(RADIATOR) double attributes

Hugh Irvine hugh at open.com.au
Thu Feb 28 19:05:15 CST 2002 

Hello Anton -

You should use the StripFromReply in the AuthBy RADIUS clause. If you are 
concerned about reply attributes in general, you can explicitly specify the 
list of attributes that you will accept from a proxy in an AllowInReply.

See section 6.17.7 in the Radiator 2.19 reference manual.
("doc/ref.html").

regards

Hugh


On Fri, 1 Mar 2002 11:48, Anton Krall wrote:
> Guys... Im doing some  AUTHBYFILE combined with a AUTHBY RADIUS and I
> have a problem.. the radius AUTHBY RADIproxying is returning an
> Idle-timeout and Session-Timeout settings..... but what I need is a way
> to override those and put in my own... which are passed from a AUTHBY
> FILE, here is the config:
>
> <Realm mx.inter.net>
>         AuthByPolicy ContinueUntilAccept
>         AuthBy acct
>         AuthBy CheckUserAttributes-mx.inter.net
> </Realm>
>
> <AuthBy SQL>
>         Identifier      acct
>         DBSource        dbi:mysql:radius:localhost
>         DBUsername      root
>         DBAuth          net721009
>         AuthSelect
>         DateFormat      %Y%m%d %T
>         AccountingTable accounting
> #        AccountingStopsOnly
>         AcctColumnDef   username,%U,formatted
>         AcctColumnDef   domain,%R,formatted
>         AcctColumnDef   time_stamp,Timestamp,integer
>         AcctColumnDef   acctstatustype,Acct-Status-Type
>         AcctColumnDef   acctdelaytime,Acct-Delay-Time,integer
>         AcctColumnDef   acctinputoctets,Acct-Input-Octets,integer
>         AcctColumnDef   acctoutputoctets,Acct-Output-Octets,integer
>         AcctColumnDef   acctsessionid,Acct-Session-Id
>         AcctColumnDef   acctsessiontime,Acct-Session-Time,integer
>         AcctColumnDef   acctterminatecause,Ascend-Disconnect-Cause
>         AcctColumnDef   nasidentifier,NAS-IP-Address
>         AcctColumnDef   nasport,NAS-Port,integer
>         AcctColumnDef   framedipaddress,Framed-IP-Address
>         AcctColumnDef   time,Timestamp,integer-date
>         AcctColumnDef   nasipaddress,NAS-IP-Address
>         AcctColumnDef   calledstationid,Called-Station-Id
>         AcctColumnDef   callingstationid,Calling-Station-Id
>         AcctColumnDef   disconnectioncause,Ascend-Connect-Progress
>         AcctColumnDef   telco,Class
>         AcctColumnDef   zone,%{State},formatted
>         DefaultSimultaneousUse 1
> </AuthBy>
>
> <AuthBy FILE>
>                 Identifier CheckUserAttributes-mx.inter.net
>                 Filename %D/atributos-mx.inter.net
>                 Nocache
>                 DefaultSimultaneousUse 1
> </AuthBy>
>
> Contents of atributos-mx.inter.net:
>
> akrall  Auth-Type = CheckUser-nasc
>         Service-Type = Framed-User, Framed-Protocol = PPP
> DEFAULT Auth-Type = CheckUser-nasc
>         Service-Type = Framed-User, Framed-Protocol = PPP, Idle-Timeout
> = 600, Session-Timeout = 14500
>
> ----
>
> The radius server is returning something like this:
>
> Code:       Access-Accept
> Identifier: 5
> Authentic:  '<148><168><158><188>z+<231>,<191>|7<254">T@ <mailto:T@<170>
> <170>'<148><168><158><188>z+<231>,<191>|7<254>
> Attributes:
>         Framed-IP-Address = 255.255.255.254
>         Port-Limit = 1
>         Session-Timeout = 14400
>         Idle-Timeout = 1800
>         Framed-IP-Netmask = 255.255.255.255
>         Class = "38616/217030/10803096/41/NASC"
>
> As you can see. there is some Idle and Session timeoutouts here... but
> what I need to do is replace them with the ones in
> atributos-mx.inter.net if the user is not found (DEFAULT user) and if he
> is on the list (akrall for example) then strip all Idle and Sesion
> timeouts....
>
> Problem is that I cant seem to override the radius sent ones... and if I
> use something like StripFromReply... all idle and session attributes are
> stripped.. incluind mine or the radius server sent ones....
>
> Any ideas?
>
> Saludos
>
> Anton Krall
> Director de Tecnología
> Inter.net México / Panamá
>
> Tel; 5241-7609 Directo
> Tel: 5241-7600 Conmutador
> Celular: 0445-105-5160 Mobile
> ICQ: 4979450
> email:  akrall at team.inter.net
> web: http://www.mx.inter.net <http://www.mx.inter.net/>
>
> Outside Mexico:
> Office: +52(555)241-7609
> PBX: +52(555)241-7600
> Mobile: +52(555)105-5160

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list