(RADIATOR) hostslect FAILUREPOLICY bug!

Mohamed Majdoubi mohamedm at innovation.kpn.com
Wed Sep 11 07:52:46 CDT 2002


Hi 
i am trying to use FAILUREPOLICY field in the hostselect statement. The value FAILUREPOLICY is set to 1 (see the database output), this should result in a reject to NAS if the host radius does not respond. unfortunatly this is not happening, the NAS gets still no answer from the proxy radius. i can conclude that the proxy radius does use the failure policy to send a reject instead of a ignore. below you can find configuration and the output

with kind regards
Mohamed Majdoubi
KPN Telecom

#####################################################################
                                            radius setup
#####################################################################


||||||||||||||||||||||                        ||||||||||||||||||||||                        |||||||||||||||||||||| 
|     NAS   |   --------------------- proxy       |------------------------ radius       
||||||||||||||||||||||                        ||||||||||||||||||||||                        |||||||||||||||||||||| 



 
#####################################################################
                                            Configuration 
#####################################################################

<AuthBy SQLRADIUS>
 Identifier ProxyToOffice
     FailureBackoffTime 60 
 DBSource dbi:mysql:ProxyDB
 DBUsername root
 DBAuth 
 HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from \
 RADSQLRADIUS where TARGETNAME='%R'
 StripFromRequest Cisco-NAS-Port, \
                NAS-Port, \
                NAS-Port-Type, \
  NAS-IP-Address, \
                Called-Station-Id, \
                Calling-Station-Id
 
 AddToRequest Service-Class = %{Reply:Service-Class}
  AllowInReply Service-Type, \
  Framed-Protocol, \
          Framed-IP-Netmask, \
  Framed-IP-Address, \
  Ascend-Client-Primary-DNS, \
  Ascend-Client-Secondary-DNS, \
  Loopback-Tag, \
  Release-Name, \
  VRF-Tag
 ReplyHook file:"%D/reply.pl"
</AuthBy>

#####################################################################
                                Database output
#####################################################################

mysql> select HOST1, SECRET, AUTHPORT, ACCTPORT, RETRIES, RETRYTIMEOUT, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='office1';
+-----------+--------+----------+----------+---------+--------------+---------------+
| HOST1     | SECRET | AUTHPORT | ACCTPORT | RETRIES | RETRYTIMEOUT | FAILUREPOLICY |
+-----------+--------+----------+----------+---------+--------------+---------------+
| 127.0.0.1 | kpn    | 1812     | 1813     |       2 |            5 |             1 |
+-----------+--------+----------+----------+---------+--------------+---------------+
1 row in set (0.00 sec)



#####################################################################
                                            Debug
#####################################################################

Code:       Access-Request
Identifier: 2
Authentic:  1234567890123456
Attributes:
        User-Name = "mohamed at office1"
        Service-Type = Framed-User
        User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>"
        Service-Class = "office2-1.1.1.1-2222"

Wed Sep 11 11:03:22 2002: DEBUG: Timed out, retransmitting
Wed Sep 11 11:03:22 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812 ....

Packet length = 83
01 02 00 53 31 32 33 34 35 36 37 38 39 30 31 32
33 34 35 36 01 11 6d 6f 68 61 6d 65 64 40 6f 66
66 69 63 65 31 06 06 00 00 00 02 02 12 a6 ba 48
31 42 79 25 de 9b 97 99 ab d8 21 55 85 95 16 6f
66 66 69 63 65 32 2d 31 2e 31 2e 31 2e 31 2d 32
32 32 32
Code:       Access-Request
Identifier: 2
Authentic:  1234567890123456
Attributes:
        User-Name = "mohamed at office1"
        Service-Type = Framed-User
        User-Password = "<166><186>H1By%<222><155><151><153><171><216>!U<133>"
        Service-Class = "office2-1.1.1.1-2222"

Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS: No reply after 2 retransmissions to 127.0.0.1:1812 for mohamed at off
ice1  (132)
Wed Sep 11 11:03:27 2002: INFO: AuthRADIUS could not find a working host to forward to. Ignoring

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20020911/27553d65/attachment.html>


More information about the radiator mailing list