(RADIATOR) Cisco AVPAIR not working

Anthony Roque Adriano thony at inetworx.com.ph
Tue Sep 3 21:31:51 CDT 2002 

Hello,  

Am currently configuring RADIATOR to give a DNS entry instead of the RAS giving it. The setup is working for the ASCEND RAS but for my CISCO 5300 its not.  Have gone through the mailing list and try all suggestion, but still can't get it to work, can anyone point out what i'm doing wrong.

Here's my config :

 #LogStdout
LogDir          /var/log/radius-log
LogFile         %L/%Y-%m-%d-radiuslog
DbDir           /usr/local/etc/raddb

DictionaryFile  /usr/local/etc/raddb/dictionary.cisco
DictionaryFile  /usr/local/etc/raddb/dictionary.ascend2
DictionaryFile  /usr/local/etc/raddb/dictionary.livingston
DictionaryFile  /usr/local/etc/raddb/dictionary

# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 4

<AuthBy RADMIN>
        Identifier Acceptmehere


        # Change DBSource, DBUsername, DBAuth for your database
        # See the reference manual. You will also have to
        # change the one in <SessionDatabse SQL> below
        # so its the same
        DBSource        dbi:mysql:#####
        DBUsername      ######
        DBAuth          ######

        # Only one session per user at a time
        #DefaultSimultaneousUse 1

        # Let the user in if they have any time left
        # Set the Session-timeout to timeleft
        AuthSelect select PASS_WORD,STATICADDRESS,\
                MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID \
                from RADUSERS where (USERNAME='%n' and VALIDFROM < %t )

        AuthColumnDef   0,User-Password,check
        AuthColumnDef   1,Filter-Id,reply
        AuthColumnDef   2,Session-Timeout,reply
        AuthColumnDef   3,Simultaneous-Use,check

        # You can add to or change these if you want, but you
        # will probably want to change the database schema first
        AccountingTable RADUSAGE
        AcctColumnDef   USERNAME,User-Name
        AcctColumnDef   TIME_STAMP,Timestamp,integer
        AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
        AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
        AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
        AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
        AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
        AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
        AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
        AcctColumnDef   ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
        AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
        AcctColumnDef   NASIDENTIFIER,NAS-Identifier
        AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
        AcctColumnDef   NASPORT,NAS-Port,integer
        AcctColumnDef   DNIS,Called-Station-Id
        AcctColumnDef   CALLERID,Calling-Station-Id

        AcctColumnDef   NASPORT,NAS-Port,integer
        AcctColumnDef   DNIS,Called-Station-Id
        AcctColumnDef   CALLERID,Calling-Station-Id


        # These are the classic things to add to each users
        # reply to allow a PPP dialup session. It may be
        # different for your NAS. This will add some
        # reply items to everyone's reply
        # Add Idle-Timeout of 15 mins
        DefaultReply Service-Type = Framed-User, \
                Framed-Protocol = PPP, \
                Framed-IP-Netmask = 255.255.255.255, \
                Framed-Routing = None, \
                Framed-MTU = 1500, \
                Framed-Compression = Van-Jacobson-TCP-IP, \
                Idle-Timeout = 900, \
                cisco-avpair= "ip:dns-servers=xxx.xxx.xxx.xxx", \
                Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx,\
                Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx,\
                Ascend-Client-Assign-DNS = DNS-Assign-Yes
                

</AuthBy>



<Handler Realm=myrealm>
        AuthBy Acceptmehere
        
 # Show rejection reason to users
        RejectHasReason


By the way, im using Cisco 5300, 

Cisco Internetwork Operating System Software
IOS (tm) 5300 Software (C5300-IS-M), Version 12.0(7)T,  RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 08-Dec-99 20:25 by phanguye
Image text-base: 0x600088F8, data-base: 0x60C6A000


And here is my RADIUS log file

Tue Sep  3 15:13:37 2002: DEBUG: Packet dump:
*** Received from xxx.xxx.xxx.xxx port 33554 ....
Code:       Access-Request
Identifier: 174
Authentic:  E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
Attributes:
        NAS-IP-Address = xxx.xxx.xxx.xxx
        NAS-Port = 228
        NAS-Port-Type = Virtual
        User-Name = "user at myrealm"
        Called-Station-Id = "xxxxxxxx"
        Calling-Station-Id = "xxxxxxxx"
        User-Password = "<212> <144><164>7<176><206><113><182><255><165><164><141><145><181><149>"
        Service-Type = Framed-User
        Framed-Protocol = PPP

Tue Sep  3 15:13:37 2002: DEBUG: Check if Handler Realm=myrealm should be used to handle this request
Tue Sep  3 15:13:37 2002: DEBUG: Handling request with Handler 'Realm=myrealm'
Tue Sep  3 15:13:37 2002: DEBUG:  Deleting session for user at myrealm, xxx.xxx.xxx.xxx, 228
Tue Sep  3 15:13:37 2002: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=0228

Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN')

Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with Radius::AuthRADMIN: Acceptmehere')

Tue Sep  3 15:13:37 2002: DEBUG: Query is: select PASS_WORD,STATICADDRESS,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID from RADUSERS where (USERNAME='user at myrealm' and VALIDFROM < 1031037217)

Tue Sep  3 15:13:37 2002: DEBUG: Query is: select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='user at myrealm' order by ITEM_TYPE

Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN looks for match with user at myrealm')

Tue Sep  3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN ACCEPT: ')

Tue Sep  3 15:13:37 2002: DEBUG: do query is: update RADUSERS set BADLOGINS=0 where USERNAME='user at myrealm'

Tue Sep  3 15:13:37 2002: DEBUG: Access accepted for user at myrealm
Tue Sep  3 15:13:37 2002: DEBUG: Packet dump:
*** Sending to xxx.xxx.xxx.xxx port 33554 ....
Code:       Access-Accept
Identifier: 174
Authentic:  E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
Attributes:
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.255
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP
        Idle-Timeout = 900
        cisco-avpair = "ip:dns-servers=203.176.74.147 203.176.74.147"
        Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx
        Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx
        Ascend-Client-Assign-DNS = DNS-Assign-Yes
        

Accounting request follows and user got connected..

Also,  is there a way to overwrite what user has specified on their DNS settings for MS windows.

Thanks,
thony
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020904/f0595f36/attachment.html>

More information about the radiator mailing list