(RADIATOR) Reject access from specific Calling-Station-Id
William Hernandez
whr at essnet.com
Mon Feb 18 07:37:56 CST 2002
Hello everyone,
We're trying to configure Radiator 2.18.2 to reject access to a specific
Called-Station-Id when the Calling-Station-Id is in a specific range
using various ideas picked up from the archives, but the following is
not working for us.
# radpwtst -trace -s www -user username -password password -auth_port
1812 -acct_port 1813 -secret secret -dictionary
/etc/raddb/dictionary.prw Calling-Station-Id=5556666
Called-Station-Id=1112222
sending Access-Request...
OK
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Idle-Limit = 1200
Idle-Timeout = 1200
Session-Timeout = 49920
Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN
RRATED I, 1"
Ascend-IP-Direct = 10.10.10.10
VPN-Neighbor = 10.10.10.10
sending Accounting-Request Start...
OK
sending Accounting-Request Stop...
OK
Regards,
William
-------------------------- radius.cfg
----------------------------------------
...
<AuthBy FILE>
Identifier Check-CLI
AcceptIfMissing
Filename /etc/raddb/blockcli.prw
</AuthBy>
...
<Handler>
SessionDatabase prw-sessiondb
AuthByPolicy ContinueWhileAccept
AuthBy Check-CLI
AuthBy Check-FILE
AuthBy System
PostAuthHook file:"/etc/raddb/postauthhook.prw <file:>"
AcctLogFileName /var/log/radacct/detail
PasswordLogFileName /var/log/radius.log
ExcludeFromPasswordLog root
</Handler>
...
-------------------------- End of radius.cfg
-----------------------------
-------------------------- blockcli.prw
------------------------------------
DEFAULT Calling-Station-Id = /^555/, \
Called-Station-Id = /1112222/, \
Auth-Type = "Reject: Calling station not valid for 1112222"
-------------------------- End of blockcli.prw
--------------------------
-------------------------- radius.log
----------------------------------------
Mon Feb 18 09:08:36 2002: DEBUG: Packet dump:
*** Received from 10.10.10.3 port 41637 ....
Code: Access-Request
Identifier: 126
Authentic: 1234567890123456
Attributes:
User-Name = "username"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"<146><208><238><158><247><22><144><5><164><133><228><17
4><1>H<30>x"
Calling-Station-Id = "5556666"
Called-Station-Id = "1112222"
Mon Feb 18 09:08:36 2002: DEBUG: PreClientHook: Looking for
Connect-Speed
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=surfea.net
should be use
d to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prwebtv.net
should be us
ed to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prdigital.com
should be
used to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler
Called-Station-Id=/5050$/ shou
ld be used to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler should be used to
handle this
request
Mon Feb 18 09:08:36 2002: DEBUG: Handling request with Handler ''
Mon Feb 18 09:08:36 2002: DEBUG: prw-sessiondb Deleting session for
username, 203.63.
154.1, 1234
Mon Feb 18 09:08:36 2002: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='203.63.154.1' and NASPORT=01234
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE looks for match with
username
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE looks for match with
username
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX looks for match with
username
Mon Feb 18 09:08:36 2002: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSE
SSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='username'
Mon Feb 18 09:08:36 2002: Login OK: [username] (www)
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX ACCEPT:
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthFILE ACCEPT:
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX looks for match with
username
Mon Feb 18 09:08:36 2002: Login OK: [username] (www)
Mon Feb 18 09:08:36 2002: DEBUG: Radius::AuthUNIX ACCEPT:
Mon Feb 18 09:08:36 2002: DEBUG: Processing PostAuthHook:prwpostauthhook
Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: username is: username
Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: Called-Station-Id is:
1112222
Mon Feb 18 09:08:36 2002: DEBUG: Query is: select
USERNAME,TIMEBLOCK,CLASS,DISAB
LETIME,DISABLECLASS from XSTOP where USERNAME='username'
Mon Feb 18 09:08:36 2002: DEBUG: Retrieved timeblock
Su0700-2300,Mo0700-2300,Tu0
700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 for username
Mon Feb 18 09:08:36 2002: DEBUG: User username has timeblock
Su0700-2300,Mo0700-2300,
Tu0700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 and timeouts
in 4992
0 seconds
Mon Feb 18 09:08:36 2002: DEBUG: Xstop using
Ascend-IP-Direct=10.10.10.10 and
VPN-Neighbor=10.10.10.10
Mon Feb 18 09:08:36 2002: DEBUG: User username has content controls of
xstop: A, R A
NAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1
Mon Feb 18 09:08:36 2002: DEBUG: HiperNASIpAttr:
10.10.10.11~10.10.10.12~208
.249.78.13
Mon Feb 18 09:08:36 2002: DEBUG: Access accepted for username
Mon Feb 18 09:08:36 2002: DEBUG: Packet dump:
*** Sending to 10.10.10.3 port 41637 ....
Code: Access-Accept
Identifier: 126
Authentic: 1234567890123456
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = Van-Jacobson-TCP-IP
Ascend-Idle-Limit = 1200
Idle-Timeout = 1200
Session-Timeout = 49920
Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN
RRATED I, 1"
Ascend-IP-Direct = 10.10.10.10
VPN-Neighbor = 10.10.10.10
Mon Feb 18 09:08:36 2002: DEBUG: Packet dump:
