(RADIATOR) Re-assigning a dynamic IP

Martin Wallner Martin.Wallner at eunet.co.at
Fri Jun 9 03:23:34 CDT 2006


Hi Rob, 
 
I want to add to Hugh's approach another two (and ONLY because I'm not a
friend of messing around too much with the IP-Addresses on the
Radius-server and hooks in general if you don't have to do the REALLY
magic stuff, what you need here is only qualifying as minor magic :-))
):
 
a) If you use VPDN: you let the DSL and Dialins terminate on different
vpdn-groups on the router and do seperate authentications with 2 virtual
templates and the use of two IP-Pools in the router (can get a bit messy
on the cisco, only sometimes possible, because DSL and DIALIN had to be
provided on different endpoints)
 
or
 
b) you set up Handlers instead of Realms
 
It will still open only one connection to the Database, no hooks needed,
works... (BTW: you could think about using the statement 'ppp ipcp dns
192.92.138.35 193.81.83.2' in the Virtual Templates directyl on the
router, which would by default handle sending the client the DNS-Pair,
and remove a bit load off the router, who don't have to setup every new
clone with DNS....) ... The only thing is, that you have to be careful
of the internal order how RADIATOR is working through <Realm> and
<Handler> statements (Realms match, Realms regex, Realm default, Handler
in order of appearance, Handler default, if I don't messing up now...) 
 
<Handler Realm=/dslrealm/, Called-Station-ID=//>
    AutBySQL dialin
    rest of stuff
</Handler>
 
<Handler Realm=/dslrealm/> 
    AuthBySQL dsl
    rest of stuff
</Handler>
 
<AuthBy SQL>
        Identifier dialin
        DBSource        dbi:mysql:radius_db:192.168.0.15
        DBUsername      wildit
        DBAuth          1wildone8

        AuthSelect select PASSWORD, SessionTimeout, PrimaryDNS,
SecondaryDNS from SUBSCRIBERS \
                   where USERNAME=%0
        AuthColumnDef 0, User-Password, check
        AuthColumnDef 1, Session-Timeout, reply
        AuthColumnDef 2, Ascend-Client-Primary-DNS, ipaddr
        AuthColumnDef 3, Ascend-Client-Secondary-DNS, ipaddr

        AddToReply cisco-avpair="ip:dns-servers=202.129.64.194
202.129.64.198"

        AddToReplyIfNotExists	Framed-IP-Address=255.255.255.254,
	
Framed-IP-Netmask=255.255.255.255    
                                          

        ...... rest of stuff....
</AuthBy>
 
and the normal DSL-one:
 
<AuthBy SQL>
        Identifier dsl
        DBSource        dbi:mysql:radius_db:192.168.0.15
        DBUsername      wildit
        DBAuth          1wildone8

        AuthSelect select PASSWORD, FramedIPAddress, SessionTimeout,
PrimaryDNS, SecondaryDNS from SUBSCRIBERS \
                   where USERNAME=%0
        AuthColumnDef 0, User-Password, check
        AuthColumnDef 1, Framed-IP-Address, reply
        AuthColumnDef 2, Session-Timeout, reply
        AuthColumnDef 3, Ascend-Client-Primary-DNS, ipaddr
        AuthColumnDef 4, Ascend-Client-Secondary-DNS, ipaddr

        AddToReply cisco-avpair="ip:dns-servers=202.129.64.194
202.129.64.198"

        ...... rest of stuff.....
</AuthBy>
 

=mw=
 



________________________________

	From: owner-radiator at open.com.au
[mailto:owner-radiator at open.com.au] On Behalf Of Rob M. Salmon
	Sent: Freitag, 09. Juni 2006 03:49
	To: radiator at open.com.au
	Subject: (RADIATOR) Re-assigning a dynamic IP
	
	

	Hi

	 

	I am using a single Radius server to authenticate both DSL and
dial-up clients

	 

	I am using AuthbySQL

	 

	What I am trying to do is if a DSL customer "dials up" I want to
change the static IP (obtained from the SQL DB) to a different IP.

	I am using the attribute Called-Station-Id to determine if the
request is coming from a dial port or not.

	 

	I understand that I need to change the Framed-IP-Address
attribute that is returned by the radius server.

	 

	I am trying to use a perl Hook backupdialup-hook.pl (code below)
but I suspect I am not re-assigning the Ip correctly.

	 

	
------------------------------------------------------------------------
--------------------------------------------------------------------

	sub

	{

	    my $p = ${$_[0]};

	    my $code = $p->code();

	 

	    if ($code eq 'Auth-Request') {

	        my $Station-ID = $p->get_attr('Called-Station-Id');

	        if ($Station-ID eq '142320198333843') {

	                &main::log($main::LOG_DEBUG,"Called-station-ID
attribute present, Dialup Backup used.");

	                AddToReply
Framed-IP-Address=255.255.255.1,Framed-IP-Netmask=255.255.255.255

	 

	#               $p->change_attr('Framed-IP-Address',
'255.255.255.255.255');

	        }

	    }

	    return;

	}

	 

	The radius.cfg look like this.

	 

	# This will authenticate users from SUBSCRIBERS

	    <AuthBy SQL>

	        DBSource        dbi:mysql:radius_db:192.168.0.15

	        DBUsername      wildit

	        DBAuth          1wildone8

	 

	        AuthSelect select PASSWORD, FramedIPAddress,
SessionTimeout, PrimaryDNS, SecondaryDNS from SUBSCRIBERS \

	                   where USERNAME=%0

	        AuthColumnDef 0, User-Password, check

	        AuthColumnDef 1, Framed-IP-Address, reply

	        AuthColumnDef 2, Session-Timeout, reply

	        AuthColumnDef 3, Ascend-Client-Primary-DNS, ipaddr

	        AuthColumnDef 4, Ascend-Client-Secondary-DNS, ipaddr

	 

	        AddToReply cisco-avpair="ip:dns-servers=202.129.64.194
202.129.64.198"

	 

	PreClientHook file:"%D/backupdialup-hook.pl";

	 

	 

	 

	Regards

	 

	Rob Salmon

	Development Executive

	rsalmon at wildtechnology.net

	02 8306 0020 Direct Line

	02 8306 0077 Sales | 02 8306 0099 Fax

	02 8306 0088 Support

	02 8306 0055 Administration

	1300 13 WILD (9453) National | 1300 88 WILD (9453) Fax

	 

			________________________________

		Wild Internet & Telecom, ABN 98 091 470 692
	Finance - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
	Sales - Level 16 , 1604/6 Lachlan Street, Waterloo NSW 2017
	Telephone 1300-13-9453 |  Facsimile 1300-88-9453
	http://www.wildit.com.au

	DISCLAIMER & CONFIDENTIALITY NOTICE:  The information contained
in this email message and any attachments may be confidential
information and may also be the subject of client legal - legal
professional privilege. If you are not the intended recipient, any use,
interference with, disclosure or copying of this material is
unauthorised and prohibited.   This email and any attachments are also
subject to copyright.  No part of them may be reproduced, adapted or
transmitted without the written permission of the copyright owner.  If
you have received this email in error, please immediately advise the
sender by return email and delete the message from your system.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list