(RADIATOR) Simple Config please

Hugh Irvine hugh at open.com.au
Thu Jun 20 03:07:39 CDT 2002 

Hello Tunde -

Your configuration file looks fine as far as I can see.

If you want to group NAS Client clauses together for the purposes of having a 
different Handler deal with each group, you would do something like this:

# define Client clauses

<Client ...>
	Identifier NAS-Group-1
	....
</Client>

<Client ...>
	Identifier NAS-Group-1
	....
</Client>

<Client ...>
	Identifier NAS-Group-2
	....
</Client>

<Client ...>
	Identifier NAS-Group-2
	....
</Client>

......

# define Handlers

<Handler Client-Identifier = NAS-Group-1>
	.....
</Handler>

<Handler Client-Identifier = NAS-Group-2>
	.....
</Handler>


regards

Hugh


On Thu, 20 Jun 2002 02:57, Ayotunde Itayemi wrote:
> Hi All, Hi Hugh,
>
> Okay I have a few questions.
> My set up is as follows:
> 1. 3 Patton RAS servers with 30 e1 phone numbers (e.g., 5556666) each (each
> also has an IP address) 2. 3 VPN servers (win2K)
> 3. several "generic little" RAS servers handing out a few IPs each
> 4. IP addresses come in three pools (at least), one called 192.168.10.0 -
> for email-only clients, a.b.c.0, d.f.e.0 for regular-full-internet-access
> clients.
> 5. IPASS (both ways) - as client (my users getting access from IPASS
> network when roaming) and server (granting roaming IPASS clients Internet
> access)
>
> I intend to utilize a database for the address allocation.
> Please can you look at the following skeletal config file and tell me if
> anything is seriously wrong. Please note that I have removed quite a lot of
> stuff from the different clauses. My intention is to: authenticate users
> against an Oracle Db, assign them IP addresses, and if they are roaming
> IPASS users, authenticate them against a remote IPASS radius server. HOW do
> I group RAS servers (clients) so that I can use a single Handler for say 3
> RAS, another for a group of 4 other RAS clients etc.
>
> Regards,
> Tunde Itayemi.
> =====================================================================
> <SessionDatabase SQL>
>  Identifier SDB1
>  DBSource dbi:Oracle:radius00
>  DBUsername  radiusgold
>  DBAuth   radiusgold
> </SessionDatabase>
> # =======================================================
> <AddressAllocator SQL>
>         Identifier mySQLallocator
>         <AddressPool pool1>
>         </AddressPool>
>         <AddressPool pool1>
>         </AddressPool>
> </AddressAllocator>
> # =================== CLIENTs   =================================
> <Client k.k.k.a>
>         Secret my-secret
>         Identifier virus1
> </Client>
> <Client a.b.c.d>
> </Client>
> <Client a.b.c.e>
> </Client>
> <Client a.b.c.f>
> </Client>
> <Client d.d.d.d>
> </Client>
> <Client d.d.d.d>
> </Client>
> <Client a.b.c.d>
> </Client>
> =================== AUTH BYs =============================
> <AuthBy SQL>
> </Auth>
> <AuthBy DYNADDRESS>
>  Identifier myIPADDRESSauth
>  Allocator mySQLallocator
>  PoolHint %{Reply:PoolHint}
>  MapAttribute   yiaddr, Framed-IP-Address
>  MapAttribute   subnetmask, Framed-IP-Netmask
>  StripFromReply PoolHint
> </AuthBy>
> =================== HANDLERs   ===========================
> <Handler Client-Identifier=virus1>
>  AuthByPolicy ContinueWhileAccept
> # remove @domain-name
>  RewriteUsername s/^([^@]+).*/$1/
>  SessionDatabase SDB1
>  AuthBy mySQLauth
>  AuthBy myIPADDRESSauth
> </Handler>
>
> <Handler Client-Identifier=RAS21>
>  AuthByPolicy ContinueWhileAccept
> # remove @domain-name
>  RewriteUsername s/^([^@]+).*/$1/
>  SessionDatabase SDB1
>  AuthBy mySQLauth
>  AuthBy myIPADDRESSauth
> </Handler>
>
> <Handler>
>  # default handler should do for all other requests,
> including domains that are IPASS + all unknown domains
> <AuthBy RADIUS>
> # for IPASS to authenticate roaming server
> <Host d.d.d.c>
> </Host>
> <Host d.d.d.e>
> </Host>
> </AuthBy>
> </Handler>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list