Hi
I have included the trace below with the cisco conf, it seems in the
trace that all is sent correctly ...Oh is the correct syntax ip-addr OR
ip_addr since I have seen both, and have tried both and none have
worked.
Iqbal
-------
trace output
Mon Jan 31 10:50:29 2000: DEBUG: Packet dump:
*** Received from 202.71.128.57 port 1645 ....
Code: Access-Request
Identifier: 162
Authentic: <238>Dd<208><132><206><7><154><158>"<10><167><198>R<145><9>
Attributes:
NAS-IP-Address = 202.71.128.57
NAS-Port = 110
Cisco-NAS-Port = "Async110"
NAS-Port-Type = Async
User-Name = "5419320865204317"
Called-Station-Id = "412"
User-Password =
"<154>C<211><5>!<171><15><208><199><191><242><14><145>m*
<30>"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Jan 31 10:50:29 2000: DEBUG: Rewrote user name to
[EMAIL PROTECTED]
Mon Jan 31 10:50:29 2000: DEBUG: Handling request with Handler
'Realm=/email/'
Mon Jan 31 10:50:29 2000: DEBUG: Rewrote user name to 5419320865204317
Mon Jan 31 10:50:29 2000: DEBUG: Deleting session for 5419320865204317,
202.71.
128.57, 110
--More--(10%)
Mon Jan 31 10:50:29 2000: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='202.71.128.57' and NASPORT=110
Mon Jan 31 10:50:29 2000: DEBUG: Handling with Radius::AuthRADMIN
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301429, 4, 'Handling with Radius::AuthRADMIN')
Mon Jan 31 10:50:29 2000: DEBUG: Handling with Radius::AuthRADMIN
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301429, 4, 'Handling with Radius::AuthRADMIN')
Mon Jan 31 10:50:29 2000: DEBUG: Query is: select PASS_WORD,
STATICADDRESS, TIME
LEFT, MAXLOGINS from RADUSERS where USERNAME='5419320865204317' and
BADLOGINS <
15 and VALIDFROM < 949301429 and VALIDTO > 949301429
Mon Jan 31 10:50:29 2000: DEBUG: Radius::AuthRADMIN looks for match with
5419320
865204317
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301429, 4, 'Radius::AuthRADMIN looks for match with
5419320865204317'
Mon Jan 31 10:50:29 2000: DEBUG: Query is: select NASIDENTIFIER,
NASPORT, ACCTSE
SSIONID from RADONLINE where USERNAME='5419320865204317'
Mon Jan 31 10:50:29 2000: DEBUG: Radius::AuthRADMIN ACCEPT:
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301429, 4, 'Radius::AuthRADMIN ACCEPT: ')
Mon Jan 31 10:50:29 2000: DEBUG: do query is: update RADUSERS set
BADLOGINS=0 wh
ere USERNAME='5419320865204317'
Mon Jan 31 10:50:29 2000: DEBUG: Access accepted for 5419320865204317
Mon Jan 31 10:50:29 2000: DEBUG: Packet dump:
*** Sending to 202.71.128.57 port 1645 ....
Code: Access-Accept
Identifier: 162
Authentic: <238>Dd<208><132><206><7><154><158>"<10><167><198>R<145><9>
Attributes:
Session-Timeout = 30993271
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
cisco-avpair = "ip:addr-pool=emailo"
Mon Jan 31 10:50:29 2000: DEBUG: Packet dump:
