(RADIATOR) Ascend Attributes
Matt Baker
mbaker at prairiewave.com
Fri Apr 11 11:47:58 CDT 2003
I am having problems getting Ascend attributes to work. We had the same attributes working with <Authby SQL> and are using the same dictionary. The AddToReply statements mirror the working config file.
Client dials up using PAP for auth protocol.
config ######
# Radius paths
LogStdout
LogDir /var/log/radiator
DbDir /var/log/radiator
LogFile /var/log/radiator/radiuslog
DictionaryFile /etc/radiator/dictionary.usr
AuthPort 1645
AcctPort 1646
Trace 4
<Client DEFAULT>
Secret blah
DupInterval 0
</Client>
<Realm DEFAULT>
AcctLogFileName /var/log/radiator/radiuslog
MaxSessions 10
RewriteUsername s/^([^@]+).*/$1/
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy SYSTEM>
Identifier dns1
# UseGetspnam
# UseGetspnamf
AddToReply Ascend-Data-Filter="ip in forward tcp est",\
Ascend-Data-Filter="ip in forward dstip 192.168.0.2",\
Ascend-Data-Filter="ip in drop tcp dstport = 25",\
Ascend-Data-Filter="ip in drop tcp srcport = 80",\
Ascend-Data-Filter="ip in forward",\
Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Idle-Timeout = 900,\
Session-Timeout = 14400
</AuthBy>
<SessionDatabase SQL>
DBSource dbi:mysql:online;sql1.domain.com
DBUsername blah
DBAuth blah
</SessionDatabase SQL>
</Realm>
<AuthBy SQL>
Identifier MySQL
DBSource dbi:mysql:radius;sql1.domain.com
DBUsername blah
DBAuth blah
AuthSelect
AccountingStopsOnly
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef UT_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AddToReply Ascend-Data-Filter="ip in forward tcp est",\
Ascend-Data-Filter="ip in forward dstip 192.168.0.2",\
Ascend-Data-Filter="ip in drop tcp dstport = 25",\
Ascend-Data-Filter="ip in drop tcp srcport = 80",\
Ascend-Data-Filter="ip in forward",\
Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Idle-Timeout = 900,\
Session-Timeout = 14400
DateFormat %Y-%m-%d %X
</AuthBy>
trace 4 of client auth and disco ######
Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
*** Received from 216.16.34.66 port 1645 ....
Code: Access-Request
Identifier: 197
Authentic: {@0<28>~<226>Fc<1>L<187><222><214>H<30><189>
Attributes:
NAS-IP-Address = 216.16.34.66
NAS-Port = 34
NAS-Port-Type = Async
User-Name = "mb at domain.com"
User-Password = "<156><145>$<27>E<19><199><159><130><19><230><191><19><161><3>5"
Service-Type = Framed-User
Framed-Protocol = PPP
Fri Apr 11 11:46:07 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Apr 11 11:46:07 2003: DEBUG: Rewrote user name to mb
Fri Apr 11 11:46:07 2003: DEBUG: Deleting session for mb at iw.net, 216.16.34.66, 34
Fri Apr 11 11:46:07 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.16.34.66' and NASPORT=034
Fri Apr 11 11:46:07 2003: DEBUG: Query is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='mb at domain.com'
Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthSYSTEM: dns1
Fri Apr 11 11:46:07 2003: DEBUG: getpwnam got mb, WK8AHbW/jfj.2, 87530, 2002, , , mb, /home/client/mb, /bin/false,
Fri Apr 11 11:46:07 2003: DEBUG: Radius::AuthSYSTEM looks for match with mb
Fri Apr 11 11:46:07 2003: DEBUG: Radius::AuthSYSTEM ACCEPT:
