(RADIATOR) Forwarding DNSs

Rafael Felix Correa felix at ifx.com.br
Fri Sep 3 18:43:04 CDT 2004


Hugh,

Thanks again about your explanation. 
It worked! I just added three lines on my dictionary file: 

VENDORATTR      529    Ascend-Client-Primary-DNS        135   ipaddr
VENDORATTR      529    Ascend-Client-Secondary-DNS      136   ipaddr
VENDORATTR      529    Ascend-Client-Assign-DNS         137   integer


On Sex, 2004-09-03 at 20:00, Hugh Irvine wrote:
> 
> Hello Felix -
> 
> Thanks for sending the trace.
> 
> It shows that the attributes are being sent in the access request, 
> however the subsequent accounting request shows that you are receiving 
> Ascend vendor specific attributes from the NAS. This makes me think 
> that you are not sending the vendor specific forms of the attributes in 
> the access accept, nor do you have the vendor specific attributes 
> defined in your dictionary.
> 
> You should be aware that there are two different versions of the Ascend 
> attributes, due to the fact that Ascend did not use the vendor specific 
> attributes for some years (they do now).
> 
> You should be using the Ascend vendor specific attributes I would think 
> and the simplest way to do this is to use the dictionary from Radiator 
> 3.9 with your existing Radiator installation. You should of course keep 
> your current dictionary just in case you need to go back to it.
> 
> As mentioned previously you should really consider upgrading.
> 
> regards
> 
> Hugh
> 
> 
> On 4 Sep 2004, at 08:08, Rafael Felix Correa wrote:
> 
> > Hugh, there is the trace 4 log of an authentication test.
> >
> >
> >
> > *** Received from 200.255.255.41 port 60365 ....
> > Code:       Access-Request
> > Identifier: 197
> > Authentic:
> > <167><129><22>x<176><130><17><21><230><9><200><192><190><18><3>^
> > Attributes:
> >         User-Name = "teste at ifxbrasil.com.br"
> >         User-Password =
> > "<3>Ef<183>K<251><190><146>;<237><184>ih<230>?<142>"
> >         NAS-IP-Address = 200.255.142.5
> >         NAS-Identifier = "nasrjo05.rjo.embratel.net.br"
> >         NAS-Port = 227
> >         NAS-Port-Type = Async
> >         Service-Type = Framed-User
> >         Framed-Protocol = PPP
> >         Calling-Station-Id = "1151030605"
> >         Called-Station-Id = "40040330"
> >         Acct-Session-Id = "306981982"
> >         Ascend-Data-Rate = 28800
> >         Ascend-Data-Rate = 49333
> >
> > Fri Sep  3 19:00:31 2004: DEBUG: Check if Handler Called-Station-Id =
> > 40040330 should be used to handle this request
> > Fri Sep  3 19:00:31 2004: DEBUG: Handling request with Handler
> > 'Called-Station-Id = 40040330'
> > Fri Sep  3 19:00:31 2004: DEBUG:  Deleting session for
> > teste at ifxbrasil.com.br, 200.255.142.5, 227
> > Fri Sep  3 19:00:31 2004: DEBUG: Handling with Radius::AuthFILE
> > Fri Sep  3 19:00:31 2004: DEBUG: Radius::AuthFILE looks for match with
> > teste at ifxbrasil.com.br
> > Fri Sep  3 19:00:31 2004: DEBUG: Radius::AuthFILE looks for match with
> > DEFAULT
> > Fri Sep  3 19:00:31 2004: DEBUG: Radius::AuthFILE ACCEPT: Accept
> > explicitly by Auth-Type=Accept
> > Fri Sep  3 19:00:31 2004: DEBUG: Access accepted for
> > teste at ifxbrasil.com.br
> > Fri Sep  3 19:00:31 2004: DEBUG: Packet dump:
> > *** Sending to 200.255.255.41 port 60365 ....
