(RADIATOR) AddressAllocator SQL & Ascend

Justin Scott jhs at ocs-tx.com
Tue Jan 29 11:04:23 CST 2002 

Thanks again Hugh... as always, "You the man!" :)

cheers,
j


---------- Original Message ----------------------------------
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Date:  Tue, 29 Jan 2002 10:45:26 +1100

>
>Hello Justin -
>
>The problem is the AuthByPolicy in your configuration file - it should be 
>
>	AuthByPolicy ContinueWhileAccept
>
>The way you have it configured (ContinueUntilAccept) you will never call the 
>AuthBy DYNADDRESS clause.
>
>hth
>
>Hugh
>
>
>On Tue, 29 Jan 2002 09:09, Justin Scott wrote:
>> Gents,
>>
>> I've been thru the last 6 months of archives, and didn't find anything
>> quite like what's happening to me when I'm trying to use my
>> AddressAllocator SQL setup.
>>
>> Issue: Client wants to be able to have "hot standby" MAX 4000 chassis in
>> facility where the PRIs can be moved from one MAX to another in case of
>> failure.
>>
>> I figure using AddressAllocator SQL will eliminate the needs to have an IP
>> pool defined on each of the hot standby chassis, thereby making much more
>> efficient use of our Pool IP Space.
>>
>> Anyhow...  AddressAllocator does not seem to run for any client who should
>> be getting a DynIP from the SQL pool.  The max takes the call, tries to
>> authenticate, is not given an IP address, and disconnects the call.
>>
>> My test max works fine with and without Allocator configured if it is set
>> with a pool defined internally.
>>
>> I have removed the internal pool information, changed the Answer profile to
>> state "Assign Addr=No", and still when it's set with no pool, and Allocator
>> is enabled, no IP is even queried from the database in RADPOOL to be
>> replied back to the NAS.
>>
>> The log shows nothing in regards to RADPOOL table except for the reclaim
>> checks during startup and every reclaim interval.  It also shows nothing in
>> regards to AuthBy DYNADDRESS or AddressAllocator.
>>
>> Here is my config file:  Please tell me there is a simple error in the way
>> it's been constructed, because I've given myself a monster headache trying
>> to figure this one out. :)
>>
>> As always, I maintain that Radiator should win an award as best software of
>> the new millenium or something... I have nothing but good things to say
>> about it to my collegues.  The only problems really are that sometimes I
>> cannot seem to speak its language properly. :)
>>
>> cheers,
>> j
>>
>> #Foreground
>> #LogStdout
>> LogDir          c:/radiator/logs
>> DbDir           c:/radiator/raddb
>> # User a lower trace level in production systems:
>> #Trace           4
>> Trace           3
>>
>> RewriteUsername tr/A-Z/a-z/
>> RewriteUsername s/ //g
>> UsernameCharset a-zA-Z0-9\.-_@
>>
>> # You will probably want to add other Clients to suit your site,
>> # one for each NAS you want to work with
>> <Client DEFAULT>
>>         Secret xxx
>>         DupInterval 15
>> </Client>
>>
>> # Ensure the SQL DynIP Pool is in a sane state
>> <AddressAllocator SQL>
>>         Identifier SQLAllocate
>>         DBSource        dbi:ODBC:Radiator
>>         DBUsername      xxx
>>         DBAuth          xxx
>>         # Our maximum IP Lease Time is 12 hours
>>         DefaultLeasePeriod      43200
>>         # Check for expired Leases once every five minutes
>>         LeaseReclaimInterval    300
>>         # Define valid pool of addresses
>>         <AddressPool DynIP1>
>>                 Subnetmask      255.255.255.255
>>                 DNSServer       10.1.1.1
>>                 Range           10.4.1.1 10.4.1.254
>>         </AddressPool>
>> </AddressAllocator>
>>
>> # This is our default Realm.
>> <Realm DEFAULT>
>>
>>    AuthByPolicy ContinueUntilAccept
>>    RejectHasReason
>>
>>         # We do our Authentication by SQL using ODBC
>>         <AuthBy SQL>
>>         DBSource        dbi:ODBC:Radiator
>>         DBUsername      xxx
>>         DBAuth          xxx
>>
>>         # These are the criteria we pull from the database to ensure we
>> have # a valid user who is not expired.  We use the radattr "Class" to #
>> tell the maxen what the CID for this customer is for accounting # purposes
>>         AuthSelect select
>> PASSWORD,CID,EXPIREDATE,VALIDDATE,REPLYATTR,MAXSESSIONS from tblsubscribers
>> where USERNAME = %0 AuthColumnDef   0,User-Password,check
>>         AuthColumnDef   1,Class,reply
>>         AuthColumnDef   2,Expiration,check
>>         AuthColumnDef   3,ValidFrom,check
>>         AuthColumnDef   4,GENERIC,reply
>>         AuthColumnDef   5,Simultaneous-Use,check
>>
>>         # We need to add some extra reply items for this realm:
>>         AddToReply      Idle-Timeout = 900
>>         AddToReply      Ascend-Maximum-Time = 43200
>>
>>         # Set up the accounting table defenitions
>>         AccountingTable tblaccounting
>>         AcctColumnDef   CID,Class
>>         AcctColumnDef   TIME_STAMP,Timestamp,integer-date
>>         AcctColumnDef   USERNAME,User-Name
>>         AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>>         AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>>         AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>>         AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>>         AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>>         AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>>         AcctColumnDef   ACCTTERMINATECAUSE,Ascend-Disconnect-Cause
>>         AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>>         AcctColumnDef   NASPORT,NAS-Port,integer
>>         AcctColumnDef   MODEMPORT,Ascend-Modem-PortNo
>>         AcctColumnDef   MODEMSLOT,Ascend-Modem-SlotNo
>>         AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>>         AcctColumnDef   CALLER,Calling-Station-Id
>>         AcctColumnDef   CALLING,Called-Station-Id
>>         AcctColumnDef   XMTRATE,Ascend-Xmit-Rate
>>         AcctColumnDef   RCVRATE,Ascend-Data-Rate
>> 	</AuthBy>
>>
>>         # Now we assign IP Addrs
>>         <AuthBy DYNADDRESS>
>>                 Allocator       SQLAllocate
>>                 PoolHint        DynIP1
>>                 MapAttribute    yiaddr,Framed-IP-Address
>>                 MapAttribute    subnetmask,Framed-IP-Netmask
>>         </AuthBy>
>> </Realm>
>>
>> <SessionDatabase SQL>
>>         DBSource        dbi:ODBC:Radiator
>>         DBUsername      xxx
>>         DBAuth          xxx
>> </SessionDatabase>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>-- 
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list