(RADIATOR) Redback Static IP Problem

Charles Alexander McCain mccain at unixatlas.com
Thu Sep 4 10:39:58 CDT 2003


Hugh, 

I tried, what you had told me, it seems to work that way, however some of 
the static users aren't getting their ip's . This is happening at random, 
and i cannot tell that there is anything special about them besides being 
static. The nas reports that they cannot pull the ip. 
The trace 4 i sent previously should show the problem we're seeing. 
I can't seem to figure this one out. Seems like a very strange problem 
with it happening at random.

Thanks, 
Al 


On Thu, 4 Sep 2003, Charles Alexander McCain wrote:

> 
> Hugh, 
> 
> What about my dynamic users ? Dialup and ADSL share the same realm. If i 
> have a realm with only AuthBY SQL in it, how exactly will they interact 
> with ldap ? I'm sure you're right, i am just curious as to how that works. 
> 
> Thanks, 
> Al 
> 
> 
> On Thu, 4 Sep 2003, Hugh Irvine wrote:
> 
> > 
> > Hello Al -
> > 
> > As I can't find your name or email address in our database, I wonder  
> > whether you could tell me the name of the company that has purchased  
> > this copy of Radiator? Please reply to me directly.
> > 
> > I understand what you are trying to do, but your configuration file is  
> > not correct.
> > 
> > The Auth-Type = CheckLDAP check item in your SQL database will cause  
> > Radiator to send the authentication to LDAP. Therefore you only need  
> > the AuthBy SQL clause in the Realm (you can think of it like a  
> > subroutine call).
> > 
> > <Realm DEFAULT>
> > 	# the AuthBy LDAP2 clause will be called from the AuthBy SQL clause
> > 	<AuthBy SQL>
> > 		.....
> > 	</AuthBy>
> > 	.....
> > </Realm>
> > 
> > regards
> > 
> > Hugh
> > 
> > 
> > On Wednesday, Sep 3, 2003, at 22:59 Australia/Melbourne, Charles  
> > Alexander McCain wrote:
> > 
> > > Hugh,
> > >
> > > We store our static ip customers in the users file, dynamic customers  
> > > auth
> > > by ldap. The static customers also auth by ldap, but get their  
> > > appropriate
> > > attributes from the users file. Currently, we are using the users file  
> > > to
> > > store static information, but i am trying to put it all in mysql  
> > > (hoping
> > > for easier automation). Our current setup works perfectly this way,  
> > > but it
> > > doesn't seem to work with the mysql database. It appears as if the
> > > configuration from the old to the new is somewhat similiar.
> > > So basically, I want a customer to dial in, if he is dynamic,  
> > > authenticate
> > > him by ldap, if he is static, get his attributes from the database and
> > > auth him with ldap.
> > >
> > > Am I making any sense?
> > >
> > > Thanks,
> > > Al
> > >
> > >
> > > On Wed, 3 Sep 2003, Hugh Irvine wrote:
> > >
> > >>
> > >> Hello AL -
> > >>
> > >> Thanks for the information.
> > >>
> > >> I must confess I am a bit confused about exactly how you want your
> > >> setup to operate. I can see the Auth-Type = LDAP below, and I can see
> > >> multiple AuthBy clauses in your Realm clause. Can you explain to me in
> > >> detail your requirements?
> > >>
> > >> regards
> > >>
> > >> Hugh
> > >>
> > >>
> > >> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles
> > >> Alexander McCain wrote:
> > >>
> > >>> Hugh,
> > >>>
> > >>> The users file entry looks something like this. I know i'm using  
> > >>> mysql
> > >>> to
> > >>> house the users file, but i just took this entry from the file. It
> > >>> looks
> > >>> like this in the database. If you need my actual database entry,  
> > >>> please
> > >>> let me know.
> > >>>
> > >>>
> > >>> user           Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5
> > >>>                Service-Type = Framed-User,
> > >>>                Framed-Protocol = PPP,
> > >>>                Framed-IP-Address = 1.2.3.4,
> > >>>                Framed-IP-Netmask = 255.255.255.255,
> > >>>                Idle-Timeout = 0,
> > >>>                Session-Timeout = 0
> > >>>
> > >>> And, I was wondering why i'm only seeing service type, and framed
> > >>> protocol
> > >>> ?
> > >>>
> > >>> Thanks,
> > >>> AL
> > >>>
> > >>> On Sat, 30 Aug 2003, Hugh Irvine wrote:
> > >>>
> > >>>>
> > >>>> Hello AL -
> > >>>>
> > >>>> This is what your configuration file is set up to return to the NAS:
> > >>>>
> > >>>>
> > >>>>> *** Sending to 64.91.105.5 port 1812 ....
> > >>>>> Code:       Access-Accept
> > >>>>> Identifier: 107
> > >>>>> Authentic:  mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> > >>>>> Attributes:
> > >>>>>         Service-Type = Framed-User
> > >>>>>         Framed-Protocol = PPP
> > >>>>
> > >>>> What other attributes do you want to send? And how do you want to
> > >>>> manage those attributes?
> > >>>>
> > >>>> regards
> > >>>>
> > >>>> Hugh
> > >>>>
> > >>>>
> > >>>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles
> > >>>> Alexander McCain wrote:
> > >>>>
