(RADIATOR) Redback Static IP Problem
Charles Alexander McCain
mccain at unixatlas.com
Thu Sep 4 10:39:58 CDT 2003
Hugh,
I tried, what you had told me, it seems to work that way, however some of
the static users aren't getting their ip's . This is happening at random,
and i cannot tell that there is anything special about them besides being
static. The nas reports that they cannot pull the ip.
The trace 4 i sent previously should show the problem we're seeing.
I can't seem to figure this one out. Seems like a very strange problem
with it happening at random.
Thanks,
Al
On Thu, 4 Sep 2003, Charles Alexander McCain wrote:
>
> Hugh,
>
> What about my dynamic users ? Dialup and ADSL share the same realm. If i
> have a realm with only AuthBY SQL in it, how exactly will they interact
> with ldap ? I'm sure you're right, i am just curious as to how that works.
>
> Thanks,
> Al
>
>
> On Thu, 4 Sep 2003, Hugh Irvine wrote:
>
> >
> > Hello Al -
> >
> > As I can't find your name or email address in our database, I wonder
> > whether you could tell me the name of the company that has purchased
> > this copy of Radiator? Please reply to me directly.
> >
> > I understand what you are trying to do, but your configuration file is
> > not correct.
> >
> > The Auth-Type = CheckLDAP check item in your SQL database will cause
> > Radiator to send the authentication to LDAP. Therefore you only need
> > the AuthBy SQL clause in the Realm (you can think of it like a
> > subroutine call).
> >
> > <Realm DEFAULT>
> > # the AuthBy LDAP2 clause will be called from the AuthBy SQL clause
> > <AuthBy SQL>
> > .....
> > </AuthBy>
> > .....
> > </Realm>
> >
> > regards
> >
> > Hugh
> >
> >
> > On Wednesday, Sep 3, 2003, at 22:59 Australia/Melbourne, Charles
> > Alexander McCain wrote:
> >
> > > Hugh,
> > >
> > > We store our static ip customers in the users file, dynamic customers
> > > auth
> > > by ldap. The static customers also auth by ldap, but get their
> > > appropriate
> > > attributes from the users file. Currently, we are using the users file
> > > to
> > > store static information, but i am trying to put it all in mysql
> > > (hoping
> > > for easier automation). Our current setup works perfectly this way,
> > > but it
> > > doesn't seem to work with the mysql database. It appears as if the
> > > configuration from the old to the new is somewhat similiar.
> > > So basically, I want a customer to dial in, if he is dynamic,
> > > authenticate
> > > him by ldap, if he is static, get his attributes from the database and
> > > auth him with ldap.
> > >
> > > Am I making any sense?
> > >
> > > Thanks,
> > > Al
> > >
> > >
> > > On Wed, 3 Sep 2003, Hugh Irvine wrote:
> > >
> > >>
> > >> Hello AL -
> > >>
> > >> Thanks for the information.
> > >>
> > >> I must confess I am a bit confused about exactly how you want your
> > >> setup to operate. I can see the Auth-Type = LDAP below, and I can see
> > >> multiple AuthBy clauses in your Realm clause. Can you explain to me in
> > >> detail your requirements?
> > >>
> > >> regards
> > >>
> > >> Hugh
> > >>
> > >>
> > >> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles
> > >> Alexander McCain wrote:
> > >>
> > >>> Hugh,
> > >>>
> > >>> The users file entry looks something like this. I know i'm using
> > >>> mysql
> > >>> to
> > >>> house the users file, but i just took this entry from the file. It
> > >>> looks
> > >>> like this in the database. If you need my actual database entry,
> > >>> please
> > >>> let me know.
> > >>>
> > >>>
> > >>> user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5
> > >>> Service-Type = Framed-User,
> > >>> Framed-Protocol = PPP,
> > >>> Framed-IP-Address = 1.2.3.4,
> > >>> Framed-IP-Netmask = 255.255.255.255,
> > >>> Idle-Timeout = 0,
> > >>> Session-Timeout = 0
> > >>>
> > >>> And, I was wondering why i'm only seeing service type, and framed
> > >>> protocol
> > >>> ?
> > >>>
> > >>> Thanks,
> > >>> AL
> > >>>
> > >>> On Sat, 30 Aug 2003, Hugh Irvine wrote:
> > >>>
> > >>>>
> > >>>> Hello AL -
> > >>>>
> > >>>> This is what your configuration file is set up to return to the NAS:
> > >>>>
> > >>>>
> > >>>>> *** Sending to 64.91.105.5 port 1812 ....
> > >>>>> Code: Access-Accept
> > >>>>> Identifier: 107
> > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> > >>>>> Attributes:
> > >>>>> Service-Type = Framed-User
> > >>>>> Framed-Protocol = PPP
> > >>>>
> > >>>> What other attributes do you want to send? And how do you want to
> > >>>> manage those attributes?
