(RADIATOR) Question about DBM Auth...

Hugh Irvine hugh at open.com.au
Thu Jan 17 23:34:24 CST 2002


Hello Fernando -

There are no limits on the number of AuthBy clauses you can use (unless there 
is some underlying operating system limit on the number of files a single 
process can have open).

Perhaps you can send me a copy of the complete configuration file (no 
secrets) together with a trace 4 debug from Radiator showing what is 
happening.

regards

Hugh


On Fri, 18 Jan 2002 02:53, Fernando Caranton Cruz wrote:
> Hi,
>
> I use the DBM Auth, but i wanna know if this type of authentication have
> any type of limit. I explain this....
>
> This is the actual Realm in the radius.cfg
>
>
> <Realm DEFAULT>
>         MaxSessions     1
>         AcctLogFileName /usr/local/etc/radacct/%N/detail
>         RejectHasReason
>         <AuthBy GROUP>
>                 AuthByPolicy ContinueWhileReject
>                 <AuthBy GROUP>
>                         AuthByPolicy ContinueWhileReject
>                         <AuthBy DBFILE>
>                                 Filename /etc/raddb/radiator/plus/users
>                         </AuthBy>
>                         <AuthBy DBFILE>
>                                 Filename
> /etc/raddb/radiator/rdsigeneral/users </AuthBy>
>                 </AuthBy>
>                 <AuthBy FILE>
>                         Filename /etc/raddb/radiator/prepago/users
>                 </AuthBy>
>                 <AuthBy RADIUS>
>                         Host
>                         Secret
>                         RetryTimeout 10
>                         AuthPort 1645
>                         AcctPort 1646
>                 </AuthBy>
>         </AuthBy>
> </Realm>
>
> but if I make some changes, the DB options not work....
>
> Ej:
>
> <Realm DEFAULT>
>         MaxSessions     1
>         AcctLogFileName /usr/local/etc/radacct/%N/detail
>         RejectHasReason
>         <AuthBy GROUP>
>                 AuthByPolicy ContinueWhileReject
>                 <AuthBy GROUP>
>                         AuthByPolicy ContinueWhileReject
>                         <AuthBy DBFILE>
>                                 Filename /etc/raddb/radiator/plus/users
>                         </AuthBy>
>                         <AuthBy DBFILE>
>                                 Filename
> /etc/raddb/radiator/rdsigeneral/users </AuthBy>
>                         <AuthBy DBFILE>
>                                 Filename /etc/raddb/radiator/otherdir/users
>                         </AuthBy>
>                         <AuthBy DBFILE>
>                                 Filename /etc/raddb/radiator/otherdir/users
>                         </AuthBy>
>                         <AuthBy DBFILE>
>                                 Filename /etc/raddb/radiator/otherdir/users
>             From owner-radiator at open.com.au Thu Jan 17 22:00:17 2002
Received: (from majordomo at localhost)
	by server1.open.com.au (8.11.0/8.11.0) id g0I40HA29931
	for radiatorzz-list; Thu, 17 Jan 2002 22:00:17 -0600
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8])
	by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g0I40G329927
	for <radiator at open.com.au>; Thu, 17 Jan 2002 22:00:16 -0600
Received: from there (acc19-ppp148.mel.dialup.connect.net.au [210.10.138.148])
	by entoo.connect.com.au (Postfix) with SMTP
	id 423C7E9C31; Fri, 18 Jan 2002 16:31:15 +1100 (EST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: Mike Greene <mikeg at rockisland.com>, radiator at open.com.au
Subject: Re: (RADIATOR) cisco avpair questions
Date: Fri, 18 Jan 2002 15:58:48 +1100
X-Mailer: KMail [version 1.3.1]
References: <5.0.2.1.2.20020117130606.01c13ec0 at pop3.rockisland.com>
In-Reply-To: <5.0.2.1.2.20020117130606.01c13ec0 at pop3.rockisland.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020118053115.423C7E9C31 at entoo.connect.com.au>
Sender: owner-radiator at open.com.au
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>


Hello Mike -

As usual, I will need to see a copy of your configuration file (no secrets) 
together with a trace 4 debug from Radiator showing what is going on. 

You should also run a debug on the Cisco to see what it is doing.

thanks

Hugh


On Fri, 18 Jan 2002 08:10, Mike Greene wrote:
> Hello again,
>
> Making some progress on this issue but have run into a problem.  We are
> trying to assign IP static addresses via radius, and also have radius
> reference a dynamic IP pool on a cisco 7206vxr router.  We have followed
> the advice given by cisco TAC and suggestions by Hugh here, but still quite
> haven't got it resolved.
>
> We have the following configuration on our cisco:
>
> !
> interface Virtual-Template1
>   ip unnumbered FastEthernet0/0
>   ip mtu 1492
>   no peer default ip address pool
>   ppp authentication pap centurytel
> !
> ip local pool centurytel 64.119.12.1 64.119.15.254
>
>
> And this is a portion of our Radius "users" file for the cisco
> authenticated users.
>
>
> DEFAULT Client-Identifier = dsl, Auth-Type = System
>          Service-Type = Framed-User,
>          Framed-Protocol = PPP,
>          Framed-Address = 255.255.255.254,
>          Framed-Netmask = 255.255.255.0,
>          Framed-Routing = None,
>          Framed-Compression = Van-Jacobson-TCP-IP,
>          Framed-MTU = 1500,
>          cisco-avpair = "ip:addr-pool=centurytel"
>
> However when we implement this DSL users will not authenticate and receive
> an IP address.
>
> What are we missing here?
>
> - Mike
>
> ------------------------------------------------
> Rock Island Communications, Inc.  (360)-378-5884
> http://www.rockisland.com/  San Juan Islands, WA
> ------------------------------------------------
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
            </AuthBy>
>                 </AuthBy>
>                 <AuthBy FILE>
>                         Filename /etc/raddb/radiator/prepago/users
>                 </AuthBy>
>                 <AuthBy RADIUS>
>                         Host
>                         Secret
>                         RetryTimeout 10
>                         AuthPort 1645
>                         AcctPort 1646
>                 </AuthBy>
>         </AuthBy>
> </Realm>
>
> exist some kind of limit in the AuthBy option? how many can I use?  can use
> another type of config, Ej using AuthBy GROUP or others?
>
> tnx
>
> FCC

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list