(RADIATOR) Private Attribute radius
Julio Cesar Pinto
jc at ifxcorp.com
Fri Dec 31 10:14:59 CST 2004
Hi Hugh,
At the moment we solved the problem, the solution was to modify in the
NAS the compatibility with radius in the external profile.
By default the NAS have old-ascend we change it to vendor-specific and
work very well.
Thanks a lot for your help,
Greetings and Happy New Year,
JC.
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Julio Cesar Pinto
Sent: Wednesday, December 29, 2004 6:32 PM
To: Hugh Irvine
Cc: radiator at open.com.au
Subject: RE: (RADIATOR) Private Attribute radius
Hi Hugh,
Very interesting, I see the correct attribute in the log trace 5.
LOG.
*** Sending to 216.241.0.70 port 7007 ....
Packet length = 67
02 69 00 43 08 71 cf 80 7b 4d 4a da 00 7f c4 13
5f 49 9b d8 07 06 00 00 00 01 1a 1c 00 00 12 ee
01 1f 16 68 74 74 70 3a 2f 2f 32 31 36 2e 32 34
31 2e 31 2e 33 30 1a 0d 00 00 12 ee 01 20 07 00
00 00 50
Code: Access-Accept
Identifier: 105
Authentic: <149><153><199><245>D<207>x<253><243>;N <30><132><211><22>
Attributes:
Framed-Protocol = PPP
Ascend-HTTP-Redirect-URL = "http://216.241.1.30"
Ascend-HTTP-Redirect-Port = 80
I'm going to discuses this with the support of Lucent, I will page you
when we solve this problems.
Thanks a lot,
JC.
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, December 29, 2004 4:55 PM
To: Julio Cesar Pinto
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Private Attribute radius
Hello Julio -
The attribute definitions as shown in the URL you sent me and in the
definitions I sent to you _are_ vendor-specifics.
If you look at a trace 4 debug from Radiator (or radpwtst) you should
see the correct attribute name.
You will need to check with your NAS vendor how to use the attributes
with RADIUS.
If you could send me a trace 5 debug from Radiator showing the
attributes in the reply I will verify the encoding.
regards
Hugh
On 30 Dec 2004, at 08:12, Julio Cesar Pinto wrote:
> Hi Hugh,
>
> It doesn't work :(
>
> I did a radstock, and the packet show me the following:
>
> Request (62) - 216.241.0.70:7007 -> 200.62.3.98:1812 (L124)
> User-Name Len 6 "fgf*"
> User-Password Len 8 "****|*"
> NAS-IP-Address Len 6 216.241.0.70
> NAS-Identifier Len 18 "TNTTEST.ifxnw.cl"
> NAS-Port Len 6 9228
> NAS-Port-Type Len 6 Async
> Service-Type Len 6 Framed-User
> Framed-Protocol Len 6 PPP
> State Len 2 ""
> Calling-Station-Id Len 10 "25596126"
> Called-Station-Id Len 6 "8800"
> Acct-Session-Id Len 12 "472335283*"
> Calling-Station-Id Len 10 "27582762"
> Called-Station-Id Len 6 "8800"
> Ascend-Data-Svc Len 6 Switched-Voice-Bearer
> Acc-Ack (30) - 216.241.0.70:7006 <- 200.62.3.97:1813 (L67)
> Framed-Protocol Len 6 PPP
> Vendor-Specific Len 28 "*******http://216.241.1.30"
> Vendor-Specific Len 13 "***** ****P"
>
> As you see the fields are show as Vendor-Specific, I'm using another
> attributes like:
>
> ATTRIBUTE Ascend-Client-Primary-DNS 135 ipaddr
> ATTRIBUTE Ascend-Client-Secondary-DNS 136 ipaddr
> ATTRIBUTE Ascend-Client-Assign-DNS 137 integer
> ATTRIBUTE Ascend-Data-Filter 242 abinary
>
> And this attribute in the radstock are show it with the same value
that
> the dictionary, keep in mind that the radstock use the same dictionary
> that I use in the radiators process.
>
> I know that this feature is working ok, because we implement a local
> user into the NAS with the redirection parameter and work very well.
>
> I appreciate your comments in the matter.
>
> Thanks a lot,
>
> JC.
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, December 28, 2004 5:40 PM
> To: Julio Cesar Pinto
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Private Attribute radius
>
>
> Hello Julio -
>
> Thanks for the URL.
>
> You should be able to add the following to the standard Radiator 3.11
> dictionary:
>
> VENDORATTR 4846 Ascend-Http-Redirect-URL 287
> string
> VENDORATTR 4846 Ascend-Http-Redirect-Port 288
> integer
>
> Please let me know whether or not they work correctly.
