(RADIATOR) Private Attribute radius

Julio Cesar Pinto jc at ifxcorp.com
Fri Dec 31 10:14:59 CST 2004


Hi Hugh,

At the moment we solved the problem, the solution was to modify in the
NAS the compatibility with radius in the external profile.

By default the NAS have old-ascend we change it to vendor-specific and
work very well.

Thanks a lot for your help,

Greetings and Happy New Year,

JC.

-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Julio Cesar Pinto
Sent: Wednesday, December 29, 2004 6:32 PM
To: Hugh Irvine
Cc: radiator at open.com.au
Subject: RE: (RADIATOR) Private Attribute radius

Hi Hugh,

Very interesting, I see the correct attribute in the log trace 5.

LOG.

*** Sending to 216.241.0.70 port 7007 ....

Packet length = 67
02 69 00 43 08 71 cf 80 7b 4d 4a da 00 7f c4 13
5f 49 9b d8 07 06 00 00 00 01 1a 1c 00 00 12 ee
01 1f 16 68 74 74 70 3a 2f 2f 32 31 36 2e 32 34
31 2e 31 2e 33 30 1a 0d 00 00 12 ee 01 20 07 00
00 00 50
Code:       Access-Accept
Identifier: 105
Authentic:  <149><153><199><245>D<207>x<253><243>;N <30><132><211><22>
Attributes:
        Framed-Protocol = PPP
        Ascend-HTTP-Redirect-URL = "http://216.241.1.30"
        Ascend-HTTP-Redirect-Port = 80

I'm going to discuses this with the support of Lucent, I will page you
when we solve this problems.

Thanks a lot,

JC.

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Wednesday, December 29, 2004 4:55 PM
To: Julio Cesar Pinto
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Private Attribute radius


Hello Julio -

The attribute definitions as shown in the URL you sent me and in the 
definitions I sent to you _are_ vendor-specifics.

If you look at a trace 4 debug from Radiator (or radpwtst) you should 
see the correct attribute name.

You will need to check with your NAS vendor how to use the attributes 
with RADIUS.

If you could send me a trace 5 debug from Radiator showing the 
attributes in the reply I will verify the encoding.

regards

Hugh


On 30 Dec 2004, at 08:12, Julio Cesar Pinto wrote:

