(RADIATOR) double attributes

Thu Feb 28 23:42:09 CST 2002

Ive tested that using the StripFromReply removes the idletimeout and
sessiontimeout attributes from the proxy but it also removes them from
the authby file after that.... Will the allowinreply do the same? Ir
just remove the ones on the proxy authby radius clause and then let any
attrbiute from authby file be appended?

Saludos

Anton Krall
Director de Tecnología
Inter.net México / Panamá

Tel; 5241-7609 Directo 
Tel: 5241-7600 Conmutador
Celular: 0445-105-5160 Mobile
ICQ: 4979450
email:  akrall at team.inter.net
web: http://www.mx.inter.net

Outside Mexico:
Office: +52(555)241-7609
PBX: +52(555)241-7600
Mobile: +52(555)105-5160

Original > -----Original Message-----
Original > From: Hugh Irvine [mailto:hugh at open.com.au] 
Original > Sent: Jueves, 28 de Febrero de 2002 07:05 p.m.
Original > To: akrall at team.mx.inter.net; radiator at open.com.au
Original > Subject: Re: (RADIATOR) double attributes
Original > 
Original > 
Original > 
Original > Hello Anton -
Original > 
Original > You should use the StripFromReply in the AuthBy 
Original > RADIUS clause. If you are 
Original > concerned about reply attributes in general, you can 
Original > explicitly specify the 
Original > list of attributes that you will accept from a proxy 
Original > in an AllowInReply.
Original > 
Original > See section 6.17.7 in the Radiator 2.19 reference 
Original > manual. ("doc/ref.html").
Original > 
Original > regards
Original > 
Original > Hugh
Original > 
Original > 
Original > On Fri, 1 Mar 2002 11:48, Anton Krall wrote:
Original > > Guys... Im doing some  AUTHBYFILE combined with a 
Original > AUTHBY RADIUS and I 
Original > > have a problem.. the radius AUTHBY RADIproxying is 
Original > returning an 
Original > > Idle-timeout and Session-Timeout settings..... but 
Original > what I need is a 
Original > > way to override those and put in my own... which 
Original > are passed from a 
Original > > AUTHBY FILE, here is the config:
Original > >
Original > > <Realm mx.inter.net>
Original > >         AuthByPolicy ContinueUntilAccept
Original > >         AuthBy acct
Original > >         AuthBy CheckUserAttributes-mx.inter.net
Original > > </Realm>
Original > >
Original > > <AuthBy SQL>
Original > >         Identifier      acct
Original > >         DBSource        dbi:mysql:radius:localhost
Original > >         DBUsername      root
Original > >         DBAuth          net721009
Original > >         AuthSelect
Original > >         DateFormat      %Y%m%d %T
Original > >         AccountingTable accounting
Original > > #        AccountingStopsOnly
Original > >         AcctColumnDef   username,%U,formatted
Original > >         AcctColumnDef   domain,%R,formatted
Original > >         AcctColumnDef   time_stamp,Timestamp,integer
Original > >         AcctColumnDef   acctstatustype,Acct-Status-Type
Original > >         AcctColumnDef   
Original > acctdelaytime,Acct-Delay-Time,integer
Original > >         AcctColumnDef   
Original > acctinputoctets,Acct-Input-Octets,integer
Original > >         AcctColumnDef   
Original > acctoutputoctets,Acct-Output-Octets,integer
Original > >         AcctColumnDef   acctsessionid,Acct-Session-Id
Original > >         AcctColumnDef   
Original > acctsessiontime,Acct-Session-Time,integer
Original > >         AcctColumnDef   
Original > acctterminatecause,Ascend-Disconnect-Cause
Original > >         AcctColumnDef   nasidentifier,NAS-IP-Address
Original > >         AcctColumnDef   nasport,NAS-Port,integer
Original > >         AcctColumnDef   framedipaddress,Framed-IP-Address
Original > >         AcctColumnDef   time,Timestamp,integer-date
Original > >         AcctColumnDef   nasipaddress,NAS-IP-Address
Original > >         AcctColumnDef   calledstationid,Called-Station-Id
Original > >         AcctColumnDef   callingstationid,Calling-Station-Id
Original > >         AcctColumnDef   
Original > disconnectioncause,Ascend-Connect-Progress
Original > >         AcctColumnDef   telco,Class
Original > >         AcctColumnDef   zone,%{State},formatted
Original > >         DefaultSimultaneousUse 1
Original > > </AuthBy>
Original > >
Original > > <AuthBy FILE>
Original > >                 Identifier CheckUserAttributes-mx.inter.net
Original > >                 Filename %D/atributos-mx.inter.net
Original > >                 Nocache
Original > >                 DefaultSimultaneousUse 1
Original > > </AuthBy>
Original > >
Original > > Contents of atributos-mx.inter.net:
Original > >
Original > > akrall  Auth-Type = CheckUser-nasc
Original > >         Service-Type = Framed-User, 
Original > Framed-Protocol = PPP DEFAULT 
Original > > Auth-Type = CheckUser-nasc
Original > >         Service-Type = Framed-User, Framed-Protocol = PPP, 
Original > > Idle-Timeout = 600, Session-Timeout = 14500
Original > >
Original > > ----
Original > >
Original > > The radius server is returning something like this:
Original > >
Original > > Code:       Access-Accept
Original > > Identifier: 5
Original > > Authentic:  '<148><168><158><188>z+<231>,<191>|7<254">T@ 
Original > > <mailto:T@<170> 
Original > <170>'<148><168><158><188>z+<231>,<191>|7<254>
Original > > Attributes:
Original > >         Framed-IP-Address = 255.255.255.254
Original > >         Port-Limit = 1
Original > >         Session-Timeout = 14400
Original > >         Idle-Timeout = 1800
Original > >         Framed-IP-Netmask = 255.255.255.255
Original > >         Class = "38616/217030/10803096/41/NASC"
Original > >
Original > > As you can see. there is some Idle and Session 
Original > timeoutouts here... but 
Original > > what I need to do is replace them with the ones in 
Original > > atributos-mx.inter.net if the user is not found 
Original > (DEFAULT user) and if 
Original > > he is on the list (akrall for example) then strip 
Original > all Idle and Sesion 
Original > > timeouts....
Original > >
Original > > Problem is that I cant seem to override the radius 
Original > sent ones... and if 
Original > > I use something like StripFromReply... all idle 
Original > and session attributes 
Original > > are stripped.. incluind mine or the radius server 
Original > sent ones....
Original > >
Original > > Any ideas?
Original > >
Original > > Saludos
Original > >
Original > > Anton Krall
Original > > Director de Tecnología
Original > > Inter.net México / Panamá
Original > >
Original > > Tel; 5241-7609 Directo
Original > > Tel: 5241-7600 Conmutador
Original > > Celular: 0445-105-5160 Mobile
Original > > ICQ: 4979450
Original > > email:  akrall at team.inter.net
Original > > web: http://www.mx.inter.net <http://www.mx.inter.net/>
Original > >
Original > > Outside Mexico:
Original > > Office: +52(555)241-7609
Original > > PBX: +52(555)241-7600
Original > > Mobile: +52(555)105-5160
Original > 
Original > -- 
Original > Radiator: the most portable, flexible and 
Original > configurable RADIUS server anywhere. Available on 
Original > *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
Original > -
Original > Nets: internetwork inventory and management - 
Original > graphical, extensible, flexible with hardware, 
Original > software, platform and database independence.
Original > 
Original > 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.