(RADIATOR) Forwarding DNSs

Hugh Irvine hugh at open.com.au
Fri Sep 3 18:00:39 CDT 2004 

Hello Felix -

Thanks for sending the trace.

It shows that the attributes are being sent in the access request, 
however the subsequent accounting request shows that you are receiving 
Ascend vendor specific attributes from the NAS. This makes me think 
that you are not sending the vendor specific forms of the attributes in 
the access accept, nor do you have the vendor specific attributes 
defined in your dictionary.

You should be aware that there are two different versions of the Ascend 
attributes, due to the fact that Ascend did not use the vendor specific 
attributes for some years (they do now).

You should be using the Ascend vendor specific attributes I would think 
and the simplest way to do this is to use the dictionary from Radiator 
3.9 with your existing Radiator installation. You should of course keep 
your current dictionary just in case you need to go back to it.

As mentioned previously you should really consider upgrading.

regards

Hugh


On 4 Sep 2004, at 08:08, Rafael Felix Correa wrote:

> Hugh, there is the trace 4 log of an authentication test.
>
>
>
> *** Received from 200.255.255.41 port 60365 ....
> Code:       Access-Request
> Identifier: 197
> Authentic:
> <167><129><22>x<176><130><17><21><230><9><200><192><190><18><3>^
> Attributes:
>         User-Name = "teste at ifxbrasil.com.br"
>         User-Password =
> "<3>Ef<183>K<251><190><146>;<237><184>ih<230>?<142>"
>         NAS-IP-Address = 200.255.142.5
>         NAS-Identifier = "nasrjo05.rjo.embratel.net.br"
>         NAS-Port = 227
>         NAS-Port-Type = Async
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Calling-Station-Id = "1151030605"
>         Called-Station-Id = "40040330"
>         Acct-Session-Id = "306981982"
>         Ascend-Data-Rate = 28800
>         Ascend-Data-Rate = 49333
>
> Fri Sep  3 19:00:31 2004: DEBUG: Check if Handler Called-Station-Id =
> 40040330 should be used to handle this request
> Fri Sep  3 19:00:31 2004: DEBUG: Handling request with Handler
> 'Called-Station-Id = 40040330'
> Fri Sep  3 19:00:31 2004: DEBUG:  Deleting session for
> teste at ifxbrasil.com.br, 200.255.142.5, 227
> Fri Sep  3 19:00:31 2004: DEBUG: Handling with Radius::AuthFILE
> Fri Sep  3 19:00:31 2004: DEBUG: Radius::AuthFILE looks for match with
> teste at ifxbrasil.com.br
> Fri Sep  3 19:00:31 2004: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Fri Sep  3 19:00:31 2004: DEBUG: Radius::AuthFILE ACCEPT: Accept
> explicitly by Auth-Type=Accept
> Fri Sep  3 19:00:31 2004: DEBUG: Access accepted for
> teste at ifxbrasil.com.br
> Fri Sep  3 19:00:31 2004: DEBUG: Packet dump:
> *** Sending to 200.255.255.41 port 60365 ....
> Code:       Access-Accept
> Identifier: 197
> Authentic:
> <167><129><22>x<176><130><17><21><230><9><200><192><190><18><3>^
> Attributes:
>         Ascend-Client-Primary-DNS = 200.201.133.98
>         Ascend-Client-Secondary-DNS = 200.201.133.99
>         Ascend-Client-Assign-DNS = DNS-Assign-Yes
>
> Fri Sep  3 19:00:33 2004: ERR: Attribute number 55 (vendor ) is not
> defined in your dictionary
> Fri Sep  3 19:00:33 2004: ERR: Attribute number 86 (vendor 529) is not
> defined in your dictionary
> Fri Sep  3 19:00:33 2004: ERR: Attribute number 13 (vendor 529) is not
> defined in your dictionary
> Fri Sep  3 19:00:33 2004: ERR: Attribute number 28 (vendor 529) is not
> defined in your dictionary
> Fri Sep  3 19:00:33 2004: DEBUG: Packet dump:
> *** Received from 200.255.255.41 port 60365 ....
> Code:       Accounting-Request
> Identifier: 160
> Authentic:  <219>,j<214><214>1<29>|]<12><27><228><216><9>3<183>
