(RADIATOR) Radius

Barrett W Clark mgronduty at texoma.net
Fri Apr 26 09:15:47 CDT 2002 

Hugh,

After making the changes, I am still not able to stop the incoming calls.

I have been informed the leased Clients (xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy 
and zzz.zzz.zzz.zzz) are not the IPs of their NASes but of their radius 
servers.

In the logs, I show them (customers dialing the number I want to deny) to 
be on 3 different NAS-Identifiers.

The 3 NAS-Identifiers are not in the radius.cfg.

Any suggestions?

bwc

At 06:59 PM 4/21/2002 +1000, Hugh Irvine wrote:

>Hello Barrett -
>
>I suspect you will find that your configuration will work properly with
>Client xxx.xxx.xxx.xxx, but not yyy.yyy.yyy.yyy or zzz.zzz.zzz.zzz. If you
>want to use the "Identifier theirclients", you will have to specify seperate
>Client clauses.
>
># define Clients
>
><Client xxx.xxx.xxx.xxx>
>          Secret XXXXXXXXXXXX
>          Identifier theirclients
></Client>
>
><Client >yyy.yyy.yyy.yyy
>          Secret XXXXXXXXXXXX
>          Identifier theirclients
></Client>
>
><Client zzz.zzz.zzz.zzz>
>          Secret XXXXXXXXXXXX
>          Identifier theirclients
></Client>
>
>You should also check a trace 4 debug from Radiator to verify the format of
>the Called-Station-Id you are receiving from the NAS to make sure it matches
>the Handler specification.
>
>regards
>
>Hugh
>
>
>On Sun, 21 Apr 2002 09:07, Barrett W Clark wrote:
> > Hugh,
> >
> > I have tried to follow the example below but customers can still dial in on
> > that number.
> >
> > Any suggestions as to what I am doing wrong would be helpful!!  Also on
> > improving the radius.cfg file would be greatly appreciated!
> >
> > regards
> >
> > bwc
> >
> > ------Begin radius.cfg-----------
> >
> > #Foreground
> > LogStdout
> > LogDir          /usr/local/radius/log
> > DbDir           /usr/local/etc/raddb
> > # User a lower trace level in production systems:
> > Trace           3
> > AuthPort 1645
> > AcctPort 1646
> >
> > #strip realm
> > RewriteUsername s/^([^@]+).*/$1/
> > RewriteUsername s/%//g
> >
> > <Client localhost>
> >          Secret  XXXXXXXX
> >          DupInterval 0
> > </Client>
> >
> > # All of our clients are listed here
> > <Client host.domain.com>
> >          Secret XXXXXXXXXXXX
> >          Identifier ourclients
> >
> >          IdenticalClients host2.domain.com host3.domain.com \
> >          host4.domain.com host5.domain.com host6.domain.com \
> >          host7.domain.com host8.domain.com
> > </Client>
> >
> > <Client xxx.xxx.xxx.xxx>
> >          Secret XXXXXXXXXXXX
> >          Identifier theirclients
> >
> >          IdenticalClients yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz
> > </Client>
> >
> > <Handler Client-Identifier=theirclients,Called-Station-Id="##########">
> >          <AuthBy INTERNAL>
> >                  DefaultResult REJECT
> >          </AuthBy>
> > </Handler>
> >
> > <Handler>
> >          <AuthBy DBFILE>
> >                  Filename %D/users
> >          </AuthBy>
> >          AcctLogFileName %L/cd-%Y%m%d
> > </Handler>
> >
> > <Realm DEFAULT>
> >          <AuthBy DBFILE>
> >                  Filename %D/users
> >          </AuthBy>
> >          AcctLogFileName %L/cd-%Y%m%d
> > </Realm>
> >
> > <SessionDatabase DBM>
> >          # The name of the DBM file. Defaults on %D/online
> >          Filename %D/online
> > </SessionDatabase>
> >
> > -----Example of the cd-20020419-------
> >
> > Sat Apr 20 06:47:59 2002
> >          NAS-IP-Address = xxx.xxx.xxx.xxx
> >          NAS-Port = $$$$
> >          NAS-Port-Type = Async
> >          Called-Station-Id = "##########"
> >          Calling-Station-Id = "**********"
> >          Acct-Status-Type = Start
> >          Acct-Authentic = RADIUS
> >          Service-Type = Framed-User
> >          Acct-Session-Id = "000DDF72"
> >          Framed-Protocol = PPP
> >          Acct-Link-Count = 1
> >          Ascend-Num-In-Multilink = 1
> >          Acct-Multi-Session-Id = "156668"
> >          Framed-IP-Address = ooo.ooo.ooo.ooo
> >          Ascend-Multilink-ID = 156668
> >          Acct-Delay-Time = 0
> >          User-Name = "username"
> >
> > At 08:15 AM 4/17/2002 +1000, Hugh Irvine wrote:
> > >Hello Barrett -
> > >
> > >In my example below, you would reject all calls to a particular
> > >Called-Station-Id on the Clients with "Identifier somewhere".
> > >
> > >Ie. "######" is the number you want to deny.
> > >
> > ><Handler Client-Identifier = somewhere, Called-Station-Id = 12345>
> > >
> > >You could also use regular expressions in the <Handler ....>.
> > >
> > >regards
> > >
> > >Hugh
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list