(RADIATOR) Subdomain problem
Hugh Irvine
hugh at open.com.au
Thu Aug 7 11:50:41 CDT 2003
Hello Dan -
It is quite possible that this is due to "Service-Type = Framed-User,
Framed-Protocol = PPP" not being included in the reply attributes
(Cisco's especially are very picky about this).
BTW - for common sets of reply attributes you can use an "AddToReply
...." in the AuthBy clause rather than replicating all of the reply
attributes for every user.
Ie:
<AuthBy SQL>
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP
</AuthBy>
regards
Hugh
On Friday, Aug 8, 2003, at 01:15 Australia/Melbourne, Dan Vande More
wrote:
> Well this is what I have after making this change.
>
> It appears to keep re-authenticating, over and over again every 7-10
> seconds.
> Although it appears to give an access accepted, the modem doesn't
> accept it.
>
> Keep in mind, that this works perfectly on AuthBy File, and dies on
> SQL.
>
> Maybe I have something wrong in the db conversion, but I used the
> default table structure included with Radiator, and here is a sample
> record:
>
> INSERT INTO `SUBSCRIBERS` VALUES("dvmsherman at dsl.mydomain.com",
> "mycorrectpassword", NULL, "Service-Type=Framed-User",
> "Framed-Protocol=PPP,Framed-IP-Address=200.200.132.52,Framed-IP-
> Netmask=255.255.255.255,Framed-Routing=None,Framed-MTU=1500,Framed-
> Compression=Van-Jacobson-TCP-IP", "9999999");
>
> Debug info below.
>
> Additionally out of a large amount of ISDN subscribers, I have one
> particular one I cannot seem to give a static IP to. And if I do, it
> still takes a dynamic.
> It's db record is seen below:
>
> INSERT INTO `SUBSCRIBERS` VALUES("baerisdn at isdn.mydomain.com",
> "password", NULL, "Service-Type=Framed-User",
> "Framed-Protocol=PPP,Framed-IP-Address=200.200.139.207,Framed-IP-
> Netmask=255.255.255.255,Framed-Routing=None,Framed-MTU=1500,Session-
> Timeout=14400,Idle-Timeout=600,Framed-Compression=Van-Jacobson-TCP-
> IP", "9999999");
>
> Here's a sample of an ISDN record that does keep the static IP every
> time:
>
> INSERT INTO `SUBSCRIBERS` VALUES("bouldcvi at isdn.mydomain.com",
> "password", NULL, "Service-Type=Framed-User",
> "Framed-Protocol=PPP,Framed-IP-Address=200.200.139.132,Framed-IP-
> Netmask=255.255.255.255,Framed-Routing=None,Framed-MTU=1500,Framed-
> Compression=Van-Jacobson-TCP-IP,Session-Timeout=14400,Idle-
> Timeout=600", "9999999");
>
> I'm debating the fact that it is their router. It seems they have a
> Cisco 803, and though there are bugs, none of them point to this
> issue. Nor was I able to find anything close.
>
> Hints? Suggestions?
>
> Thanks!
>
> Dan Vande More
>
> Debug info from issue #1:
>
>
> Mon Aug 4 14:43:45 2003: DEBUG: Packet dump:
> *** Received from 200.200.143.2 port 1645 ....
> Code: Access-Request
> Identifier: 48
> Authentic: he^<205>]<173><3><213><231>v<130><7>p<239><211>T
> Attributes:
> NAS-IP-Address = 200.200.143.2
> NAS-Port = 28
> NAS-Port-Type = Virtual
> User-Name = "dvmsherman at dsl.mydomain.com"
> User-Password =
> "<229><162><139><236>I<225><225><181><150><13>W<249><155>'W<6>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Mon Aug 4 14:43:45 2003: DEBUG: Handling request with Handler
> 'Realm=dsl.mydomain.com'
> Mon Aug 4 14:43:45 2003: DEBUG: Deleting session for
> dvmsherman at dsl.mydomain.com, 200.200.143.2, 2
> 8
> Mon Aug 4 14:43:45 2003: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='200.200.143
> .2' and NASPORT=028':
>
> Mon Aug 4 14:43:45 2003: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPA
> DDRESS from RADONLINE where USERNAME='dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:45 2003: DEBUG: Handling with Radius::AuthSQL
> Mon Aug 4 14:43:45 2003: DEBUG: Handling with Radius::AuthSQL:
> Mon Aug 4 14:43:45 2003: DEBUG: Query is: 'select PASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS
> where USERNAME = 'dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:45 2003: DEBUG: Radius::AuthSQL looks for match with
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:45 2003: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Aug 4 14:43:45 2003: DEBUG: Access accepted for
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:45 2003: DEBUG: Packet dump:
> *** Sending to 200.200.143.2 port 1645 ....