> Attributes:
>         User-Name = "teste at ifxbrasil.com.br"
>         NAS-IP-Address = 200.255.142.5
>         NAS-Identifier = "nasrjo05.rjo.embratel.net.br"
>         NAS-Port = 227
>         NAS-Port-Type = Async
>         Service-Type = Framed-User
>         Class = "01"
>         Acct-Status-Type = Start
>         Acct-Delay-Time = 0
>         Acct-Session-Id = "306981982"
>         Acct-Authentic = RADIUS
>         Ascend-Modem-PortNo = 40
>         Ascend-Modem-SlotNo = 8
>         Ascend-Modem-ShelfNo = 1
>         Calling-Station-Id = "1151030605"
>         Called-Station-Id = "40040330"
>         Framed-Protocol = PPP
>         Framed-IP-Address = 200.214.87.210
>
> Fri Sep  3 19:00:33 2004: DEBUG: Check if Handler Called-Station-Id =
> 40040330 should be used to handle this request
> Fri Sep  3 19:00:33 2004: DEBUG: Handling request with Handler
> 'Called-Station-Id = 40040330'
> Fri Sep  3 19:00:33 2004: DEBUG:  Adding session for
> teste at ifxbrasil.com.br, 200.255.142.5, 227
> Fri Sep  3 19:00:33 2004: DEBUG: Handling with Radius::AuthFILE
> Fri Sep  3 19:00:33 2004: DEBUG: Accounting accepted
>
>
>
> On Qua, 2004-09-01 at 19:58, Hugh Irvine wrote:
>>
>> Hello Felix -
>>
>> Thanks for the trace, but I need it to show the packet processing to 
>> be
>> able to see what attributes are added to the reply.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 2 Sep 2004, at 05:40, Rafael Felix Correa wrote:
>>
>>> Hugh,
>>>
>>> The log with trace 4 remains the same:
>>>
>>> Wed Sep  1 16:25:36 2004: NOTICE: SIGTERM received: stopping
>>> Wed Sep  1 16:25:39 2004: DEBUG: Reading users file
>>> /usr/local/radiator/raddb/../users.accept
>>> Wed Sep  1 16:25:39 2004: DEBUG: Reading users file
>>> tutopia.com.br.defaults
>>> Wed Sep  1 16:25:39 2004: DEBUG: Reading users file
>>> tutopia.com.br.defaults
>>> Wed Sep  1 16:25:39 2004: INFO: Server started: Radiator 2.16.3 on
>>> jaguar
>>> Wed Sep  1 16:30:28 2004: NOTICE: SIGTERM received: stopping
>>> Wed Sep  1 16:30:31 2004: DEBUG: Reading users file
>>> /usr/local/radiator/users.accept
>>> Wed Sep  1 16:30:31 2004: DEBUG: Reading users file
>>> tutopia.com.br.defaults
>>> Wed Sep  1 16:30:31 2004: DEBUG: Reading users file
>>> tutopia.com.br.defaults
>>> Wed Sep  1 16:30:31 2004: INFO: Server started: Radiator 2.16.3 on
>>> jaguar
>>>
>>>
>>>
>>> On Qua, 2004-09-01 at 05:46, Hugh Irvine wrote:
>>>>
>>>> Hello Felix -
>>>>
>>>> I will need to see a copy of the configuration file, the 
>>>> users.accept
>>>> file and a more complete trace 4 debug showing what is happening.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 1 Sep 2004, at 09:42, Rafael Felix Correa wrote:
>>>>
>>>>> Hello Hugh,
>>>>>
>>>>> This time i didn't receive any error messages (with trace 5), but 
>>>>> it
>>>>> still doesn't forward dns info to the clients.
>>>>> What could else be causing this?
>>>>>
>>>>> Log:
>>>>>
>>>>> Tue Aug 31 13:46:45 2004: NOTICE: SIGTERM received: stopping
>>>>> Tue Aug 31 13:46:47 2004: DEBUG: Reading users file
>>>>> /usr/local/radiator/raddb/../users.accept
>>>>> Tue Aug 31 13:46:47 2004: DEBUG: Reading users file
>>>>> tutopia.com.br.defaults
>>>>> Tue Aug 31 13:46:47 2004: DEBUG: Reading users file
>>>>> tutopia.com.br.defaults
>>>>> Tue Aug 31 13:46:48 2004: INFO: Server started: Radiator 2.16.3 on
>>>>> jaguar
>>>>>
>>>>>
>>>>> On Seg, 2004-08-30 at 22:13, Hugh Irvine wrote:
>>>>>>
>>>>>> Hello Felix -
>>>>>>
>>>>>> Instead of using an AuthBy TEST you should try using an AuthBy 
>>>>>> FILE:
>>>>>>
>>>>>> 	<AuthBy FILE>
>>>>>> 		Filename %D/users.accept
>>>>>> 	</AuthBy>
>>>>>>
>>>>>> the file users.accept would look like this:
>>>>>>
