(RADIATOR) ipass Config Question
Ayotunde Itayemi
aitayemi at metrong.com
Mon Sep 2 13:09:06 CDT 2002
Hi All, Hi hugh,
My config is as below. In the past when "we" discussed about the state column of the RADONLINE
database not being reset appropriately resulting in IP-address pool being exhausted, you told me to
add the following lines to my config:
DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t where YIADDR='%0' or YIADDR='%{Class}'
to the AdressAllocator SQL clause and the following line to AuthBy DYNAADDRESS clause
AddToReply Class = %{Reply:Framed-IP-Address}
Okay, I removed them later when things seemed to have "stabilised" but I am thinking of reintroducing them again
- please let me have your views based on the config file below.
MAIN PROBLEMS.
I installed ipass NetServer 3.9 as stated in the instructions and also configured radiator (below) based on ipass
instruction for configuring radiator.
The problem is that somehow, radiator is still using the handler for my client rather than the special handler for ipass
- <Handler Realm=myipass> which should cause it to proxy the request to the local ipass NetServer running on same
system.
Please note that the IP address I have radiator running on is e.d.f.211 .
I have also disabled the apache client I had running before because I guess there would be a conflict between apache
authentication and ipass NetServer since they both use localhost (127.0.0.1) in the client definitions for them?
Regards,
Tunde I.
# --- RADAR -------------------------
<Monitor>
Username radar
Password <mypassword>
</Monitor>
# Programs for Simultaneous-Use
SnmpgetProg /usr/bin/snmpget
# SNMP access to radiator
<SNMPAgent>
ROCommunity mysnmpRADsecret
Port 162
Managers 127.0.0.1, 192.168.10.8
</SNMPAgent>
# Online users
<SessionDatabase SQL>
Identifier SDB1
DBSource dbi:Oracle:radius00
DBUsername radius
DBAuth radius
# DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t \
# where YIADDR='%0' or YIADDR='%{Class}'
</SessionDatabase>
# =======================================================
<AddressAllocator SQL>
Identifier mySQLallocator
DBSource dbi:Oracle:radius00
DBUsername radiusgold
DBAuth radiusgold
# DeleteQuery update RADPOOL set STATE=0,TIME_STAMP=%t \
# where YIADDR='%0' or YIADDR='%{Class}'
DefaultLeasePeriod 172800
# LeaseReclaimInterval 86400
# POOL ALLOCATION RULES
<AddressPool viruse1>
Subnetmask 255.255.255.255
Range a.b.e.31 a.b.e.60
Range a.b.e.62 a.b.e.91
</AddressPool>
<AddressPool viruse2>
Subnetmask 255.255.255.255
Range a.b.c.52 a.b.c.100
Range a.b.c.110 a.b.c.139
Range a.b.c.150 a.b.c.200
Range a.b.c.225 a.b.c.250
</AddressPool>
</AddressAllocator>
# =================== CLIENTs =================================
<Client a.b.c.3>
Secret <mypassword>
DupInterval 0
SNMPCommunity public
Identifier viruse2
IdenticalClients a.b.c.4 a.b.c.5 a.b.c.6 \
172.31.1.6 172.31.1.4 172.31.1.8 192.168.10.5
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
</Client>
<Client a.b.c.30>
# pattonRAS
Secret <mypassword>
DupInterval 0
NasType Patton
SNMPCommunity patt123mon
Identifier viruse1
IdenticalClients a.b.c.61 a.b.c.92
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
</Client>
<Client localhost>
# ipass client for VNAS (incoming roamers)
Secret <mypassword>
Identifier ipassclient
IdenticalClients d.e.f.212
RewriteUsername s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
</Client>
#<Client 127.0.0.1>
# web server on this box
# Secret apache!:123
# DupInterval 0
# Identifier apache
#</Client>
# =================== AUTH BYs =================================
<AuthBy SQL>
Identifier SQLStaffauth
NoDefault
DBSource dbi:Oracle:radius00
DBUsername radius
DBAuth radius
AuthSelect select PASSWORD, CHECKATTR from STAFF \
where USERNAME = '%n' and STATUS = 'Enabled'
</Auth>
<AuthBy SQL>
Identifier SQLClientauth
NoDefault
DBSource dbi:Oracle:radius00
DBUsername radius
DBAuth radius
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME = '%n' \
and STATUS = 'Enabled'
AutoMPPEKeys
</Auth>
<AuthBy DYNADDRESS>
Identifier myIPADDRESSauth
Allocator mySQLallocator
# AddToReply Class = %{Reply:Framed-IP-Address}
# PoolHint %{Reply:PoolHint}
PoolHint %{Client:Identifier}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
# policy = 4 (40bit), 2 (128bit), 6 (any)
AddToReply MS-MPPE-Encryption-Policy = 1, MS-MPPE-Encryption-Types = 6
AddToReply MS-MPPE-Send-Key, MS-MPPE-Recv-Key
</AuthBy>
<AuthBy DYNADDRESS>
Identifier pattonIPADDRESSauth
Allocator mySQLallocator
PoolHint %{Client:Identifier}
# PoolHint %{Reply:PoolHint}
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
###### proxy radius for IPASS
<AuthBy RADIUS>
Identifier ipassNetserver
Host d.e.f.211
Secret <mypassword>
AuthPort 11812
AcctPort 11813
</AuthBy>
#=================== HANDLERs ================================
<Handler Realm=myipass>
AcctLogFileName %L/ipass/detail
RewriteUsername s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
AuthBy ipassNetserver
</Handler>
<Handler Client-Identifier=viruse2>
AuthByPolicy ContinueWhileAccept
# remove @domain-name
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
# UsernameCharset a-zA-Z0-9\._ at -
MaxSessions 1
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
AuthBy myIPADDRESSauth
</Handler>
<Handler Client-Identifier=ipassclient>
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._ at -#
MaxSessions 1
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
</Handler>
<Handler Client-Identifier=apache>
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._ at -
MaxSessions 1
AuthBy SQLStaffauth
</Handler>
# DEFAULT HANDLER => handles any requests not in above
<Handler>
# default handler => handles any requests not in above
AuthBy ipassNetserver
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020902/f10d94d9/attachment.html>
More information about the radiator
mailing list