(RADIATOR) AuthBy RADIUS and AuthBy DYNADDRESS
Ben Carter
BenCarter at businessserve.co.uk
Wed Jul 21 05:23:35 CDT 2004
Hi,
I'm struggling with getting a Handler to work as I want and would really
appreciate any help!
I'm trying to proxy an auth request off to a another Radius server with
AuthBy RADIUS, and then if it returns with an accept, allocate an IP from a
pool. (As this pool is used for lots of handlers it's not possible to have
the 2nd radius server give out the IP address)
The config is as follows:
<Handler Client-Identifier = XX-Radius, Called-Station-Id = /0?8450xxxxx8/>
AuthByPolicy ContinueWhileAccept
<AuthBy RADIUS>
Host 1.1.1.1
Secret Sxxxxxx
</AuthBy>
<AuthBy DYNADDRESS>
AddressAllocator DialAllocator
PoolHint %{Client:Identifier}
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
Framed-Routing = None, \
cisco-avpair = "ip:dns-servers=xx.xx.xx.xx xx.xx.xx.xx"
</AuthBy>
</Handler>
Now, I'm aware that AuthBy RADIUS behaves a little differently to other
AuthBy clauses in that it returns a reply immedialtely to the NAS if it
recieves an access-accept. Though I'm surprised to find the allocator isn't
being called at all.
Does anyone have any idea how I might achieve what I'm trying to do.
The log output is below.
Thanks,
Ben.
Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 41301 ....
Packet length = 93
Code: Access-Request
Identifier: 176
Authentic: 1234567890123456
Attributes:
User-Name = "AC0001"
Service-Type = Framed-User
NAS-IP-Address = xxxxxxxxx
NAS-Port = 1234
Called-Station-Id = "8450xxxxxx"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password =
"<139><232>'<199><216>3<4><246><188>8<9><160><216>}x<153>"
Wed Jul 21 10:53:57 2004: DEBUG: Handling request with Handler
'Client-Identifier = YC-Radius, Called-Station-Id = /0?8450xxxxxx/'
Wed Jul 21 10:53:57 2004: DEBUG: Deleting session for AC0001, xxxxxxxxx,
1234
Wed Jul 21 10:53:57 2004: DEBUG: Handling with Radius::AuthRADIUS
Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
*** Sending to xx.xx.xx.xx port 1645 ....
Packet length = 93
Code: Access-Request
Identifier: 1
Authentic: 1234567890123456
Attributes:
User-Name = "AC0001"
Service-Type = Framed-User
NAS-IP-Address = xxxxxxx
NAS-Port = 1234
Called-Station-Id = "8450xxxxxxx"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = "<15><151>:<154>F+C<181>myg<12><204>u<216><245>"
Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
*** Received from xx.xx.xx.xx port 1645 ....
Packet length = 68
Code: Access-Accept
Identifier: 1
Authentic: %m<190>e<214>w<223>*n<9>O<129>\<178><223><248>
Attributes:
Port-Limit = 1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Idle-Timeout = 1200
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Wed Jul 21 10:53:57 2004: DEBUG: Received reply in AuthRADIUS for req 1 from
xxxxxxxxxx:1645
Wed Jul 21 10:53:57 2004: DEBUG: Access accepted for AC0001
Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 41301 ....
Packet length = 68
Code: Access-Accept
Identifier: 176
Authentic: 1234567890123456
Attributes:
Port-Limit = 1
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Idle-Timeout = 1200
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list