(RADIATOR) DNS settings will not go to client
Hugh Irvine
hugh at open.com.au
Fri Jul 23 23:08:55 CDT 2004
Hello Peter -
Unfortunately vendors have made sure that there is no "decent standard".
Although to be fair the radius RFC's are also somewhat unclear in some
areas (and have evolved over time).
The good news and the bad news is that Diameter is much more strictly
defined.
regards
Hugh
On 23 Jul 2004, at 23:16, Peter Lindeman wrote:
> Ingvar Berg (LI/EAB) wrote:
>
>
>> I don't think there is an Ericsson GGSN 4.0, but it could be the CGSN
>> 4.0 your telco has.
>> The CGSN is a Combined SGSN/GGSN node. Unfortunately, I'm not able to
>> find someone with knowedge about this node, but the documentation for
>> GGSN 2.0 states that the DNS attributes should be according to RFC
>> 2548:
>
> Hmm, strange, the Telco tells me it is a GGSN 4.0
> They also told me it should be type 135
>
> I now tried it here with the parameters as you wrote down but it won't
> work, when I trace in Ethereal I now see the vendor Microsoft with
> attribute 28 (Primary DNS) but the mobile won't get the DNS parms so
> possibly a different implementation on this device of ericsson?
>
> Can any company do what ever they want with these Radius
> implementations? Isn't there a descent standard?
>
> Thanks,
>
> Peter Lindeman
>
>> -----------------------------
>> The Vendor-ID field of the
>> Vendor-Specific Attribute(s) MUST be set to decimal 311
>> (Microsoft).
>> -----------------------------
>> 2.7.6. MS-Primary-DNS-Server
>> Description
>> The MS-Primary-DNS-Server Attribute is used to indicate the
>> address of the primary Domain Name Server (DNS) [16, 17] server
>> to
>> be used by the PPP peer. It MAY be included in both
>> Access-Accept
>> and Accounting-Request packets.
>> A summary of the MS-Primary-DNS-Server Attribute format is given
>> below. The fields are transmitted left to right.
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | Vendor-Type | Vendor-Length | IP-Address
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> IP-Address (cont) |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> Vendor-Type
>> 28 for MS-Primary-DNS-Server
>> Vendor-Length
>> 6
>> IP-Address
>> The IP-Address field is 4 octets in length. It contains the IP
>> address of the primary DNS server.
>> 2.7.7. MS-Secondary-DNS-Server
>> Description
>> The MS-Secondary-DNS-Server Attribute is used to indicate the
>> address of the secondary DNS server to be used by the PPP peer.
>> It MAY be included in both Access-Accept and Accounting-Request
>> packets.
>> A summary of the MS-Secondary-DNS-Server Attribute format is given
>> below. The fields are transmitted left to right.
>> 0 1 2 3
>> 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> | Vendor-Type | Vendor-Length | IP-Address
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> IP-Address (cont) |
>> +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
>> Vendor-Type
>> 29 for MS-Secondary-DNS-Server
>> Vendor-Length
>> 6
>> IP-Address
>> The IP-Address field is 4 octets in length. It contains the IP
>> address of the secondary DNS server.
>> --------------------------
>> Migth be worth a try, even if the possibility of Ericsson having two
>> similar products with different detail implementation shouldn't be
>> underestimated ;-)
>> HTH,
>> Ingvar
>>> -----Original Message-----
>>> From: owner-radiator at open.com.au
>>> [mailto:owner-radiator at open.com.au]On
>>> Behalf Of Peter Lindeman
>>> Sent: den 21 juli 2004 17:17
>>> To: radiator at open.com.au
>>> Subject: (RADIATOR) DNS settings will not go to client
>>>
>>>
>>> Hello,
>>>
>>> We are using Radiator to authenticate GPRS users. As well as the IP
>>> we also want to send the primary DNS server as a parameter.
>>>
>>> The radius client is an Ericsson GGSN 4.0
>>>
>>> This is what we have in the config file :
>>>
>>> IN the addresspool
>>>
>>> <AddressPool pool1>
>>> Subnetmask 255.255.255.0
>>> Range 10.2.0.9 10.2.0.100
>>> DNSServer 192.168.3.4
>>> </AddressPool>
>>>
>>> in <AuthBy DYNADDRESS> we have
>>>
>>> MapAttribute DNSSERVER, Cisco-Primary-DNS-Server
>>>
>>> IN the dictionary
>>>
>>> ATTRIBUTE Cisco-Primary-DNS-Server 135 ipaddr
>>>
>>> Am I forgetting something?
>>>
>>> --
>>>
>>> Peter Lindeman
>>> TPA traffic & parking automation bv
>>>
>
>
> --
>
> Peter Lindeman
> TPA traffic & parking automation bv
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list