(RADIATOR) AuthBy DYNADDRESS issue

Hugh Irvine hugh at open.com.au
Fri Nov 22 21:12:35 CST 2002 

Hello Steve -

I would need to see the Perl error output to be sure, but it is 
possible that you need to specify the AddressAllocator clause before 
you refer to it in your configuration file. If you still have a 
problem, please run radiusd from the command line (with -foreground 
-log_stdout) so I can see the debug and the Perl messages.

regards

Hugh


On Friday, Nov 22, 2002, at 23:34 Australia/Melbourne, Steve Wilson 
wrote:

> We are putting together a radius server which authenticates from
> openldap, accounts and holds sessions in mysql, and does the dynamic
> pooling.
>
> All was working fine before I added the dynaddress stuff and now
> radiator crashes :(
>
> Running in debug mode logfile gives:
>
> Fri Nov 22 12:39:46 2002: INFO: Server started: Radiator 3.3.1 on
> breakbox
> Fri Nov 22 12:39:53 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32780 ....
>
> Packet length = 113
> 01 18 00 71 31 32 33 34 35 36 37 38 39 30 31 32
> 33 34 35 36 01 1b 6a 6f 68 6e 2e 64 6f 65 40 65
> 76 65 72 79 77 68 65 72 65 75 6b 2e 63 6f 6d 06
> 06 00 00 00 02 04 06 d4 29 91 c8 05 06 00 00 04
> d2 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39 38
> 37 36 35 34 33 32 31 3d 06 00 00 00 00 08 02 02
> 12 60 b0 f6 da 95 d7 73 51 ed 1d 69 3c aa e0 aa
> 8a
> Code:       Access-Request
> Identifier: 24
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "john.doe at domain1.com"
>         Service-Type = Framed-User
>         NAS-IP-Address = 1.41.145.200
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         Framed-IP-Address = UNKNOWN
>         User-Password =
> "`<176><246><218><149><215>sQ<237><29>i<<170><224><170><138>"
>
> Fri Nov 22 12:39:53 2002: DEBUG: Handling request with Handler
> 'Realm=everywhereuk.com'
> Fri Nov 22 12:39:53 2002: DEBUG: Sess-everywhereuk Deleting session for
> john.doe at everywhereuk.com, 1.41.145.200, 1234
> Fri Nov 22 12:39:53 2002: DEBUG: do query is: delete from RADONLINE
> where USERNAME='john.doe at everywhereuk.com' and
> NASIDENTIFIER='1.41.145.200' and NASPORT='1234,NULL'
>
> Fri Nov 22 12:39:53 2002: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID from RADONLINE where USERNAME='john.doe at domain1'
>
> Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthGROUP
> Fri Nov 22 12:39:53 2002: DEBUG: Handling with Radius::AuthLDAP2:
> LDAP-domain1
> Fri Nov 22 12:39:53 2002: INFO: Connecting to localhost, port 389
> Fri Nov 22 12:39:53 2002: INFO: Attempting to bind with cn=admin,
> dc=domain2, dc=net, dc=uk, test (server localhost:389)
> Fri Nov 22 12:39:55 2002: DEBUG: LDAP got result for cn=john.doe,
> ou=users, dc=domain1, dc=com
> Fri Nov 22 12:39:55 2002: DEBUG: LDAP got userPassword: password
> Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 looks for match with
> john.doe at everywhereuk.com
> Fri Nov 22 12:39:55 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthSQL
> Fri Nov 22 12:39:55 2002: DEBUG: Handling with Radius::AuthDYNADDRESS
>
> at this point radpwtst simply returns "No Reply"
>
> Has anyone any ideas what is wrong as I've been looking at this for so
> long now and cannot see the wood for the trees. Config below.
>
> TIA
>
> Steve.
>
>
> --- content of /etc/radiator/radius.cfg ---
>
> LogDir          /var/log/radius
> DbDir           /etc/radiator
> Trace           5
>
> include %D/confs/domain1.com/radius.cfg
>
> <Client 127.0.0.1>
> 	Description Local client (perl script)
