(RADIATOR) Redback Static IP Problem
Charles Alexander McCain
mccain at unixatlas.com
Thu Sep 4 08:10:12 CDT 2003
Hugh,
What about my dynamic users ? Dialup and ADSL share the same realm. If i
have a realm with only AuthBY SQL in it, how exactly will they interact
with ldap ? I'm sure you're right, i am just curious as to how that works.
Thanks,
Al
On Thu, 4 Sep 2003, Hugh Irvine wrote:
>
> Hello Al -
>
> As I can't find your name or email address in our database, I wonder
> whether you could tell me the name of the company that has purchased
> this copy of Radiator? Please reply to me directly.
>
> I understand what you are trying to do, but your configuration file is
> not correct.
>
> The Auth-Type = CheckLDAP check item in your SQL database will cause
> Radiator to send the authentication to LDAP. Therefore you only need
> the AuthBy SQL clause in the Realm (you can think of it like a
> subroutine call).
>
> <Realm DEFAULT>
> # the AuthBy LDAP2 clause will be called from the AuthBy SQL clause
> <AuthBy SQL>
> .....
> </AuthBy>
> .....
> </Realm>
>
> regards
>
> Hugh
>
>
> On Wednesday, Sep 3, 2003, at 22:59 Australia/Melbourne, Charles
> Alexander McCain wrote:
>
> > Hugh,
> >
> > We store our static ip customers in the users file, dynamic customers
> > auth
> > by ldap. The static customers also auth by ldap, but get their
> > appropriate
> > attributes from the users file. Currently, we are using the users file
> > to
> > store static information, but i am trying to put it all in mysql
> > (hoping
> > for easier automation). Our current setup works perfectly this way,
> > but it
> > doesn't seem to work with the mysql database. It appears as if the
> > configuration from the old to the new is somewhat similiar.
> > So basically, I want a customer to dial in, if he is dynamic,
> > authenticate
> > him by ldap, if he is static, get his attributes from the database and
> > auth him with ldap.
> >
> > Am I making any sense?
> >
> > Thanks,
> > Al
> >
> >
> > On Wed, 3 Sep 2003, Hugh Irvine wrote:
> >
> >>
> >> Hello AL -
> >>
> >> Thanks for the information.
> >>
> >> I must confess I am a bit confused about exactly how you want your
> >> setup to operate. I can see the Auth-Type = LDAP below, and I can see
> >> multiple AuthBy clauses in your Realm clause. Can you explain to me in
> >> detail your requirements?
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles
> >> Alexander McCain wrote:
> >>
> >>> Hugh,
> >>>
> >>> The users file entry looks something like this. I know i'm using
> >>> mysql
> >>> to
> >>> house the users file, but i just took this entry from the file. It
> >>> looks
> >>> like this in the database. If you need my actual database entry,
> >>> please
> >>> let me know.
> >>>
> >>>
> >>> user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5
> >>> Service-Type = Framed-User,
> >>> Framed-Protocol = PPP,
> >>> Framed-IP-Address = 1.2.3.4,
> >>> Framed-IP-Netmask = 255.255.255.255,
> >>> Idle-Timeout = 0,
> >>> Session-Timeout = 0
> >>>
> >>> And, I was wondering why i'm only seeing service type, and framed
> >>> protocol
> >>> ?
> >>>
> >>> Thanks,
> >>> AL
> >>>
> >>> On Sat, 30 Aug 2003, Hugh Irvine wrote:
> >>>
> >>>>
> >>>> Hello AL -
> >>>>
> >>>> This is what your configuration file is set up to return to the NAS:
> >>>>
> >>>>
> >>>>> *** Sending to 64.91.105.5 port 1812 ....
> >>>>> Code: Access-Accept
> >>>>> Identifier: 107
> >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> >>>>> Attributes:
> >>>>> Service-Type = Framed-User
> >>>>> Framed-Protocol = PPP
> >>>>
> >>>> What other attributes do you want to send? And how do you want to
> >>>> manage those attributes?
> >>>>
> >>>> regards
> >>>>
> >>>> Hugh
> >>>>
> >>>>
> >>>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles
> >>>> Alexander McCain wrote:
> >>>>
> >>>>> Hello,
> >>>>>
> >>>>> I'm having an issue with my redbacks. They cannot allocate ip
> >>>>> addresses.