> > >>>>
> > >>>> regards
> > >>>>
> > >>>> Hugh
> > >>>>
> > >>>>
> > >>>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles
> > >>>> Alexander McCain wrote:
> > >>>>
> > >>>>> Hello,
> > >>>>>
> > >>>>> I'm having an issue with my redbacks. They cannot allocate ip
> > >>>>> addresses.
> > >>>>> In my trace 4, i notice that the user is not getting the attributes
> > >>>>> they
> > >>>>> need.
> > >>>>> How can this be fixed?
> > >>>>>
> > >>>>> Here is my config and trace4
> > >>>>>
> > >>>>> Thanks,
> > >>>>> AL
> > >>>>>
> > >>>>> ---------
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> > >>>>> *** Received from 1.2.3.4 port 1812 ....
> > >>>>> Code: Access-Request
> > >>>>> Identifier: 107
> > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> > >>>>> Attributes:
> > >>>>> User-Name = "user"
> > >>>>> User-Password =
> > >>>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:"
> > >>>>> NAS-Identifier = "rb"
> > >>>>> NAS-IP-Address = 1.2.3.4
> > >>>>> RB-NAS-Real-Port = 402850582
> > >>>>> Service-Type = Framed-User
> > >>>>> Framed-Protocol = PPP
> > >>>>> NAS-Port = 3892318919
> > >>>>> Connect-Info = "ubrc"
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user:
> > >>>>> syntax
> > >>>>> error at (eval 1787) line 2, at EOF
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use
> > >>>>> string
> > >>>>> ("") as a subroutine ref while "strict refs" in use at
> > >>>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338.
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler
> > >>>>> 'Realm=DEFAULT'
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user,
> > >>>>> 1.2.3.4,
> > >>>>> 3892318919
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE
> > >>>>> where
> > >>>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and
> > >>>>> NASPORT='3892318919'
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with
> > >>>>> uid=searchuser,dc=domain,dc=net, password
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for
> > >>>>> uid=user,ou=People,dc=domain,dc=net
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword:
> > >>>>> {crypt}cgoHd/FmCIXh.
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match
> > >>>>> with
> > >>>>> user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER,
> > >>>>> NASPORT,
> > >>>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user'
> > >>>>>
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user
> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump:
> > >>>>> *** Sending to 64.91.105.5 port 1812 ....
> > >>>>> Code: Access-Accept
> > >>>>> Identifier: 107
> > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d
> > >>>>> Attributes:
> > >>>>> Service-Type = Framed-User
> > >>>>> Framed-Protocol = PPP
> > >>>>>
> > >>>>> -------------------------------------------------------------------
> > >>>>> --
> > >>>>> --
> > >>>>> ----
> > >>>>>
> > >>>>> #Foreground
> > >>>>> #LogStdout
> > >>>>> LogDir /var/adm/radacct
> > >>>>> DbDir /etc/raddb
> > >>>>> PreHandlerHook file:"%D/prehook"
> > >>>>>
> > >>>>> SnmpgetProg /usr/local/bin/snmpget
> > >>>>> Trace 4
> > >>>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
> > >>>>> RewriteUsername s/^([^@]+)\@domain.net/$1/
> > >>>>> RewriteUsername s/\s+//g
> > >>>>> RewriteUsername tr/A-Z/a-z/
> > >>>>> <Client DEFAULT>
> > >>>>>
> > >>>>> Secret ******
> > >>>>> DupInterval 0
> > >>>>>
> > >>>>> </Client>
> > >>>>>
> > >>>>> <SessionDatabase SQL>
> > >>>>>
> > >>>>> DBSource dbi:mysql:radius:host
> > >>>>> DBUsername radtest
> > >>>>> DBAuth ******
> > >>>>> Identifier SQLS
> > >>>>>
> > >>>>> AddQuery insert into RADONLINE (USERNAME,\
> > >>>>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\
> > >>>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \
> > >>>>> values ('%n', '%N',\
> > >>>>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\
> > >>>>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
> > >>>>> '%{Service-Type}','%{Called-Station-Id}')
> > >>>>>
> > >>>>>
> > >>>>> DeleteQuery delete from RADONLINE where \
> > >>>>> USERNAME = '%n' and NASIDENTIFIER='%N' \
> > >>>>> and NASPORT='%{NAS-Port}'
> > >>>>>
> > >>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> > >>>>>
> > >>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
> > >>>>> RADONLINE
> > >>>>> \
> > >>>>> where ACCTSESSIONID = '%{Acct-Session-Id}'
> > >>>>>
> > >>>>>
> > >>>>> </SessionDatabase>
> > >>>>>
> > >>>>>
> > >>>>> <ClientListSQL>
