(RADIATOR) Overriding NAS

Rolando Riley rriley at ayayai.com
Mon Feb 11 15:23:17 CST 2002 

Hi Hugh:
	I want to say that AuthBy DYNADDRESS work excellent so far for what I need
=)). Although I've got some doubts from my tests.

1) I noticed that when I ran radpwtst like the following:

/usr/local/src/radius/radpwtst -user rriley -password yo -framed_ip_address
168.77.14.2 -calling_station_id 2652424

the STOP record doesn't delete the record from the RADPOOL table. That is..
it doesn't free the IP that was assigned to the user after it finished the
session?


2) I wish I could use <AuthBy LDAP2> instead of <AuthBy FILE>   to link a
user to a pool =) . What attribute should I use in this case to make the
same effect to get the PoolHint?

3) I believe the bellow  lines are in charge to send back to the NAS the NEW
values of IP and mask for the user right?

		PoolHint %{Reply:PoolHint}
	        MapAttribute	yiaddr, Framed-IP-Address
		MapAttribute	subnetmask, Framed-IP-Netmask



R. Riley


########## THIS IS THE CFG I USED AS TEST #################33

<Client DEFAULT>
	Secret	mysecret
	DupInterval 0
</Client>

<AddressAllocator SQL>
	Identifier myallocator
	DBSource	dbi:mysql:radius
	DBUsername	mikem
	DBAuth		fred

	<AddressPool pool1>
		Subnetmask	255.255.255.0
		Range	192.1.1.1 192.1.1.50
		Range	192.1.1.60 192.1.1.120
		Range	192.1.2.0/31
	</AddressPool>
	<AddressPool pool2>
		Subnetmask	255.255.255.127
		Range	192.2.2.62 192.2.2.99
	</AddressPool>
</AddressAllocator>

<Realm DEFAULT>
	AuthByPolicy ContinueWhileAccept

	<AuthBy FILE>
		Filename users
	</AuthBy>

	# AuthBy DYNADDRESS needs to be the last AuthBy. If
	# all the previous ones have succeeded, then an address
	# is allocated
	<AuthBy DYNADDRESS>
		Allocator myallocator
		PoolHint %{Reply:PoolHint}
	        MapAttribute	yiaddr, Framed-IP-Address
		MapAttribute	subnetmask, Framed-IP-Netmask

		# The AuthBy FILE above sets the pseudo reply attribute
		# PoolHint as the clue to the address allocator
		# need to strip it out at the end of processing
		StripFromReply PoolHint

	</AuthBy>

</Realm>



################ THI IS THE LOGFILE WITH TRACE DEBUG 4 #####################
Mon Feb 11 09:24:13 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32776 ....
Code:       Access-Request
Identifier: 133
Authentic:  1234567890123456
Attributes:
	User-Name = "rriley"
	Service-Type = Framed-User
	NAS-IP-Address = 200.24.140.2
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "2652424"
	NAS-Port-Type = Async
	Framed-IP-Address = 168.77.14.2
	User-Password = "<128><228>_<173><175>\<4><246><188>8<9><160><216>}x<153>"

Mon Feb 11 09:24:13 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Feb 11 09:24:13 2002: DEBUG:  Deleting session for rriley, 200.24.140.2,
1234
Mon Feb 11 09:24:13 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Feb 11 09:24:13 2002: DEBUG: Radius::AuthFILE looks for match with
rriley
Mon Feb 11 09:24:13 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Feb 11 09:24:13 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon Feb 11 09:24:13 2002: DEBUG: Query is: select TIME_STAMP, YIADDR,
SUBNETMASK, DNSSERVER from RADPOOL
where POOL='pool1' and STATE=0 order by TIME_STAMP

Mon Feb 11 09:24:13 2002: DEBUG: do query is: update RADPOOL set STATE=1,
TIME_STAMP=1013437453,
EXPIRY=1013523853, USERNAME='rriley' where YIADDR='192.1.1.2' and TIME_STAMP
=1013436752

Mon Feb 11 09:24:13 2002: DEBUG: Access accepted for rriley
Mon Feb 11 09:24:13 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32776 ....
Code:       Access-Accept
Identifier: 133
Authentic:  1234567890123456
Attributes:
	Framed-IP-Netmask = 255.255.255.0
	Framed-IP-Address = 192.1.1.2

Mon Feb 11 09:24:13 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32776 ....
Code:       Accounting-Request
Identifier: 134
Authentic:  <232><164>-<141><150><160><150><145>7 at -<6><24><177><160><197>
Attributes:
	User-Name = "rriley"
	Service-Type = Framed-User
	NAS-IP-Address = 200.24.140.2
	NAS-Port = 1234
	NAS-Port-Type = Async
	Acct-Session-Id = "00001234"
	Acct-Status-Type = Start
	Called-Station-Id = "123456789"
	Calling-Station-Id = "2652424"
	Framed-IP-Address = 168.77.14.2

Mon Feb 11 09:24:13 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Feb 11 09:24:13 2002: DEBUG:  Adding session for rriley, 200.24.140.2,
1234
Mon Feb 11 09:24:13 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Feb 11 09:24:13 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon Feb 11 09:24:13 2002: DEBUG: Accounting accepted
Mon Feb 11 09:24:13 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32776 ....
Code:       Accounting-Response
Identifier: 134
Authentic:  <232><164>-<141><150><160><150><145>7 at -<6><24><177><160><197>
Attributes:

Mon Feb 11 09:24:13 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32776 ....
Code:       Accounting-Request
Identifier: 135
Authentic:
<218><128>!<175><184><179><143><191><144><246>@<143><182><159><163><184>
Attributes:
	User-Name = "rriley"
	Service-Type = Framed-User
	NAS-IP-Address = 200.24.140.2
	NAS-Port = 1234
	NAS-Port-Type = Async
	Acct-Session-Id = "00001234"
	Acct-Status-Type = Stop
	Called-Station-Id = "123456789"
	Calling-Station-Id = "2652424"
	Framed-IP-Address = 168.77.14.2
	Acct-Delay-Time = 0
	Acct-Session-Time = 1000
	Acct-Input-Octets = 20000
	Acct-Output-Octets = 30000

Mon Feb 11 09:24:13 2002: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Feb 11 09:24:13 2002: DEBUG:  Deleting session for rriley, 200.24.140.2,
1234
Mon Feb 11 09:24:13 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Feb 11 09:24:13 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
Mon Feb 11 09:24:13 2002: DEBUG: do query is: update RADPOOL set STATE=0,
TIME_STAMP=1013437453 where YIADDR='168.77.14.2'

Mon Feb 11 09:24:13 2002: DEBUG: Accounting accepted
Mon Feb 11 09:24:13 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32776 ....
Code:       Accounting-Response
Identifier: 135
Authentic:
<218><128>!<175><184><179><143><191><144><246>@<143><182><159><163><184>
Attributes:












Hello Rolando -

Do you want to support static IP addresses on a per-user basis? Or do you
want to have different IP pools on the NAS? Or do you want to have address
pools managed by Radiator?

If what you describe below is what you want to do, you would just use an
AuthBy DYNADDRESS clause and an AddressAllocator, as shown in the example
configuration file.

regards

Hugh


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list