> Code: Access-Accept
> Identifier: 48
> Authentic: he^<205>]<173><3><213><231>v<130><7>p<239><211>T
> Attributes:
> Framed-IP-Address = 200.200.132.52
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Mon Aug 4 14:43:52 2003: DEBUG: Packet dump:
> *** Received from 200.200.143.2 port 1645 ....
> Code: Access-Request
> Identifier: 50
> Authentic: <163>0<206>I<209><251><7><159>.<166><183><143><230><173>b7
> Attributes:
> NAS-IP-Address = 200.200.143.2
> NAS-Port = 28
> NAS-Port-Type = Virtual
> User-Name = "dvmsherman at dsl.mydomain.com"
> User-Password =
> "rE<255><144><186>|>n<26>A<173><133>c<253>g<189>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Mon Aug 4 14:43:52 2003: DEBUG: Handling request with Handler
> 'Realm=dsl.mydomain.com'
> Mon Aug 4 14:43:52 2003: DEBUG: Deleting session for
> dvmsherman at dsl.mydomain.com, 200.200.143.2, 2
> 8
> Mon Aug 4 14:43:52 2003: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='200.200.143
> .2' and NASPORT=028':
>
> Mon Aug 4 14:43:52 2003: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPA
> DDRESS from RADONLINE where USERNAME='dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:52 2003: DEBUG: Handling with Radius::AuthSQL
> Mon Aug 4 14:43:52 2003: DEBUG: Handling with Radius::AuthSQL:
> Mon Aug 4 14:43:52 2003: DEBUG: Query is: 'select PASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS
> where USERNAME = 'dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL looks for match with
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Aug 4 14:43:52 2003: DEBUG: Access accepted for
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:52 2003: DEBUG: Packet dump:
> *** Sending to 200.200.143.2 port 1645 ....
> Code: Access-Accept
> Identifier: 50
> Authentic: <163>0<206>I<209><251><7><159>.<166><183><143><230><173>b7
> Attributes:
> Framed-IP-Address = 200.200.132.52
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
>
> Mon Aug 4 14:43:52 2003: DEBUG: Query is: 'select PASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS
> where USERNAME = 'dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL looks for match with
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:52 2003: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Aug 4 14:43:52 2003: DEBUG: Access accepted for
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:52 2003: DEBUG: Packet dump:
> *** Sending to 200.200.143.2 port 1645 ....
> Code: Access-Accept
> Identifier: 50
> Authentic: <163>0<206>I<209><251><7><159>.<166><183><143><230><173>b7
> Attributes:
> Framed-IP-Address = 200.200.132.52
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Mon Aug 4 14:43:58 2003: DEBUG: Packet dump:
> *** Received from 200.200.143.2 port 1645 ....