>
> I will then consider what to do about adding them to the standard
> dictionary.
>
> regards
>
> Hugh
>
>
> On 29 Dec 2004, at 01:01, Julio Cesar Pinto wrote:
>
>> Hi Hugh,
>>
>> I found the attributes in the following page
>>
>> http://www.lucentradius.com/dcforum/User_files/3dd2be19328291e9.txt
>>
>> You could see that this page management the information about Navis
>> Soft.
>>
>> So, according whit this information the official definitions are:
>>
>> ATTRIBUTE Ascend-Http-Redirect-URL 287
string
>> Lucent
>> ATTRIBUTE Ascend-Http-Redirect-Port 288
> integer
>> Lucent
>>
>> Let me know your comments,
>>
>> Thanks,
>>
>> JC.
>>
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Monday, December 27, 2004 6:09 PM
>> To: Julio Cesar Pinto
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Private Attribute radius
>>
>>
>> Hello Julio -
>>
>> What are the "official" definitions for these attributes?
>>
>> Normally the definitions would look like this, but from the code I
>> think there is the same restriction of less than 255 for these
>> attributes too (see "Radius/Radius.pm->sub pack()) so I don't think
>> they will work.
>>
>>
>> VENDORATTR 529 Ascend-HTTP-Redirect-URL 287
>> string
>> VENDORATTR 529 Ascend-HTTP-Redirect-Port 288
>> integer
>>
>>
>> Please let me know what you discover for the "official" attributes.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 28 Dec 2004, at 08:40, Julio Cesar Pinto wrote:
>>
>>> Hugh,
>>>
>>> I appreciate your help in this doubt, thanks a lot.
>>>
>>> Working in a new project we need to use the following attributes:
>>> Ascend-HTTP-Redirect-URL
>>> Ascend-HTTP-Redirect-Port
>>>
>>> This attributes don't exist in the radiator dictionary, so I added
>> this
>>> by hand in the following way:
>>>
>>> ATTRIBUTE Ascend-HTTP-Redirect-URL 287 string
>>> ATTRIBUTE Ascend-HTTP-Redirect-Port 288 integer
>>>
>>> Anyway I received the following message in the logs:
>>>
>>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>>> Ascend-HTTP-Redirect-URL ignored
>>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>>> Ascend-HTTP-Redirect-Port ignored
>>>
>>> What is the correct way to add this attributes, into the 529
vendor?.
>>>
>>> Let me know your comments,
>>>
>>> Thanks in advantage,
>>>
>>> JC.
>>>
>>>
>>> -----Original Message-----
>>> From: Hugh Irvine [mailto:hugh at open.com.au]
>>> Sent: Wednesday, December 22, 2004 10:29 PM
>>> To: Julio Cesar Pinto
>>> Cc: radiator at open.com.au
>>> Subject: Re: (RADIATOR) Private Attribute radius
>>>
>>>
>>> Hello Julio -
>>>
>>> Radius attributes are encoded into an 8 bit field - hence are
limited
>>> to 255 and below.
>>>
>>> We provide the OSC-AVPAIR attribute that can be used in any way you
>>> wish.
>>>
>>> AddToReply OSC-AVPAIR = "Test=123, Conn-Stat=active,
>>> Visp-Id=whatever,
>>> ....."
>>>
>>> If you want to define your own "official" attributes you should
apply
>>> for your own vendor number from IANA.
>>>
>>> http://www.iana.org/cgi-bin/enterprise.pl
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 23 Dec 2004, at 11:30, Julio Cesar Pinto wrote:
>>>
>>>> Hi,
>>>>
>>>> I would like to know, if is possible include in my dictionary a
>>> private
>>>> attribute. Something likes that:
>>>>
>>>> ATTRIBUTE Test 689 integer
>>>> ATTRIBUTE Conn-Stat 690 integer
>>>> ATTRIBUTE Visp-Id 691 string
>>>> ATTRIBUTE Country-Id 692 string
>>>>
>>>> I know that I can :) the machine is my slave, but the idea is that
>>>> these
>>>> attribute to be recognized by radiator, because at the moment I
>>> receive
>>>> the following error:
>>>>
>>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Visp-Id
> ignored
>>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Country-Id
>>>> ignored
>>>>
>>>> When the packet pass through AuthBy RADIUS
>>>>
>>>> I appreciate any comments.
>>>>
>>>> Thanks in advance,
>>>>
>>>> JC.
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database
independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like
systems.
>>>
>>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list