(RADIATOR) Possible problem in Addtoreplyifnotexist
Brian Morris
brian at netspeed.com.au
Tue Jan 4 02:37:19 CST 2005
Oh dear, now I'm feeling either very stupid or very confused. I'm not sure
which - what does that tell ya!
However...
I applied the latest patches as at 13/12/04.
The version info on my configurable.pm file is :
# id: Configurable.pm 1.33 2004/11/23 23:20:27 mikem
So... have I stuffed up the applying of the patch or has a new problem been
introduced?
Regards, Brian.
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Brian Morris" <brian at netspeed.com.au>
Cc: <radiator at open.com.au>
Sent: Tuesday, January 04, 2005 6:32 PM
Subject: Re: (RADIATOR) Possible problem in Addtoreplyifnotexist
Hello Brian -
There is a patch for this in the patches for Radiator 3.11 - as
reported by your good self in November:
2004-11-23 Configurable.pm
Fixed a problem with AddToReplyIfNotExist in all AuthBys, where some
special reply types such as Session-Timeout were not properly
interpreted. Reported by "Brian Morris".
:-)
regards
Hugh
On 4 Jan 2005, at 18:15, Brian Morris wrote:
> Happy New Year everyone
>
> During the quiet time between Christmas and New Year we decided to update
> Radiator. We updated to v3.11 (from 3.1 ouch) and are now experiencing a
> problem with the addtoreplyifnotexist parameter.
>
> The symptoms are that the parameter 'Idle-Timeout' is added to the reply
> no matter whether it has already been set or not. Causing it to be
> allocated twice.
>
> Here is the snippet of our radius config...
>
> <Handler Realm=xxx.xxx.xx>
> RewriteUsername s/\s+//g
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy SQL>
> DBSource dbi:ODBC:NSAcctDB
> DBUsername xxx
> DBAuth xxx
> AuthSelect select PASSWORD,REPLYATTR,LoginExpiryDate from SUBSCRIBERS \
> where USERNAME='%n' and DISABLED = '0' AuthColumnDef 0, User-Password,
> check
> AuthColumnDef 1, GENERIC, reply
> AddToReplyIfNotExist
> Service-Type=Framed-User,Framed-Protocol=PPP,Framed-IP-Netmask =
> 255.255.255.255,Framed-Compression = Van-Jacobson-TCP-IP,Framed-MTU =
> 1500,Framed-Routing = None,Idle-Timeout = 1800,Session-Timeout = 28800
> AccountingStopsOnly
>
>
> <snip>
>
> The SUBSCRIBERS table contains a user like this...
> username = usertest
> password = testing
> replyattr = Idle-Timeout=28800,Framed-IP-Address = "203.56.xxx.xx"
> disabled = 0
>
> However, the auth-response I get back is...
>
> Attributes:
> Framed-IP-Address = 203.56.xxx.xx
> Idle-Timeout = 28800
> Framed-Protocol = PPP
> Framed-IP-Netmask = 255.255.255.255
> Framed-Compression = Van-Jacobson-TCP-IP
> Framed-MTU = 1500
> Framed-Routing = None
> Idle-Timeout = 1800
> Session-Timeout = 28800
>
>
> Notice the Framed-Ip-Address is set as expected along with the
> Idle-Timeout of 123 in the first two lines, however the Idle-Timeout is
> then reset in the second last line (as per the addtoreplyifnotexist
> clause)
>
> I am certain this did not happen before as we have been running this
> config for ages without customer problems - as soon as we upgraded the
> fault calls began.
>
> Am I doing something wrong or did I find a bug?
>
> Regards,
>
> Brian Morris
> NetSpeed.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list