(RADIATOR) Ascend Attributes
Hugh Irvine
hugh at open.com.au
Fri Apr 11 21:00:17 CDT 2003
Hello Matt -
With Radiator 3.5 you should use the standard dictionary in the main
distribution directory (the file called "dictionary"). This file is a
compendium of all of the previous dictionaries (which are now obsolete).
As far as I am aware, the "dictionary.usr" that you have specified in
your configuration file does not contain any Ascend attributes at all.
If you still have a problem, please send me a trace 5 debug from
Radiator showing what is happening.
regards
Hugh
On Saturday, Apr 12, 2003, at 02:47 Australia/Melbourne, Matt Baker
wrote:
> I am having problems getting Ascend attributes to work. We had the
> same attributes working with <Authby SQL> and are using the same
> dictionary. The AddToReply statements mirror the working config file.
>
> Client dials up using PAP for auth protocol.
>
> config ######
>
> # Radius paths
>
>
> LogStdout
> LogDir /var/log/radiator
> DbDir /var/log/radiator
> LogFile /var/log/radiator/radiuslog
> DictionaryFile /etc/radiator/dictionary.usr
> AuthPort 1645
> AcctPort 1646
>
> Trace 4
>
> <Client DEFAULT>
> Secret blah
> DupInterval 0
> </Client>
> <Realm DEFAULT>
> AcctLogFileName /var/log/radiator/radiuslog
> MaxSessions 10
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileAccept
> <AuthBy SYSTEM>
> Identifier dns1
> # UseGetspnam
> # UseGetspnamf
> AddToReply Ascend-Data-Filter="ip in forward tcp est",\
> Ascend-Data-Filter="ip in forward dstip 192.168.0.2",\
> Ascend-Data-Filter="ip in drop tcp dstport = 25",\
> Ascend-Data-Filter="ip in drop tcp srcport = 80",\
> Ascend-Data-Filter="ip in forward",\
> Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Idle-Timeout = 900,\
> Session-Timeout = 14400
> </AuthBy>
> <SessionDatabase SQL>
>
> DBSource dbi:mysql:online;sql1.domain.com
> DBUsername blah
> DBAuth blah
> </SessionDatabase SQL>
> </Realm>
> <AuthBy SQL>
> Identifier MySQL
>
> DBSource dbi:mysql:radius;sql1.domain.com
> DBUsername blah
> DBAuth blah
>
> AuthSelect
> AccountingStopsOnly
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef UT_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AddToReply Ascend-Data-Filter="ip in forward tcp est",\
> Ascend-Data-Filter="ip in forward dstip 192.168.0.2",\
> Ascend-Data-Filter="ip in drop tcp dstport = 25",\
> Ascend-Data-Filter="ip in drop tcp srcport = 80",\
> Ascend-Data-Filter="ip in forward",\
> Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Idle-Timeout = 900,\
> Session-Timeout = 14400
> DateFormat %Y-%m-%d %X
> </AuthBy>
>
>
> trace 4 of client auth and disco ######
> Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
> *** Received from 216.16.34.66 port 1645 ....
> Code: Access-Request
> Identifier: 197
> Authentic: {@0<28>~<226>Fc<1>L<187><222><214>H<30><189>
> Attributes:
> NAS-IP-Address = 216.16.34.66
> NAS-Port = 34
> NAS-Port-Type = Async
> User-Name = "mb at domain.com"
> User-Password =
> "<156><145>$<27>E<19><199><159><130><19><230><191><19><161><3>5"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Fri Apr 11 11:46:07 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 11 11:46:07 2003: DEBUG: Rewrote user name to mb
> Fri Apr 11 11:46:07 2003: DEBUG: Deleting session for mb at iw.net,
> 216.16.34.66, 34
> Fri Apr 11 11:46:07 2003: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='216.16.34.66' and NASPORT=034
>
> Fri Apr 11 11:46:07 2003: DEBUG: Query is: select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='mb at domain.com'
>
> Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthGROUP
> Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthSYSTEM: dns1
> Fri Apr 11 11:46:07 2003: DEBUG: getpwnam got mb, WK8AHbW/jfj.2,
> 87530, 2002, , , mb, /home/client/mb, /bin/false,
> Fri Apr 11 11:46:07 2003: DEBUG: Radius::AuthSYSTEM looks for match
> with mb
> Fri Apr 11 11:46:07 2003: DEBUG: Radius::AuthSYSTEM ACCEPT:
> Fri Apr 11 11:46:07 2003: DEBUG: Access accepted for mb
> Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
> *** Sending to 216.16.34.66 port 1645 ....
