(RADIATOR) Static IP address/Framed-IP-Address Simultaneous-Use = 1 attribute

Hugh Irvine hugh at open.com.au
Sun Jun 3 18:31:45 CDT 2001 

Hello Steve -

Thanks for sending the information.

On Sunday 03 June 2001 08:01, pop wrote:
> Hi,
>
> We are testing out Radiator and so far it seems easy to set up and get
> working.  I seem to be having a problem  with a few items however I believe
> they are all connected.
>
> I'm trying a simple set up with one realm (DEFAULT) with cisco 5300.  I
> would like to use Simultaneous-Use only for most users but not all.  I
> would like to add static ip's for some users with Framed-IP-Address
> Simultaneous-Use = 1 authentication from SQL Database.
>

Note that Simultaneous-Use is a check item, and Framed-IP-Address is a reply 
item (usually). See below for details.

> The basic username password authentication is working fine only when
> forcing the AddToReplyIfNotExist directive in the config file.
>
> It seems that the reply attributes are not being sent back to the 5300 so
> the same users can log on multiple times.  When using the
> DefaultSimultaneousUse  statement only one user at a time can log on.
> However when setting that attribute and value in the SQL database and
> removing   DefaultSimultaneousUse from the config file, the same user can
> log on multiple times.
>
> I'm seeing a similar problem with assigning a static ip.  Defined in the
> database does not get assigned to the access server.
>
> Additionally I must use the AddToReplyIfNotExist in my config or else I get
> a no appropriate authorization type for user.
> Here is my sql.config and some debugs.  One for a the user fred and one for
> the user xyz.  Xyz is a user set up for static ip and fred is a basic user
> that can only log on once.
>

The problem you have is that you have not indicated to the AuthBy SQL clause 
that you want to use the CHECKATTR and REPLYATTR fields from the database.

You will need to add an AuthSelect statement together with the appropriate 
AuthColumnDef's to do what you require - something like this:

	AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
		from SUBSCRIBERS \
		where USERNAME = '%n'
	AuthColumnDef 0, User-Password, check
	AuthColumnDef 1, GENERIC, check
	AuthColumnDef 2, GENERIC, reply

Have a look at sections 6.26.6 and 6.26.7 in the Radiator 2.18.1 reference 
manual.

BTW - you will also need the DefaultSimultaneousUse 1 in the Authby SQL 
clause (it is currently commented out) if you want to set a default.

>
> # This will authenticate users from SUBSCRIBERS
> <Realm DEFAULT>
>     <AuthBy SQL>
> 	# Adjust DBSource, DBUsername, DBAuth to suit your DB
>
> 	DBSource	dbi:mysql:xxx
>         DBUsername      xxx
>         DBAuth          xxxxx
>
> #DefaultSimultaneousUse 1
>
> 	# You may want to tailor these for your ACCOUNTING table
> 	# You can add your own columns to store whatever you like
> 	AccountingTable	ACCOUNTING
> 	AcctColumnDef	USERNAME,User-Name
> 	AcctColumnDef	TIME_STAMP,Timestamp,integer
> 	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
> 	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
> 	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
> 	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
> 	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
> 	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 	AcctColumnDef	NASPORT,NAS-Port,integer
> 	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
>
> # added would like to take this out!
>
>         AddToReplyIfNotExist Service-Type = Framed-User,\
>                  Framed-Protocol = PPP,\
>                  Framed-Routing = None,\
>                  Framed-MTU = 1500,\
>                  Framed-Compression = Van-Jacobson-TCP-IP
> # end added
>
> 	# You can arrange to log accounting to a file if the
> 	# SQL insert fails with AcctFailedLogFileName
> 	# That way you could recover from a broken SQL
> 	# server
> 	AcctFailedLogFileName %D/missedaccounting
>
>
>     </AuthBy>
>
>
> </Realm>
>

Also note that if you want to set a number of default reply attributes, 
rather than defining them for every user, you can use an AddToReply statement 
in the AuthBy SQL clause:

	AddToReply Service-Type = Framed-User, \
		Framed-Protocol = PPP, \
		.....


hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list