(RADIATOR) AuthBy DYNADDRESS issue
Steve Wilson
radiator at swsystem.yorks.com
Fri Nov 22 06:34:17 CST 2002
We are putting together a radius server which authenticates from
openldap, accounts and holds sessions in mysql, and does the dynamic
pooling.
All was working fine before I added the dynaddress stuff and now
radiator crashes :(
Running in debug mode logfile gives:
Fri Nov 22 12:39:46 2002: INFO: Server started: Radiator 3.3.1 on
breakbox
Fri Nov 22 12:39:53 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32780 ....
Packet length = 113
01 18 00 71 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 1b 6a 6f 68 6e 2e 64 6f 65 40 65
76 65 72 79 77 68 65 72 65 75 6b 2e 63 6f 6d 06
06 00 00 00 02 04 06 d4 29 91 c8 05 06 00 00 04
d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38
37 36 35 34 33 32 31 3d 06 00 00 00 00 08 02 02
12 60 b0 f6 da 95 d7 73 51 ed 1d 69 3c aa e0 aa
8a
Code: Access-Request
Identifier: 24
Authentic: 1234567890123456
Attributes:
User-Name = "john.doe at domain1.com"
Service-Type = Framed-User
NAS-IP-Address = 1.41.145.200
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
Framed-IP-Address = UNKNOWN
User-Password =
"`<176><246><218><149><215>sQ<237><29>i<<170><224><170><138>"
Fri Nov 22 12:39:53 2002: DEBUG: Handling request with Handler
'Realm=everywhereuk.com'
Fri Nov 22 12:39:53 2002: DEBUG: Sess-everywhereuk Deleting session for
john.doe at everywhereuk.com, 1.41.145.200, 1234
Fri Nov 22 12:39:53 2002: DEBUG: do query is: delete from RADONLINE
where USERNAME='john.doe at everywhereuk.com' and
NASIDENTIFIER='1.41.145.200' and NASPORT='1234,NULL'
Fri Nov 22 12:39:53 2002: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='john.doe at domain1'
Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthGROUP
Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAP-domain1
Fri Nov 22 12:39:53 2002: INFO: Connecting to localhost, port 389
Fri Nov 22 12:39:53 2002: INFO: Attempting to bind with cn=admin,
dc=domain2, dc=net, dc=uk, test (server localhost:389)
Fri Nov 22 12:39:55 2002: DEBUG: LDAP got result for cn=john.doe,
ou=users, dc=domain1, dc=com
Fri Nov 22 12:39:55 2002: DEBUG: LDAP got userPassword: password
Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 looks for match with
john.doe at everywhereuk.com
Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthSQL
Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
at this point radpwtst simply returns "No Reply"
Has anyone any ideas what is wrong as I've been looking at this for so
long now and cannot see the wood for the trees. Config below.
TIA
Steve.
--- content of /etc/radiator/radius.cfg ---
LogDir /var/log/radius
DbDir /etc/radiator
Trace 5
include %D/confs/domain1.com/radius.cfg
<Client 127.0.0.1>
Description Local client (perl script)
DupInterval 5
NasType ignore
Secret secret
</Client>
<Client 1.69.237.113>
Description 0845 dialup
DupInterval 5
NasType ignore
Secret secret
</Client>
<Client 1.69.225.5>
Description 0808 dialup
DupInterval 5
NasType ignore
Secret secret
</Client>
--- end /etc/radiator/radius.cfg ---
--- content of %D/confs/domain1.com/radius.cfg ---
<AuthBy GROUP>
Identifier Auth-domain1
AuthByPolicy DoAllAuth
<AuthBy LDAP2>
Identifier LDAP-domain1
Host localhost
AuthDN cn=admin, dc=domain2, dc=net, dc=uk
AuthPassword test
BaseDN ou=users, dc=domain1, dc=com
UsernameAttr uid
PasswordAttr UserPassword
AddToReply Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
Debug 255
Timeout 30
FailureBackoffTime 10
IgnoreAccounting
</AuthBy>
<AuthBy SQL>
IgnoreAuthentication
Fork
Identifier Acct-domain1
HandleAcctStatusTypes Start,Stop
AuthSelect
DBSource dbi:mysql:domain1:localhost
DBUsername domain1
DBAuth password
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
</AuthBy>
<AuthBy DYNADDRESS>
AddressAllocator Addr-domain1
PoolHint Pool-domain1
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
</AuthBy>
<AddressAllocator SQL>
Identifier Addr-domain1
DBSource dbi:mysql:domain1:localhost
DBUsername domain1
DBAuth password
<AddressPool Pool-domain1>
Subnetmask 255.255.255.255
Range 1.41.165.1 212.41.165.253
</AddressPool>
</AddressAllocator>
<SessionDatabase SQL>
Identifier Sess-domain1
DBSource dbi:mysql:domain1:localhost
DBUsername domain1
DBAuth password
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, \
NASPORT, ACCTSESSIONID, TIME_STAMP, \
FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) \
values ( '%n', '%N', '%{NAS-Port},NULL', \
'%{Acct-Session-Id}', '%{Timestamp}', \
'%{Framed-IP-Address}', '%{NAS-Port-Type}', \
'%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and \
NASIDENTIFIER='%N' and NASPORT='%{NAS-Port},NULL'
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from \
RADONLINE where USERNAME='%n'
</SessionDatabase>
<Realm domain1.com>
AuthBy Auth-domain1
AddToRequestIfNotExist NAS-Port-Type=Async
AddToReplyIfNotExist Session-Timeout=21600
RejectHasReason
MaxSessions 1
SessionDatabase Sess-domain1
</Realm>
--- end %D/confs/domain1.com/radius.cfg ---
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list