> Code: Access-Accept
> Identifier: 197
> Authentic: {@0<28>~<226>Fc<1>L<187><222><214>H<30><189>
> Attributes:
> Ascend-Data-Filter = ip in forward tcp est
> Ascend-Data-Filter = ip in forward dstip 192.168.0.2
> Ascend-Data-Filter = ip in drop tcp dstport = 25
> Ascend-Data-Filter = ip in drop tcp srcport = 80
> Ascend-Data-Filter = ip in forward
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Idle-Timeout = 900
> Session-Timeout = 14400
>
> Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
> *** Received from 216.16.34.66 port 1646 ....
> Code: Accounting-Request
> Identifier: 198
> Authentic: <11><24><9>b<159><178><224>p<171><250>/b<127><190>n)
> Attributes:
> NAS-IP-Address = 216.16.34.66
> NAS-Port = 34
> NAS-Port-Type = Async
> User-Name = "mb at domain.com"
> Acct-Status-Type = Start
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000025"
> Framed-Protocol = PPP
> Acct-Delay-Time = 0
>
> Fri Apr 11 11:46:07 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 11 11:46:07 2003: DEBUG: Rewrote user name to mb
> Fri Apr 11 11:46:07 2003
> NAS-IP-Address = 216.16.34.66
> NAS-Port = 34
> NAS-Port-Type = Async
> User-Name = "mb"
> Acct-Status-Type = Start
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000025"
> Framed-Protocol = PPP
> Acct-Delay-Time = 0
> Timestamp = 1050079567
>
> Fri Apr 11 11:46:07 2003: DEBUG: Adding session for mb at iw.net,
> 216.16.34.66, 34
> Fri Apr 11 11:46:07 2003: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='216.16.34.66' and NASPORT=034
>
> Fri Apr 11 11:46:07 2003: DEBUG: do query is: insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('mb at iw.net',
> '216.16.34.66', 34, '00000025', 1050079567, '', 'Async', > 'Framed-User')
>
> Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthGROUP
> Fri Apr 11 11:46:07 2003: DEBUG: Handling with Radius::AuthSYSTEM: dns1
> Fri Apr 11 11:46:07 2003: DEBUG: Accounting accepted
> Fri Apr 11 11:46:07 2003: DEBUG: Packet dump:
> *** Sending to 216.16.34.66 port 1646 ....
> Code: Accounting-Response
> Identifier: 198
> Authentic: <11><24><9>b<159><178><224>p<171><250>/b<127><190>n)
> Attributes:
>
> Fri Apr 11 11:46:38 2003: DEBUG: Packet dump:
> *** Received from 216.16.34.66 port 1646 ....
> Code: Accounting-Request
> Identifier: 199
> Authentic: <15>~W<234><1>&<173><208>*<28><239><154>ky<127>B
> Attributes:
> NAS-IP-Address = 216.16.34.66
> NAS-Port = 34
> NAS-Port-Type = Async
> User-Name = "mb at domain.com"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000025"
> Framed-Protocol = PPP
> Framed-IP-Address = 216.16.34.202
> Acct-Terminate-Cause = User-Request
> Acct-Input-Octets = 4244
> Acct-Output-Octets = 1429
> Acct-Input-Packets = 36
> Acct-Output-Packets = 22
> Acct-Session-Time = 31
> Acct-Delay-Time = 0
>
> Fri Apr 11 11:46:38 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Fri Apr 11 11:46:38 2003: DEBUG: Rewrote user name to mb
> Fri Apr 11 11:46:38 2003
> NAS-IP-Address = 216.16.34.66
> NAS-Port = 34
> NAS-Port-Type = Async
> User-Name = "mb"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Acct-Session-Id = "00000025"
> Framed-Protocol = PPP
> Framed-IP-Address = 216.16.34.202
> Acct-Terminate-Cause = User-Request
> Acct-Input-Octets = 4244
> Acct-Output-Octets = 1429
> Acct-Input-Packets = 36
> Acct-Output-Packets = 22
> Acct-Session-Time = 31
> Acct-Delay-Time = 0
> Timestamp = 1050079598
>
> Fri Apr 11 11:46:38 2003: DEBUG: Deleting session for mb at domain.com,
> 216.16.34.66, 34
> Fri Apr 11 11:46:38 2003: DEBUG: do query is: delete from RADONLINE
> where NASIDENTIFIER='216.16.34.66' and NASPORT=034
>
> Fri Apr 11 11:46:38 2003: DEBUG: Handling with Radius::AuthGROUP
> Fri Apr 11 11:46:38 2003: DEBUG: Handling with Radius::AuthSYSTEM: dns1
> Fri Apr 11 11:46:38 2003: DEBUG: Accounting accepted
> Fri Apr 11 11:46:38 2003: DEBUG: Packet dump:
> *** Sending to 216.16.34.66 port 1646 ....
> Code: Accounting-Response
> Identifier: 199
> Authentic: <15>~W<234><1>&<173><208>*<28><239><154>ky<127>B
> Attributes:
>
> ###############
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list