(RADIATOR) Private Attribute radius

Julio Cesar Pinto jc at ifxcorp.com
Wed Dec 29 15:12:36 CST 2004 

Hi Hugh,

It doesn't work :(

I did a radstock, and the packet show me the following:

Request (62) - 216.241.0.70:7007 -> 200.62.3.98:1812 (L124)
  User-Name             Len  6  "fgf*"
  User-Password         Len  8  "****|*"
  NAS-IP-Address        Len  6  216.241.0.70
  NAS-Identifier        Len 18  "TNTTEST.ifxnw.cl"
  NAS-Port              Len  6  9228
  NAS-Port-Type         Len  6  Async
  Service-Type          Len  6  Framed-User
  Framed-Protocol       Len  6  PPP
  State                 Len  2  ""
  Calling-Station-Id    Len 10  "25596126"
  Called-Station-Id     Len  6  "8800"
  Acct-Session-Id       Len 12  "472335283*"
  Calling-Station-Id    Len 10  "27582762"
  Called-Station-Id     Len  6  "8800"
  Ascend-Data-Svc       Len  6  Switched-Voice-Bearer
Acc-Ack (30) - 216.241.0.70:7006 <- 200.62.3.97:1813 (L67)
  Framed-Protocol       Len  6  PPP
  Vendor-Specific       Len 28  "*******http://216.241.1.30"
  Vendor-Specific       Len 13  "***** ****P"

As you see the fields are show as Vendor-Specific, I'm using another
attributes like:

ATTRIBUTE       Ascend-Client-Primary-DNS       135     ipaddr
ATTRIBUTE       Ascend-Client-Secondary-DNS     136     ipaddr
ATTRIBUTE       Ascend-Client-Assign-DNS        137     integer
ATTRIBUTE       Ascend-Data-Filter              242     abinary

And this attribute in the radstock are show it with the same value that
the dictionary, keep in mind that the radstock use the same dictionary
that I use in the radiators process.

I know that this feature is working ok, because we implement a local
user into the NAS with the redirection parameter and work very well.

I appreciate your comments in the matter.

Thanks a lot,

JC.


-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Tuesday, December 28, 2004 5:40 PM
To: Julio Cesar Pinto
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Private Attribute radius


Hello Julio -

Thanks for the URL.

You should be able to add the following to the standard Radiator 3.11 
dictionary:

VENDORATTR      4846     Ascend-Http-Redirect-URL                287    
  string
VENDORATTR      4846     Ascend-Http-Redirect-Port                 288  
    integer

Please let me know whether or not they work correctly.

I will then consider what to do about adding them to the standard 
dictionary.

regards

Hugh


On 29 Dec 2004, at 01:01, Julio Cesar Pinto wrote:

> Hi Hugh,
>
> I found the attributes in the following page
>
> http://www.lucentradius.com/dcforum/User_files/3dd2be19328291e9.txt
>
> You could see that this page management the information about Navis
> Soft.
>
> So, according whit this information the official definitions are:
>
> ATTRIBUTE       Ascend-Http-Redirect-URL                287     string
> Lucent
> ATTRIBUTE       Ascend-Http-Redirect-Port               288
integer
> Lucent
>
> Let me know your comments,
>
> Thanks,
>
> JC.
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Monday, December 27, 2004 6:09 PM
> To: Julio Cesar Pinto
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Private Attribute radius
>
>
> Hello Julio -
>
> What are the "official" definitions for these attributes?
>
> Normally the definitions would look like this, but from the code I
> think there is the same restriction of less than 255 for these
> attributes too (see "Radius/Radius.pm->sub pack()) so I don't think
> they will work.
>
>
> VENDORATTR      529     Ascend-HTTP-Redirect-URL                287
> string
> VENDORATTR      529     Ascend-HTTP-Redirect-Port                 288
>    integer
>
>
> Please let me know what you discover for the "official" attributes.
>
> regards
>
> Hugh
>
>
> On 28 Dec 2004, at 08:40, Julio Cesar Pinto wrote:
>
>> Hugh,
>>
>> I appreciate your help in this doubt, thanks a lot.
>>
>> Working in a new project we need to use the following attributes:
>> Ascend-HTTP-Redirect-URL
>> Ascend-HTTP-Redirect-Port
>>
>> This attributes don't exist in the radiator dictionary, so I added
> this
>> by hand in the following way:
>>
>> ATTRIBUTE       Ascend-HTTP-Redirect-URL        287     string
>> ATTRIBUTE       Ascend-HTTP-Redirect-Port       288     integer
>>
>> Anyway I received the following message in the logs:
>>
>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>> Ascend-HTTP-Redirect-URL ignored
>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>> Ascend-HTTP-Redirect-Port ignored
>>
>> What is the correct way to add this attributes, into the 529 vendor?.
>>
>> Let me know your comments,
>>
>> Thanks in advantage,
>>
>> JC.
>>
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Wednesday, December 22, 2004 10:29 PM
>> To: Julio Cesar Pinto
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Private Attribute radius
>>
>>
>> Hello Julio -
>>
>> Radius attributes are encoded into an 8 bit field - hence are limited
>> to 255 and below.
>>
>> We provide the OSC-AVPAIR attribute that can be used in any way you
>> wish.
>>
>> 	AddToReply OSC-AVPAIR = "Test=123, Conn-Stat=active,
>> Visp-Id=whatever,
>> ....."
>>
>> If you want to define your own "official" attributes you should apply
>> for your own vendor number from IANA.
>>
>> 	http://www.iana.org/cgi-bin/enterprise.pl
>>
>> regards
>>
>> Hugh
>>
>>
>> On 23 Dec 2004, at 11:30, Julio Cesar Pinto wrote:
>>
>>> Hi,
>>>
>>> I would like to know, if is possible include in my dictionary a
>> private
>>> attribute. Something likes that:
>>>
>>> ATTRIBUTE       Test                689             integer
>>> ATTRIBUTE       Conn-Stat		690             integer
>>> ATTRIBUTE       Visp-Id   		691             string
>>> ATTRIBUTE       Country-Id          692             string
>>>
>>> I know that I can :) the machine is my slave, but the idea is that
>>> these
>>> attribute to be recognized by radiator, because at the moment I
>> receive
>>> the following error:
>>>
>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Visp-Id
ignored
>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Country-Id
>>> ignored
>>>
>>> When the packet pass through AuthBy RADIUS
>>>
>>> I appreciate any comments.
>>>
>>> Thanks in advance,
>>>
>>> JC.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list