(RADIATOR) Questions about Fall-Through attribute
Hugh Irvine
hugh at open.com.au
Sat Jul 16 02:50:29 CDT 2005
Hello Derrin -
BTW - you can use "NoDefaultIfFound" in the AuthBy clause to do what
you are trying to do.
See section 6.18.13 in the Radiator 3.13 reference manual ("doc/
ref.html").
regards
Hugh
On 16 Jul 2005, at 17:38, Hugh Irvine wrote:
>
> Hello Derrin -
>
> I don't really have enough information on what else you are wanting
> to do in your configuration file to be able to make a sensible
> suggestion.
>
> Please include a copy of your configuration file if you have any
> further questions.
>
> By default Radiator tries for an exact match on the username, then
> tries DEFAULT, DEFAULT1, etc. If you want to change this you should
> use "NoDefault" in the AuthBy clause. You should not be using "Fall-
> Through" in the user definitions.
>
> The error regarding "Attribute number 79 ..." is due to the
> dictionary you are using. The latest standard Radiator dictionary
> has this attribute defined, so you should just be using the
> standard dictionary.
>
> regards
>
> Hugh
>
>
> On 16 Jul 2005, at 11:55, Derrin Chong wrote:
>
>
>> Hi folks,
>>
>> I'm having trouble disabling the Fall-Through attribute. In my
>> users file I have entries for users that must dial a certain phone
>> number. If they don't dial that number I'd like to refuse their
>> connection. I've tried setting the Fall-Through attribute to "no"
>> to keep the access-request from falling through the DEFAULT entry
>> but it doesn't seem to be working.
>>
>> Here's what I have in my users file.
>>
>> jobogus Auth-Type = "System", NAS-Port-Type = Async, Client-Port-
>> DNIS=5376400
>> Fall-Through = no,
>> Ascend-Maximum-Channels = 1,
>> Idle_Timeout = 600, Ascend-Idle-Limit = 600,
>> Ascend-TS-Idle-Limit = 600,
>> Session-Timeout = 36900, Ascend-Maximum-Call-Duration = 615,
>> Ascend-Multicast-Client = 1, Ascend-Multicast-Rate-Limit = 0,
>> Framed-Netmask = 255.255.255.255,
>> ...
>>
>> DEFAULT Auth-Type = "System", NAS-Port-Type = Async
>> Ascend-Maximum-Channels = 1,
>> Idle_Timeout = 1200, Ascend-Idle-Limit = 1200,
>> Ascend-TS-Idle-Limit = 1200,
>> Session-Timeout = 36900, Ascend-Maximum-Call-Duration = 615,
>> Ascend-Multicast-Client = 1, Ascend-Multicast-Rate-Limit = 0,
>> Framed-Netmask = 255.255.255.255
>>
>> Here's the trace 4 debug output from radiusd for a connection
>> attempt to the wrong (disallowed) number. Radiator rejects them
>> on their username match but falls through to the DEFAULT users
>> entry. The DEFAULT user accepts the connection because it does
>> not have the phone number limitation.
>>
>> % sudo radiusd
>> Fri Jul 15 15:24:04 2005: DEBUG: Reading group file /etc/group
>> Fri Jul 15 15:24:04 2005: DEBUG: Finished reading configuration
>> file '/etc/radiator/radius.cfg'
>> Fri Jul 15 15:24:04 2005: DEBUG: Reading dictionary file '/etc/
>> radiator/dictionary'
>> Fri Jul 15 15:24:04 2005: DEBUG: Creating authentication port
>> 0.0.0.0:1645
>> Fri Jul 15 15:24:04 2005: DEBUG: Creating accounting port
>> 0.0.0.0:1646
>> Fri Jul 15 15:24:04 2005: NOTICE: Server started: Radiator 3.13 on
>> hayakawa.lava.net
>> Fri Jul 15 15:24:52 2005: DEBUG: Packet dump:
>> *** Received from 64.65.64.43 port 1025 ....
>> Code: Access-Request
>> Identifier: 197
>> Authentic: <179>X<176><137><196><204>|_`<174><173>Q<147><236>r}
>> Attributes:
>> User-Name = "jobogus"
>> Password = "<31>f#<191><28>*z <239><209><7>Y"
>> NAS-Identifier = 64.65.64.43
>> NAS-Port = 20101
>> NAS-Port-Type = Async
>> State = ""
>> Caller-Id = "8085233517"
>> Client-Port-DNIS = "5666101"
>> Acct-Session-Id = "359126255"
>>
>> Fri Jul 15 15:24:52 2005: DEBUG: Handling request with Handler
>> 'Realm=DEFAULT'
>> Fri Jul 15 15:24:52 2005: DEBUG: Deleting session for jobogus,
>> 64.65.64.43, 20101
>> Fri Jul 15 15:24:52 2005: DEBUG: Handling with Radius::AuthFILE:
>> Fri Jul 15 15:24:52 2005: ERR: Attribute number 79 is not defined
>> in your dictionary
>> Fri Jul 15 15:24:52 2005: DEBUG: Reading users file /etc/radiator/
>> users
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE looks for match
>> with jobogus
>> Fri Jul 15 15:24:52 2005: DEBUG: Handling with Radius::AuthUNIX:
>> System
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX looks for match
>> with jobogus
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX REJECT: Check
>> item Client-Port-DNIS expression '5376400' does not match
>> '5666101' in request
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE REJECT: Check
>> item Client-Port-DNIS expression '5376400' does not match
>> '5666101' in request
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE looks for match
>> with DEFAULT
>> Fri Jul 15 15:24:52 2005: DEBUG: Handling with Radius::AuthUNIX:
>> System
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX looks for match
>> with jobogus
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthUNIX ACCEPT:
>> Fri Jul 15 15:24:52 2005: DEBUG: Radius::AuthFILE ACCEPT:
>> Fri Jul 15 15:24:52 2005: DEBUG: AuthBy FILE result: ACCEPT,
>> Fri Jul 15 15:24:52 2005: DEBUG: Access accepted for jobogus
>> Fri Jul 15 15:24:52 2005: DEBUG: Packet dump:
>> *** Sending to 64.65.64.43 port 1025 ....
>> Code: Access-Accept
>> Identifier: 197
>> Authentic: <179>X<176><137><196><204>|_`<174><173>Q<147><236>r}
>> Attributes:
>> Ascend-Maximum-Channels = 1
>> Idle_Timeout = 1200
>> Ascend-Idle-Limit = 1200
>> Ascend-TS-Idle-Limit = 1200
>> Session-Timeout = 36900
>> Ascend-Maximum-Call-Duration = 615
>> Ascend-Multicast-Client = 1
>> Ascend-Multicast-Rate-Limit = 0
>> Framed-Netmask = 255.255.255.255
>>
>> Thanks in advance for any help folks out there can give me.
>>
>> Mahalo,
>> Derrin Chong
>>
>> ps. Any help on tracking down the error is appreciated too.
>>
>> Fri Jul 15 15:24:52 2005: ERR: Attribute number 79 is not defined
>> in your dictio
>> nary
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/
> archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list