(RADIATOR) Stopping processing on Invalid radius requests
Hugh Irvine
hugh at open.com.au
Thu Oct 25 20:54:24 CDT 2001
Hello Martin -
The simplest way to do what you describe is with Handlers.
# define a special Handler to trap bogus accounting
<Handler User-Name = /unauthenticated|....|...../>
.....
</Handler>
Note that you should not mix Realms and Handlers in the same configuration
file. Convert any Realms like this:
<Realm some.domain>
becomes
<Handler Realm = some.domain>
It is usually much easier to configure complex scenarios with Handlers.
Also note that Handlers are evaluated in the order they appear in the
configuration file, so the more specific must appear before the more general
and you should always try to keep the most often used Handlers near the top
of the list.
regards
Hugh
On Friday 26 October 2001 11:38, Martin Edge wrote:
> Hey Guys,
>
> Is there a way to stop processing some radius packets depending on
> information?
>
> Like, for instance.. the radius stop record below is sent via a USR Nas
> who hasn't been able to authenticate a user, but it still sends the
> stop/start record because of the connection itself. There are other
> Ascend NAS's that react the same way for us.
>
> If I can possibly build a hook to just say drop this request, then I
> would save filling up logs with unnecessary SQL errors
> (Framed-IP-Address is required in all SQL entries, and where they aren't
> allocated one..)
>
> I'm not sure the syntax required in the hooks to say "ACCEPT" or
> "REJECT" user, or to just say "stop processing"
>
> User-Name = "unauthenticated"
> NAS-IP-Address = 202.160.140.3
> Acct-Status-Type = Stop
> Acct-Session-Id = "51576937"
> Acct-Delay-Time = 0
> Service-Type = Framed-User
> NAS-Port-Type = Async
> NAS-Port = 788
> USR-Interface-Index = 2044
> USR-Chassis-Call-Slot = 4
> USR-Chassis-Call-Span = 1
> USR-Chassis-Call-Channel = 20
> USR-Unauthenticated-Time = 2
> USR-Modem-Training-Time = 18
> Calling-Station-Id = "0298073422"
> Called-Station-Id = "0282053301"
> USR-Modulation-Type = v90Digital
> USR-Simplified-MNP-Levels = ccittV42
> USR-Simplified-V42bis-Usage = ccittV42bis
> USR-Connect-Speed = 44000_BPS
> Framed-Protocol = PPP
> Acct-Session-Time = 20
> Acct-Terminate-Cause = User-Request
> Disconnect-Reason = 8
> Acct-Input-Octets = 127
> Acct-Output-Octets = 215
> Acct-Input-Packets = 5
> Acct-Output-Packets = 7
> Call-Arrived-time = 183605368
> Call-Lost-time = 183605388
>
> Thanks,
> Martin
>
> -----------------------------------------
> Martin Edge
> Network Engineer
> Phoneware Online
> eMail: <mailto:Martin.Edge at phoneware.net.au>
> Martin.Edge at phoneware.net.au
> Phone: +613 9640 4140 ext. 193
>
> "Creating the structure necessary for your
> business internet requirements"
> -----------------------------------------
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list