(RADIATOR) Rejecting Caller-ID from SQL without auth from SQL

Hugh Irvine hugh at open.com.au
Thu Feb 14 17:45:53 CST 2002 

Hello Viraj -

Could you do the following please?

1. change the "NoDefaultIfFound" to "AcceptIfMissing"

2. remove the "DEFAULT Auth-Type = Accept" line from the 
VE_Check_CallerID.users file

Like this:

......

<AuthBy FILE>
        Identifier VE_Check_CallerID
        Filename        %D/VE_Check_CallerID.users
        AcceptIfMissing
</AuthBy>

......

VE_Check_CallerID.users file looks like:

# DEFAULT entries to check blacklist

DEFAULT Auth-Type = VE_CallerID


Please let me know how that works.

regards

Hugh


On Fri, 15 Feb 2002 02:52, Viraj Alankar wrote:
> On Thu, Feb 14, 2002 at 11:01:08AM +1100, Hugh Irvine wrote:
> > Hello Viraj -
> >
> > You have to do this with different AuthBy clauses, something like this:
> >
> > # define AuthBy clauses
> >
> > <AuthBy SQL>
> > 	Identifier CheckNumber
> > 	.....
> > 	AuthSelect select ACTION from BLACKLIST \
> > 		where NUMBER = %{Calling-Station-Id}
> > 	AccountingTable
> > </AuthBy>
> >
> > <AuthBy FILE>
> > 	Identifier CheckBlacklist
> > 	Filename %D/blacklist
> > 	NoDefaultIfFound
> > </AuthBy>
> >
> > <AuthBy FILE>
> > 	Identifier YourNormalAuthBy
> > 	Filename %D/users
> > 	.....
> > </AuthBy>
> >
> > # define Realms or Handlers
> >
> > <Realm ...>
> > 	AuthByPolicy ContinueWhileAccept
> > 	AuthBy CheckBlacklist
> > 	AuthBy YourNormalAuthBy
> > 	.....
> > </Realm>
> >
> >
> > The BLACKLIST table in the database would have the list of numbers in the
> > NUMBER column and "Auth-Type = Reject" in the ACTION column.
> >
> >
> > The file %D/blacklist would contain this:
> >
> > # DEFAULT entries to check blacklist
> >
> > DEFAULT  Auth-Type = CheckNumber
> >
> > DEFAULT  Auth-Type = Accept
>
> Hello Hugh,
>
> This makes sense, however I seem to have some trouble setting this up.
> First of all I cannot change the blacklist table in my case, but I think it
> can be worked around. Here is what I have:
>
> In MySQL, we have a table 've' that looks like this:
>
> mysql> desc ve;
> +-----------+---------------+------+-----+---------+-------+
>
> | Field     | Type          | Null | Key | Default | Extra |
>
> +-----------+---------------+------+-----+---------+-------+
>
> | callerid  | varchar(80)   |      | PRI |         |       |
> | comment   | varchar(80)   | YES  |     | NULL    |       |
> | timestamp | timestamp(14) | YES  |     | NULL    |       |
>
> +-----------+---------------+------+-----+---------+-------+
>
> Which is basically the blacklist table. For radiator I did:
>
> <AuthBy SQL>
>         Identifier VE_CallerID
>
>         DBSource ...
>
>         AuthSelect select "Reject" from ve where callerid =
> %{Calling-Station-Id} AuthColumnDef 0, Auth-Type, check
>         AccountingTable
> </AuthBy>
>
> <AuthBy FILE>
>         Identifier VE_Check_CallerID
>         Filename        %D/VE_Check_CallerID.users
>         NoDefaultIfFound
> </AuthBy>
>
> <AuthBy FILE>
>         Identifier Users_File
>         Filename        %D/users
> </AuthBy>
>
> <Handler>
>         AuthByPolicy ContinueWhileAccept
>         AuthBy VE_Check_CallerID
>         AuthBy Users_File
> </Handler>
>
> VE_Check_CallerID.users file looks like:
>
> # DEFAULT entries to check blacklist
>
> DEFAULT Auth-Type = VE_CallerID
>
> DEFAULT Auth-Type = Accept
>
> users file looks like:
>
> test at test.com
>
> Now I did a radpwtst with a calling-station-id that did not exist in the
> table:
>
> radpwtst ... -noacct -user test at test.com -password test
>
> But it is rejected for some reason. The logfile looks like this:
>
> Thu Feb 14 10:46:27 2002: INFO: Server started: Radiator 2.19 on
> tutraddev.ifxcorp.com Thu Feb 14 10:46:40 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32782 ....
> Code:       Access-Request
> Identifier: 100
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "test at test.com"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<215>f<171><11><174><150><128>>x<243>f<245>>I$<157>"
>
> Thu Feb 14 10:46:40 2002: DEBUG: Check if Handler  should be used to handle
> this request Thu Feb 14 10:46:40 2002: DEBUG: Handling request with Handler
> ''
> Thu Feb 14 10:46:40 2002: DEBUG:  Deleting session for test at test.com,
> 203.63.154.1, 1234 Thu Feb 14 10:46:40 2002: DEBUG: Handling with
> Radius::AuthFILE: VE_Check_CallerID Thu Feb 14 10:46:40 2002: DEBUG:
> Radius::AuthFILE looks for match with test at test.com Thu Feb 14 10:46:40
> 2002: DEBUG: Radius::AuthFILE looks for match with DEFAULT Thu Feb 14
> 10:46:40 2002: ERR: Attribute number 79 is not defined in your dictionary
> Thu Feb 14 10:46:40 2002: DEBUG: Handling with Radius::AuthSQL
> Thu Feb 14 10:46:40 2002: DEBUG: Handling with Radius::AuthSQL: VE_CallerID
> Thu Feb 14 10:46:40 2002: DEBUG: Query is: select "Reject" from ve where
> callerid = 987654321
>
> Thu Feb 14 10:46:40 2002: DEBUG: Radius::AuthSQL looks for match with
> test at test.com Thu Feb 14 10:46:40 2002: DEBUG: Query is: select "Reject"
> from ve where callerid = 987654321
>
> Thu Feb 14 10:46:40 2002: DEBUG: Radius::AuthFILE REJECT: No such user
> Thu Feb 14 10:46:40 2002: INFO: Access rejected for test at test.com: No such
> user Thu Feb 14 10:46:40 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32782 ....
> Code:       Access-Reject
> Identifier: 100
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "Request Denied"
>
> I'm not sure what I'm doing wrong here. First it appears the select query
> is called twice. Also the 'users' file is never checked. Any ideas?
>
> Thanks,
>
> Viraj.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list