> > >>>>> Hello,
> > >>>>>
> > >>>>> I'm having an issue with my redbacks. They cannot allocate ip
> > >>>>> addresses.
> > >>>>> In my trace 4, i notice that the user is not getting the attributes
> > >>>>> they
> > >>>>> need.
> > >>>>> How can this be fixed?
> > >>>>>
> > >>>>> Here is my config and trace4
> > >>>>>
> > >>>>> Thanks,
> > >>>>> AL
> > >>>>>
> > >>>>> ---------
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> > >>>>> *** Received from 1.2.3.4 port 1812 ....
> > >>>>> Code:       Access-Request
> > >>>>> Identifier: 107
> > >>>>> Authentic:  mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> > >>>>> Attributes:
> > >>>>>         User-Name = "user"
> > >>>>>         User-Password =
> > >>>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:"
> > >>>>>         NAS-Identifier = "rb"
> > >>>>>         NAS-IP-Address = 1.2.3.4
> > >>>>>         RB-NAS-Real-Port = 402850582
> > >>>>>         Service-Type = Framed-User
> > >>>>>         Framed-Protocol = PPP
> > >>>>>         NAS-Port = 3892318919
> > >>>>>         Connect-Info = "ubrc"
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user:
> > >>>>> syntax
> > >>>>> error at (eval 1787) line 2, at EOF
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use
> > >>>>> string
> > >>>>> ("") as a subroutine ref while "strict refs" in use at
> > >>>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
> > >>>>> 'Realm=DEFAULT'
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
> > >>>>> 1.2.3.4,
> > >>>>> 3892318919
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
> > >>>>> where
> > >>>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and
> > >>>>> NASPORT='3892318919'
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
> > >>>>> uid=searchuser,dc=domain,dc=net, password
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
> > >>>>> uid=user,ou=People,dc=domain,dc=net
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
> > >>>>> {crypt}cgoHd/FmCIXh.
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match
> > >>>>> with
> > >>>>> user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
> > >>>>> NASPORT,
> > >>>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> > >>>>> *** Sending to 64.91.105.5 port 1812 ....
> > >>>>> Code:       Access-Accept
> > >>>>> Identifier: 107
> > >>>>> Authentic:  mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> > >>>>> Attributes:
> > >>>>>         Service-Type = Framed-User
> > >>>>>         Framed-Protocol = PPP
> > >>>>>
> > >>>>> ------------------------------------------------------------------- 
> > >>>>> --
> > >>>>> --
> > >>>>> ----
> > >>>>>
> > >>>>> #Foreground
> > >>>>> #LogStdout
> > >>>>> LogDir /var/adm/radacct
> > >>>>> DbDir /etc/raddb
> > >>>>> PreHandlerHook file:"%D/prehook"
> > >>>>>
> > >>>>> SnmpgetProg /usr/local/bin/snmpget
> > >>>>> Trace 4
> > >>>>> RewriteUsername         s/^([^@]+)\@domain.net/$1/
> > >>>>> RewriteUsername         s/^([^@]+)\@domain.net/$1/
> > >>>>> RewriteUsername         s/\s+//g
> > >>>>> RewriteUsername         tr/A-Z/a-z/
> > >>>>> <Client DEFAULT>
> > >>>>>
> > >>>>>         Secret ******
> > >>>>>         DupInterval 0
> > >>>>>
> > >>>>> </Client>
> > >>>>>
> > >>>>> <SessionDatabase SQL>
> > >>>>>
> > >>>>>        DBSource dbi:mysql:radius:host
> > >>>>>        DBUsername radtest
> > >>>>>        DBAuth ******
> > >>>>>         Identifier SQLS
> > >>>>>
> > >>>>>                 AddQuery insert into RADONLINE (USERNAME,\
> > >>>>>                 NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
> > >>>>>                 FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \
> > >>>>>                 values ('%n', '%N',\
> > >>>>>                 '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
> > >>>>>                 '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
> > >>>>>                 '%{Service-Type}','%{Called-Station-Id}')
> > >>>>>
> > >>>>>
> > >>>>>            DeleteQuery delete from RADONLINE where \
> > >>>>>                  USERNAME = '%n' and NASIDENTIFIER='%N' \
> > >>>>>                  and NASPORT='%{NAS-Port}'
> > >>>>>
> > >>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> > >>>>>
> > >>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> > >>>>> RADONLINE
> > >>>>> \
> > >>>>> where ACCTSESSIONID = '%{Acct-Session-Id}'
> > >>>>>
> > >>>>>
> > >>>>> </SessionDatabase>
> > >>>>>
> > >>>>>
> > >>>>> <ClientListSQL>
> > >>>>>
> > >>>>>         DBSource        dbi:mysql:radius
> > >>>>>         DBUsername radtest
> > >>>>>         DBAuth ******
> > >>>>>
> > >>>>>         select  
> > >>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
> > >>>>> \
> > >>>>>         DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
> > >>>>>         LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
> > >>>>>         FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
