(RADIATOR) Using Cisco EasyVPN together with DYNADDR

Hugh Irvine hugh at open.com.au
Fri Apr 2 20:50:02 CST 2004


Hello Steven -

Could you please send me the name of the registered company that has 
purchased this copy of Radiator?

Please respond to me directly.

regards

Hugh


On 2 Apr 2004, at 18:47, Steven wrote:

> Hello,
>
> I'm using Radiator 3.8 to do authentication for Cisco EasyVPN clients. 
> The EasyVPN server is a Cisco 7200 with SA-VAM. EasyVPN uses ip 
> address pools configured on the EasyVPN server to allocate IP 
> addresses. For my application I'd prefer to have the IP addresses 
> assigned from the Radiator server. I've found that I can do this by 
> setting the Framed-IP-Address as an attribute per configured user. 
> However, I would like to use <AUTHBY DYNADDRESS>. This doesn't work 
> for me. From what I can see, the AUTHBY DYNADDR module is not used for 
> some reason and perhaps because of that, the Framed-IP-Address 
> attribute doesn't get added to the Access-Accept message.
>
> Here's the relevant config:
> <AddressAllocator SQL>
>         Identifier DynIPAllocator
>         DBSource        xxx
>         DBUsername  xxx
>         DBAuth          xxx
>         <AddressPool ipsectest>
>                 Range 172.16.100.0/24
>         </AddressPool>
> </AddressAllocator>
> <Handler Realm=test>
>         # Limit all users in this realm to max of 1 session
>         MaxSessions 1
>         <AuthBy FILE>
>                 Filename %D/ipvpn-offnet-test.txt
>         </AuthBy>
>         <AuthBy DYNADDRESS>
>                 AddressAllocator DynIPAllocator
>                 PoolHint ipsectest
>         </AuthBy>
>
> </Handler>
>
> users.txt:
> steven at test Encrypted-Password = xxx
> #   Framed-IP-Address = 192.168.100.1 # When I uncomment this line 
> that the EasyVPN client gets this IP address assigned
>
> Logfile:
> Code:       Access-Request
> Identifier: 221
> Authentic:  xxx
> Attributes:
>     User-Name = "steven at test"
>     User-Password = "xxx"
>     NAS-IP-Address = xxx
> Fri Apr  2 10:42:29 2004: DEBUG: Handling request with Handler 
> 'Realm=test'
> Fri Apr  2 10:42:29 2004: DEBUG:  Deleting session for steven at test, 
> xxx,
> Fri Apr  2 10:42:29 2004: DEBUG: do query is: 'delete from RADONLINE 
> where NASIDENTIFIER='xxx' and NASPORT=0':
>
> Fri Apr  2 10:42:29 2004: DEBUG: Query is: 'select NASIDENTIFIER, 
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where 
> USERNAME='steven at test'':
>
> Fri Apr  2 10:42:29 2004: DEBUG: Handling with Radius::AuthFILE:
> Fri Apr  2 10:42:29 2004: DEBUG: Radius::AuthFILE looks for match with 
> steven at test
> Fri Apr  2 10:42:29 2004: DEBUG: Radius::AuthFILE ACCEPT:
> Fri Apr  2 10:42:29 2004: DEBUG: Access accepted for steven at test
> Fri Apr  2 10:42:29 2004: DEBUG: Packet dump:
> *** Sending to 213.160.212.25 port 1645 ....
> Code:       Access-Accept
> Identifier: 221
> Authentic:  xxx
> Attributes:
>
> What am I doing wrong here?
>
> - Steven
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list