> > Code:       Access-Accept
> > Identifier: 197
> > Authentic:
> > <167><129><22>x<176><130><17><21><230><9><200><192><190><18><3>^
> > Attributes:
> >         Ascend-Client-Primary-DNS = 200.201.133.98
> >         Ascend-Client-Secondary-DNS = 200.201.133.99
> >         Ascend-Client-Assign-DNS = DNS-Assign-Yes
> >
> > Fri Sep  3 19:00:33 2004: ERR: Attribute number 55 (vendor ) is not
> > defined in your dictionary
> > Fri Sep  3 19:00:33 2004: ERR: Attribute number 86 (vendor 529) is not
> > defined in your dictionary
> > Fri Sep  3 19:00:33 2004: ERR: Attribute number 13 (vendor 529) is not
> > defined in your dictionary
> > Fri Sep  3 19:00:33 2004: ERR: Attribute number 28 (vendor 529) is not
> > defined in your dictionary
> > Fri Sep  3 19:00:33 2004: DEBUG: Packet dump:
> > *** Received from 200.255.255.41 port 60365 ....
> > Code:       Accounting-Request
> > Identifier: 160
> > Authentic:  <219>,j<214><214>1<29>|]<12><27><228><216><9>3<183>
> > Attributes:
> >         User-Name = "teste at ifxbrasil.com.br"
> >         NAS-IP-Address = 200.255.142.5
> >         NAS-Identifier = "nasrjo05.rjo.embratel.net.br"
> >         NAS-Port = 227
> >         NAS-Port-Type = Async
> >         Service-Type = Framed-User
> >         Class = "01"
> >         Acct-Status-Type = Start
> >         Acct-Delay-Time = 0
> >         Acct-Session-Id = "306981982"
> >         Acct-Authentic = RADIUS
> >         Ascend-Modem-PortNo = 40
> >         Ascend-Modem-SlotNo = 8
> >         Ascend-Modem-ShelfNo = 1
> >         Calling-Station-Id = "1151030605"
> >         Called-Station-Id = "40040330"
> >         Framed-Protocol = PPP
> >         Framed-IP-Address = 200.214.87.210
> >
> > Fri Sep  3 19:00:33 2004: DEBUG: Check if Handler Called-Station-Id =
> > 40040330 should be used to handle this request
> > Fri Sep  3 19:00:33 2004: DEBUG: Handling request with Handler
> > 'Called-Station-Id = 40040330'
> > Fri Sep  3 19:00:33 2004: DEBUG:  Adding session for
> > teste at ifxbrasil.com.br, 200.255.142.5, 227
> > Fri Sep  3 19:00:33 2004: DEBUG: Handling with Radius::AuthFILE
> > Fri Sep  3 19:00:33 2004: DEBUG: Accounting accepted
> >
> >
> >
> > On Qua, 2004-09-01 at 19:58, Hugh Irvine wrote:
> >>
> >> Hello Felix -
> >>
> >> Thanks for the trace, but I need it to show the packet processing to 
> >> be
> >> able to see what attributes are added to the reply.
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On 2 Sep 2004, at 05:40, Rafael Felix Correa wrote:
> >>
> >>> Hugh,
> >>>
> >>> The log with trace 4 remains the same:
> >>>
> >>> Wed Sep  1 16:25:36 2004: NOTICE: SIGTERM received: stopping
> >>> Wed Sep  1 16:25:39 2004: DEBUG: Reading users file
> >>> /usr/local/radiator/raddb/../users.accept
> >>> Wed Sep  1 16:25:39 2004: DEBUG: Reading users file
> >>> tutopia.com.br.defaults
> >>> Wed Sep  1 16:25:39 2004: DEBUG: Reading users file
> >>> tutopia.com.br.defaults
> >>> Wed Sep  1 16:25:39 2004: INFO: Server started: Radiator 2.16.3 on
> >>> jaguar
> >>> Wed Sep  1 16:30:28 2004: NOTICE: SIGTERM received: stopping
> >>> Wed Sep  1 16:30:31 2004: DEBUG: Reading users file
> >>> /usr/local/radiator/users.accept
> >>> Wed Sep  1 16:30:31 2004: DEBUG: Reading users file
> >>> tutopia.com.br.defaults
> >>> Wed Sep  1 16:30:31 2004: DEBUG: Reading users file
> >>> tutopia.com.br.defaults
> >>> Wed Sep  1 16:30:31 2004: INFO: Server started: Radiator 2.16.3 on
> >>> jaguar
> >>>
> >>>
> >>>
> >>> On Qua, 2004-09-01 at 05:46, Hugh Irvine wrote:
> >>>>
> >>>> Hello Felix -
> >>>>
> >>>> I will need to see a copy of the configuration file, the 
> >>>> users.accept
> >>>> file and a more complete trace 4 debug showing what is happening.
