(RADIATOR) Redback Static IP Problem
Hugh Irvine
hugh at open.com.au
Thu Sep 4 00:25:24 CDT 2003
Hello Al -
As I can't find your name or email address in our database, I wonder
whether you could tell me the name of the company that has purchased
this copy of Radiator? Please reply to me directly.
I understand what you are trying to do, but your configuration file is
not correct.
The Auth-Type = CheckLDAP check item in your SQL database will cause
Radiator to send the authentication to LDAP. Therefore you only need
the AuthBy SQL clause in the Realm (you can think of it like a
subroutine call).
<Realm DEFAULT>
# the AuthBy LDAP2 clause will be called from the AuthBy SQL clause
<AuthBy SQL>
.....
</AuthBy>
.....
</Realm>
regards
Hugh
On Wednesday, Sep 3, 2003, at 22:59 Australia/Melbourne, Charles
Alexander McCain wrote:
> Hugh,
>
> We store our static ip customers in the users file, dynamic customers
> auth
> by ldap. The static customers also auth by ldap, but get their
> appropriate
> attributes from the users file. Currently, we are using the users file
> to
> store static information, but i am trying to put it all in mysql
> (hoping
> for easier automation). Our current setup works perfectly this way,
> but it
> doesn't seem to work with the mysql database. It appears as if the
> configuration from the old to the new is somewhat similiar.
> So basically, I want a customer to dial in, if he is dynamic,
> authenticate
> him by ldap, if he is static, get his attributes from the database and
> auth him with ldap.
>
> Am I making any sense?
>
> Thanks,
> Al
>
>
> On Wed, 3 Sep 2003, Hugh Irvine wrote:
>
>>
>> Hello AL -
>>
>> Thanks for the information.
>>
>> I must confess I am a bit confused about exactly how you want your
>> setup to operate. I can see the Auth-Type = LDAP below, and I can see
>> multiple AuthBy clauses in your Realm clause. Can you explain to me in
>> detail your requirements?
>>
>> regards
>>
>> Hugh
>>
>>
>> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles
>> Alexander McCain wrote:
>>
>>> Hugh,
>>>
>>> The users file entry looks something like this. I know i'm using
>>> mysql
>>> to
>>> house the users file, but i just took this entry from the file. It
>>> looks
>>> like this in the database. If you need my actual database entry,
>>> please
>>> let me know.
>>>
>>>
>>> user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5
>>> Service-Type = Framed-User,
>>> Framed-Protocol = PPP,
>>> Framed-IP-Address = 1.2.3.4,
>>> Framed-IP-Netmask = 255.255.255.255,
>>> Idle-Timeout = 0,
>>> Session-Timeout = 0
>>>
>>> And, I was wondering why i'm only seeing service type, and framed
>>> protocol
>>> ?
>>>
>>> Thanks,
>>> AL
>>>
>>> On Sat, 30 Aug 2003, Hugh Irvine wrote:
>>>
>>>>
>>>> Hello AL -
>>>>
>>>> This is what your configuration file is set up to return to the NAS:
>>>>
>>>>
>>>>> *** Sending to 64.91.105.5 port 1812 ....
>>>>> Code: Access-Accept
>>>>> Identifier: 107
>>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
>>>>> Attributes:
>>>>> Service-Type = Framed-User
>>>>> Framed-Protocol = PPP
>>>>
>>>> What other attributes do you want to send? And how do you want to
>>>> manage those attributes?
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles
>>>> Alexander McCain wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I'm having an issue with my redbacks. They cannot allocate ip
>>>>> addresses.
>>>>> In my trace 4, i notice that the user is not getting the attributes
>>>>> they
>>>>> need.
>>>>> How can this be fixed?
>>>>>
>>>>> Here is my config and trace4
>>>>>
>>>>> Thanks,
>>>>> AL
>>>>>
>>>>> ---------
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
>>>>> *** Received from 1.2.3.4 port 1812 ....
>>>>> Code: Access-Request
>>>>> Identifier: 107
>>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
>>>>> Attributes:
>>>>> User-Name = "user"
>>>>> User-Password =
>>>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:"
>>>>> NAS-Identifier = "rb"
>>>>> NAS-IP-Address = 1.2.3.4
>>>>> RB-NAS-Real-Port = 402850582
>>>>> Service-Type = Framed-User
>>>>> Framed-Protocol = PPP
>>>>> NAS-Port = 3892318919
>>>>> Connect-Info = "ubrc"
>>>>>
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user:
>>>>> syntax
>>>>> error at (eval 1787) line 2, at EOF
>>>>>
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use
>>>>> string
>>>>> ("") as a subroutine ref while "strict refs" in use at
>>>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
>>>>>
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
>>>>> 'Realm=DEFAULT'
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
>>>>> 1.2.3.4,
>>>>> 3892318919
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
>>>>> where
>>>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and
>>>>> NASPORT='3892318919'
>>>>>
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
>>>>> uid=searchuser,dc=domain,dc=net, password
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
>>>>> uid=user,ou=People,dc=domain,dc=net
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
>>>>> {crypt}cgoHd/FmCIXh.
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match
>>>>> with
>>>>> user
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
>>>>> NASPORT,
>>>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
>>>>>
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user
>>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
>>>>> *** Sending to 64.91.105.5 port 1812 ....
