(RADIATOR) AuthBy RADIUS and AuthBy DYNADDRESS

Ben Carter BenCarter at businessserve.co.uk
Wed Jul 21 06:44:03 CDT 2004 

Hi,

Perhaps searching the mailing list archives with making a spelling mistake
would have been a good idea before sending this in.

Anyway, answer was (as found in the archives): You can't do this in the
config alone, you need a Hook, and magically just the hook you need is in
goodies/hooks.txt - Example 5 - and it works perfectly. (Thanks for the hook
Hugh :) )

Sorry :)

Ben.

> -----Original Message-----
> From: Ben Carter [mailto:BenCarter at businessserve.co.uk] 
> Sent: 21 July 2004 11:24
> To: radiator at open.com.au
> Subject: (RADIATOR) AuthBy RADIUS and AuthBy DYNADDRESS
> 
> 
> Hi,
> 
> I'm struggling with getting a Handler to work as I want and 
> would really
> appreciate any help!
> 
> I'm trying to proxy an auth request off to a another Radius 
> server with
> AuthBy RADIUS, and then if it returns with an accept, 
> allocate an IP from a
> pool. (As this pool is used for lots of handlers it's not 
> possible to have
> the 2nd radius server give out the IP address)
> 
> The config is as follows:
> 
> <Handler Client-Identifier = XX-Radius, Called-Station-Id = 
> /0?8450xxxxx8/>
>         AuthByPolicy ContinueWhileAccept
>         <AuthBy RADIUS>
>                 Host 1.1.1.1
>                 Secret Sxxxxxx
>         </AuthBy>
>         <AuthBy DYNADDRESS>
>                 AddressAllocator        DialAllocator
>                 PoolHint                %{Client:Identifier}
>                 AddToReply Service-Type = Framed-User, \
>                    Framed-Protocol = PPP, \
>                    Framed-Routing = None, \
>                    cisco-avpair = "ip:dns-servers=xx.xx.xx.xx 
> xx.xx.xx.xx"
>         </AuthBy>
> </Handler>
> 
> Now, I'm aware that AuthBy RADIUS behaves a little 
> differently to other
> AuthBy clauses in that it returns a reply immedialtely to the 
> NAS if it
> recieves an access-accept. Though I'm surprised to find the 
> allocator isn't
> being called at all.
> 
> Does anyone have any idea how I might achieve what I'm trying to do.
> 
> The log output is below.
> 
> Thanks,
> 
> Ben.
> 
> 
> Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 41301 ....
> 
> Packet length = 93
> Code:       Access-Request
> Identifier: 176
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "AC0001"
>         Service-Type = Framed-User
>         NAS-IP-Address = xxxxxxxxx
>         NAS-Port = 1234
>         Called-Station-Id = "8450xxxxxx"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password =
> "<139><232>'<199><216>3<4><246><188>8<9><160><216>}x<153>"
> 
> Wed Jul 21 10:53:57 2004: DEBUG: Handling request with Handler
> 'Client-Identifier = YC-Radius, Called-Station-Id = /0?8450xxxxxx/'
> Wed Jul 21 10:53:57 2004: DEBUG:  Deleting session for 
> AC0001, xxxxxxxxx,
> 1234
> Wed Jul 21 10:53:57 2004: DEBUG: Handling with Radius::AuthRADIUS
> Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
> *** Sending to xx.xx.xx.xx port 1645 ....
> 
> Packet length = 93
> Code:       Access-Request
> Identifier: 1
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "AC0001"
>         Service-Type = Framed-User
>         NAS-IP-Address = xxxxxxx
>         NAS-Port = 1234
>         Called-Station-Id = "8450xxxxxxx"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = 
> "<15><151>:<154>F+C<181>myg<12><204>u<216><245>"
> 
> Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
> *** Received from xx.xx.xx.xx port 1645 ....
> 
> Packet length = 68
> Code:       Access-Accept
> Identifier: 1
> Authentic:  %m<190>e<214>w<223>*n<9>O<129>\<178><223><248>
> Attributes:
>         Port-Limit = 1
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Idle-Timeout = 1200
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP
> 
> Wed Jul 21 10:53:57 2004: DEBUG: Received reply in AuthRADIUS 
> for req 1 from
> xxxxxxxxxx:1645
> Wed Jul 21 10:53:57 2004: DEBUG: Access accepted for AC0001
> Wed Jul 21 10:53:57 2004: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 41301 ....
> 
> Packet length = 68
> Code:       Access-Accept
> Identifier: 176
> Authentic:  1234567890123456
> Attributes:
>         Port-Limit = 1
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Framed-IP-Netmask = 255.255.255.255
>         Idle-Timeout = 1200
>         Framed-Routing = None
>         Framed-MTU = 1500
>         Framed-Compression = Van-Jacobson-TCP-IP
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list