> Code: Access-Request
> Identifier: 52
> Authentic: e<209>b<205>#<227><227><200>{<127><143>"<254>q$<135>
> Attributes:
> NAS-IP-Address = 200.200.143.2
> NAS-Port = 28
> NAS-Port-Type = Virtual
> User-Name = "dvmsherman at dsl.mydomain.com"
> User-Password =
> "<145><148>]<203><23><6><2><205><158><228>k<180><165>8<226><209>"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Mon Aug 4 14:43:58 2003: DEBUG: Handling request with Handler
> 'Realm=dsl.mydomain.com'
> Mon Aug 4 14:43:58 2003: DEBUG: Deleting session for
> dvmsherman at dsl.mydomain.com, 200.200.143.2, 2
> 8
> Mon Aug 4 14:43:58 2003: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='200.200.143
> .2' and NASPORT=028':
>
> Mon Aug 4 14:43:58 2003: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPA
> DDRESS from RADONLINE where USERNAME='dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:58 2003: DEBUG: Handling with Radius::AuthSQL
> Mon Aug 4 14:43:58 2003: DEBUG: Handling with Radius::AuthSQL:
> Mon Aug 4 14:43:58 2003: DEBUG: Query is: 'select PASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS
> where USERNAME = 'dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:43:58 2003: DEBUG: Radius::AuthSQL looks for match with
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:58 2003: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Aug 4 14:43:58 2003: DEBUG: Access accepted for
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:43:58 2003: DEBUG: Packet dump:
> *** Sending to 200.200.143.2 port 1645 ....
> Code: Access-Accept
> Identifier: 52
> Authentic: e<209>b<205>#<227><227><200>{<127><143>"<254>q$<135>
> Attributes:
> Framed-IP-Address = 200.200.132.52
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
> Mon Aug 4 14:44:04 2003: DEBUG: Packet dump:
> *** Received from 200.200.143.2 port 1645 ....
> Code: Access-Request
> Identifier: 54
> Authentic:
> <22><20>t<<148><210><212><157><178>}<2><195><136><193><130>S
> Attributes:
> NAS-IP-Address = 200.200.143.2
> NAS-Port = 28
> NAS-Port-Type = Virtual
> User-Name = "dvmsherman at dsl.mydomain.com"
> User-Password =
> "L<253><4><209><179>7Up<219><170><192>g_<195><206>t"
> Service-Type = Framed-User
> Framed-Protocol = PPP
>
> Mon Aug 4 14:44:04 2003: DEBUG: Handling request with Handler
> 'Realm=dsl.mydomain.com'
> Mon Aug 4 14:44:04 2003: DEBUG: Deleting session for
> dvmsherman at dsl.mydomain.com, 200.200.143.2, 2
> 8
> Mon Aug 4 14:44:04 2003: DEBUG: do query is: 'delete from RADONLINE
> where NASIDENTIFIER='200.200.143
> .2' and NASPORT=028':
>
> Mon Aug 4 14:44:04 2003: DEBUG: Query is: 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPA
> DDRESS from RADONLINE where USERNAME='dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:44:04 2003: DEBUG: Handling with Radius::AuthSQL
> Mon Aug 4 14:44:04 2003: DEBUG: Handling with Radius::AuthSQL:
> Mon Aug 4 14:44:04 2003: DEBUG: Query is: 'select PASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS
> where USERNAME = 'dvmsherman at dsl.mydomain.com'':
>
> Mon Aug 4 14:44:04 2003: DEBUG: Radius::AuthSQL looks for match with
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:44:04 2003: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Aug 4 14:44:04 2003: DEBUG: Access accepted for
> dvmsherman at dsl.mydomain.com
> Mon Aug 4 14:44:04 2003: DEBUG: Packet dump:
> *** Sending to 200.200.143.2 port 1645 ....
> Code: Access-Accept
> Identifier: 54
> Authentic:
> <22><20>t<<148><210><212><157><178>}<2><195><136><193><130>S
> Attributes:
> Framed-IP-Address = 200.200.132.52
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP
>
>
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Sunday, August 03, 2003 7:56 PM
> To: Dan Vande More
> Subject: Re: (RADIATOR) Subdomain problem
>
>
>
> Hello Dan -
>
> Thanks for sending the information.
>
> I suspect the problem is with your AuthBy SQL clause, which should look
> more like this:
>
> <AuthBy SQL>
> DBSource dbi:mysql:otherstuff
> DBUsername username
> DBAuth password
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR, \
> from SUBSCRIBERS where USERNAME = %0
> AuthColumnDef 0, Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
> </AuthBy>
>
> See section 6.28 in the Radiator 3.6 reference manual ("doc/ref.html").
>
> This topic has also been discussed on the Radiator mailing list:
>
> www.open.com.au/archives/radiator
>
> regards
>
> Hugh
>
>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list