> >>>>
> >>>> regards
> >>>>
> >>>> Hugh
> >>>>
> >>>>
> >>>> On 1 Sep 2004, at 09:42, Rafael Felix Correa wrote:
> >>>>
> >>>>> Hello Hugh,
> >>>>>
> >>>>> This time i didn't receive any error messages (with trace 5), but 
> >>>>> it
> >>>>> still doesn't forward dns info to the clients.
> >>>>> What could else be causing this?
> >>>>>
> >>>>> Log:
> >>>>>
> >>>>> Tue Aug 31 13:46:45 2004: NOTICE: SIGTERM received: stopping
> >>>>> Tue Aug 31 13:46:47 2004: DEBUG: Reading users file
> >>>>> /usr/local/radiator/raddb/../users.accept
> >>>>> Tue Aug 31 13:46:47 2004: DEBUG: Reading users file
> >>>>> tutopia.com.br.defaults
> >>>>> Tue Aug 31 13:46:47 2004: DEBUG: Reading users file
> >>>>> tutopia.com.br.defaults
> >>>>> Tue Aug 31 13:46:48 2004: INFO: Server started: Radiator 2.16.3 on
> >>>>> jaguar
> >>>>>
> >>>>>
> >>>>> On Seg, 2004-08-30 at 22:13, Hugh Irvine wrote:
> >>>>>>
> >>>>>> Hello Felix -
> >>>>>>
> >>>>>> Instead of using an AuthBy TEST you should try using an AuthBy 
> >>>>>> FILE:
> >>>>>>
> >>>>>> 	<AuthBy FILE>
> >>>>>> 		Filename %D/users.accept
> >>>>>> 	</AuthBy>
> >>>>>>
> >>>>>> the file users.accept would look like this:
> >>>>>>
> >>>>>> DEFAULT Auth-Type = Accept
> >>>>>> 	Ascend-Client-Primary-DNS = 200.201.133.98,
> >>>>>> 	Ascend-Client-Secondary-DNS = 200.201.133.99
> >>>>>>
> >>>>>> You should also seriously consider upgrading.
> >>>>>>
> >>>>>> regards
> >>>>>>
> >>>>>> Hugh
> >>>>>>
> >>>>>>
> >>>>>> On 31 Aug 2004, at 03:27, Rafael Felix Correa wrote:
> >>>>>>
> >>>>>>> Hugh,
> >>>>>>>
> >>>>>>> There is the log with trace 5 enabled.I'll send the conf. file
> >>>>>>> later
> >>>>>>>
> >>>>>>>
> >>>>>>> Fri Aug 27 20:15:43 2004: INFO: Server started: Radiator 2.16.3 
> >>>>>>> on
> >>>>>>> jaguar
> >>>>>>> ^[[17~^[[18~^[[15~^[OS^[ORMon Aug 30 14:05:59 2004: NOTICE: 
> >>>>>>> SIGTERM
> >>>>>>> received: stopping
> >>>>>>> Mon Aug 30 14:05:59 2004: DEBUG: AuthTEST DESTROY ed
> >>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: Reading users file
> >>>>>>> tutopia.com.br.defaults
> >>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: Reading users file
> >>>>>>> tutopia.com.br.defaults
> >>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: AuthTEST loaded
> >>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: AuthTEST keyword(AddToReply,
> >>>>>>> Ascend-Client-Primary-DNS = 200.201.133.98,
> >>>>>>> Ascend-Client-Secondary-DNS
> >>>>>>> = 200.201.133.99) called for /usr/local/radiator/radiator2.cfg 
> >>>>>>> line
> >>>>>>> 404
> >>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: New Radius::AuthTEST constructed
> >>>>>>> Mon Aug 30 14:06:02 2004: DEBUG: AuthTEST DESTROY ed
> >>>>>>> Mon Aug 30 14:06:02 2004: INFO: Server started: Radiator 2.16.3 
> >>>>>>> on
> >>>>>>> jaguar
> >>>>>>>
> >>>>>>>
> >>>>>>> On Sáb, 2004-08-28 at 05:23, Hugh Irvine wrote:
> >>>>>>>>
> >>>>>>>> Hello Felix -
> >>>>>>>>
> >>>>>>>> Have you restarted Radiator after changing the configuration 
> >>>>>>>> file?