>>>>>> DEFAULT Auth-Type = Accept
>>>>>> 	Ascend-Client-Primary-DNS = 200.201.133.98,
>>>>>> 	Ascend-Client-Secondary-DNS = 200.201.133.99
>>>>>>
>>>>>> You should also seriously consider upgrading.
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Hugh
>>>>>>
>>>>>>
>>>>>> On 31 Aug 2004, at 03:27, Rafael Felix Correa wrote:
>>>>>>
>>>>>>> Hugh,
>>>>>>>
>>>>>>> There is the log with trace 5 enabled.I'll send the conf. file
>>>>>>> later
>>>>>>>
>>>>>>>
>>>>>>> Fri Aug 27 20:15:43 2004: INFO: Server started: Radiator 2.16.3 
>>>>>>> on
>>>>>>> jaguar
>>>>>>> ^[[17~^[[18~^[[15~^[OS^[ORMon Aug 30 14:05:59 2004: NOTICE: 
>>>>>>> SIGTERM
>>>>>>> received: stopping
>>>>>>> Mon Aug 30 14:05:59 2004: DEBUG: AuthTEST DESTROY ed
>>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: Reading users file
>>>>>>> tutopia.com.br.defaults
>>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: Reading users file
>>>>>>> tutopia.com.br.defaults
>>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: AuthTEST loaded
>>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: AuthTEST keyword(AddToReply,
>>>>>>> Ascend-Client-Primary-DNS = 200.201.133.98,
>>>>>>> Ascend-Client-Secondary-DNS
>>>>>>> = 200.201.133.99) called for /usr/local/radiator/radiator2.cfg 
>>>>>>> line
>>>>>>> 404
>>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: New Radius::AuthTEST constructed
>>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: AuthTEST DESTROY ed
>>>>>>> Mon Aug 30 14:06:02 2004: INFO: Server started: Radiator 2.16.3 
>>>>>>> on
>>>>>>> jaguar
>>>>>>>
>>>>>>>
>>>>>>> On Sáb, 2004-08-28 at 05:23, Hugh Irvine wrote:
>>>>>>>>
>>>>>>>> Hello Felix -
>>>>>>>>
>>>>>>>> Have you restarted Radiator after changing the configuration 
>>>>>>>> file?
>>>>>>>>
>>>>>>>> If so please send me a trace 4 debug together with the complete
>>>>>>>> configuration file (no secrets) showing what is happening.
>>>>>>>>
>>>>>>>> Please include the Radiator startup messages.
>>>>>>>>
>>>>>>>> regards
>>>>>>>>
>>>>>>>> Hugh
>>>>>>>>
>>>>>>>>
>>>>>>>> On 28 Aug 2004, at 10:02, Rafael Felix Correa wrote:
>>>>>>>>
>>>>>>>>> Is there another way to forward DNS info? Because i tried 
>>>>>>>>> putting
>>>>>>>>> the
>>>>>>>>> AddToReply inside AuthBy clause and it didn't work either.
>>>>>>>>>
>>>>>>>>> I really need to get this working...
>>>>>>>>>
>>>>>>>>> On Sex, 2004-08-27 at 19:59, Hugh Irvine wrote:
>>>>>>>>>>
>>>>>>>>>> Hello Felix -
>>>>>>>>>>
>>>>>>>>>> You should put the AddToReply inside the AuthBy clause:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> <Handler Called-Station-Id = 40040330>
>>>>>>>>>>          <AuthBy TEST>
>>>>>>>>>> 		AddToReply \
>>>>>>>>>> 			Ascend-Client-Primary-DNS = 200.201.133.98, \
>>>>>>>>>> 			Ascend-Client-Secondary-DNS = 200.201.133.99
>>>>>>>>>> 	</AuthBy>
>>>>>>>>>> </Handler>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> BTW - the most recent version is Radiator 3.9.
>>>>>>>>>>
>>>>>>>>>> regards
>>>>>>>>>>
>>>>>>>>>> Hugh
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 28 Aug 2004, at 07:20, Rafael Felix Correa wrote:
>>>>>>>>>>
>>>>>>>>>>> Hi everyone,
>>>>>>>>>>>
>>>>>>>>>>> I need to forward primary and secondary DNS to our customers
>>>>>>>>>>> who
>>>>>>>>>>> connects on specific phone numbers.
>>>>>>>>>>>
>>>>>>>>>>> All NASes are Lucent Max-TNT.
>>>>>>>>>>>
>>>>>>>>>>> First i tried this:
>>>>>>>>>>>
>>>>>>>>>>> <Handler Called-Station-Id = 40040330>
>>>>>>>>>>>         <AuthBy TEST>
>>>>>>>>>>>         </AuthBy>
>>>>>>>>>>>
>>>>>>>>>>> 	AddToReply \
>>>>>>>>>>> 	Ascend-Client-Primary-DNS = 200.201.133.98, \
>>>>>>>>>>> 	Ascend-Client-Secondary-DNS = 200.201.133.99