> > >>>>>
> > >>>>> DBSource dbi:mysql:radius
> > >>>>> DBUsername radtest
> > >>>>> DBAuth ******
> > >>>>>
> > >>>>> select
> > >>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,
> > >>>>> \
> > >>>>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \
> > >>>>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \
> > >>>>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \
> > >>>>> NOIGNOREDUPLICATES from RADCLIENTLIST
> > >>>>>
> > >>>>>
> > >>>>> </ClientListSQL>
> > >>>>> <AuthBy UNIX>
> > >>>>>
> > >>>>> DefaultSimultaneousUse 1
> > >>>>> Identifier System
> > >>>>> Filename /etc/shadow
> > >>>>>
> > >>>>> </AuthBy>
> > >>>>>
> > >>>>> <AuthBy LDAP2>
> > >>>>> DefaultSimultaneousUse 1
> > >>>>> Identifier LDAP
> > >>>>> Host 127.0.0.1
> > >>>>> Port 389
> > >>>>> AuthDN uid=searchuser,dc=domain,dc=net
> > >>>>> AuthPassword *****
> > >>>>> BaseDN %0=%1,ou=people,dc=domain,dc=net
> > >>>>> Scope base
> > >>>>> UsernameAttr uid
> > >>>>> PasswordAttr userPassword
> > >>>>> HoldServerConnection
> > >>>>> SearchFilter (&(gecos=active)(uid=%1))
> > >>>>> AuthAttrDef gidNumber, gid-attr, request
> > >>>>> DefaultReply
> > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> > >>>>> </AuthBy>
> > >>>>> <AuthBy SQL>
> > >>>>> NoDefault
> > >>>>> DefaultSimultaneousUse 1
> > >>>>> Identifier CheckSQL
> > >>>>>
> > >>>>> DBSource dbi:mysql:radius:domain
> > >>>>> DBUsername radtest
> > >>>>> DBAuth *******
> > >>>>>
> > >>>>>
> > >>>>> AccountingTable ACCOUNTING
> > >>>>> AcctColumnDef USERNAME,User-Name
> > >>>>> AcctColumnDef TIME_STAMP,Timestamp,integer
> > >>>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > >>>>> AcctColumnDef
> > >>>>> ACCTDELAYTIME,Acct-Delay-Time,integer
> > >>>>> AcctColumnDef
> > >>>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > >>>>> AcctColumnDef
> > >>>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > >>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > >>>>> AcctColumnDef
> > >>>>> ACCTSESSIONTIME,Acct-Session-Time,integer
> > >>>>> AcctColumnDef
> > >>>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > >>>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > >>>>> AcctColumnDef NASPORT,NAS-Port,integer
> > >>>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > >>>>>
> > >>>>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > >>>>> from SUBSCRIBERS \
> > >>>>> where USERNAME=%0
> > >>>>>
> > >>>>> AuthColumnDef 0, User-Password, check
> > >>>>> AuthColumnDef 1, GENERIC, check
> > >>>>> AuthColumnDef 2, GENERIC, reply
> > >>>>> DefaultReply
> > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP
> > >>>>>
> > >>>>>
> > >>>>> </AuthBy>
> > >>>>> <Realm DEFAULT>
> > >>>>> RewriteUsername s/^([^@]+).*/$1/
> > >>>>>
> > >>>>>
> > >>>>> PostAuthHook file:"%D/postHook"
> > >>>>> AcctLogFileName %L/%N/detail
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> #AuthByPolicy ContinueWhileReject
> > >>>>> AuthByPolicy ContinueUntilAccept
> > >>>>> AuthBy LDAP
> > >>>>> AuthBy CheckSQL
> > >>>>> AuthBy System
> > >>>>>
> > >>>>>
> > >>>>> </Realm>
> > >>>>>
> > >>>>> ===
> > >>>>> Archive at http://www.open.com.au/archives/radiator/
> > >>>>> Announcements on radiator-announce at open.com.au
> > >>>>> To unsubscribe, email 'majordomo at open.com.au' with
> > >>>>> 'unsubscribe radiator' in the body of the message.
> > >>>>>
> > >>>>>
> > >>>>
> > >>>> NB: have you included a copy of your configuration file (no
> > >>>> secrets),
> > >>>> together with a trace 4 debug showing what is happening?
> > >>>>
> > >>>> --
> > >>>> Radiator: the most portable, flexible and configurable RADIUS server
> > >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > >>>> -
> > >>>> Nets: internetwork inventory and management - graphical, extensible,
> > >>>> flexible with hardware, software, platform and database
> > >>>> independence.
> > >>>>
> > >>>>
> > >>>
> > >>>
> > >>
> > >> NB: have you included a copy of your configuration file (no secrets),
> > >> together with a trace 4 debug showing what is happening?
> > >>
> > >> --
> > >> Radiator: the most portable, flexible and configurable RADIUS server
> > >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > >> -
> > >> Nets: internetwork inventory and management - graphical, extensible,
> > >> flexible with hardware, software, platform and database independence.
> > >>
> > >>
> > >
> > >
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list