(RADIATOR) AddressAllocator SQL & Ascend
Hugh Irvine
hugh at open.com.au
Mon Jan 28 17:45:26 CST 2002
Hello Justin -
The problem is the AuthByPolicy in your configuration file - it should be
AuthByPolicy ContinueWhileAccept
The way you have it configured (ContinueUntilAccept) you will never call the
AuthBy DYNADDRESS clause.
hth
Hugh
On Tue, 29 Jan 2002 09:09, Justin Scott wrote:
> Gents,
>
> I've been thru the last 6 months of archives, and didn't find anything
> quite like what's happening to me when I'm trying to use my
> AddressAllocator SQL setup.
>
> Issue: Client wants to be able to have "hot standby" MAX 4000 chassis in
> facility where the PRIs can be moved from one MAX to another in case of
> failure.
>
> I figure using AddressAllocator SQL will eliminate the needs to have an IP
> pool defined on each of the hot standby chassis, thereby making much more
> efficient use of our Pool IP Space.
>
> Anyhow... AddressAllocator does not seem to run for any client who should
> be getting a DynIP from the SQL pool. The max takes the call, tries to
> authenticate, is not given an IP address, and disconnects the call.
>
> My test max works fine with and without Allocator configured if it is set
> with a pool defined internally.
>
> I have removed the internal pool information, changed the Answer profile to
> state "Assign Addr=No", and still when it's set with no pool, and Allocator
> is enabled, no IP is even queried from the database in RADPOOL to be
> replied back to the NAS.
>
> The log shows nothing in regards to RADPOOL table except for the reclaim
> checks during startup and every reclaim interval. It also shows nothing in
> regards to AuthBy DYNADDRESS or AddressAllocator.
>
> Here is my config file: Please tell me there is a simple error in the way
> it's been constructed, because I've given myself a monster headache trying
> to figure this one out. :)
>
> As always, I maintain that Radiator should win an award as best software of
> the new millenium or something... I have nothing but good things to say
> about it to my collegues. The only problems really are that sometimes I
> cannot seem to speak its language properly. :)
>
> cheers,
> j
>
> #Foreground
> #LogStdout
> LogDir c:/radiator/logs
> DbDir c:/radiator/raddb
> # User a lower trace level in production systems:
> #Trace 4
> Trace 3
>
> RewriteUsername tr/A-Z/a-z/
> RewriteUsername s/ //g
> UsernameCharset a-zA-Z0-9\.-_@
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
> Secret xxx
> DupInterval 15
> </Client>
>
> # Ensure the SQL DynIP Pool is in a sane state
> <AddressAllocator SQL>
> Identifier SQLAllocate
> DBSource dbi:ODBC:Radiator
> DBUsername xxx
> DBAuth xxx
> # Our maximum IP Lease Time is 12 hours
> DefaultLeasePeriod 43200
> # Check for expired Leases once every five minutes
> LeaseReclaimInterval 300
> # Define valid pool of addresses
> <AddressPool DynIP1>
> Subnetmask 255.255.255.255
> DNSServer 10.1.1.1
> Range 10.4.1.1 10.4.1.254
> </AddressPool>
> </AddressAllocator>
>
> # This is our default Realm.
> <Realm DEFAULT>
>
> AuthByPolicy ContinueUntilAccept
> RejectHasReason
>
> # We do our Authentication by SQL using ODBC
> <AuthBy SQL>
> DBSource dbi:ODBC:Radiator
> DBUsername xxx
> DBAuth xxx
>
> # These are the criteria we pull from the database to ensure we
> have # a valid user who is not expired. We use the radattr "Class" to #
> tell the maxen what the CID for this customer is for accounting # purposes
> AuthSelect select
> PASSWORD,CID,EXPIREDATE,VALIDDATE,REPLYATTR,MAXSESSIONS from tblsubscribers
> where USERNAME = %0 AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Class,reply
> AuthColumnDef 2,Expiration,check
> AuthColumnDef 3,ValidFrom,check
> AuthColumnDef 4,GENERIC,reply
> AuthColumnDef 5,Simultaneous-Use,check
>
> # We need to add some extra reply items for this realm:
> AddToReply Idle-Timeout = 900
> AddToReply Ascend-Maximum-Time = 43200
>
> # Set up the accounting table defenitions
> AccountingTable tblaccounting
> AcctColumnDef CID,Class
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef MODEMPORT,Ascend-Modem-PortNo
> AcctColumnDef MODEMSLOT,Ascend-Modem-SlotNo
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef CALLER,Calling-Station-Id
> AcctColumnDef CALLING,Called-Station-Id
> AcctColumnDef XMTRATE,Ascend-Xmit-Rate
> AcctColumnDef RCVRATE,Ascend-Data-Rate
> </AuthBy>
>
> # Now we assign IP Addrs
> <AuthBy DYNADDRESS>
> Allocator SQLAllocate
> PoolHint DynIP1
> MapAttribute yiaddr,Framed-IP-Address
> MapAttribute subnetmask,Framed-IP-Netmask
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> DBSource dbi:ODBC:Radiator
> DBUsername xxx
> DBAuth xxx
> </SessionDatabase>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list