> 	DupInterval 5
> 	NasType ignore
> 	Secret secret
> </Client>
>
> <Client 1.69.237.113>
> 	Description 0845 dialup
> 	DupInterval 5
> 	NasType ignore
> 	Secret secret
> </Client>
>
> <Client 1.69.225.5>
> 	Description 0808 dialup
> 	DupInterval 5
> 	NasType ignore
> 	Secret secret
> </Client>
>
> --- end /etc/radiator/radius.cfg ---
>
>
> --- content of %D/confs/domain1.com/radius.cfg ---
>
> <AuthBy GROUP>
> 	Identifier Auth-domain1
> 	AuthByPolicy DoAllAuth
> 	<AuthBy LDAP2>
> 	
> 		Identifier LDAP-domain1
> 	
> 		Host		localhost
> 		
> 		AuthDN		cn=admin, dc=domain2, dc=net, dc=uk
> 		
> 		AuthPassword	test
> 		
> 		BaseDN		ou=users, dc=domain1, dc=com
> 		
> 		UsernameAttr	uid
> 	
> 		PasswordAttr	UserPassword	
> 	
> 		AddToReply Framed-Protocol = PPP,\
> 			Framed-Routing = None,\
> 			Framed-MTU = 1500,\
> 			Framed-Compression = Van-Jacobson-TCP-IP
> 	
> 		Debug 255
> 	
> 		Timeout 30
> 	
> 		FailureBackoffTime 10
> 		IgnoreAccounting
> 	</AuthBy>
> 	<AuthBy SQL>
> 		IgnoreAuthentication
> 		Fork
> 		Identifier	Acct-domain1
> 		HandleAcctStatusTypes Start,Stop
> 		AuthSelect
> 		DBSource	dbi:mysql:domain1:localhost
> 		DBUsername	domain1
> 		DBAuth		password
> 		AccountingTable	ACCOUNTING
> 		AcctColumnDef	USERNAME,User-Name
> 		AcctColumnDef	TIME_STAMP,Timestamp,integer
> 		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
> 		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
> 		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
> 		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> 		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
> 		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
> 		AcctColumnDef	ACCTTERMINATECAUSE,Acct_Terminate-Cause
> 		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
> 		AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
> 		AcctColumnDef	NASPORT,NAS-Port,integer
> 	</AuthBy>
> 	<AuthBy DYNADDRESS>
> 		AddressAllocator Addr-domain1
> 		PoolHint Pool-domain1
> 		MapAttribute yiaddr, Framed-IP-Address
> 		MapAttribute subnetmask, Framed-IP-Netmask
> 		StripFromReply PoolHint
> 	</AuthBy>
> </AuthBy>
> <AddressAllocator SQL>
> 	Identifier Addr-domain1
> 	DBSource dbi:mysql:domain1:localhost
> 	DBUsername domain1
> 	DBAuth password
> 	<AddressPool Pool-domain1>
> 		Subnetmask 255.255.255.255
> 		Range 1.41.165.1 212.41.165.253
> 	</AddressPool>
> </AddressAllocator>
> <SessionDatabase SQL>
> 	Identifier Sess-domain1
> 	DBSource dbi:mysql:domain1:localhost
> 	DBUsername domain1
> 	DBAuth password
> 	AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, \
> 			NASPORT, ACCTSESSIONID, TIME_STAMP, \
> 			FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) \
> 			values ( '%n', '%N', '%{NAS-Port},NULL', \
> 			'%{Acct-Session-Id}', '%{Timestamp}', \
> 			'%{Framed-IP-Address}', '%{NAS-Port-Type}', \
> 			'%{Service-Type}')
>         DeleteQuery delete from RADONLINE where USERNAME='%n' and \
> 			NASIDENTIFIER='%N' and NASPORT='%{NAS-Port},NULL'
>         ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
>         CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from \
> 			RADONLINE where USERNAME='%n'
> </SessionDatabase>
> <Realm domain1.com>
> 	AuthBy Auth-domain1
>         AddToRequestIfNotExist NAS-Port-Type=Async
>         AddToReplyIfNotExist Session-Timeout=21600
>         RejectHasReason
> 	
>         MaxSessions 1
> 	SessionDatabase Sess-domain1
> </Realm>
>
> --- end %D/confs/domain1.com/radius.cfg ---
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list