*** Received from 202.71.128.57 port 1646 ....
Code: Accounting-Request
Identifier: 163
Authentic:
<156><8><135><22><141>|<155><8><250>I<154><197>'<235><254><146>
Attributes:
NAS-IP-Address = 202.71.128.57
NAS-Port = 110
NAS-Port-Type = Async
User-Name = "5419320865204317"
Called-Station-Id = "412"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000C37"
Framed-Protocol = PPP
Acct-Delay-Time = 0
Mon Jan 31 10:50:29 2000: DEBUG: Rewrote user name to
[EMAIL PROTECTED]
Mon Jan 31 10:50:29 2000: DEBUG: Handling request with Handler
'Realm=/email/'
Mon Jan 31 10:50:29 2000: DEBUG: Rewrote user name to 5419320865204317
Mon Jan 31 10:50:29 2000: DEBUG: Adding session for 5419320865204317,
202.71.12
8.57, 110
Mon Jan 31 10:50:29 2000: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='202.71.128.57' and NASPORT=110
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADONLINE
(USERNAME, N
ASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS,
NASPORTTYPE,
SERVICETYPE) values ('5419320865204317', '202.71.128.57', 110,
'00000C37', 94930
1429, '', 'Async', 'Framed-User')
Mon Jan 31 10:50:29 2000: DEBUG: Handling with Radius::AuthRADMIN
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301429, 4, 'Handling with Radius::AuthRADMIN')
Mon Jan 31 10:50:29 2000: DEBUG: Handling accounting with
Radius::AuthRADMIN
--More--(57%)
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301429, 4, 'Handling accounting with Radius::AuthRADMIN')
Mon Jan 31 10:50:29 2000: DEBUG: do query is: update RADUSERS set
TIMELEFT=TIMEL
EFT-0, OCTETSINLEFT=OCTETSINLEFT-0, OCTETSOUTLEFT=OCTETSOUTLEFT-0 where
USERNAME
='5419320865204317'
Mon Jan 31 10:50:29 2000: DEBUG: do query is: insert into RADUSAGE
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTSESSIO
NID, NASIDENTIFIER, NASPORT, DNIS)
values
('5419320865204317', 949301429, 1, 0, '00000C37', '202.71.128.57
', 110, '412')
Mon Jan 31 10:50:29 2000: DEBUG: Accounting accepted
Mon Jan 31 10:50:29 2000: DEBUG: Packet dump:
*** Sending to 202.71.128.57 port 1646 ....
Code: Accounting-Response
Identifier: 163
Authentic:
<156><8><135><22><141>|<155><8><250>I<154><197>'<235><254><146>
Attributes:
Mon Jan 31 10:50:40 2000: DEBUG: Packet dump:
*** Received from 202.71.128.57 port 1646 ....
Code: Accounting-Request
Identifier: 164
Authentic: -<6><131><253>R<171><<142>/0<21>[rf_<150>
Attributes:
NAS-IP-Address = 202.71.128.57
NAS-Port = 110
NAS-Port-Type = Async
User-Name = "5419320865204317"
Called-Station-Id = "412"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00000C37"
Framed-Protocol = PPP
Framed-IP-Address = 202.71.133.58
Acct-Terminate-Cause = User-Request
Acct-Input-Octets = 175
Acct-Output-Octets = 159
Acct-Input-Packets = 8
Acct-Output-Packets = 8
Acct-Session-Time = 11
Acct-Delay-Time = 0
Mon Jan 31 10:50:40 2000: DEBUG: Rewrote user name to
[EMAIL PROTECTED]
Mon Jan 31 10:50:40 2000: DEBUG: Handling request with Handler
'Realm=/email/'
Mon Jan 31 10:50:40 2000: DEBUG: Rewrote user name to 5419320865204317
Mon Jan 31 10:50:40 2000: DEBUG: Deleting session for 5419320865204317,
202.71.
128.57, 110
Mon Jan 31 10:50:40 2000: DEBUG: do query is: delete from RADONLINE
where NASIDE
NTIFIER='202.71.128.57' and NASPORT=110
Mon Jan 31 10:50:40 2000: DEBUG: Handling with Radius::AuthRADMIN
Mon Jan 31 10:50:40 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301440, 4, 'Handling with Radius::AuthRADMIN')
Mon Jan 31 10:50:40 2000: DEBUG: Handling accounting with
Radius::AuthRADMIN
Mon Jan 31 10:50:40 2000: DEBUG: do query is: insert into RADMESSAGES
(TIME_STAM
P, TYPE, MESSAGE)
values (949301440, 4, 'Handling accounting with Radius::AuthRADMIN')
Mon Jan 31 10:50:40 2000: DEBUG: do query is: update RADUSERS set
TIMELEFT=TIMEL
EFT-011, OCTETSINLEFT=OCTETSINLEFT-0175,
OCTETSOUTLEFT=OCTETSOUTLEFT-0159 where
USERNAME='5419320865204317'
Mon Jan 31 10:50:40 2000: DEBUG: do query is: insert into RADUSAGE
(USERNAME, TIME_STAMP, ACCTSTATUSTYPE, ACCTDELAYTIME, ACCTINPUTO
CTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME,
ACCTTERMINATECAUSE, FRA
MEDIPADDRESS, NASIDENTIFIER, NASPORT, DNIS)
values
('5419320865204317', 949301440, 2, 0, 175, 159, '00000C37', 11,
1, '202.71.133.58', '202.71.128.57', 110, '412')
Mon Jan 31 10:50:40 2000: DEBUG: Accounting accepted
Mon Jan 31 10:50:40 2000: DEBUG: Packet dump:
