xxx
        DBAuth          xxxxx

#DefaultSimultaneousUse 1

	# You may want to tailor these for your ACCOUNTING table
	# You can add your own columns to store whatever you like
	AccountingTable	ACCOUNTING
	AcctColumnDef	USERNAME,User-Name
	AcctColumnDef	TIME_STAMP,Timestamp,integer
	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
	AcctColumnDef	NASPORT,NAS-Port,integer
	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address

# added would like to take this out!

        AddToReplyIfNotExist Service-Type = Framed-User,\
                 Framed-Protocol = PPP,\
                 Framed-Routing = None,\
                 Framed-MTU = 1500,\
                 Framed-Compression = Van-Jacobson-TCP-IP
# end added

	# You can arrange to log accounting to a file if the
	# SQL insert fails with AcctFailedLogFileName
	# That way you could recover from a broken SQL
	# server
	AcctFailedLogFileName %D/missedaccounting


    </AuthBy>


</Realm>

--------------------------------------------------End
SQL.cfg---------------------------------------------------------------------
------------


-----------------------------Select for
subscribers------------------------------------------------
USERNAME   CHECKATTR
fred       Simultaneous-Use = 1, Service-Type = Framed-User
xyz        Service-Type = Framed-User


USERNAME    REPLYATTR
fred        Framed-Protocol = PPP,Framed-IP-Netmask =
255.255.255.254,Service-Type = Framed-User,
            Framed-Routing = None,Framed-MTU = 1500,
            Framed-Compression = Van-Jacobson-TCP-IP





USERNAME    REPLYATTR
xyz         Framed-Protocol = PPP,Framed-IP-Netmask =
255.255.255.254,Framed-IP-Address = 208.149.144.160,
            Service-Type = Framed-User,Framed-Routing = None,Framed-MTU =
1500,
            Framed-Compression = Van-Jacobson-TCP-I


------------------------------End select for
Subscribers------------------------------------------------






---End of forwarded mail from owner-radiator at open.com.au

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list