(RADIATOR) Outbound User needs to be authed by default.

Claudio Lapidus c_lapidus at hotmail.com
Wed May 26 22:12:47 CDT 2004


Hello Brett

I think you'll need also to setup the proper tunnel parameters to get the session forwarded:

<AuthBy INTERNAL>
    DefaultResult    ACCEPT
    AddToReply       Service-Type = Outbound-User \
                     Tunnel-Type = L2TP \
                     Tunnel-Server-Endpoint = xxx.yyy.zzz.aaa \
                     Tunnel-Password = shhhhhh
</AuthBy>


hope this helps
cl.

----- Original Message ----- 
From: "Hugh Irvine" <hugh at open.com.au>
To: "Brett Murphy" <brett at alphalink.com.au>
Cc: <radiator at open.com.au>
Sent: Wednesday, May 26, 2004 7:29 PM
Subject: Re: (RADIATOR) Outbound User needs to be authed by default.


> 
> Hello Brett -
> 
> You should use an AuthBy INTERNAL:
> 
> <AuthBy INTERNAL>
> DefaultResult ACCEPT
> </AuthBy>
> 
> See section 6.46 in the Radiator 3.9 reference manual ("doc/ref.html").
> 
> regards
> 
> Hugh
> 
> 
> On 26 May 2004, at 21:52, Brett Murphy wrote:
> 
> > Hi All,
> > I have an LNS that is forwarding an l2tp session to another LNS, and 
> > the first LNS
> > also needs to terminate VPN's using aaa to radiator.
> > When the incoming session is forwarded , the router stupidly asks 
> > radius for auth,
> > with something like:
> >
> > For username = fred at domain.com
> >
> > User-Name = "domain.com"
> > NAS-Port-Type = Virtual
> > Service-Type = Outbound-User
> > NAS-IP-Address = 192.168.200.2
> >
> > What I have decided to do is "auth this by default" but I cant for the 
> > life of me remember how this is done in radiator.
> >
> > Is it along the lines of:
> >
> > <Handler NAS-IP-Address = 192.168.200.2, Service-Type=Outbound-User>
> >     <AuthBy TEST>
> >       DefaultResult ACCEPT
> >     </AuthBy TEST>
> > </Handler>
> >
> > This of course, barfs.
> >
> >
> >
> > All the best,
> > Brett Murphy
> > Director, Alphalink (Australia) PTY LTD
> > ph: +61 3 9495-9000 fax: +61 3 9486-6822
> > email: brett at alphalink.com.au
> >
> > The contents of this message may not be quoted,
> > copied, reproduced or published in part or in whole,
> > without the written authorization of Brett Murphy,
> > Director, Alphalink (Australia) Pty Ltd.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040527/db571dcd/attachment.html>


More information about the radiator mailing list