(RADIATOR) Redback Static IP Problem
Charles Alexander McCain
mccain at unixatlas.com
Wed Sep 3 07:59:33 CDT 2003
Hugh,
We store our static ip customers in the users file, dynamic customers auth
by ldap. The static customers also auth by ldap, but get their appropriate
attributes from the users file. Currently, we are using the users file to
store static information, but i am trying to put it all in mysql (hoping
for easier automation). Our current setup works perfectly this way, but it
doesn't seem to work with the mysql database. It appears as if the
configuration from the old to the new is somewhat similiar.
So basically, I want a customer to dial in, if he is dynamic, authenticate
him by ldap, if he is static, get his attributes from the database and
auth him with ldap.
Am I making any sense?
Thanks,
Al
On Wed, 3 Sep 2003, Hugh Irvine wrote:
>
> Hello AL -
>
> Thanks for the information.
>
> I must confess I am a bit confused about exactly how you want your
> setup to operate. I can see the Auth-Type = LDAP below, and I can see
> multiple AuthBy clauses in your Realm clause. Can you explain to me in
> detail your requirements?
>
> regards
>
> Hugh
>
>
> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles
> Alexander McCain wrote:
>
> > Hugh,
> >
> > The users file entry looks something like this. I know i'm using mysql
> > to
> > house the users file, but i just took this entry from the file. It
> > looks
> > like this in the database. If you need my actual database entry, please
> > let me know.
> >
> >
> > user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5
> > Service-Type = Framed-User,
> > Framed-Protocol = PPP,
> > Framed-IP-Address = 1.2.3.4,
> > Framed-IP-Netmask = 255.255.255.255,
> > Idle-Timeout = 0,
> > Session-Timeout = 0
> >
> > And, I was wondering why i'm only seeing service type, and framed
> > protocol
> > ?
> >
> > Thanks,
> > AL
> >
> > On Sat, 30 Aug 2003, Hugh Irvine wrote:
> >
> >>
> >> Hello AL -
> >>
> >> This is what your configuration file is set up to return to the NAS:
> >>
> >>
> >>> *** Sending to 64.91.105.5 port 1812 ....
> >>> Code: Access-Accept
> >>> Identifier: 107
> >>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> >>> Attributes:
> >>> Service-Type = Framed-User
> >>> Framed-Protocol = PPP
> >>
> >> What other attributes do you want to send? And how do you want to
> >> manage those attributes?
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles
> >> Alexander McCain wrote:
> >>
> >>> Hello,
> >>>
> >>> I'm having an issue with my redbacks. They cannot allocate ip
> >>> addresses.
> >>> In my trace 4, i notice that the user is not getting the attributes
> >>> they
> >>> need.
> >>> How can this be fixed?
> >>>
> >>> Here is my config and trace4
> >>>
> >>> Thanks,
> >>> AL
> >>>
> >>> ---------
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> >>> *** Received from 1.2.3.4 port 1812 ....
> >>> Code: Access-Request
> >>> Identifier: 107
> >>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> >>> Attributes:
> >>> User-Name = "user"
> >>> User-Password =
> >>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:"
> >>> NAS-Identifier = "rb"
> >>> NAS-IP-Address = 1.2.3.4
> >>> RB-NAS-Real-Port = 402850582
> >>> Service-Type = Framed-User
> >>> Framed-Protocol = PPP
> >>> NAS-Port = 3892318919
> >>> Connect-Info = "ubrc"
> >>>
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user:
> >>> syntax
> >>> error at (eval 1787) line 2, at EOF
> >>>
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use
> >>> string
> >>> ("") as a subroutine ref while "strict refs" in use at
> >>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
> >>>
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
> >>> 'Realm=DEFAULT'
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
> >>> 1.2.3.4,
> >>> 3892318919
> >>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
> >>> where
> >>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and
> >>> NASPORT='3892318919'
> >>>
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
> >>> uid=searchuser,dc=domain,dc=net, password
> >>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
> >>> uid=user,ou=People,dc=domain,dc=net
> >>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
> >>> {crypt}cgoHd/FmCIXh.
> >>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match
> >>> with
> >>> user
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
> >>> NASPORT,
> >>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
> >>>
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user
> >>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> >>> *** Sending to 64.91.105.5 port 1812 ....
