(RADIATOR) Private Attribute radius
Hugh Irvine
hugh at open.com.au
Fri Dec 31 16:11:35 CST 2004
Hello Julio -
Thanks very much for the information.
Could you please tell me exactly what NAS equipment you are using
(hardware and software versions) and what version of vendor-specific
attributes you are using? Better yet, could you please send me a trace
5 debug showing the attribute dumps?
The reason I ask this is because the attribute definitions I sent you
(see below) are in a special "Lucent" format (vendor 4846) rather than
in the standard "Ascend" format (vendor 529).
thanks and regards
Hugh
On 1 Jan 2005, at 03:14, Julio Cesar Pinto wrote:
> Hi Hugh,
>
> At the moment we solved the problem, the solution was to modify in the
> NAS the compatibility with radius in the external profile.
>
> By default the NAS have old-ascend we change it to vendor-specific and
> work very well.
>
> Thanks a lot for your help,
>
> Greetings and Happy New Year,
>
> JC.
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
> Behalf Of Julio Cesar Pinto
> Sent: Wednesday, December 29, 2004 6:32 PM
> To: Hugh Irvine
> Cc: radiator at open.com.au
> Subject: RE: (RADIATOR) Private Attribute radius
>
> Hi Hugh,
>
> Very interesting, I see the correct attribute in the log trace 5.
>
> LOG.
>
> *** Sending to 216.241.0.70 port 7007 ....
>
> Packet length = 67
> 02 69 00 43 08 71 cf 80 7b 4d 4a da 00 7f c4 13
> 5f 49 9b d8 07 06 00 00 00 01 1a 1c 00 00 12 ee
> 01 1f 16 68 74 74 70 3a 2f 2f 32 31 36 2e 32 34
> 31 2e 31 2e 33 30 1a 0d 00 00 12 ee 01 20 07 00
> 00 00 50
> Code: Access-Accept
> Identifier: 105
> Authentic: <149><153><199><245>D<207>x<253><243>;N <30><132><211><22>
> Attributes:
> Framed-Protocol = PPP
> Ascend-HTTP-Redirect-URL = "http://216.241.1.30"
> Ascend-HTTP-Redirect-Port = 80
>
> I'm going to discuses this with the support of Lucent, I will page you
> when we solve this problems.
>
> Thanks a lot,
>
> JC.
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, December 29, 2004 4:55 PM
> To: Julio Cesar Pinto
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Private Attribute radius
>
>
> Hello Julio -
>
> The attribute definitions as shown in the URL you sent me and in the
> definitions I sent to you _are_ vendor-specifics.
>
> If you look at a trace 4 debug from Radiator (or radpwtst) you should
> see the correct attribute name.
>
> You will need to check with your NAS vendor how to use the attributes
> with RADIUS.
>
> If you could send me a trace 5 debug from Radiator showing the
> attributes in the reply I will verify the encoding.
>
> regards
>
> Hugh
>
>
> On 30 Dec 2004, at 08:12, Julio Cesar Pinto wrote:
>
>> Hi Hugh,
>>
>> It doesn't work :(
>>
>> I did a radstock, and the packet show me the following:
>>
>> Request (62) - 216.241.0.70:7007 -> 200.62.3.98:1812 (L124)
>> User-Name Len 6 "fgf*"
>> User-Password Len 8 "****|*"
>> NAS-IP-Address Len 6 216.241.0.70
>> NAS-Identifier Len 18 "TNTTEST.ifxnw.cl"
>> NAS-Port Len 6 9228
>> NAS-Port-Type Len 6 Async
>> Service-Type Len 6 Framed-User
>> Framed-Protocol Len 6 PPP
>> State Len 2 ""
>> Calling-Station-Id Len 10 "25596126"
>> Called-Station-Id Len 6 "8800"
>> Acct-Session-Id Len 12 "472335283*"
>> Calling-Station-Id Len 10 "27582762"
>> Called-Station-Id Len 6 "8800"
>> Ascend-Data-Svc Len 6 Switched-Voice-Bearer
>> Acc-Ack (30) - 216.241.0.70:7006 <- 200.62.3.97:1813 (L67)
>> Framed-Protocol Len 6 PPP
>> Vendor-Specific Len 28 "*******http://216.241.1.30"
>> Vendor-Specific Len 13 "***** ****P"
>>
>> As you see the fields are show as Vendor-Specific, I'm using another
>> attributes like:
>>
>> ATTRIBUTE Ascend-Client-Primary-DNS 135 ipaddr
>> ATTRIBUTE Ascend-Client-Secondary-DNS 136 ipaddr
>> ATTRIBUTE Ascend-Client-Assign-DNS 137 integer
>> ATTRIBUTE Ascend-Data-Filter 242 abinary
>>
>> And this attribute in the radstock are show it with the same value
> that
>> the dictionary, keep in mind that the radstock use the same dictionary
>> that I use in the radiators process.
>>
>> I know that this feature is working ok, because we implement a local
>> user into the NAS with the redirection parameter and work very well.
>>
>> I appreciate your comments in the matter.
>>
>> Thanks a lot,
>>
>> JC.
>>
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: Tuesday, December 28, 2004 5:40 PM
>> To: Julio Cesar Pinto
>> Cc: radiator at open.com.au
>> Subject: Re: (RADIATOR) Private Attribute radius
>>
>>
>> Hello Julio -
>>
>> Thanks for the URL.