*** Received from 10.10.10.3 port 41637 ....
Code: Accounting-Request
Identifier: 127
Authentic: j<203><22><236><3><238><23><202><3>e<183><153>Qw<182><183>
Attributes:
User-Name = "username"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Calling-Station-Id = "5556666"
Called-Station-Id = "1112222"
Mon Feb 18 09:08:36 2002: DEBUG: PreClientHook: Looking for
Connect-Speed
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=surfea.net
should be use
d to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prwebtv.net
should be us
ed to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prdigital.com
should be
used to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler
Called-Station-Id=/5050$/ shou
ld be used to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler should be used to
handle this
request
Mon Feb 18 09:08:36 2002: DEBUG: Handling request with Handler ''
Mon Feb 18 09:08:36 2002: DEBUG: prw-sessiondb Adding session for
username, 203.63.15
4.1, 1234
Mon Feb 18 09:08:36 2002: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='203.63.154.1' and NASPORT=01234
Mon Feb 18 09:08:36 2002: DEBUG: do query is: insert into RADONLINE
(USERNAME, N
ASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORTTYPE,
SERVICETYPE) values ('username', '203.63.154.1', 01234, '00001234',
1014037716, '', '
Async', 'Framed-User')
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX
Mon Feb 18 09:08:36 2002: DEBUG: Processing PostAuthHook:prwpostauthhook
Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: username is: username
Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: Called-Station-Id is:
1112222
Mon Feb 18 09:08:36 2002: DEBUG: Query is: select
USERNAME,TIMEBLOCK,CLASS,DISAB
LETIME,DISABLECLASS from XSTOP where USERNAME='username'
Mon Feb 18 09:08:36 2002: DEBUG: Retrieved timeblock
Su0700-2300,Mo0700-2300,Tu0
700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 for username
Mon Feb 18 09:08:36 2002: DEBUG: User username has timeblock
Su0700-2300,Mo0700-2300,
Tu0700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 and timeouts
in 4992
0 seconds
Mon Feb 18 09:08:36 2002: DEBUG: Xstop using
Ascend-IP-Direct=10.10.10.10 and
VPN-Neighbor=10.10.10.10
Mon Feb 18 09:08:36 2002: DEBUG: User username has content controls of
xstop: A, R A
NAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1
Mon Feb 18 09:08:36 2002: DEBUG: HiperNASIpAttr:
10.10.10.11~10.10.10.12~208
.249.78.13
Mon Feb 18 09:08:36 2002: DEBUG: Accounting accepted
Mon Feb 18 09:08:36 2002: DEBUG: Packet dump:
*** Sending to 10.10.10.3 port 41637 ....
Code: Accounting-Response
Identifier: 127
Authentic: j<203><22><236><3><238><23><202><3>e<183><153>Qw<182><183>
Attributes:
Session-Timeout = 49920
Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN
RRATED I, 1"
Ascend-IP-Direct = 10.10.10.10
VPN-Neighbor = 10.10.10.10
Mon Feb 18 09:08:36 2002: DEBUG: Packet dump:
*** Received from 10.10.10.3 port 41637 ....
Code: Accounting-Request
Identifier: 128
Authentic: <251>*y<148>4<144><251>1<247>M<251><240>l<168>N<211>
Attributes:
User-Name = "username"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Calling-Station-Id = "5556666"
Called-Station-Id = "1112222"
Mon Feb 18 09:08:36 2002: DEBUG: PreClientHook: Looking for
Connect-Speed
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=surfea.net
should be use
d to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prwebtv.net
should be us
ed to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler Realm=prdigital.com
should be
used to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler
Called-Station-Id=/5050$/ shou
ld be used to handle this request
Mon Feb 18 09:08:36 2002: DEBUG: Check if Handler should be used to
handle this
request
Mon Feb 18 09:08:36 2002: DEBUG: Handling request with Handler ''
Mon Feb 18 09:08:36 2002: DEBUG: prw-sessiondb Deleting session for
username, 203.63.
154.1, 1234
Mon Feb 18 09:08:36 2002: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='203.63.154.1' and NASPORT=01234
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthFILE
Mon Feb 18 09:08:36 2002: DEBUG: Handling with Radius::AuthUNIX
Mon Feb 18 09:08:36 2002: DEBUG: Processing PostAuthHook:prwpostauthhook
Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: username is: username
Mon Feb 18 09:08:36 2002: DEBUG: prwpostauthhook: Called-Station-Id is:
1112222
Mon Feb 18 09:08:36 2002: DEBUG: Query is: select
USERNAME,TIMEBLOCK,CLASS,DISAB
LETIME,DISABLECLASS from XSTOP where USERNAME='username'
Mon Feb 18 09:08:36 2002: DEBUG: Retrieved timeblock
Su0700-2300,Mo0700-2300,Tu0
700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 for username
Mon Feb 18 09:08:36 2002: DEBUG: User username has timeblock
Su0700-2300,Mo0700-2300,
Tu0700-2300,We0700-2300,Th0700-2300,Fr0700-2300,Sa0700-2300 and timeouts
in 4992
0 seconds
Mon Feb 18 09:08:36 2002: DEBUG: Xstop using
Ascend-IP-Direct=10.10.10.10 and
VPN-Neighbor=10.10.10.10
Mon Feb 18 09:08:36 2002: DEBUG: User username has content controls of
xstop: A, R A
NAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN RRATED I, 1
Mon Feb 18 09:08:36 2002: DEBUG: HiperNASIpAttr:
10.10.10.11~10.10.10.12~208
.249.78.13
Mon Feb 18 09:08:36 2002: DEBUG: Accounting accepted
Mon Feb 18 09:08:36 2002: DEBUG: Packet dump:
*** Sending to 10.10.10.3 port 41637 ....
Code: Accounting-Response
Identifier: 128
Authentic: <251>*y<148>4<144><251>1<247>M<251><240>l<168>N<211>
Attributes:
Session-Timeout = 49920
Class = "xstop: A, R ANAR CHAT CRIMI DRUGS GAMB HATE OBSC PORN
RRATED I, 1"
Ascend-IP-Direct = 10.10.10.10
VPN-Neighbor = 10.10.10.10
----------------------End of radius.log ------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list