(RADIATOR) Email only Radius Profile

Hugh Irvine hugh at open.com.au
Tue May 14 17:55:11 CDT 2002


Hello Emily -

It look to me like the user definition is incorrect.

It should look like this:

# User entries must have all check items on the first line (no trailing comma)
# and reply items on the second and subsequent lines with leading whitespace

# Default Dial-Up PPP EMAIL ONLY User System Profile

DEFAULT Auth-Type = System, NAS-Port-Type = Async, Group = email
	Service-Type = Framed-User,
	Framed-Protocol = PPP,
	Framed-IP-Address = 255.255.255.254,
	Framed-IP-Netmask = 255.255.255.255,
	cisco-avpair = "lcp:interface-config=ip policy route-map email",
	Filter-Id = "email.sec",
	Port-Limit = 1,
	Idle-Timeout = 1200,
	Session-Timeout = 28800,
	Class = email

If you have any other questions, please send me a copy of your configuration 
file (no secrets) together with a trace 4 debug from Radiator showing what is 
happening.

regards

Hugh


On Wed, 15 May 2002 03:53, ewhitwor at centurytel.net wrote:
> Hey,
>
> We are trying to setup a filter to work with Radius/Ldap to allow for a
> group that has email as the only service!
> This is what we have put together as of now... we have tried it and it does
> not work!!! :(  I have opened 2 tac
> cases with Cisco. Cisco claims that the only possible way to do this is to
> have TACACS and a separate dial
> pool! That would be wasteful of on ips! There has to be a way!! Any
> suggestions???
>
>
> # Default Dial-Up PPP EMAIL ONLY User System Profile
> DEFAULT Auth-Type = System, NAS-Port-Type = Async, Group = email,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-IP-Netmask = 255.255.255.255,
> cisco-avpair = "lcp:interface-config=ip policy route-map email",
> Filter-Id = "email.sec",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800,
> Class = email
>
>
>
> On the RAS BOX
>
> ip policy route-map email
> route-map email permit 10
> match ip address 103
>
> access-list 103 permit tcp any any eq 25
> access-list 103 permit udp any any eq 53
> access-list 103 permit tcp any any eq 110
> access-list 103 permit tcp any any eq 113
> access-list 103 deny any any
>
>
> On PM3
>
>   1 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 25
>   2 permit 0.0.0.0/0 206.40.79.2/32 udp dst eq 53
>   3 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 80
>   4 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 110
>   5 permit 0.0.0.0/0 206.40.79.2/32 tcp src eq 113
>   6 permit 0.0.0.0/0 206.40.79.2/32 tcp dst eq 443
>   7 permit 0.0.0.0/0 206.40.79.2/32 icmp
>
> add filter email.sec
> set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 25 dst eq 25
> estab set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 53 dst
> eq 53 estab set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq
> 110 From owner-radiator at open.com.au Tue May 14 16:32:43 2002
Received: (from majordomo at localhost)
	by server1.open.com.au (8.11.0/8.11.0) id g4ELWh822159
	for radiatorzz-list; Tue, 14 May 2002 16:32:43 -0500
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from entoo.connect.com.au (entoo.connect.com.au [192.189.54.8])
	by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g4ELWf322154;
	Tue, 14 May 2002 16:32:42 -0500
Received: from there (acc6-ppp60.bur.dialup.connect.net.au [61.68.129.60])
	by entoo.connect.com.au (Postfix) with SMTP
	id 2327EDF095; Wed, 15 May 2002 08:52:22 +1000 (EST)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Hugh Irvine <hugh at open.com.au>
Reply-To: hugh at open.com.au
Organization: Open System Consultants
To: doug <dizzaniix at yahoo.com>, radiator at open.com.au
Subject: Re: (RADIATOR) Re:
Date: Wed, 15 May 2002 08:46:17 +1000
X-Mailer: KMail [version 1.3.1]
References: <20020514202810.74202.qmail at web21202.mail.yahoo.com>
In-Reply-To: <20020514202810.74202.qmail at web21202.mail.yahoo.com>
Cc: joanne at open.com.au
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20020514225222.2327EDF095 at entoo.connect.com.au>
Sender: owner-radiator at open.com.au
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>


Hello Doug -

Could you please tell me the name of the registered Radiator customer that 
you are representing?

In answer to your question, you can use either approach you describe, however 
I tend to prefer proxying the radius requests as it is much more lightweight 
and easier to manage.

regards

Hugh


On Wed, 15 May 2002 06:28, doug wrote:
> So will I be successful at having all 3 radius servers
> auth out of the same DB? with start/stop packets &
> timebanking.... Or would proxying to a single radius
> which does all auth againist the db be the best way to
> go?
>
> --- Hugh Irvine <hugh at open.com.au> wrote:
> > Hello Doug -
> >
> > You are correct - you will need a central SQL
> > database for the user
> > definitions and the accounting data.
> >
> > regards
> >
> > Hugh
> >
> > On Tue, 14 May 2002 03:08, doug wrote:
> > > Was wanting to setup 3 Radius servers each on its
> >
> > own
> >
> > > network for redundant reasons. Whats the best
> >
> > solution
> >
> > > for this? And how would Accounting packets be
> >
> > handled
> >
> > > if they are being round robined to the three
> >
> > servers?
> >
> > > Do i need a Central server do hold all this
> >
> > Accounting
> >
> > > info? Accounting Database or what? All these users
> > > will be authenticating out of a mysql db.
> > >
> > > Just wanting to get ideas of how other people are
> > > setting up redundant radius solutions.
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > LAUNCH - Your Yahoo! Music Experience
> > > http://launch.yahoo.com
> > > ===
> > > Archive at
> >
> > http://www.open.com.au/archives/radiator/
> >
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and
> > configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows
> > 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management -
> > graphical, extensible,
> > flexible with hardware, software, platform and
> > database independence.
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> __________________________________________________
> Do You Yahoo!?
> LAUNCH - Your Yahoo! Music Experience
> http://launch.yahoo.com

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database idst eq 110 estab
> set filter email.sec 1 permit 0.0.0.0/0 0.0.0.0/0 tcp src eq 113 dst eq 113
> estab
> set filter email.sec 1 deny 0.0.0.0/0 0.0.0.0/0 tcp
> set filter email.sec 1 deny 0.0.0.0/0 0.0.0.0/0 udp
>
>
> Let me know what you think!
>
> Thanks,
> Emily Whitworth

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
ndependence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list