*** Sending to 202.71.128.57 port 1646 ....
Code: Accounting-Response
Identifier: 164
Authentic: -<6><131><253>R<171><<142>/0<21>[rf_<150>
Attributes:
--------------------
cisco conf
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname a5300
!
aaa new-model
aaa authentication password-prompt Pin#:
aaa authentication username-prompt Account#:
aaa authentication login net4 group radius local
aaa authentication ppp default none
aaa authentication ppp net4 if-needed local group radius
aaa authorization exec net4 group radius if-authenticated
aaa authorization network net4 group radius if-authenticated
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
!
!
!
resource-pool disable
!
!
!
!
!
modem call-record terse
modem country mica india
ip subnet-zero
ip domain-name net4india.com
ip name-server a.b.c.d
ip name-server a.b.c.d
!
isdn voice-call-failure 0
modemcap entry new_modemcap3:MSC=&f&d2s0=3s19=0s29=1s39=4s7=60s34=0s40=0
mta receive maximum-recipients 0
!
!
controller E1 0
framing NO-CRC4
clock source line primary
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country india
debounce-time 20
release-guard-time 20
seizure-ack-time 20
!
controller E1 1
framing NO-CRC4
clock source line secondary 1
ds0-group 0 timeslots 1-15,17-31 type r2-digital r2-compelled
cas-custom 0
country india
debounce-time 20
release-guard-time 20
seizure-ack-time 20
!
controller E1 2
!
controller E1 3
!
!
!
interface Loopback0
ip address a.b.c.d 255.255.255.0
no ip directed-broadcast
!
interface Ethernet0
ip address a.b.c.d 255.255.255.224
no ip directed-broadcast
!
interface FastEthernet0
ip address a.b.c.d 255.255.255.224
ip directed-broadcast
shutdown
duplex half
speed auto
!
interface Group-Async1
ip unnumbered Ethernet0
no ip directed-broadcast
encapsulation ppp
async default routing
async mode interactive
peer default ip address pool net4 emailo
no cdp enable
ppp authentication pap callin net4
group-range 1 120
!
ip local pool net4 202.71.133.2 202.71.133.62
ip local pool emailo 202.71.135.1 202.71.135.62
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 202.71.129.32 255.255.255.240 202.71.128.62
ip http server
!
!
radius-server host aa.bb.cc.dd auth-port 1812 acct-port 1813
radius-server key <secret>
radius-server vsa send authentication
!
line con 0
transport input none
line 1 120
autoselect during-login
autoselect ppp
login authentication net4
modem InOut
modem autoconfigure type mica
autocommand ppp
transport preferred none
transport input all
transport output lat pad telnet rlogin udptn v120 lapb-ta
line aux 0
line vty 0 4
!
end
-------------------------------
Hugh Irvine wrote:
>
> Hello Iqbal -
> >
> > after having attempted numerous things, and been in touch with Cisco
> > (USA) I am still having problems with the cisco-avpair attr.
> >
> > when debugging on the cisco, to see what is sent back from radiator i
> > get the following
> >
> > Attribute 26 27 0000000901156970
> >
> > for the vendoe-specific attr. This accorinding to cisco is malformed,
> > can anyone confirm this, and if so, how can I fix this.
> >
>
> There is a good example for using cisco-avpair's in the sample "users" file in
> the main Radiator directory:
>
> open.com.au Password=cisco, Service-Type=Outbound-User
> cisco-avpair = "vpdn:tunnel-id=cca-gw",
> cisco-avpair = "vpdn:ip-addresses=1.2.3.4",
> cisco-avpair = "vpdn:nas-password=pw",
> cisco-avpair = "vpdn:gw-password=pw"
>
> You should see the entire string between the quotes "" returned to the NAS in
> the reply packet. You can send us your configuration file (no secrets) and a
> trace 4 debug showing the problem and I will try to help you.
>
> regards
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
