(RADIATOR) Radiator and Tagged L2TP attributes
Mike McCauley
mikem at open.com.au
Tue Oct 30 16:07:08 CST 2001
Hello Onno,
On Wed, 31 Oct 2001 02:35, Hugh Irvine wrote:
> Hello Onno -
>
> How nice to hear from you - hope everything is going well?
>
> I have copied this to Mike to ask him to have a look at if for you.
>
> regards
>
> Hugh
>
> >Hi All,
> >
> >I am trying to send tagged tunneling attributes with radiator and having
> >some problems. I have read the FAQ/manual as per
> >"40. Does Radiator support the IETF Radius Tunnelling attributes? Yes.
> > There are a few tricks to using them though. " but this does not help me.
> > I need to be able to send (several other radius servers support this,
> > before you ask) sending arbitrary tunneling attributes with arbitrary
> > tags. Your FAQ suggests that all tags should be zero - this is not so.
> >
> >The profile I want to send is like this, (using 1: to denote a tag of 1 on
> >that attribute as per certain other radius's syntax)
> >
> >tunnel-assignment-ID=1:"ISP"
> >tunnel-server-endpoint=1:"192.168.100.1"
> >tunnel-type=1:l2tp
> >tunnel-medium=1:ip
> >tunnel-assignment-ID=2:"ISP"
> >tunnel-server-endpoint=2:"192.168.100.2"
> >tunnel-type=2:l2tp
> >tunnel-medium=2:ip
> >
> >I simplified this out for testing to just one endpoint definition, with
> > just one tag value, i.e.
> >
> >tunnel-assignment-ID=1:"ISP"
> >tunnel-server-endpoint=1:"192.168.100.1"
> >tunnel-type=1:l2tp
> >tunnel-medium=1:ip
> >
> >The syntax for how to express this in a radiator config is file is where I
> >am having problems. I tried using this radiator config:
> >
> >tunnel-assignment-ID="\001ISP"
> >tunnel-server-endpoint="\001192.168.100.1"
> >tunnel-type=\001l2tp
> >tunnel-medium=\001ip
> >
> >the first two string attributes come out tagged with "1" as expected, they
> >work. The second two integer ones get screwed up because radiator appears
> > to treat the \001 as part of the value, can't look it up in the lookup
> > table, and ends up sending a value of zero with a tag of zero (which is
> > useless, and breaks the tunnel setup). If I define them without the \001
> >in front, they get sent untagged by radiator, which still breaks the
> > tunnel setup as its getting some attributes with a 0 tag and some with a
> > 1.
> >
> >basically what it comes down to is that I cannot work out how, in the
> >radiator configuration file, to configure a user radius profile to have
> >non-zero tagged values of the tunnel-type and tunnel-medium attributes,
> > and thus cannot get tagged tunneling to work properly. I've guessed
> >at/experimented with various ways I thought you might have implemented the
> >configuration of non-zero tags, couldn't get any to work.
The only way to set up tagged integer attributes right now is to manually
mask in the tag and the attribtue value (tagged attribtues are 32 bit
integers with the most significant octet used as the tag.
eg the equivalent of
tunnel-type=1:l2tp
tunnel-medium=1:ip
with the Radiator dictionary would be
Tunnel-Type=16777219,
Tunnel-Medium-Type=16777217
Of course, this is clumsy at best.
We hope to have a much better system, similar to common practice, in the next
release.
Cheers.
> >
> >regards,
> >
> >
> >Onno
> >
> >===
> >Archive at http://www.open.com.au/archives/radiator/
> >Announcements on radiator-announce at open.com.au
> >To unsubscribe, email 'majordomo at open.com.au' with
> >'unsubscribe radiator' in the body of the message.
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list