(RADIATOR) Redback Static IP Problem
Hugh Irvine
hugh at open.com.au
Tue Sep 2 17:16:25 CDT 2003
Hello AL -
Thanks for the information.
I must confess I am a bit confused about exactly how you want your
setup to operate. I can see the Auth-Type = LDAP below, and I can see
multiple AuthBy clauses in your Realm clause. Can you explain to me in
detail your requirements?
regards
Hugh
On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles
Alexander McCain wrote:
> Hugh,
>
> The users file entry looks something like this. I know i'm using mysql
> to
> house the users file, but i just took this entry from the file. It
> looks
> like this in the database. If you need my actual database entry, please
> let me know.
>
>
> user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 1.2.3.4,
> Framed-IP-Netmask = 255.255.255.255,
> Idle-Timeout = 0,
> Session-Timeout = 0
>
> And, I was wondering why i'm only seeing service type, and framed
> protocol
> ?
>
> Thanks,
> AL
>
> On Sat, 30 Aug 2003, Hugh Irvine wrote:
>
>>
>> Hello AL -
>>
>> This is what your configuration file is set up to return to the NAS:
>>
>>
>>> *** Sending to 64.91.105.5 port 1812 ....
>>> Code: Access-Accept
>>> Identifier: 107
>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
>>> Attributes:
>>> Service-Type = Framed-User
>>> Framed-Protocol = PPP
>>
>> What other attributes do you want to send? And how do you want to
>> manage those attributes?
>>
>> regards
>>
>> Hugh
>>
>>
>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles
>> Alexander McCain wrote:
>>
>>> Hello,
>>>
>>> I'm having an issue with my redbacks. They cannot allocate ip
>>> addresses.
>>> In my trace 4, i notice that the user is not getting the attributes
>>> they
>>> need.
>>> How can this be fixed?
>>>
>>> Here is my config and trace4
>>>
>>> Thanks,
>>> AL
>>>
>>> ---------
>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
>>> *** Received from 1.2.3.4 port 1812 ....
>>> Code: Access-Request
>>> Identifier: 107
>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
>>> Attributes:
>>> User-Name = "user"
>>> User-Password =
>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:"
>>> NAS-Identifier = "rb"
>>> NAS-IP-Address = 1.2.3.4
>>> RB-NAS-Real-Port = 402850582
>>> Service-Type = Framed-User
>>> Framed-Protocol = PPP
>>> NAS-Port = 3892318919
>>> Connect-Info = "ubrc"
>>>
>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user:
>>> syntax
>>> error at (eval 1787) line 2, at EOF
>>>
>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use
>>> string
>>> ("") as a subroutine ref while "strict refs" in use at
>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
>>>
>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
>>> 'Realm=DEFAULT'
>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
>>> 1.2.3.4,
>>> 3892318919
>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
>>> where
>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and
>>> NASPORT='3892318919'
>>>
>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
>>> uid=searchuser,dc=domain,dc=net, password
>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
>>> uid=user,ou=People,dc=domain,dc=net
>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
>>> {crypt}cgoHd/FmCIXh.
>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match
>>> with
>>> user
>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
>>> NASPORT,
>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
>>>
>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user
>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
>>> *** Sending to 64.91.105.5 port 1812 ....
>>> Code: Access-Accept
>>> Identifier: 107
>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
>>> Attributes:
>>> Service-Type = Framed-User
>>> Framed-Protocol = PPP
>>>
>>> ---------------------------------------------------------------------
>>> --
>>> ----
>>>
>>> #Foreground
>>> #LogStdout
>>> LogDir /var/adm/radacct
>>> DbDir /etc/raddb
>>> PreHandlerHook file:"%D/prehook"
>>>
>>> SnmpgetProg /usr/local/bin/snmpget
>>> Trace 4
>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
>>> RewriteUsername s/\s+//g
>>> RewriteUsername tr/A-Z/a-z/
>>> <Client DEFAULT>
>>>
>>> Secret ******
>>> DupInterval 0
>>>
>>> </Client>
>>>
>>> <SessionDatabase SQL>
>>>
>>> DBSource dbi:mysql:radius:host
>>> DBUsername radtest
>>> DBAuth ******
>>> Identifier SQLS
>>>
>>> AddQuery insert into RADONLINE (USERNAME,\
>>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \
>>> values ('%n', '%N',\
>>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
>>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
>>> '%{Service-Type}','%{Called-Station-Id}')
>>>
>>>
>>> DeleteQuery delete from RADONLINE where \
>>> USERNAME = '%n' and NASIDENTIFIER='%N' \
>>> and NASPORT='%{NAS-Port}'
>>>
>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
>>>
>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
>>> RADONLINE
>>> \
>>> where ACCTSESSIONID = '%{Acct-Session-Id}'
>>>
>>>
>>> </SessionDatabase>
>>>
>>>
>>> <ClientListSQL>
>>>
>>> DBSource dbi:mysql:radius
>>> DBUsername radtest
>>> DBAuth ******
>>>
>>> select NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
>>> \
>>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
>>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
>>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
>>> NOIGNOREDUPLICATES from RADCLIENTLIST
>>>
>>>
>>> </ClientListSQL>
>>> <AuthBy UNIX>
>>>
>>> DefaultSimultaneousUse 1
>>> Identifier System
>>> Filename /etc/shadow
>>>
>>> </AuthBy>
>>>
>>> <AuthBy LDAP2>
>>> DefaultSimultaneousUse 1
>>> Identifier LDAP
>>> Host 127.0.0.1
>>> Port 389
>>> AuthDN uid=searchuser,dc=domain,dc=net
>>> AuthPassword *****
>>> BaseDN %0=%1,ou=people,dc=domain,dc=net
>>> Scope base
>>> UsernameAttr uid
>>> PasswordAttr userPassword
>>> HoldServerConnection
>>> SearchFilter (&(gecos=active)(uid=%1))
>>> AuthAttrDef gidNumber, gid-attr, request
>>> DefaultReply
>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>> </AuthBy>
>>> <AuthBy SQL>
>>> NoDefault
>>> DefaultSimultaneousUse 1
>>> Identifier CheckSQL
>>>
>>> DBSource dbi:mysql:radius:domain
>>> DBUsername radtest
>>> DBAuth *******
>>>
>>>
>>> AccountingTable ACCOUNTING
>>> AcctColumnDef USERNAME,User-Name
>>> AcctColumnDef TIME_STAMP,Timestamp,integer
>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>>> AcctColumnDef
>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
>>> AcctColumnDef
>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>> AcctColumnDef
>>> ACCTSESSIONTIME,Acct-Session-Time,integer
>>> AcctColumnDef
>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>> AcctColumnDef NASPORT,NAS-Port,integer
>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>>>
>>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
>>> from SUBSCRIBERS \
>>> where USERNAME=%0
>>>
>>> AuthColumnDef 0, User-Password, check
>>> AuthColumnDef 1, GENERIC, check
>>> AuthColumnDef 2, GENERIC, reply
>>> DefaultReply
>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>
>>>
>>> </AuthBy>
>>> <Realm DEFAULT>
>>> RewriteUsername s/^([^@]+).*/$1/
>>>
>>>
>>> PostAuthHook file:"%D/postHook"
>>> AcctLogFileName %L/%N/detail
>>>
>>>
>>>
>>> #AuthByPolicy ContinueWhileReject
>>> AuthByPolicy ContinueUntilAccept
>>> AuthBy LDAP
>>> AuthBy CheckSQL
>>> AuthBy System
>>>
>>>
>>> </Realm>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list