(RADIATOR) double attributes

Hugh Irvine hugh at open.com.au
Fri Mar 1 01:01:16 CST 2002


Hello Anton -

Please send me a copy of your configuration file (no secrets) together with a 
trace 4 debug from Radiator showing what is happening.

thanks

Hugh


On Fri, 1 Mar 2002 16:42, Anton Krall wrote:
> Ive tested that using the StripFromReply removes the idletimeout and
> sessiontimeout attributes from the proxy but it also removes them from
> the authby file after that.... Will the allowinreply do the same? Ir
> just remove the ones on the proxy authby radius clause and then let any
> attrbiute from authby file be appended?
>
> Saludos
>
> Anton Krall
> Director de Tecnología
> Inter.net México / Panamá
>
> Tel; 5241-7609 Directo
> Tel: 5241-7600 Conmutador
> Celular: 0445-105-5160 Mobile
> ICQ: 4979450
> email:  akrall at team.inter.net
> web: http://www.mx.inter.net
>
> Outside Mexico:
> Office: +52(555)241-7609
> PBX: +52(555)241-7600
> Mobile: +52(555)105-5160
>
>
> Original > -----Original Message-----
> Original > From: Hugh Irvine [mailto:hugh at open.com.au]
> Original > Sent: Jueves, 28 de Febrero de 2002 07:05 p.m.
> Original > To: akrall at team.mx.inter.net; radiator at open.com.au
> Original > Subject: Re: (RADIATOR) double attributes
> Original >
> Original >
> Original >
> Original > Hello Anton -
> Original >
> Original > You should use the StripFromReply in the AuthBy
> Original > RADIUS clause. If you are
> Original > concerned about reply attributes in general, you can
> Original > explicitly specify the
> Original > list of attributes that you will accept from a proxy
> Original > in an AllowInReply.
> Original >
> Original > See section 6.17.7 in the Radiator 2.19 reference
> Original > manual. ("doc/ref.html").
> Original >
> Original > regards
> Original >
> Original > Hugh
> Original >
> Original >
> Original > On Fri, 1 Mar 2002 11:48, Anton Krall wrote:
> Original > > Guys... Im doing some  AUTHBYFILE combined with a
> Original > AUTHBY RADIUS and I
> Original > > have a problem.. the radius AUTHBY RADIproxying is
> Original > returning an
> Original > > Idle-timeout and Session-Timeout settings..... but
> Original > what I need is a
> Original > > way to override those and put in my own... which
> Original > are passed from a
> Original > > AUTHBY FILE, here is the config:
> Original > >
> Original > > <Realm mx.inter.net>
> Original > >         AuthByPolicy ContinueUntilAccept
> Original > >         AuthBy acct
> Original > >         AuthBy CheckUserAttributes-mx.inter.net
> Original > > </Realm>
> Original > >
> Original > > <AuthBy SQL>
> Original > >         Identifier      acct
> Original > >         DBSource        dbi:mysql:radius:localhost
> Original > >         DBUsername      root
> Original > >         DBAuth          net721009
> Original > >         AuthSelect
> Original > >         DateFormat      %Y%m%d %T
> Original > >         AccountingTable accounting
> Original > > #        AccountingStopsOnly
> Original > >         AcctColumnDef   username,%U,formatted
> Original > >         AcctColumnDef   domain,%R,formatted
> Original > >         AcctColumnDef   time_stamp,Timestamp,integer
> Original > >         AcctColumnDef   acctstatustype,Acct-Status-Type
> Original > >         AcctColumnDef
> Original > acctdelaytime,Acct-Delay-Time,integer
> Original > >         AcctColumnDef
> Original > acctinputoctets,Acct-Input-Octets,integer
> Original > >         AcctColumnDef
> Original > acctoutputoctets,Acct-Output-Octets,integer
> Original > >         AcctColumnDef   acctsessionid,Acct-Session-Id
> Original > >         AcctColumnDef
> Original > acctsessiontime,Acct-Session-Time,integer
> Original > >         AcctColumnDef
> Original > acctterminatecause,Ascend-Disconnect-Cause
> Original > >         AcctColumnDef   nasidentifier,NAS-IP-Address
> Original > >         AcctColumnDef   nasport,NAS-Port,integer