> Hi Hugh,
>
> It doesn't work :(
>
> I did a radstock, and the packet show me the following:
>
> Request (62) - 216.241.0.70:7007 -> 200.62.3.98:1812 (L124)
>   User-Name             Len  6  "fgf*"
>   User-Password         Len  8  "****|*"
>   NAS-IP-Address        Len  6  216.241.0.70
>   NAS-Identifier        Len 18  "TNTTEST.ifxnw.cl"
>   NAS-Port              Len  6  9228
>   NAS-Port-Type         Len  6  Async
>   Service-Type          Len  6  Framed-User
>   Framed-Protocol       Len  6  PPP
>   State                 Len  2  ""
>   Calling-Station-Id    Len 10  "25596126"
>   Called-Station-Id     Len  6  "8800"
>   Acct-Session-Id       Len 12  "472335283*"
>   Calling-Station-Id    Len 10  "27582762"
>   Called-Station-Id     Len  6  "8800"
>   Ascend-Data-Svc       Len  6  Switched-Voice-Bearer
> Acc-Ack (30) - 216.241.0.70:7006 <- 200.62.3.97:1813 (L67)
>   Framed-Protocol       Len  6  PPP
>   Vendor-Specific       Len 28  "*******http://216.241.1.30"
>   Vendor-Specific       Len 13  "***** ****P"
>
> As you see the fields are show as Vendor-Specific, I'm using another
> attributes like:
>
> ATTRIBUTE       Ascend-Client-Primary-DNS       135     ipaddr
> ATTRIBUTE       Ascend-Client-Secondary-DNS     136     ipaddr
> ATTRIBUTE       Ascend-Client-Assign-DNS        137     integer
> ATTRIBUTE       Ascend-Data-Filter              242     abinary
>
> And this attribute in the radstock are show it with the same value
that
> the dictionary, keep in mind that the radstock use the same dictionary
> that I use in the radiators process.
>
> I know that this feature is working ok, because we implement a local
> user into the NAS with the redirection parameter and work very well.
>
> I appreciate your comments in the matter.
>
> Thanks a lot,
>
> JC.
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Tuesday, December 28, 2004 5:40 PM
> To: Julio Cesar Pinto
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Private Attribute radius
>
>
> Hello Julio -
>
> Thanks for the URL.
>
> You should be able to add the following to the standard Radiator 3.11
> dictionary:
>
> VENDORATTR      4846     Ascend-Http-Redirect-URL                287
>   string
> VENDORATTR      4846     Ascend-Http-Redirect-Port                 288
>     integer
>
> Please let me know whether or not they work correctly.
>
> I will then consider what to do about adding them to the standard
> dictionary.
>
> regards
>
> Hugh
>
>
> On 29 Dec 2004, at 01:01, Julio Cesar Pinto wrote:
>
>> Hi Hugh,
>>
>> I found the attributes in the following page
>>
>> http://www.lucentradius.com/dcforum/User_files/3dd2be19328291e9.txt
>>
>> You could see that this page management the information about Navis
>> Soft.
>>
>> So, according whit this information the official definitions are:
>>
>> ATTRIBUTE       Ascend-Http-Redirect-URL                287
string
>> Lucent
>> ATTRIBUTE       Ascend-Http-Redirect-Port               288
> integer
>> Lucent
>>
>> Let me know your comments,
>>
>> Thanks,
>>
>> JC.
>>
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Monday, December 27, 2004 6:09 PM
>> To: Julio Cesar Pinto
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Private Attribute radius
>>
>>
>> Hello Julio -
>>
>> What are the "official" definitions for these attributes?
>>
>> Normally the definitions would look like this, but from the code I
>> think there is the same restriction of less than 255 for these
>> attributes too (see "Radius/Radius.pm->sub pack()) so I don't think
>> they will work.
>>
>>
>> VENDORATTR      529     Ascend-HTTP-Redirect-URL                287
>> string
>> VENDORATTR      529     Ascend-HTTP-Redirect-Port                 288
>>    integer
>>
>>
>> Please let me know what you discover for the "official" attributes.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 28 Dec 2004, at 08:40, Julio Cesar Pinto wrote:
>>
>>> Hugh,
>>>
>>> I appreciate your help in this doubt, thanks a lot.
>>>
>>> Working in a new project we need to use the following attributes:
>>> Ascend-HTTP-Redirect-URL
>>> Ascend-HTTP-Redirect-Port
>>>
>>> This attributes don't exist in the radiator dictionary, so I added
>> this
>>> by hand in the following way:
>>>
>>> ATTRIBUTE       Ascend-HTTP-Redirect-URL        287     string
>>> ATTRIBUTE       Ascend-HTTP-Redirect-Port       288     integer
>>>
>>> Anyway I received the following message in the logs:
>>>
>>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>>> Ascend-HTTP-Redirect-URL ignored
>>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>>> Ascend-HTTP-Redirect-Port ignored
>>>
>>> What is the correct way to add this attributes, into the 529
vendor?.
>>>
>>> Let me know your comments,
>>>
>>> Thanks in advantage,
>>>
>>> JC.
>>>
>>>
>>> -----Original Message-----
>>> From: Hugh Irvine [mailto:hugh at open.com.au]
>>> Sent: Wednesday, December 22, 2004 10:29 PM
>>> To: Julio Cesar Pinto
>>> Cc: radiator at open.com.au
>>> Subject: Re: (RADIATOR) Private Attribute radius
>>>
>>>
>>> Hello Julio -
>>>
>>> Radius attributes are encoded into an 8 bit field - hence are
limited
>>> to 255 and below.
>>>
>>> We provide the OSC-AVPAIR attribute that can be used in any way you
>>> wish.
>>>
>>> 	AddToReply OSC-AVPAIR = "Test=123, Conn-Stat=active,
>>> Visp-Id=whatever,
>>> ....."
>>>
>>> If you want to define your own "official" attributes you should
apply
>>> for your own vendor number from IANA.
>>>
>>> 	http://www.iana.org/cgi-bin/enterprise.pl
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 23 Dec 2004, at 11:30, Julio Cesar Pinto wrote:
>>>
>>>> Hi,
>>>>
>>>> I would like to know, if is possible include in my dictionary a
>>> private
>>>> attribute. Something likes that:
>>>>
>>>> ATTRIBUTE       Test                689             integer
>>>> ATTRIBUTE       Conn-Stat		690             integer
>>>> ATTRIBUTE       Visp-Id   		691             string
>>>> ATTRIBUTE       Country-Id          692             string
>>>>
>>>> I know that I can :) the machine is my slave, but the idea is that
>>>> these
>>>> attribute to be recognized by radiator, because at the moment I
>>> receive
>>>> the following error:
>>>>
>>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Visp-Id
> ignored
>>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Country-Id
>>>> ignored
>>>>
>>>> When the packet pass through AuthBy RADIUS
>>>>
>>>> I appreciate any comments.
>>>>
>>>> Thanks in advance,
>>>>
>>>> JC.
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database
independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like
systems.
>>>
>>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list