(RADIATOR) hostslect FAILUREPOLICY bug!
Mohamed Majdoubi
mohamedm at innovation.kpn.com
Wed Sep 11 07:52:46 CDT 2002
Hi
i am trying to use FAILUREPOLICY field in the hostselect statement. The value FAILUREPOLICY is set to 1 (see the database output), this should result in a reject to NAS if the host radius does not respond. unfortunatly this is not happening, the NAS gets still no answer from the proxy radius. i can conclude that the proxy radius does use the failure policy to send a reject instead of a ignore. below you can find configuration and the output
with kind regards
Mohamed Majdoubi
KPN Telecom
#####################################################################
radius setup
#####################################################################
|||||||||||||||||||||| |||||||||||||||||||||| ||||||||||||||||||||||
| NAS | --------------------- proxy |------------------------ radius
|||||||||||||||||||||| |||||||||||||||||||||| ||||||||||||||||||||||
#####################################################################
Configuration
#####################################################################
<AuthBy SQLRADIUS>
Identifier ProxyToOffice
FailureBackoffTime 60
DBSource dbi:mysql:ProxyDB
DBUsername root
DBAuth
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from \
RADSQLRADIUS where TARGETNAME='%R'
StripFromRequest Cisco-NAS-Port, \
NAS-Port, \
NAS-Port-Type, \
NAS-IP-Address, \
Called-Station-Id, \
Calling-Station-Id
AddToRequest Service-Class = %{Reply:Service-Class}
AllowInReply Service-Type, \
Framed-Protocol, \
Framed-IP-Netmask, \
Framed-IP-Address, \
Ascend-Client-Primary-DNS, \
Ascend-Client-Secondary-DNS, \
Loopback-Tag, \
Release-Name, \
VRF-Tag
ReplyHook file:"%D/reply.pl"
</AuthBy>
#####################################################################
Database output
#####################################################################
mysql> select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1';
+-----------+--------+----------+----------+---------+--------------+---------------+
| HOST1 | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT | FAILUREPOLICY |
+-----------+--------+----------+----------+---------+--------------+---------------+
| 127.0.0.1 | kpn | 1812 | 1813 | 2 | 5 | 1 |
+-----------+--------+----------+----------+---------+--------------+---------------+
1 row in set (0.00 sec)
#####################################################################
Debug
#####################################################################
Code: Access-Request
Identifier: 2
Authentic: 1234567890123456
Attributes:
User-Name = "mohamed at office1"
Service-Type = Framed-User
User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>"
Service-Class = "office2-1.1.1.1-2222"
Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting
Wed Sep 11 11:03:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812 ....
Packet length = 83
01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66
66 69 63 65 31 06 06 00 00 00 02 02 12 a6 ba 48
31 42 79 25 de 9b 97 99 ab d8 21 55 85 95 16 6f
66 66 69 63 65 32 2d 31 2e 31 2e 31 2e 31 2d 32
32 32 32
Code: Access-Request
Identifier: 2
Authentic: 1234567890123456
Attributes:
User-Name = "mohamed at office1"
Service-Type = Framed-User
User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>"
Service-Class = "office2-1.1.1.1-2222"
Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS: No reply after 2 retransmissions to 127.0.0.1:1812 for mohamed at off
ice1 (132)
Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS could not find a working host to forward to. Ignoring
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020911/27553d65/attachment.html>
More information about the radiator
mailing list