> Original > >         AcctColumnDef   framedipaddress,Framed-IP-Address
> Original > >         AcctColumnDef   time,Timestamp,integer-date
> Original > >         AcctColumnDef   nasipaddress,NAS-IP-Address
> Original > >         AcctColumnDef   calledstationid,Called-Station-Id
> Original > >         AcctColumnDef   callingstationid,Calling-Station-Id
> Original > >         AcctColumnDef
> Original > disconnectioncause,Ascend-Connect-Progress
> Original > >         AcctColumnDef   telco,Class
> Original > >         AcctColumnDef   zone,%{State},formatted
> Original > >         DefaultSimultaneousUse 1
> Original > > </AuthBy>
> Original > >
> Original > > <AuthBy FILE>
> Original > >                 Identifier CheckUserAttributes-mx.inter.net
> Original > >                 Filename %D/atributos-mx.inter.net
> Original > >                 Nocache
> Original > >                 DefaultSimultaneousUse 1
> Original > > </AuthBy>
> Original > >
> Original > > Contents of atributos-mx.inter.net:
> Original > >
> Original > > akrall  Auth-Type = CheckUser-nasc
> Original > >         Service-Type = Framed-User,
> Original > Framed-Protocol = PPP DEFAULT
> Original > > Auth-Type = CheckUser-nasc
> Original > >         Service-Type = Framed-User, Framed-Protocol = PPP,
> Original > > Idle-Timeout = 600, Session-Timeout = 14500
> Original > >
> Original > > ----
> Original > >
> Original > > The radius server is returning something like this:
> Original > >
> Original > > Code:       Access-Accept
> Original > > Identifier: 5
> Original > > Authentic:  '<148><168><158><188>z+<231>,<191>|7<254">T@
> Original > > <mailto:T@<170>
> Original > <170>'<148><168><158><188>z+<231>,<191>|7<254>
> Original > > Attributes:
> Original > >         Framed-IP-Address = 255.255.255.254
> Original > >         Port-Limit = 1
> Original > >         Session-Timeout = 14400
> Original > >         Idle-Timeout = 1800
> Original > >         Framed-IP-Netmask = 255.255.255.255
> Original > >         Class = "38616/217030/10803096/41/NASC"
> Original > >
> Original > > As you can see. there is some Idle and Session
> Original > timeoutouts here... but
> Original > > what I need to do is replace them with the ones in
> Original > > atributos-mx.inter.net if the user is not found
> Original > (DEFAULT user) and if
> Original > > he is on the list (akrall for example) then strip
> Original > all Idle and Sesion
> Original > > timeouts....
> Original > >
> Original > > Problem is that I cant seem to override the radius
> Original > sent ones... and if
> Original > > I use something like StripFromReply... all idle
> Original > and session attributes
> Original > > are stripped.. incluind mine or the radius server
> Original > sent ones....
> Original > >
> Original > > Any ideas?
> Original > >
> Original > > Saludos
> Original > >
> Original > > Anton Krall
> Original > > Director de Tecnología
> Original > > Inter.net México / Panamá
> Original > >
> Original > > Tel; 5241-7609 Directo
> Original > > Tel: 5241-7600 Conmutador
> Original > > Celular: 0445-105-5160 Mobile
> Original > > ICQ: 4979450
> Original > > email:  akrall at team.inter.net
> Original > > web: http://www.mx.inter.net <http://www.mx.inter.net/>
> Original > >
> Original > > Outside Mexico:
> Original > > Office: +52(555)241-7609
> Original > > PBX: +52(555)241-7600
> Original > > Mobile: +52(555)105-5160
> Original >
> Original > --
> Original > Radiator: the most portable, flexible and
> Original > configurable RADIUS server anywhere. Available on
> Original > *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> Original > -
> Original > Nets: internetwork inventory and management -
> Original > graphical, extensible, flexible with hardware,
> Original > software, platform and database independence.
> Original >
> Original >

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list