(RADIATOR) ipass problem
Hugh Irvine
hugh at open.com.au
Mon Dec 2 14:58:16 CST 2002
Hello Tunde -
If you want Radiator to allocate IP addresses for IPASS requests, you
will need to use a ReplyHook in the AuthBy RADIUS clause. There is an
example showing how to do this in the file "goodies/hooks.txt".
regards
Hugh
On Tuesday, Dec 3, 2002, at 04:39 Australia/Melbourne, Ayotunde Itayemi
wrote:
> Hi Hugh,
>
> Finally getting near UHURU!
> I found out from IPASS that they don't support chap and all the while
> my
> test NAS (a patton) was set to use text or pap or chap!
> So, the test worked after changing the NAS to "textORchap"
> OK. New problem. Given my radius config file which I sent to you in
> my last mail.
> HOW DO I, get IPs to be allocated based on the NAS to which say an
> IPASS
> roaming client dials into?
> At the moment, radiator is allocating IPs to my Windows NASes and the
> patton boxes are configured to allocate IPs from pools defined on them.
>
> How can I get the pattons to still allocate IPs (not minding whether
> the
> client is
> local or a IPASS client) and still allow radiator to allocate IPs if
> the
> IPASS client
> dials into one of my Windows servers?
>
> Regards,
> Tunde I.
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Ayotunde Itayemi" <aitayemi at metrong.com>
> Sent: Saturday, November 30, 2002 12:16 AM
> Subject: Re: (RADIATOR) ipass problem
>
>
>>
>> Hello Tunde -
>>
>> Thanks for sending the files.
>>
>> The Radiator log file shows that you are sending the access request to
>> IPASS, but that you are getting an access reject back from them. You
>> will need to check with IPASS to see what is happening at their end.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Saturday, Nov 30, 2002, at 05:47 Australia/Melbourne, Ayotunde
>> Itayemi wrote:
>>
>>> Hi Hugh,
>>> Please find attached the following files:
>>> radius.cfg (my full config file with no passwords)
>>> cmdtest.txt (test carried out with test credentials from ipass using
>>> the
>>> command line tester that comes with ipass
>>> netserver)
>>> logfile.txt (radius logfile after attempting access twice via the NAS
>>> 80.247.140.30)
>>>
>>> Hope to hear from you soon.
>>>
>>> Regards,
>>> Tunde I.
>>>
>>> ----- Original Message -----
>>> From: "Hugh Irvine" <hugh at open.com.au>
>>> To: "Ayotunde Itayemi" <aitayemi at metrong.com>
>>> Cc: <radiator at open.com.au>
>>> Sent: Thursday, November 28, 2002 11:28 PM
>>> Subject: Re: (RADIATOR) ipass problem
>>>
>>>
>>>
>>> Hello Tunde -
>>>
>>> I will need to see a trace 4 debug from Radiator showing what happens
>>> in both cases.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On Friday, Nov 29, 2002, at 07:08 Australia/Melbourne, Ayotunde
>>> Itayemi
>>> wrote:
>>>
>>>> Hi Hugh, Hi All,
>>>>
>>>> I am testing my config for ipass. I have used ipass' own config
>>>> checker
>>>> from the prompt of my radiator server, and I was able to
>>>> authenticate
>>>> the
>>>> username/password given to me by ipass.
>>>>
>>>> But dialing into one of the NASes on my network with the same
>>>> credentials
>>>> results in a "request denied" . Any help would be appreciated.
>>>>
>>>> My config:
>>>>
>>>> =======================================<Client 80.4.4.30>
>>>> Secret asecret
>>>> DupInterval 0
>>>> NasType Patton
>>>> SNMPCommunity patt222
>>>> Identifier viruse1
>>>> IdenticalClients 80.4.4.61 80.4.4.92
>>>> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
>>>> </Client>
>>>> <Client localhost>
>>>> # ipass client for VNAS (incoming roamers)
>>>> Secret asecret
>>>> Identifier ipassclient
>>>> IdenticalClients 63.4.4.212
>>>> RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
>>>> </Client>
>>>> # =================== AUTH BYs =================================
>>>> ###### proxy radius for IPASS
>>>> <AuthBy RADIUS>
>>>> Identifier ipassNetserver
>>>> Host 63.4.4.212
>>>> Secret asecret
>>>> AuthPort 11812
>>>> AcctPort 11813
>>>> # AddToRequest NAS-IP-Address=%N
>>>> AddToRequest Called-Station-Id=%{Called-Station-Id},
>>>> NAS-IP-Address=%N
>>>> </AuthBy>
>>>> #=================== HANDLERs ================================
>>>> <Handler Realm=myipass>
>>>> AcctLogFileName %L/ipass/detail
>>>> RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
>>>> # MaxSessions 1
>>>> AuthBy ipassNetserver
>>>> </Handler>
>>>> <Handler Client-Identifier=ipassclient>
>>>> AuthByPolicy ContinueWhileAccept
>>>> RewriteUsername s/^([^@]+).*/$1/
>>>> RewriteUsername tr/A-Z/a-z/
>>>> UsernameCharset a-zA-Z0-9\._ at -
>>>> AcctLogFileName %L/account.log
>>>> PasswordLogFileName %L/password.log
>>>> SessionDatabase SDB1
>>>> AuthBy SQLClientauth
>>>> StripFromReply Framed-IP-Address
>>>> </Handler>
>>>> <Handler Client-Identifier=viruse1>
>>>> AuthByPolicy ContinueWhileAccept
>>>> RewriteUsername s/^([^@]+).*/$1/
>>>> RewriteUsername tr/A-Z/a-z/
>>>> UsernameCharset a-zA-Z0-9\._ at -
>>>> # MaxSessions 1
>>>> # Show rejection reason to users
>>>> RejectHasReason
>>>> AcctLogFileName %L/account.log
>>>> PasswordLogFileName %L/password.log
>>>> SessionDatabase SDB1
>>>> AuthBy SQLClientauth
>>>> # AuthBy pattonIPADDRESSauth
>>>> </Handler>
>>>>
>>>>
>>>>
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>> <radius.cfg><cmdtest.txt><logfile.txt>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list