(RADIATOR) how do you guys handle your users' left time, using Radiator?
Hugh Irvine
hugh at open.com.au
Thu Oct 25 19:15:16 CDT 2001
Hello Masoud -
It looks like you are doing most things correctly in your Radiator
configuration, but I suspect you may have a problem because you are not
sending the addtional attributes required by the Cisco.
You will need to add at least what is shown below:
<AuthBy SQL>
DBSource dbi:ODBC:NTTacDB
DBUsername sa
DBAuth xxxxx
Identifier SQL1
AuthSelect select passwd,timeleft from users where id='%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
AcctSQLStatement update users set \
timeleft=timeleft-0%{Acct-Session-Time} \
where id = '%n'
AddToReply Service-Type = Framed-User,
Framed-Protocol = PPP
NoDefault
</AuthBy>
There may be additional reply attributes required depending on what else you
are doing on the Cisco.
BTW - you should watch what is going on on the Cisco by looking at the Cisco
"debug" information.
regards
Hugh
On Friday 26 October 2001 00:15, Masuod - wrote:
> Dear anybody,
> In order to ba able to automatically end the remote users' sessions
> on our Cisco NAS, we need to enable session-timeout attr on the
> Radiator, and Cisco. I've read lots and lots of your mails, and Cisco
> documents, which have helped me a lot, but still no good!
> Has anyone solved this issue? I'd really appreciate your help.
> Followings are the configurations I've done on my cisco and radiator.
> I know that the Radiator sends the attribute correctly,(according to
> the log included below) but somehow Cisco discards this information.
>
> If this is not possible, how do you guys handle your users' left
> time, using Radiator?(disconnecting it when the time is over!)
>
>
> MANY MANY THANKS ALREADY!
>
>
>
>
>
> Thu Oct 25 16:46:31 2001: DEBUG: Packet dump:
> *** Received from x.x.x.x port 1645 ....
> Code: Access-Request
> Identifier: 43
> Authentic: <227><226><225>@z<218>[<137><15><29>i<6>z<0><136><175>
> Attributes:
> NAS-IP-Address = x.x.x.x
> NAS-Port = 47
> NAS-Port-Type = Async
> User-Name = "14w560"
> User-Password = "|<219><243><164>f<135><17><14>4#V<23><244>1<242>+"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Thu Oct 25 16:46:31 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Thu Oct 25 16:46:31 2001: DEBUG: Deleting session for 14w560,
> 217.219.1.12, 47
> Thu Oct 25 16:46:31 2001: DEBUG: Handling with Radius::AuthSQL
> Thu Oct 25 16:46:31 2001: DEBUG: Handling with Radius::AuthSQL:
> IrangateSQL
> Thu Oct 25 16:46:31 2001: DEBUG: Query is: select passwd,timeleft
> from users where tac_id='14w560'
>
> Thu Oct 25 16:46:31 2001: DEBUG: Radius::AuthSQL looks for match with
> 14w560
> Thu Oct 25 16:46:31 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Thu Oct 25 16:46:31 2001: DEBUG: Access accepted for 14w560
> Thu Oct 25 16:46:31 2001: DEBUG: Packet dump:
> *** Sending to 217.219.1.12 port 1645 ....
> Code: Access-Accept
> Identifier: 43
> Authentic: <227><226><225>@z<218>[<137><15><29>i<6>z<0><136><175>
> Attributes:
> Session-Timeout = 733
>
>
>
>
>
> ----------------Radiator configuration follows:
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Client x.x.x.x>
> Secret xxxx
> DupInterval 0
> </Client>
>
> <AuthBy SQL>
> DBSource dbi:ODBC:NTTacDB
> DBUsername sa
> DBAuth xxxxx
> Identifier SQL1
> AuthSelect select passwd,timeleft from users where id='%n'
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Session-Timeout, reply
> NoDefault
> </AuthBy>
>
>
> <Realm DEFAULT>
> AuthBy SQL1
> </Realm>
>
>
> ------ NAS configuration follows:
>
> Current configuration : 4587 bytes
> !
> version 12.1
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname Access_Srv3
> !
> aaa new-model
>
> aaa authentication ppp default group radius
> aaa accounting network default start-stop group radius
> enable secret 5 xxxxxxx
> enable password password
> !
> ip subnet-zero
>
> ip name-server 198.81.209.2
> ip name-server 195.146.32.1
> !
> !
> !
> !
> interface Ethernet0/0
> ip address x.x.x.x 255.255.255.0 secondary
>
> ip address x.x.x.x 255.255.255.0
>
> !
> interface Group-Async1
> ip unnumbered Ethernet0/0
> ip access-group 190 in
> ip wccp web-cache redirect out
> encapsulation ppp
> async mode interactive
> peer default ip address pool (213)
> ppp authentication pap
> group-range 33 48
> !
> ip local pool (213) x.x.x.x x.x.x.x
> ip local pool (217) x.x.x.x x.x.x.x
> ip classless
> ip route 0.0.0.0 0.0.0.0 x.x.x.x
> no ip http server
> !
> tacacs-server host x.x.x.1
> tacacs-server host x.x.x.2
> tacacs-server timeout 10
> tacacs-server key xxxxxxxxx
> snmp-server community xxxxx RO 15
> radius-server host x.x.x.x auth-port 1645 acct-port 1646
> radius-server retransmit 3
> radius-server key xxxxxxx
> !
> line con 0
> transport input none
> line 33 48
> session-timeout 15
> modem InOut
> modem autoconfigure discovery
> autocommand ppp
> transport input all
> autoselect during-login
> autoselect ppp
> stopbits 1
> flowcontrol hardware
> line aux 0
> line vty 0 4
> password xxxxxxx
> !
> end
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list