>>
>> You should be able to add the following to the standard Radiator 3.11
>> dictionary:
>>
>> VENDORATTR 4846 Ascend-Http-Redirect-URL 287
>> string
>> VENDORATTR 4846 Ascend-Http-Redirect-Port 288
>> integer
>>
>> Please let me know whether or not they work correctly.
>>
>> I will then consider what to do about adding them to the standard
>> dictionary.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 29 Dec 2004, at 01:01, Julio Cesar Pinto wrote:
>>
>>> Hi Hugh,
>>>
>>> I found the attributes in the following page
>>>
>>> http://www.lucentradius.com/dcforum/User_files/3dd2be19328291e9.txt
>>>
>>> You could see that this page management the information about Navis
>>> Soft.
>>>
>>> So, according whit this information the official definitions are:
>>>
>>> ATTRIBUTE Ascend-Http-Redirect-URL 287
> string
>>> Lucent
>>> ATTRIBUTE Ascend-Http-Redirect-Port 288
>> integer
>>> Lucent
>>>
>>> Let me know your comments,
>>>
>>> Thanks,
>>>
>>> JC.
>>>
>>>
>>> -----Original Message-----
>>> From: Hugh Irvine [mailto:hugh at open.com.au]
>>> Sent: Monday, December 27, 2004 6:09 PM
>>> To: Julio Cesar Pinto
>>> Cc: radiator at open.com.au
>>> Subject: Re: (RADIATOR) Private Attribute radius
>>>
>>>
>>> Hello Julio -
>>>
>>> What are the "official" definitions for these attributes?
>>>
>>> Normally the definitions would look like this, but from the code I
>>> think there is the same restriction of less than 255 for these
>>> attributes too (see "Radius/Radius.pm->sub pack()) so I don't think
>>> they will work.
>>>
>>>
>>> VENDORATTR 529 Ascend-HTTP-Redirect-URL 287
>>> string
>>> VENDORATTR 529 Ascend-HTTP-Redirect-Port 288
>>> integer
>>>
>>>
>>> Please let me know what you discover for the "official" attributes.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 28 Dec 2004, at 08:40, Julio Cesar Pinto wrote:
>>>
>>>> Hugh,
>>>>
>>>> I appreciate your help in this doubt, thanks a lot.
>>>>
>>>> Working in a new project we need to use the following attributes:
>>>> Ascend-HTTP-Redirect-URL
>>>> Ascend-HTTP-Redirect-Port
>>>>
>>>> This attributes don't exist in the radiator dictionary, so I added
>>> this
>>>> by hand in the following way:
>>>>
>>>> ATTRIBUTE Ascend-HTTP-Redirect-URL 287 string
>>>> ATTRIBUTE Ascend-HTTP-Redirect-Port 288 integer
>>>>
>>>> Anyway I received the following message in the logs:
>>>>
>>>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>>>> Ascend-HTTP-Redirect-URL ignored
>>>> Mon Dec 27 16:33:46 2004: WARNING: Invalid reply item
>>>> Ascend-HTTP-Redirect-Port ignored
>>>>
>>>> What is the correct way to add this attributes, into the 529
> vendor?.
>>>>
>>>> Let me know your comments,
>>>>
>>>> Thanks in advantage,
>>>>
>>>> JC.
>>>>
>>>>
>>>> -----Original Message-----
>>>> From: Hugh Irvine [mailto:hugh at open.com.au]
>>>> Sent: Wednesday, December 22, 2004 10:29 PM
>>>> To: Julio Cesar Pinto
>>>> Cc: radiator at open.com.au
>>>> Subject: Re: (RADIATOR) Private Attribute radius
>>>>
>>>>
>>>> Hello Julio -
>>>>
>>>> Radius attributes are encoded into an 8 bit field - hence are
> limited
>>>> to 255 and below.
>>>>
>>>> We provide the OSC-AVPAIR attribute that can be used in any way you
>>>> wish.
>>>>
>>>> AddToReply OSC-AVPAIR = "Test=123, Conn-Stat=active,
>>>> Visp-Id=whatever,
>>>> ....."
>>>>
>>>> If you want to define your own "official" attributes you should
> apply
>>>> for your own vendor number from IANA.
>>>>
>>>> http://www.iana.org/cgi-bin/enterprise.pl
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 23 Dec 2004, at 11:30, Julio Cesar Pinto wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I would like to know, if is possible include in my dictionary a
>>>> private
>>>>> attribute. Something likes that:
>>>>>
>>>>> ATTRIBUTE Test 689 integer
>>>>> ATTRIBUTE Conn-Stat 690 integer
>>>>> ATTRIBUTE Visp-Id 691 string
>>>>> ATTRIBUTE Country-Id 692 string
>>>>>
>>>>> I know that I can :) the machine is my slave, but the idea is that
>>>>> these
>>>>> attribute to be recognized by radiator, because at the moment I
>>>> receive
>>>>> the following error:
>>>>>
>>>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Visp-Id
>> ignored
>>>>> Wed Dec 22 18:28:33 2004: WARNING: Invalid reply item Country-Id
>>>>> ignored
>>>>>
>>>>> When the packet pass through AuthBy RADIUS
>>>>>
>>>>> I appreciate any comments.
>>>>>
>>>>> Thanks in advance,
>>>>>
>>>>> JC.
>>>>>
>>>>> --
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive
>>>> (www.open.com.au/archives/radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database
> independence.
>>>> -
>>>> CATool: Private Certificate Authority for Unix and Unix-like
> systems.
>>>>
>>>>
>>>
>>> NB:
>>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive
>>> (www.open.com.au/archives/radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list