(RADIATOR) Questions about Fall-Through attribute

Derrin Chong derrin at lava.net
Fri Jul 15 20:55:02 CDT 2005 

Hi folks,

I'm having trouble disabling the Fall-Through attribute.  In my
users file I have entries for users that must dial a certain phone
number.  If they don't dial that number I'd like to refuse their
connection.  I've tried setting the Fall-Through attribute to "no"
to keep the access-request from falling through the DEFAULT entry
but it doesn't seem to be working.

Here's what I have in my users file.

jobogus Auth-Type = "System", NAS-Port-Type = Async, Client-Port-DNIS=5376400
         Fall-Through = no,
         Ascend-Maximum-Channels = 1,
         Idle_Timeout = 600, Ascend-Idle-Limit = 600,
         Ascend-TS-Idle-Limit = 600,
         Session-Timeout = 36900, Ascend-Maximum-Call-Duration = 615,
         Ascend-Multicast-Client = 1, Ascend-Multicast-Rate-Limit = 0,
         Framed-Netmask = 255.255.255.255,
 	...

DEFAULT Auth-Type = "System", NAS-Port-Type = Async
         Ascend-Maximum-Channels = 1,
         Idle_Timeout = 1200, Ascend-Idle-Limit = 1200,
         Ascend-TS-Idle-Limit = 1200,
         Session-Timeout = 36900, Ascend-Maximum-Call-Duration = 615,
         Ascend-Multicast-Client = 1, Ascend-Multicast-Rate-Limit = 0,
         Framed-Netmask = 255.255.255.255

Here's the trace 4 debug output from radiusd for a connection
attempt to the wrong (disallowed) number.  Radiator rejects them
on their username match but falls through to the DEFAULT users
entry.  The DEFAULT user accepts the connection because it does
not have the phone number limitation.

% sudo radiusd
Fri Jul 15 15:24:04 2005: DEBUG: Reading group file /etc/group
Fri Jul 15 15:24:04 2005: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg'
Fri Jul 15 15:24:04 2005: DEBUG: Reading dictionary file '/etc/radiator/dictionary'
Fri Jul 15 15:24:04 2005: DEBUG: Creating authentication port 0.0.0.0:1645
Fri Jul 15 15:24:04 2005: DEBUG: Creating accounting port 0.0.0.0:1646
Fri Jul 15 15:24:04 2005: NOTICE: Server started: Radiator 3.13 on hayakawa.lava.net
Fri Jul 15 15:24:52 2005: DEBUG: Packet dump:
*** Received from 64.65.64.43 port 1025 ....
Code:       Access-Request
Identifier: 197
Authentic:  <179>X<176><137><196><204>|_`<174><173>Q<147><236>r}
Attributes:
         User-Name = "jobogus"
         Password = "<31>f#<191><28>*z <239><209><7>Y"
         NAS-Identifier = 64.65.64.43
         NAS-Port = 20101
         NAS-Port-Type = Async
         State = ""
         Caller-Id = "8085233517"
         Client-Port-DNIS = "5666101"
         Acct-Session-Id = "359126255"

Fri Jul 15 15:24:52 2005: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Jul 15 15:24:52 2005: DEBUG:  Deleting session for jobogus, 64.65.64.43, 20101
Fri Jul 15 15:24:52 2005: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 15 15:24:52 2005: ERR: Attribute number 79 is not defined in your dictionary
Fri Jul 15 15:24:52 2005: DEBUG: Reading users file /etc/radiator/users
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE looks for match with jobogus
Fri Jul 15 15:24:52 2005: DEBUG: Handling with Radius::AuthUNIX: System
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX looks for match with jobogus
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX REJECT: Check item Client-Port-DNIS expression '5376400' does not match '5666101' in request
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE REJECT: Check item Client-Port-DNIS expression '5376400' does not match '5666101' in request
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Jul 15 15:24:52 2005: DEBUG: Handling with Radius::AuthUNIX: System
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX looks for match with jobogus
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX ACCEPT:
Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE ACCEPT:
Fri Jul 15 15:24:52 2005: DEBUG: AuthBy FILE result: ACCEPT,
Fri Jul 15 15:24:52 2005: DEBUG: Access accepted for jobogus
Fri Jul 15 15:24:52 2005: DEBUG: Packet dump:
*** Sending to 64.65.64.43 port 1025 ....
Code:       Access-Accept
Identifier: 197
Authentic:  <179>X<176><137><196><204>|_`<174><173>Q<147><236>r}
Attributes:
         Ascend-Maximum-Channels = 1
         Idle_Timeout = 1200
         Ascend-Idle-Limit = 1200
         Ascend-TS-Idle-Limit = 1200
         Session-Timeout = 36900
         Ascend-Maximum-Call-Duration = 615
         Ascend-Multicast-Client = 1
         Ascend-Multicast-Rate-Limit = 0
         Framed-Netmask = 255.255.255.255

Thanks in advance for any help folks out there can give me.

Mahalo,
Derrin Chong

ps. Any help on tracking down the error is appreciated too.

Fri Jul 15 15:24:52 2005: ERR: Attribute number 79 is not defined in your dictio
nary

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list