> >>>>> In my trace 4, i notice that the user is not getting the attributes
> >>>>> they
> >>>>> need.
> >>>>> How can this be fixed?
> >>>>>
> >>>>> Here is my config and trace4
> >>>>>
> >>>>> Thanks,
> >>>>> AL
> >>>>>
> >>>>> ---------
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> >>>>> *** Received from 1.2.3.4 port 1812 ....
> >>>>> Code: Access-Request
> >>>>> Identifier: 107
> >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> >>>>> Attributes:
> >>>>> User-Name = "user"
> >>>>> User-Password =
> >>>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:"
> >>>>> NAS-Identifier = "rb"
> >>>>> NAS-IP-Address = 1.2.3.4
> >>>>> RB-NAS-Real-Port = 402850582
> >>>>> Service-Type = Framed-User
> >>>>> Framed-Protocol = PPP
> >>>>> NAS-Port = 3892318919
> >>>>> Connect-Info = "ubrc"
> >>>>>
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user:
> >>>>> syntax
> >>>>> error at (eval 1787) line 2, at EOF
> >>>>>
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use
> >>>>> string
> >>>>> ("") as a subroutine ref while "strict refs" in use at
> >>>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
> >>>>>
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
> >>>>> 'Realm=DEFAULT'
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
> >>>>> 1.2.3.4,
> >>>>> 3892318919
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
> >>>>> where
> >>>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and
> >>>>> NASPORT='3892318919'
> >>>>>
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
> >>>>> uid=searchuser,dc=domain,dc=net, password
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
> >>>>> uid=user,ou=People,dc=domain,dc=net
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
> >>>>> {crypt}cgoHd/FmCIXh.
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match
> >>>>> with
> >>>>> user
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
> >>>>> NASPORT,
> >>>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
> >>>>>
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user
> >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> >>>>> *** Sending to 64.91.105.5 port 1812 ....
> >>>>> Code: Access-Accept
> >>>>> Identifier: 107
> >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> >>>>> Attributes:
> >>>>> Service-Type = Framed-User
> >>>>> Framed-Protocol = PPP
> >>>>>
> >>>>> -------------------------------------------------------------------
> >>>>> --
> >>>>> --
> >>>>> ----
> >>>>>
> >>>>> #Foreground
> >>>>> #LogStdout
> >>>>> LogDir /var/adm/radacct
> >>>>> DbDir /etc/raddb
> >>>>> PreHandlerHook file:"%D/prehook"
> >>>>>
> >>>>> SnmpgetProg /usr/local/bin/snmpget
> >>>>> Trace 4
> >>>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
> >>>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
> >>>>> RewriteUsername s/\s+//g
> >>>>> RewriteUsername tr/A-Z/a-z/
> >>>>> <Client DEFAULT>
> >>>>>
> >>>>> Secret ******
> >>>>> DupInterval 0
> >>>>>
> >>>>> </Client>
> >>>>>
> >>>>> <SessionDatabase SQL>
> >>>>>
> >>>>> DBSource dbi:mysql:radius:host
> >>>>> DBUsername radtest
> >>>>> DBAuth ******
> >>>>> Identifier SQLS
> >>>>>
> >>>>> AddQuery insert into RADONLINE (USERNAME,\
> >>>>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
> >>>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \
> >>>>> values ('%n', '%N',\
> >>>>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
> >>>>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
> >>>>> '%{Service-Type}','%{Called-Station-Id}')
> >>>>>
> >>>>>
> >>>>> DeleteQuery delete from RADONLINE where \
> >>>>> USERNAME = '%n' and NASIDENTIFIER='%N' \
> >>>>> and NASPORT='%{NAS-Port}'
> >>>>>
> >>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> >>>>>
> >>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> >>>>> RADONLINE
> >>>>> \