> > >>>>>         NOIGNOREDUPLICATES from RADCLIENTLIST
> > >>>>>
> > >>>>>
> > >>>>> </ClientListSQL>
> > >>>>> <AuthBy UNIX>
> > >>>>>
> > >>>>>         DefaultSimultaneousUse 1
> > >>>>>         Identifier System
> > >>>>>         Filename /etc/shadow
> > >>>>>
> > >>>>> </AuthBy>
> > >>>>>
> > >>>>> <AuthBy LDAP2>
> > >>>>>                 DefaultSimultaneousUse 1
> > >>>>>                 Identifier LDAP
> > >>>>>                 Host    127.0.0.1
> > >>>>>                 Port    389
> > >>>>>                 AuthDN  uid=searchuser,dc=domain,dc=net
> > >>>>>                 AuthPassword    *****
> > >>>>>                 BaseDN  %0=%1,ou=people,dc=domain,dc=net
> > >>>>>                 Scope   base
> > >>>>>                 UsernameAttr    uid
> > >>>>>                 PasswordAttr    userPassword
> > >>>>>                 HoldServerConnection
> > >>>>>                 SearchFilter (&(gecos=active)(uid=%1))
> > >>>>>                 AuthAttrDef gidNumber, gid-attr, request
> > >>>>>                 DefaultReply
> > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> > >>>>> </AuthBy>
> > >>>>> <AuthBy SQL>
> > >>>>>         NoDefault
> > >>>>>         DefaultSimultaneousUse 1
> > >>>>>         Identifier CheckSQL
> > >>>>>
> > >>>>>         DBSource        dbi:mysql:radius:domain
> > >>>>>         DBUsername radtest
> > >>>>>         DBAuth *******
> > >>>>>
> > >>>>>
> > >>>>>                 AccountingTable ACCOUNTING
> > >>>>>                 AcctColumnDef   USERNAME,User-Name
> > >>>>>                 AcctColumnDef   TIME_STAMP,Timestamp,integer
> > >>>>>                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
> > >>>>>                 AcctColumnDef    
> > >>>>> ACCTDELAYTIME,Acct-Delay-Time,integer
> > >>>>>                 AcctColumnDef
> > >>>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > >>>>>                 AcctColumnDef
> > >>>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > >>>>>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
> > >>>>>                 AcctColumnDef
> > >>>>> ACCTSESSIONTIME,Acct-Session-Time,integer
> > >>>>>                 AcctColumnDef
> > >>>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > >>>>>                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
> > >>>>>                 AcctColumnDef   NASPORT,NAS-Port,integer
> > >>>>>                 AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
> > >>>>>
> > >>>>>         AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > >>>>>        from SUBSCRIBERS \
> > >>>>>       where USERNAME=%0
> > >>>>>
> > >>>>> AuthColumnDef 0, User-Password, check
> > >>>>> AuthColumnDef 1, GENERIC, check
> > >>>>> AuthColumnDef 2, GENERIC, reply
> > >>>>>                DefaultReply
> > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> > >>>>>
> > >>>>>
> > >>>>> </AuthBy>
> > >>>>> <Realm DEFAULT>
> > >>>>> RewriteUsername s/^([^@]+).*/$1/
> > >>>>>
> > >>>>>
> > >>>>>  PostAuthHook file:"%D/postHook"
> > >>>>>         AcctLogFileName %L/%N/detail
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>         #AuthByPolicy ContinueWhileReject
> > >>>>>         AuthByPolicy    ContinueUntilAccept
> > >>>>>         AuthBy LDAP
> > >>>>>         AuthBy CheckSQL
> > >>>>>         AuthBy System
> > >>>>>
> > >>>>>
> > >>>>> </Realm>
> > >>>>>
> > >>>>> ===
> > >>>>> Archive at http://www.open.com.au/archives/radiator/
> > >>>>> Announcements on radiator-announce at open.com.au
> > >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> > >>>>> 'unsubscribe radiator' in the body of the message.
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> NB: have you included a copy of your configuration file (no  
> > >>>> secrets),
> > >>>> together with a trace 4 debug showing what is happening?
> > >>>>
> > >>>> -- 
> > >>>> Radiator: the most portable, flexible and configurable RADIUS server
> > >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > >>>> -
> > >>>> Nets: internetwork inventory and management - graphical, extensible,
> > >>>> flexible with hardware, software, platform and database  
> > >>>> independence.
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>
> > >> NB: have you included a copy of your configuration file (no secrets),
> > >> together with a trace 4 debug showing what is happening?
> > >>
> > >> -- 
> > >> Radiator: the most portable, flexible and configurable RADIUS server
> > >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > >> -
> > >> Nets: internetwork inventory and management - graphical, extensible,
> > >> flexible with hardware, software, platform and database independence.
> > >>
> > >>
> > >
> > >
> > 
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> > 
> > -- 
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > 
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> > 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list