>>>>> Code: Access-Accept
>>>>> Identifier: 107
>>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
>>>>> Attributes:
>>>>> Service-Type = Framed-User
>>>>> Framed-Protocol = PPP
>>>>>
>>>>> -------------------------------------------------------------------
>>>>> --
>>>>> --
>>>>> ----
>>>>>
>>>>> #Foreground
>>>>> #LogStdout
>>>>> LogDir /var/adm/radacct
>>>>> DbDir /etc/raddb
>>>>> PreHandlerHook file:"%D/prehook"
>>>>>
>>>>> SnmpgetProg /usr/local/bin/snmpget
>>>>> Trace 4
>>>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
>>>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
>>>>> RewriteUsername s/\s+//g
>>>>> RewriteUsername tr/A-Z/a-z/
>>>>> <Client DEFAULT>
>>>>>
>>>>> Secret ******
>>>>> DupInterval 0
>>>>>
>>>>> </Client>
>>>>>
>>>>> <SessionDatabase SQL>
>>>>>
>>>>> DBSource dbi:mysql:radius:host
>>>>> DBUsername radtest
>>>>> DBAuth ******
>>>>> Identifier SQLS
>>>>>
>>>>> AddQuery insert into RADONLINE (USERNAME,\
>>>>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
>>>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \
>>>>> values ('%n', '%N',\
>>>>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
>>>>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
>>>>> '%{Service-Type}','%{Called-Station-Id}')
>>>>>
>>>>>
>>>>> DeleteQuery delete from RADONLINE where \
>>>>> USERNAME = '%n' and NASIDENTIFIER='%N' \
>>>>> and NASPORT='%{NAS-Port}'
>>>>>
>>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
>>>>>
>>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
>>>>> RADONLINE
>>>>> \
>>>>> where ACCTSESSIONID = '%{Acct-Session-Id}'
>>>>>
>>>>>
>>>>> </SessionDatabase>
>>>>>
>>>>>
>>>>> <ClientListSQL>
>>>>>
>>>>> DBSource dbi:mysql:radius
>>>>> DBUsername radtest
>>>>> DBAuth ******
>>>>>
>>>>> select
>>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
>>>>> \
>>>>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
>>>>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
>>>>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
>>>>> NOIGNOREDUPLICATES from RADCLIENTLIST
>>>>>
>>>>>
>>>>> </ClientListSQL>
>>>>> <AuthBy UNIX>
>>>>>
>>>>> DefaultSimultaneousUse 1
>>>>> Identifier System
>>>>> Filename /etc/shadow
>>>>>
>>>>> </AuthBy>
>>>>>
>>>>> <AuthBy LDAP2>
>>>>> DefaultSimultaneousUse 1
>>>>> Identifier LDAP
>>>>> Host 127.0.0.1
>>>>> Port 389
>>>>> AuthDN uid=searchuser,dc=domain,dc=net
>>>>> AuthPassword *****
>>>>> BaseDN %0=%1,ou=people,dc=domain,dc=net
>>>>> Scope base
>>>>> UsernameAttr uid
>>>>> PasswordAttr userPassword
>>>>> HoldServerConnection
>>>>> SearchFilter (&(gecos=active)(uid=%1))
>>>>> AuthAttrDef gidNumber, gid-attr, request
>>>>> DefaultReply
>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>> </AuthBy>
>>>>> <AuthBy SQL>
>>>>> NoDefault
>>>>> DefaultSimultaneousUse 1
>>>>> Identifier CheckSQL
>>>>>
>>>>> DBSource dbi:mysql:radius:domain
>>>>> DBUsername radtest
>>>>> DBAuth *******
>>>>>
>>>>>
>>>>> AccountingTable ACCOUNTING
>>>>> AcctColumnDef USERNAME,User-Name
>>>>> AcctColumnDef TIME_STAMP,Timestamp,integer
>>>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>>>> AcctColumnDef
>>>>> ACCTDELAYTIME,Acct-Delay-Time,integer
>>>>> AcctColumnDef
>>>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
>>>>> AcctColumnDef
>>>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>>>> AcctColumnDef
>>>>> ACCTSESSIONTIME,Acct-Session-Time,integer
>>>>> AcctColumnDef
>>>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>>>> AcctColumnDef NASPORT,NAS-Port,integer
>>>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>>>>>
>>>>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
>>>>> from SUBSCRIBERS \
>>>>> where USERNAME=%0
>>>>>
>>>>> AuthColumnDef 0, User-Password, check
>>>>> AuthColumnDef 1, GENERIC, check
>>>>> AuthColumnDef 2, GENERIC, reply
>>>>> DefaultReply
>>>>> Service-Type=Framed-User,Framed-Protocol=PPP
>>>>>
>>>>>
>>>>> </AuthBy>
>>>>> <Realm DEFAULT>
>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>>
>>>>>
>>>>> PostAuthHook file:"%D/postHook"
>>>>> AcctLogFileName %L/%N/detail
>>>>>
>>>>>
>>>>>
>>>>> #AuthByPolicy ContinueWhileReject
>>>>> AuthByPolicy ContinueUntilAccept
>>>>> AuthBy LDAP
>>>>> AuthBy CheckSQL
>>>>> AuthBy System
>>>>>
>>>>>
>>>>> </Realm>
>>>>>
>>>>> ===
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>
>>>> NB: have you included a copy of your configuration file (no
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database
>>>> independence.
>>>>
>>>>
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list