(RADIATOR) static IP address and DNS for Cisco VPN

Judy Angel J.Angel at herts.ac.uk
Tue Feb 10 06:10:31 CST 2004 

Included are the config and debug, the user section is in the original mail.
I have specified cisco-avpair="ip:addr_pool=acepool"
what is the syntax for one ip address?

many thanks

Judy Angel
University of Hertfordshire

# proxy.cfg
#
#
# Author: Mike McCauley (mikem at open.com.au)
# Copyright (C) 1997 Open System Consultants
# $Id: proxy.cfg,v 1.1 1999/01/28 05:13:52 mikem Exp $

# Set this to the directory where your logfile and details file are to go
Foreground
LogStdout
LogDir /logs/Rad

# Set this to the database directory. It should contain these files:
# users           The user database
# dictionary      The dictionary for your NAS
DbDir .
Trace 4

# This clause defines a single client to listen to
<Client hestia.herts.ac.uk>
	Secret   xxx
</Client>

<Client gemini.herts.ac.uk>
        Secret  xxx
</Client>

<Client helios.herts.ac.uk>
	Secret   xxx
</Client>

<Client altair.herts.ac.uk>
	Secret xxx
</Client>

<Client ascend.herts.ac.uk>
	Secret xxx
</Client>

<Client ras.herts.ac.uk>
	Secret xxx
</Client>


<Client 147.197.121.1>
	Secret xxx
</Client>

# For testing: this allows us to honour requests from radpwtst
# on the same host.
<Client localhost>
	Secret mysecret
	DupInterval 0
</Client>

# define AuthBy clauses with Identifiers for later use

<AuthBy FILE>
	Identifier CheckUsers
	Filename %D/users
</AuthBy>

<AuthBy ACE>
	Identifier CheckACE
        ConfigDirectory /var/adm/hat/ace/data
</AuthBy>

<AuthBy UNIX>
	Identifier CheckSystem
</AuthBy>

<Realm hestia>
	RewriteUsername	s/^([^@]+).*/$1/
	<AuthBy RADIUS>
		Host hestia.herts.ac.uk
		Secret mysecret
	</AuthBy>
</Realm>

<Realm gemini>
	RewriteUsername	s/^([^@]+).*/$1/
	<AuthBy RADIUS>
		Host gemini.herts.ac.uk
		Secret xxx
	</AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail
</Realm>

<Realm gemvpn>
	RewriteUsername	s/^([^:]+).*/$1/
	<AuthBy RADIUS>
		Host gemini.herts.ac.uk
		Secret xxx
	</AuthBy>
</Realm>

<Realm altair>
	RewriteUsername s/^([^@]+).*/$1/
	<AuthBy RADIUS>
		Host altair.herts.ac.uk
		Secret xxx
	</AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail

</Realm>

<Realm staff>
	RewriteUsername s/^([^@]+).*/$1/
	<AuthBy RADIUS>
		Host altair.herts.ac.uk
		Secret xxx
	</AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail

</Realm>

<Realm>
 	AuthBy CheckUsers
	# Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail
</Realm>

# This clause handles all the other realms
<Realm DEFAULT>
	AuthBy CheckUsers
	# Log accounting to the detail file in LogDir
	AcctLogFileName	%L/detail
</Realm>


debug:

*** Received from 147.197.194.8 port 21645 ....
Code:       Access-Request
Identifier: 48
Authentic: 
<232>~<139><138><236><138><3><207><218><127><162><242><237><196><189
><241>
Attributes:
        NAS-IP-Address = 147.197.194.8
        NAS-Port-Type = Async
        User-Name = "acesid"
        Calling-Station-Id = "80.40.51.76"
        User-Password = 
"?<176>`<234><186>*8<222><20><229><130><144><177>S<161>$
"

Tue Feb 10 11:50:24 2004: DEBUG: Handling request with Handler 'Realm='
Tue Feb 10 11:50:24 2004: DEBUG:  Deleting session for acesid, 
147.197.194.8,
Tue Feb 10 11:50:24 2004: DEBUG: Handling with Radius::AuthFILE: CheckUsers
Tue Feb 10 11:50:24 2004: DEBUG: Radius::AuthFILE looks for match with 
acesid
Tue Feb 10 11:50:24 2004: DEBUG: Handling with Radius::AuthACE: CheckACE
Tue Feb 10 11:50:24 2004: DEBUG: Radius::AuthACE looks for match with acesid
Tue Feb 10 11:50:25 2004: DEBUG: Radius::AuthACE ACCEPT:
Tue Feb 10 11:50:25 2004: DEBUG: Radius::AuthFILE ACCEPT:
Tue Feb 10 11:50:25 2004: DEBUG: Access accepted for acesid
Tue Feb 10 11:50:25 2004: DEBUG: Packet dump:
*** Sending to 147.197.194.8 port 21645 ....
Code:       Access-Accept
Identifier: 48
Authentic: 
<232>~<139><138><236><138><3><207><218><127><162><242><237><196><189
><241>
Attributes:
        Framed-IP-Address = 147.197.253.64
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Netmask = 255.255.255.255
        Ascend-Link-Compression = Link-Comp-MS-Stac
        Ascend-Idle-Limit = 3600
        Ascend-Client-Assign-DNS = DNS-Assign-Yes
        Ascend-Client-Primary-DNS = 147.197.200.2
        Ascend-Client-Secondary-DNS = 147.197.200.44
        cisco-avpair = "ip:dns-servers=147.197.200.2 147.197.200.44"
        cisco-avpair = "ip:addr_pool=acepool"

Tue Feb 10 11:51:23 2004: DEBUG: Packet dump:
*** Received from 147.197.254.10 port 1645 ....




--On 10 February 2004 08:14 +1100 Hugh Irvine <hugh at open.com.au> wrote:

>
> Hello Judy -
>
> Could you also please send me a copy of your configuration file (no
> secrets) together with a trace 4 debug from Radiator showing what is
> happening with this user?
>
> regards
>
> Hugh
>
>
> On 10 Feb 2004, at 00:52, Judy Angel wrote:
>
>> apology for the lack of signature.
>>
>> Many thanks
>> Judy Angel
>> University of Hertfordshire
>>
>> --On 09 February 2004 12:40 +0000 Judy Angel <J.Angel at herts.ac.uk>
>> wrote:
>>
>>> I have radius for dialup and Ace  authentication and all works fine. I
>>> also have VPN configured on a Cisco router and authentication is ok,
>>> from
>>> a cisco vpn client. However I would like the static ip address and dns
>>> set in the users file to be transferred to the vpn client.
>>>
>>> I have tried to add cisco-avpair but the client does not see that. I
>>> can
>>> see no error in the radius log file.
>>>
>>> Any suggestion please.
>>>
>>> users file:
>>> acesid  Auth-Type = CheckACE
>>>         Service-Type = Framed-User,
>>>         AddToReply      Framed-Protocol = PPP,
>>>         Framed-IP-Netmask = 255.255.255.255,
>>>         Ascend-Link-Compression = Link-Comp-MS-Stac,
>>>         Ascend-Idle-Limit = 3600,
>>>         Framed-IP-Address = xxx.xxx.xxx.64,
>>>         Ascend-Client-Assign-DNS = DNS-Assign-Yes,
>>>         Ascend-Client-Primary-DNS = xxx.xxx.xxx.2,
>>>         Ascend-Client-Secondary-DNS = xxx.xxx.xxx.44,
>>>         cisco-avpair="ip:dns-servers=xxx.xxx.xxx.2 xxx.xxx.xxx.44"
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list