(RADIATOR) Cisco AVPAIR not working
Hugh Irvine
hugh at open.com.au
Tue Sep 3 21:52:29 CDT 2002
Hello Anthony -
You will have to check a debug on the Cisco to see what is happening,
and you will have to check with Cisco to ascertain the correct syntax
for the cisco-avpair. It may also be possible to use Ascend
compatibility on the Cisco to achieve this.
I do not believe there is any way to override hard-coded DNS settings on
a host, although someone else on the list may know more than I do.
regards
Hugh
On Wednesday, September 4, 2002, at 12:31 PM, Anthony Roque Adriano
wrote:
> Hello,
>
> Am currently configuring RADIATOR to give a DNS entry instead of the
> RAS giving it. The setup is working for the ASCEND RAS but for
> my CISCO 5300 its not. Have gone through the mailing list and try all
> suggestion, but still can't get it to work, can anyone point out what
> i'm doing wrong.
>
> Here's my config :
>
> #LogStdout
> LogDir /var/log/radius-log
> LogFile %L/%Y-%m-%d-radiuslog
> DbDir /usr/local/etc/raddb
>
> DictionaryFile /usr/local/etc/raddb/dictionary.cisco
> DictionaryFile /usr/local/etc/raddb/dictionary.ascend2
> DictionaryFile /usr/local/etc/raddb/dictionary.livingston
> DictionaryFile /usr/local/etc/raddb/dictionary
>
> # Dont turn this up too high, since all log messages are logged
> # to the RADMESSAGES table in the database. 3 will give you everything
> # except debugging messages
> Trace 4
>
> <AuthBy RADMIN>
> Identifier Acceptmehere
>
>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:#####
> DBUsername ######
> DBAuth ######
>
> # Only one session per user at a time
> #DefaultSimultaneousUse 1
>
> # Let the user in if they have any time left
> # Set the Session-timeout to timeleft
> AuthSelect select PASS_WORD,STATICADDRESS,\
> MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID \
> from RADUSERS where (USERNAME='%n' and VALIDFROM < %t )
>
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Filter-Id,reply
> AuthColumnDef 2,Session-Timeout,reply
> AuthColumnDef 3,Simultaneous-Use,check
>
> # You can add to or change these if you want, but you
> # will probably want to change the database schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-
> Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> AcctColumnDef CALLERID,Calling-Station-Id
>
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> AcctColumnDef CALLERID,Calling-Station-Id
>
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> # Add Idle-Timeout of 15 mins
> DefaultReply Service-Type = Framed-User, \
> Framed-Protocol = PPP, \
> Framed-IP-Netmask = 255.255.255.255, \
> Framed-Routing = None, \
> Framed-MTU = 1500, \
> Framed-Compression = Van-Jacobson-TCP-IP, \
> Idle-Timeout = 900, \
> cisco-avpair= "ip:dns-servers=xxx.xxx.xxx.xxx", \
> Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx,\
> Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx,\
> Ascend-Client-Assign-DNS = DNS-Assign-Yes
>
>
> </AuthBy>
>
>
>
> <Handler Realm=myrealm>
> AuthBy Acceptmehere
>
> # Show rejection reason to users
> RejectHasReason
>
>
> By the way, im using Cisco 5300,
>
> Cisco Internetwork Operating System Software
> IOS (tm) 5300 Software (C5300-IS-M), Version 12.0(7)T, RELEASE
> SOFTWARE (fc2)
> Copyright (c) 1986-1999 by cisco Systems, Inc.
> Compiled Wed 08-Dec-99 20:25 by phanguye
> Image text-base: 0x600088F8, data-base: 0x60C6A000
>
>
> And here is my RADIUS log file
>
> Tue Sep 3 15:13:37 2002: DEBUG: Packet dump:
> *** Received from xxx.xxx.xxx.xxx port 33554 ....
> Code: Access-Request
> Identifier: 174
> Authentic: E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
> Attributes:
> NAS-IP-Address = xxx.xxx.xxx.xxx
> NAS-Port = 228
> NAS-Port-Type = Virtual
> User-Name = "user at myrealm"
> Called-Station-Id = "xxxxxxxx"
> Calling-Station-Id = "xxxxxxxx"
> User-Password = "<212>
> <144><164>7<176><206><113><182><255><165><164><141><145><181><149>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Tue Sep 3 15:13:37 2002: DEBUG: Check if Handler Realm=myrealm should
> be used to handle this request
> Tue Sep 3 15:13:37 2002: DEBUG: Handling request with Handler
> 'Realm=myrealm'
> Tue Sep 3 15:13:37 2002: DEBUG: Deleting session for user at myrealm,
> xxx.xxx.xxx.xxx, 228
> Tue Sep 3 15:13:37 2002: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='xxx.xxx.xxx.xxx' and NASPORT=0228
>
> Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with
> Radius::AuthRADMIN')
>
> Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Handling with
> Radius::AuthRADMIN: Acceptmehere')
>
> Tue Sep 3 15:13:37 2002: DEBUG: Query is: select
> PASS_WORD,STATICADDRESS,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID from
> RADUSERS where (USERNAME='user at myrealm' and VALIDFROM < 1031037217)
>
> Tue Sep 3 15:13:37 2002: DEBUG: Query is: select ATTR_ID, VENDOR_ID,
> IVALUE, SVALUE, ITEM_TYPE from RADCONFIG where NAME='user at myrealm'
> order by ITEM_TYPE
>
> Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN
> looks for match with user at myrealm')
>
> Tue Sep 3 15:13:37 2002: DEBUG: do query is: insert into RADMESSAGES
> (TIME_STAMP, TYPE, MESSAGE) values (1031037217, 4, 'Radius::AuthRADMIN
> ACCEPT: ')
>
> Tue Sep 3 15:13:37 2002: DEBUG: do query is: update RADUSERS set
> BADLOGINS=0 where USERNAME='user at myrealm'
>
> Tue Sep 3 15:13:37 2002: DEBUG: Access accepted for user at myrealm
> Tue Sep 3 15:13:37 2002: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 33554 ....
> Code: Access-Accept
> Identifier: 174
> Authentic: E<147><203><5><162><145>t<149>E3<180>T<194><20><223><18>
> Attributes:
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Idle-Timeout = 900
> cisco-avpair = "ip:dns-servers=203.176.74.147 203.176.74.147"
> Ascend-Client-Primary-DNS = xxx.xxx.xxx.xxx
> Ascend-Client-Secondary-DNS = xxx.xxx.xxx.xxx
> Ascend-Client-Assign-DNS = DNS-Assign-Yes
>
>
> Accounting request follows and user got connected..
>
> Also, is there a way to overwrite what user has specified on their DNS
> settings for MS windows.
>
> Thanks,
> thony
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 9359 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020904/fecf8d75/attachment.bin>
More information about the radiator
mailing list