> >>>>>>>>
> >>>>>>>> If so please send me a trace 4 debug together with the complete
> >>>>>>>> configuration file (no secrets) showing what is happening.
> >>>>>>>>
> >>>>>>>> Please include the Radiator startup messages.
> >>>>>>>>
> >>>>>>>> regards
> >>>>>>>>
> >>>>>>>> Hugh
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> On 28 Aug 2004, at 10:02, Rafael Felix Correa wrote:
> >>>>>>>>
> >>>>>>>>> Is there another way to forward DNS info? Because i tried 
> >>>>>>>>> putting
> >>>>>>>>> the
> >>>>>>>>> AddToReply inside AuthBy clause and it didn't work either.
> >>>>>>>>>
> >>>>>>>>> I really need to get this working...
> >>>>>>>>>
> >>>>>>>>> On Sex, 2004-08-27 at 19:59, Hugh Irvine wrote:
> >>>>>>>>>>
> >>>>>>>>>> Hello Felix -
> >>>>>>>>>>
> >>>>>>>>>> You should put the AddToReply inside the AuthBy clause:
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> <Handler Called-Station-Id = 40040330>
> >>>>>>>>>>          <AuthBy TEST>
> >>>>>>>>>> 		AddToReply \
> >>>>>>>>>> 			Ascend-Client-Primary-DNS = 200.201.133.98, \
> >>>>>>>>>> 			Ascend-Client-Secondary-DNS = 200.201.133.99
> >>>>>>>>>> 	</AuthBy>
> >>>>>>>>>> </Handler>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> BTW - the most recent version is Radiator 3.9.
> >>>>>>>>>>
> >>>>>>>>>> regards
> >>>>>>>>>>
> >>>>>>>>>> Hugh
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> On 28 Aug 2004, at 07:20, Rafael Felix Correa wrote:
> >>>>>>>>>>
> >>>>>>>>>>> Hi everyone,
> >>>>>>>>>>>
> >>>>>>>>>>> I need to forward primary and secondary DNS to our customers
> >>>>>>>>>>> who
> >>>>>>>>>>> connects on specific phone numbers.
> >>>>>>>>>>>
> >>>>>>>>>>> All NASes are Lucent Max-TNT.
> >>>>>>>>>>>
> >>>>>>>>>>> First i tried this:
> >>>>>>>>>>>
> >>>>>>>>>>> <Handler Called-Station-Id = 40040330>
> >>>>>>>>>>>         <AuthBy TEST>
> >>>>>>>>>>>         </AuthBy>
> >>>>>>>>>>>
> >>>>>>>>>>> 	AddToReply \
> >>>>>>>>>>> 	Ascend-Client-Primary-DNS = 200.201.133.98, \
> >>>>>>>>>>> 	Ascend-Client-Secondary-DNS = 200.201.133.99
> >>>>>>>>>>> </Handler>
> >>>>>>>>>>>
> >>>>>>>>>>> It should work in normal conditions, but my version of 
> >>>>>>>>>>> Radiator
> >>>>>>>>>>> is
> >>>>>>>>>>> 2.16.3. And the log shows that Radiator doesn't understand
> >>>>>>>>>>> AddToReply
> >>>>>>>>>>> instruction (probably because of this version).
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> Anyway, i can't stop radiator for an update because it's too
> >>>>>>>>>>> critical
> >>>>>>>>>>> for us. Is there anyway to forward DNS info through Radiator
> >>>>>>>>>>> 2.16.3?
> >>>>>>>>>>>
> >>>>>>>>>>> Thanks
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> -- 
> >>>>>>>>>>> Rafael Felix Correa
> >>>>>>>>>>>
> >>>>>>>>>>> --
> >>>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>>>>>>>> Announcements on radiator-announce at open.com.au
> >>>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>>>>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> NB: have you included a copy of your configuration file (no
> >>>>>>>>>> secrets),
> >>>>>>>>>> together with a trace 4 debug showing what is happening?