> >>> Code: Access-Accept
> >>> Identifier: 107
> >>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> >>> Attributes:
> >>> Service-Type = Framed-User
> >>> Framed-Protocol = PPP
> >>>
> >>> ---------------------------------------------------------------------
> >>> --
> >>> ----
> >>>
> >>> #Foreground
> >>> #LogStdout
> >>> LogDir /var/adm/radacct
> >>> DbDir /etc/raddb
> >>> PreHandlerHook file:"%D/prehook"
> >>>
> >>> SnmpgetProg /usr/local/bin/snmpget
> >>> Trace 4
> >>> RewriteUsername s/^([^@]+)\@domain.net/$1/
> >>> RewriteUsername s/^([^@]+)\@domain.net/$1/
> >>> RewriteUsername s/\s+//g
> >>> RewriteUsername tr/A-Z/a-z/
> >>> <Client DEFAULT>
> >>>
> >>> Secret ******
> >>> DupInterval 0
> >>>
> >>> </Client>
> >>>
> >>> <SessionDatabase SQL>
> >>>
> >>> DBSource dbi:mysql:radius:host
> >>> DBUsername radtest
> >>> DBAuth ******
> >>> Identifier SQLS
> >>>
> >>> AddQuery insert into RADONLINE (USERNAME,\
> >>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
> >>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \
> >>> values ('%n', '%N',\
> >>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
> >>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
> >>> '%{Service-Type}','%{Called-Station-Id}')
> >>>
> >>>
> >>> DeleteQuery delete from RADONLINE where \
> >>> USERNAME = '%n' and NASIDENTIFIER='%N' \
> >>> and NASPORT='%{NAS-Port}'
> >>>
> >>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> >>>
> >>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> >>> RADONLINE
> >>> \
> >>> where ACCTSESSIONID = '%{Acct-Session-Id}'
> >>>
> >>>
> >>> </SessionDatabase>
> >>>
> >>>
> >>> <ClientListSQL>
> >>>
> >>> DBSource dbi:mysql:radius
> >>> DBUsername radtest
> >>> DBAuth ******
> >>>
> >>> select NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
> >>> \
> >>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
> >>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
> >>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
> >>> NOIGNOREDUPLICATES from RADCLIENTLIST
> >>>
> >>>
> >>> </ClientListSQL>
> >>> <AuthBy UNIX>
> >>>
> >>> DefaultSimultaneousUse 1
> >>> Identifier System
> >>> Filename /etc/shadow
> >>>
> >>> </AuthBy>
> >>>
> >>> <AuthBy LDAP2>
> >>> DefaultSimultaneousUse 1
> >>> Identifier LDAP
> >>> Host 127.0.0.1
> >>> Port 389
> >>> AuthDN uid=searchuser,dc=domain,dc=net
> >>> AuthPassword *****
> >>> BaseDN %0=%1,ou=people,dc=domain,dc=net
> >>> Scope base
> >>> UsernameAttr uid
> >>> PasswordAttr userPassword
> >>> HoldServerConnection
> >>> SearchFilter (&(gecos=active)(uid=%1))
> >>> AuthAttrDef gidNumber, gid-attr, request
> >>> DefaultReply
> >>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>> </AuthBy>
> >>> <AuthBy SQL>
> >>> NoDefault
> >>> DefaultSimultaneousUse 1
> >>> Identifier CheckSQL
> >>>
> >>> DBSource dbi:mysql:radius:domain
> >>> DBUsername radtest
> >>> DBAuth *******
> >>>
> >>>
> >>> AccountingTable ACCOUNTING
> >>> AcctColumnDef USERNAME,User-Name
> >>> AcctColumnDef TIME_STAMP,Timestamp,integer
> >>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> >>> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> >>> AcctColumnDef
> >>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> >>> AcctColumnDef
> >>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> >>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> >>> AcctColumnDef
> >>> ACCTSESSIONTIME,Acct-Session-Time,integer
> >>> AcctColumnDef
> >>> ACCTTERMINATECAUSE,Acct-Terminate-Cause
> >>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> >>> AcctColumnDef NASPORT,NAS-Port,integer
> >>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> >>>
> >>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> >>> from SUBSCRIBERS \
> >>> where USERNAME=%0
> >>>
> >>> AuthColumnDef 0, User-Password, check
> >>> AuthColumnDef 1, GENERIC, check
> >>> AuthColumnDef 2, GENERIC, reply
> >>> DefaultReply
> >>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>
> >>>
> >>> </AuthBy>
> >>> <Realm DEFAULT>
> >>> RewriteUsername s/^([^@]+).*/$1/
> >>>
> >>>
> >>> PostAuthHook file:"%D/postHook"
> >>> AcctLogFileName %L/%N/detail
> >>>
> >>>
> >>>
> >>> #AuthByPolicy ContinueWhileReject
> >>> AuthByPolicy ContinueUntilAccept
> >>> AuthBy LDAP
> >>> AuthBy CheckSQL
> >>> AuthBy System
> >>>
> >>>
> >>> </Realm>
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> NB: have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >>
> >>
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list