(RADIATOR) Outbound User needs to be authed by default.
Claudio Lapidus
c_lapidus at hotmail.com
Wed May 26 22:12:47 CDT 2004
Hello Brett
I think you'll need also to setup the proper tunnel parameters to get the session forwarded:
<AuthBy INTERNAL>
DefaultResult ACCEPT
AddToReply Service-Type = Outbound-User \
Tunnel-Type = L2TP \
Tunnel-Server-Endpoint = xxx.yyy.zzz.aaa \
Tunnel-Password = shhhhhh
</AuthBy>
hope this helps
cl.
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Brett Murphy" <brett at alphalink.com.au>
Cc: <radiator at open.com.au>
Sent: Wednesday, May 26, 2004 7:29 PM
Subject: Re: (RADIATOR) Outbound User needs to be authed by default.
>
> Hello Brett -
>
> You should use an AuthBy INTERNAL:
>
> <AuthBy INTERNAL>
> DefaultResult ACCEPT
> </AuthBy>
>
> See section 6.46 in the Radiator 3.9 reference manual ("doc/ref.html").
>
> regards
>
> Hugh
>
>
> On 26 May 2004, at 21:52, Brett Murphy wrote:
>
> > Hi All,
> > I have an LNS that is forwarding an l2tp session to another LNS, and
> > the first LNS
> > also needs to terminate VPN's using aaa to radiator.
> > When the incoming session is forwarded , the router stupidly asks
> > radius for auth,
> > with something like:
> >
> > For username = fred at domain.com
> >
> > User-Name = "domain.com"
> > NAS-Port-Type = Virtual
> > Service-Type = Outbound-User
> > NAS-IP-Address = 192.168.200.2
> >
> > What I have decided to do is "auth this by default" but I cant for the
> > life of me remember how this is done in radiator.
> >
> > Is it along the lines of:
> >
> > <Handler NAS-IP-Address = 192.168.200.2, Service-Type=Outbound-User>
> > <AuthBy TEST>
> > DefaultResult ACCEPT
> > </AuthBy TEST>
> > </Handler>
> >
> > This of course, barfs.
> >
> >
> >
> > All the best,
> > Brett Murphy
> > Director, Alphalink (Australia) PTY LTD
> > ph: +61 3 9495-9000 fax: +61 3 9486-6822
> > email: brett at alphalink.com.au
> >
> > The contents of this message may not be quoted,
> > copied, reproduced or published in part or in whole,
> > without the written authorization of Brett Murphy,
> > Director, Alphalink (Australia) Pty Ltd.
> >
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040527/db571dcd/attachment.html>
More information about the radiator
mailing list