(RADIATOR) Stopping processing on Invalid radius requests

Hugh Irvine hugh at open.com.au
Thu Oct 25 20:54:24 CDT 2001


Hello Martin -

The simplest way to do what you describe is with Handlers.

# define a special Handler to trap bogus accounting

<Handler User-Name = /unauthenticated|....|...../>
	.....
</Handler>

Note that you should not mix Realms and Handlers in the same configuration 
file. Convert any Realms like this: 

<Realm some.domain>

becomes

<Handler Realm = some.domain>

It is usually much easier to configure complex scenarios with Handlers.

Also note that Handlers are evaluated in the order they appear in the 
configuration file, so the more specific must appear before the more general 
and you should always try to keep the most often used Handlers near the top 
of the list.

regards

Hugh


On Friday 26 October 2001 11:38, Martin Edge wrote:
> Hey Guys,
>
> Is there a way to stop processing some radius packets depending on
> information?
>
> Like, for instance.. the radius stop record below is sent via a USR Nas
> who hasn't been able to authenticate a user, but it still sends the
> stop/start record because of the connection itself. There are other
> Ascend NAS's that react the same way for us.
>
> If I can possibly build a hook to just say drop this request, then I
> would save filling up logs with unnecessary SQL errors
> (Framed-IP-Address is required in all SQL entries, and where they aren't
> allocated one..)
>
> I'm not sure the syntax required in the hooks to say "ACCEPT" or
> "REJECT" user, or to just say "stop processing"
>
>         User-Name = "unauthenticated"
>         NAS-IP-Address = 202.160.140.3
>         Acct-Status-Type = Stop
>         Acct-Session-Id = "51576937"
>         Acct-Delay-Time = 0
>         Service-Type = Framed-User
>         NAS-Port-Type = Async
>         NAS-Port = 788
>         USR-Interface-Index = 2044
>         USR-Chassis-Call-Slot = 4
>         USR-Chassis-Call-Span = 1
>         USR-Chassis-Call-Channel = 20
>         USR-Unauthenticated-Time = 2
>         USR-Modem-Training-Time = 18
>         Calling-Station-Id = "0298073422"
>         Called-Station-Id = "0282053301"
>         USR-Modulation-Type = v90Digital
>         USR-Simplified-MNP-Levels = ccittV42
>         USR-Simplified-V42bis-Usage = ccittV42bis
>         USR-Connect-Speed = 44000_BPS
>         Framed-Protocol = PPP
>         Acct-Session-Time = 20
>         Acct-Terminate-Cause = User-Request
>         Disconnect-Reason = 8
>         Acct-Input-Octets = 127
>         Acct-Output-Octets = 215
>         Acct-Input-Packets = 5
>         Acct-Output-Packets = 7
>         Call-Arrived-time = 183605368
>         Call-Lost-time = 183605388
>
> Thanks,
> Martin
>
> -----------------------------------------
> Martin Edge
> Network Engineer
> Phoneware Online
> eMail:  <mailto:Martin.Edge at phoneware.net.au>
> Martin.Edge at phoneware.net.au
> Phone: +613 9640 4140 ext. 193
>
> "Creating the structure necessary for your
> business internet requirements"
> -----------------------------------------
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list