Fri Apr 11 11:46:07 2003: DEBUG: Access accepted for mb
Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
*** Sending to 216.16.34.66 port 1645 ....
Code: Access-Accept
Identifier: 197
Authentic: {@0<28>~<226>Fc<1>L<187><222><214>H<30><189>
Attributes:
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip 192.168.0.2
Ascend-Data-Filter = ip in drop tcp dstport = 25
Ascend-Data-Filter = ip in drop tcp srcport = 80
Ascend-Data-Filter = ip in forward
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Idle-Timeout = 900
Session-Timeout = 14400
Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
*** Received from 216.16.34.66 port 1646 ....
Code: Accounting-Request
Identifier: 198
Authentic: <11><24><9>b<159><178><224>p<171><250>/b<127><190>n)
Attributes:
NAS-IP-Address = 216.16.34.66
NAS-Port = 34
NAS-Port-Type = Async
User-Name = "mb at domain.com"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000025"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Fri Apr 11 11:46:07 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Apr 11 11:46:07 2003: DEBUG: Rewrote user name to mb
Fri Apr 11 11:46:07 2003
NAS-IP-Address = 216.16.34.66
NAS-Port = 34
NAS-Port-Type = Async
User-Name = "mb"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000025"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Timestamp = 1050079567
Fri Apr 11 11:46:07 2003: DEBUG: Adding session for mb at iw.net, 216.16.34.66, 34
Fri Apr 11 11:46:07 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.16.34.66' and NASPORT=034
Fri Apr 11 11:46:07 2003: DEBUG: do query is: insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('mb at iw.net', '216.16.34.66', 34, '00000025', 1050079567, '', 'Async', 'Framed-User')
Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthSYSTEM: dns1
Fri Apr 11 11:46:07 2003: DEBUG: Accounting accepted
Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
*** Sending to 216.16.34.66 port 1646 ....
Code: Accounting-Response
Identifier: 198
Authentic: <11><24><9>b<159><178><224>p<171><250>/b<127><190>n)
Attributes:
Fri Apr 11 11:46:38 2003: DEBUG: Packet dump:
*** Received from 216.16.34.66 port 1646 ....
Code: Accounting-Request
Identifier: 199
Authentic: <15>~W<234><1>&<173><208>*<28><239><154>ky<127>B
Attributes:
NAS-IP-Address = 216.16.34.66
NAS-Port = 34
NAS-Port-Type = Async
User-Name = "mb at domain.com"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000025"
Framed-Protocol = PPP
Framed-IP-Address = 216.16.34.202
Acct-Terminate-Cause = User-Request
Acct-Input-Octets = 4244
Acct-Output-Octets = 1429
Acct-Input-Packets = 36
Acct-Output-Packets = 22
Acct-Session-Time = 31
Acct-Delay-Time = 0
Fri Apr 11 11:46:38 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Apr 11 11:46:38 2003: DEBUG: Rewrote user name to mb
Fri Apr 11 11:46:38 2003
NAS-IP-Address = 216.16.34.66
NAS-Port = 34
NAS-Port-Type = Async
User-Name = "mb"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000025"
Framed-Protocol = PPP
Framed-IP-Address = 216.16.34.202
Acct-Terminate-Cause = User-Request
Acct-Input-Octets = 4244
Acct-Output-Octets = 1429
Acct-Input-Packets = 36
Acct-Output-Packets = 22
Acct-Session-Time = 31
Acct-Delay-Time = 0
Timestamp = 1050079598
Fri Apr 11 11:46:38 2003: DEBUG: Deleting session for mb at domain.com, 216.16.34.66, 34
Fri Apr 11 11:46:38 2003: DEBUG: do query is: delete from RADONLINE where NASIDENTIFIER='216.16.34.66' and NASPORT=034
Fri Apr 11 11:46:38 2003: DEBUG: Handling with Radius::AuthGROUP
Fri Apr 11 11:46:38 2003: DEBUG: Handling with Radius::AuthSYSTEM: dns1
Fri Apr 11 11:46:38 2003: DEBUG: Accounting accepted
Fri Apr 11 11:46:38 2003: DEBUG: Packet dump:
*** Sending to 216.16.34.66 port 1646 ....
Code: Accounting-Response
Identifier: 199
Authentic: <15>~W<234><1>&<173><208>*<28><239><154>ky<127>B
Attributes:
###############
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list