> >>>>>>>>>>
> >>>>>>>>>> -- 
> >>>>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
> >>>>>>>>>> server
> >>>>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>>>>>>>> -
> >>>>>>>>>> Nets: internetwork inventory and management - graphical,
> >>>>>>>>>> extensible,
> >>>>>>>>>> flexible with hardware, software, platform and database
> >>>>>>>>>> independence.
> >>>>>>>>>> -
> >>>>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
> >>>>>>>>>> systems.
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>>>>>>> Announcements on radiator-announce at open.com.au
> >>>>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>>>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>>>>>>
> >>>>>>>>> -- 
> >>>>>>>>> Rafael Felix Correa
> >>>>>>>>> Administrador de Sistemas - IFX Networks
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> NB: have you included a copy of your configuration file (no
> >>>>>>>> secrets),
> >>>>>>>> together with a trace 4 debug showing what is happening?
> >>>>>>>>
> >>>>>>>> -- 
> >>>>>>>> Radiator: the most portable, flexible and configurable RADIUS
> >>>>>>>> server
> >>>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>>>>>> -
> >>>>>>>> Nets: internetwork inventory and management - graphical,
> >>>>>>>> extensible,
> >>>>>>>> flexible with hardware, software, platform and database
> >>>>>>>> independence.
> >>>>>>>> -
> >>>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
> >>>>>>>> systems.
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>>>>> Announcements on radiator-announce at open.com.au
> >>>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>>>>
> >>>>>>> -- 
> >>>>>>> Rafael Felix Correa
> >>>>>>> Administrador de Sistemas - IFX Networks
> >>>>>>>
> >>>>>>> --
> >>>>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>>>> Announcements on radiator-announce at open.com.au
> >>>>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>> NB: have you included a copy of your configuration file (no
> >>>>>> secrets),
> >>>>>> together with a trace 4 debug showing what is happening?
> >>>>>>
> >>>>>> -- 
> >>>>>> Radiator: the most portable, flexible and configurable RADIUS 
> >>>>>> server
> >>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>>>> -
> >>>>>> Nets: internetwork inventory and management - graphical, 
> >>>>>> extensible,
> >>>>>> flexible with hardware, software, platform and database
> >>>>>> independence.
> >>>>>> -
> >>>>>> CATool: Private Certificate Authority for Unix and Unix-like
> >>>>>> systems.
> >>>>>>
> >>>>>> --
> >>>>>> Archive at http://www.open.com.au/archives/radiator/
> >>>>>> Announcements on radiator-announce at open.com.au
> >>>>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>>>> 'unsubscribe radiator' in the body of the message.
> >>>>>>
> >>>>> -- 
> >>>>> Rafael Felix Correa
> >>>>> Administrador de Sistemas - IFX Networks
> >>>>>
> >>>>>
> >>>>
> >>>> NB: have you included a copy of your configuration file (no 
> >>>> secrets),
> >>>> together with a trace 4 debug showing what is happening?
> >>>>
> >>>> -- 
> >>>> Radiator: the most portable, flexible and configurable RADIUS server
> >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>>> -
> >>>> Nets: internetwork inventory and management - graphical, extensible,
> >>>> flexible with hardware, software, platform and database 
> >>>> independence.
> >>>> -
> >>>> CATool: Private Certificate Authority for Unix and Unix-like 
> >>>> systems.
> >>>>
> >>>> --
> >>>> Archive at http://www.open.com.au/archives/radiator/
> >>>> Announcements on radiator-announce at open.com.au
> >>>> To unsubscribe, email 'majordomo at open.com.au' with
> >>>> 'unsubscribe radiator' in the body of the message.
> >>>>
> >>> -- 
> >>> Rafael Felix Correa
> >>> Administrador de Sistemas - IFX Networks
> >>>
> >>> --
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> NB: have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> -- 
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >> -
> >> CATool: Private Certificate Authority for Unix and Unix-like systems.
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >>
> > -- 
> > Rafael Felix Correa
> > Administrador de Sistemas - IFX Networks
> >
> >
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
-- 
Rafael Felix Correa
Administrador de Sistemas - IFX Networks

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list