>>>>>>>>>>> </Handler>
>>>>>>>>>>>
>>>>>>>>>>> It should work in normal conditions, but my version of 
>>>>>>>>>>> Radiator
>>>>>>>>>>> is
>>>>>>>>>>> 2.16.3. And the log shows that Radiator doesn't understand
>>>>>>>>>>> AddToReply
>>>>>>>>>>> instruction (probably because of this version).
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Anyway, i can't stop radiator for an update because it's too
>>>>>>>>>>> critical
>>>>>>>>>>> for us. Is there anyway to forward DNS info through Radiator
>>>>>>>>>>> 2.16.3?
>>>>>>>>>>>
>>>>>>>>>>> Thanks
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> -- 
>>>>>>>>>>> Rafael Felix Correa
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> NB: have you included a copy of your configuration file (no
>>>>>>>>>> secrets),
>>>>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>>>>>> server
>>>>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>>>>> -
>>>>>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>>>>>> extensible,
>>>>>>>>>> flexible with hardware, software, platform and database
>>>>>>>>>> independence.
>>>>>>>>>> -
>>>>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>>>>>>> systems.
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>>> Rafael Felix Correa
>>>>>>>>> Administrador de Sistemas - IFX Networks
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> NB: have you included a copy of your configuration file (no
>>>>>>>> secrets),
>>>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>>>
>>>>>>>> -- 
>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>>>> server
>>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>>>> -
>>>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>>>> extensible,
>>>>>>>> flexible with hardware, software, platform and database
>>>>>>>> independence.
>>>>>>>> -
>>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>>>>> systems.
>>>>>>>>
>>>>>>>> --
>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>>
>>>>>>> -- 
>>>>>>> Rafael Felix Correa
>>>>>>> Administrador de Sistemas - IFX Networks
>>>>>>>
>>>>>>> --
>>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>>> Announcements on radiator-announce at open.com.au
>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> NB: have you included a copy of your configuration file (no
>>>>>> secrets),
>>>>>> together with a trace 4 debug showing what is happening?
>>>>>>
>>>>>> -- 
>>>>>> Radiator: the most portable, flexible and configurable RADIUS 
>>>>>> server
>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>> -
>>>>>> Nets: internetwork inventory and management - graphical, 
>>>>>> extensible,
>>>>>> flexible with hardware, software, platform and database
>>>>>> independence.
>>>>>> -
>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>>> systems.
>>>>>>
>>>>>> --
>>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>>> Announcements on radiator-announce at open.com.au
>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>>
>>>>> -- 
>>>>> Rafael Felix Correa
>>>>> Administrador de Sistemas - IFX Networks
>>>>>
>>>>>
>>>>
>>>> NB: have you included a copy of your configuration file (no 
>>>> secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>> -- 
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database 
>>>> independence.
>>>> -
>>>> CATool: Private Certificate Authority for Unix and Unix-like 
>>>> systems.
>>>>
>>>> --
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>> -- 
>>> Rafael Felix Correa
>>> Administrador de Sistemas - IFX Networks
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
> -- 
> Rafael Felix Correa
> Administrador de Sistemas - IFX Networks
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list