> >>>>> where ACCTSESSIONID = '%{Acct-Session-Id}'
> >>>>>
> >>>>>
> >>>>> </SessionDatabase>
> >>>>>
> >>>>>
> >>>>> <ClientListSQL>
> >>>>>
> >>>>> DBSource dbi:mysql:radius
> >>>>> DBUsername radtest
> >>>>> DBAuth ******
> >>>>>
> >>>>> select
> >>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
> >>>>> \
> >>>>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
> >>>>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
> >>>>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
> >>>>> NOIGNOREDUPLICATES from RADCLIENTLIST
> >>>>>
> >>>>>
> >>>>> </ClientListSQL>
> >>>>> <AuthBy UNIX>
> >>>>>
> >>>>> DefaultSimultaneousUse 1
> >>>>> Identifier System
> >>>>> Filename /etc/shadow
> >>>>>
> >>>>> </AuthBy>
> >>>>>
> >>>>> <AuthBy LDAP2>
> >>>>> DefaultSimultaneousUse 1
> >>>>> Identifier LDAP
> >>>>> Host 127.0.0.1
> >>>>> Port 389
> >>>>> AuthDN uid=searchuser,dc=domain,dc=net
> >>>>> AuthPassword *****
> >>>>> BaseDN %0=%1,ou=people,dc=domain,dc=net
> >>>>> Scope base
> >>>>> UsernameAttr uid
> >>>>> PasswordAttr userPassword
> >>>>> HoldServerConnection
> >>>>> SearchFilter (&(gecos=active)(uid=%1))
> >>>>> AuthAttrDef gidNumber, gid-attr, request
> >>>>> DefaultReply
> >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>>> </AuthBy>
> >>>>> <AuthBy SQL>
> >>>>> NoDefault
> >>>>> DefaultSimultaneousUse 1
> >>>>> Identifier CheckSQL
> >>>>>
> >>>>> DBSource dbi:mysql:radius:domain
> >>>>> DBUsername radtest
> >>>>> DBAuth *******
> >>>>>
> >>>>>
> >>>>> AccountingTable ACCOUNTING
> >>>>> AcctColumnDef USERNAME,User-Name
> >>>>> AcctColumnDef TIME_STAMP,Timestamp,integer
> >>>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> >>>>> AcctColumnDef
> >>>>> ACCTDELAYTIME,Acct-Delay-Time,integer
> >>>>> AcctColumnDef
> >>>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> >>>>> AcctColumnDef
> >>>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> >>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> >>>>> AcctColumnDef
> >>>>> ACCTSESSIONTIME,Acct-Session-Time,integer
> >>>>> AcctColumnDef
> >>>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause
> >>>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> >>>>> AcctColumnDef NASPORT,NAS-Port,integer
> >>>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> >>>>>
> >>>>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> >>>>> from SUBSCRIBERS \
> >>>>> where USERNAME=%0
> >>>>>
> >>>>> AuthColumnDef 0, User-Password, check
> >>>>> AuthColumnDef 1, GENERIC, check
> >>>>> AuthColumnDef 2, GENERIC, reply
> >>>>> DefaultReply
> >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> >>>>>
> >>>>>
> >>>>> </AuthBy>
> >>>>> <Realm DEFAULT>
> >>>>> RewriteUsername s/^([^@]+).*/$1/
> >>>>>
> >>>>>
> >>>>> PostAuthHook file:"%D/postHook"
> >>>>> AcctLogFileName %L/%N/detail
> >>>>>
> >>>>>
> >>>>>
> >>>>> #AuthByPolicy ContinueWhileReject
> >>>>> AuthByPolicy ContinueUntilAccept
> >>>>> AuthBy LDAP
> >>>>> AuthBy CheckSQL
> >>>>> AuthBy System
> >>>>>
> >>>>>
> >>>>> </Realm>
> >>>>>
> >>>>> ===
> >>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>> Announcements on radiator-announce at open.com.au
> >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>
> >>>>>
> >>>>
> >>>> NB: have you included a copy of your configuration file (no
> >>>> secrets),
> >>>> together with a trace 4 debug showing what is happening?
> >>>>
> >>>> --
> >>>> Radiator: the most portable, flexible and configurable RADIUS server
> >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>> -
> >>>> Nets: internetwork inventory and management - graphical, extensible,
> >>>> flexible with hardware, software, platform and database
> >>>> independence.
> >>>>
> >>>>
> >>>
> >>>
> >>
> >> NB: have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >>
> >>
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list