(RADIATOR) Re-assigning a dynamic IP
Martin Wallner
Martin.Wallner at eunet.co.at
Fri Jun 9 03:23:34 CDT 2006
Hi Rob,
I want to add to Hugh's approach another two (and ONLY because I'm not a
friend of messing around too much with the IP-Addresses on the
Radius-server and hooks in general if you don't have to do the REALLY
magic stuff, what you need here is only qualifying as minor magic :-))
):
a) If you use VPDN: you let the DSL and Dialins terminate on different
vpdn-groups on the router and do seperate authentications with 2 virtual
templates and the use of two IP-Pools in the router (can get a bit messy
on the cisco, only sometimes possible, because DSL and DIALIN had to be
provided on different endpoints)
or
b) you set up Handlers instead of Realms
It will still open only one connection to the Database, no hooks needed,
works... (BTW: you could think about using the statement 'ppp ipcp dns
192.92.138.35 193.81.83.2' in the Virtual Templates directyl on the
router, which would by default handle sending the client the DNS-Pair,
and remove a bit load off the router, who don't have to setup every new
clone with DNS....) ... The only thing is, that you have to be careful
of the internal order how RADIATOR is working through <Realm> and
<Handler> statements (Realms match, Realms regex, Realm default, Handler
in order of appearance, Handler default, if I don't messing up now...)
<Handler Realm=/dslrealm/, Called-Station-ID=//>
AutBySQL dialin
rest of stuff
</Handler>
<Handler Realm=/dslrealm/>
AuthBySQL dsl
rest of stuff
</Handler>
<AuthBy SQL>
Identifier dialin
DBSource dbi:mysql:radius_db:192.168.0.15
DBUsername wildit
DBAuth 1wildone8
AuthSelect select PASSWORD, SessionTimeout, PrimaryDNS,
SecondaryDNS from SUBSCRIBERS \
where USERNAME=%0
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
AuthColumnDef 2, Ascend-Client-Primary-DNS, ipaddr
AuthColumnDef 3, Ascend-Client-Secondary-DNS, ipaddr
AddToReply cisco-avpair="ip:dns-servers=202.129.64.194
202.129.64.198"
AddToReplyIfNotExists Framed-IP-Address=255.255.255.254,
Framed-IP-Netmask=255.255.255.255
...... rest of stuff....
</AuthBy>
and the normal DSL-one:
<AuthBy SQL>
Identifier dsl
DBSource dbi:mysql:radius_db:192.168.0.15
DBUsername wildit
DBAuth 1wildone8
AuthSelect select PASSWORD, FramedIPAddress, SessionTimeout,
PrimaryDNS, SecondaryDNS from SUBSCRIBERS \
where USERNAME=%0
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Framed-IP-Address, reply
AuthColumnDef 2, Session-Timeout, reply
AuthColumnDef 3, Ascend-Client-Primary-DNS, ipaddr
AuthColumnDef 4, Ascend-Client-Secondary-DNS, ipaddr
AddToReply cisco-avpair="ip:dns-servers=202.129.64.194
202.129.64.198"
...... rest of stuff.....
</AuthBy>
=mw=
________________________________
From: owner-radiator at open.com.au
[mailto:owner-radiator at open.com.au] On Behalf Of Rob M. Salmon
Sent: Freitag, 09. Juni 2006 03:49
To: radiator at open.com.au
Subject: (RADIATOR) Re-assigning a dynamic IP
Hi
I am using a single Radius server to authenticate both DSL and
dial-up clients
I am using AuthbySQL
What I am trying to do is if a DSL customer "dials up" I want to
change the static IP (obtained from the SQL DB) to a different IP.
I am using the attribute Called-Station-Id to determine if the
request is coming from a dial port or not.
I understand that I need to change the Framed-IP-Address
attribute that is returned by the radius server.
I am trying to use a perl Hook backupdialup-hook.pl (code below)
but I suspect I am not re-assigning the Ip correctly.
------------------------------------------------------------------------
--------------------------------------------------------------------
sub
{
my $p = ${$_[0]};
my $code = $p->code();
if ($code eq 'Auth-Request') {
my $Station-ID = $p->get_attr('Called-Station-Id');
if ($Station-ID eq '142320198333843') {
&main::log($main::LOG_DEBUG,"Called-station-ID
attribute present, Dialup Backup used.");
AddToReply
Framed-IP-Address=255.255.255.1,Framed-IP-Netmask=255.255.255.255
# $p->change_attr('Framed-IP-Address',
'255.255.255.255.255');
}
}
return;
}
The radius.cfg look like this.
# This will authenticate users from SUBSCRIBERS
<AuthBy SQL>
DBSource dbi:mysql:radius_db:192.168.0.15
DBUsername wildit
DBAuth 1wildone8
AuthSelect select PASSWORD, FramedIPAddress,
SessionTimeout, PrimaryDNS, SecondaryDNS from SUBSCRIBERS \
where USERNAME=%0
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Framed-IP-Address, reply
AuthColumnDef 2, Session-Timeout, reply
AuthColumnDef 3, Ascend-Client-Primary-DNS, ipaddr
AuthColumnDef 4, Ascend-Client-Secondary-DNS, ipaddr
AddToReply cisco-avpair="ip:dns-servers=202.129.64.194
202.129.64.198"
PreClientHook file:"%D/backupdialup-hook.pl";
Regards
Rob Salmon
Development Executive
rsalmon at wildtechnology.net
02 8306 0020 Direct Line
02 8306 0077 Sales | 02 8306 0099 Fax
02 8306 0088 Support
02 8306 0055 Administration
1300 13 WILD (9453) National | 1300 88 WILD (9453) Fax
________________________________
Wild Internet & Telecom, ABN 98 091 470 692
Finance - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
Sales - Level 16 , 1604/6 Lachlan Street, Waterloo NSW 2017
Telephone 1300-13-9453 | Facsimile 1300-88-9453
http://www.wildit.com.au
DISCLAIMER & CONFIDENTIALITY NOTICE: The information contained
in this email message and any attachments may be confidential
information and may also be the subject of client legal - legal
professional privilege. If you are not the intended recipient, any use,
interference with, disclosure or copying of this material is
unauthorised and prohibited. This email and any attachments are also
subject to copyright. No part of them may be reproduced, adapted or
transmitted without the written permission of the copyright owner. If
you have received this email in error, please immediately advise the
sender by return email and delete the message from your system.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list