Hugh Irvine wrote:
> Well this is most peculiar. Can you please send me a copy of your configuration
> file (no secrets) together with a trace 4 debug that corresponds to that
> configuration?
>
> A couple of questions. What dictionary are you using? Is the Framed-IP-Address
> above correct? And finally, what other attributes are you returning to the NAS?
> You probably have a problem because you are not sending enough information in
> your reply attributes to start the session (specifically Service-Type if you
> are using a Cisco).
>
> thanks
>
> Hugh
>
Hugh,
Attached is my configuration file and the trace 4 debug file for it. I just added the
dictionary.usr to the dictionary file, so it is complete now. The error about
Framed-IP-Netmask was fixed but in the other side my connection hang
up and dont authenticate yet.
Thanks for the help!
--
Felipe Bariani Salum
System Administrator
Zip.net
*** Received from 200.187.218.84 port 1645 ....
Code: Access-Request
Identifier: 3
Authentic: ><11><145><128>o<17>.<20>K<22>-<11><165>r<190><209>
Attributes:
Client-Id = 200.187.218.84
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
Called-Station-Id = "73980105"
Calling-Station-Id = "1131710753"
User-Password = "F23.<199>:u<5><142><180><239><232>x$<190>v"
Service-Type = Framed-User
Framed-Protocol = PPP
Wed May 31 15:05:04 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Wed May 31 15:05:04 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Wed May 31 15:05:04 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Wed May 31 15:05:04 2000: DEBUG: Handling request with Handler 'Realm=zipnet.com.br'
Wed May 31 15:05:04 2000: DEBUG: Rewrote user name to fsalum
Wed May 31 15:05:04 2000: DEBUG: Deleting session for [EMAIL PROTECTED],
200.187.218.84, 1
Wed May 31 15:05:04 2000: DEBUG: do query is: delete from radonline where username =
'fsalum' and nasidentifier = '200.187.218.84' and nasport ='1'
Wed May 31 15:05:04 2000: DEBUG: Handling with Radius::AuthSQL
Wed May 31 15:05:05 2000: DEBUG: Handling with Radius::AuthSQL
Wed May 31 15:05:05 2000: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where (
USERNAME='fsalum' or username = 'fsalum'||'@zip.net') and ( status != '1' or status is
null )
Wed May 31 15:05:05 2000: DEBUG: Radius::AuthSQL looks for match with fsalum
Wed May 31 15:05:05 2000: DEBUG: Radius::AuthSQL ACCEPT:
Wed May 31 15:05:05 2000: DEBUG: Handling with Radius::AuthDYNADDRESS
Wed May 31 15:05:05 2000: DEBUG: Query is: select YIADDR, SUBNETMASK, DNSSERVER from
RADPOOL where
POOL='pool1' and STATE=0 order by TIME_STAMP
Wed May 31 15:05:05 2000: ERR: Execute failed for 'select YIADDR, SUBNETMASK,
DNSSERVER from RADPOOL where
POOL='pool1' and STATE=0 order by TIME_STAMP': ORA-03113: end-of-file on communication
channel (DBD ERROR: OCIStmtExecute)
Wed May 31 15:05:06 2000: DEBUG: do query is: update RADPOOL set STATE=1,
TIME_STAMP=959796306,
EXPIRY=959882706, USERNAME='fsalum' where YIADDR='200.187.208.11'
Wed May 31 15:05:06 2000: DEBUG: Access accepted for fsalum
Wed May 31 15:05:06 2000: DEBUG: Packet dump:
*** Sending to 200.187.218.84 port 1645 ....
Code: Access-Accept
Identifier: 3
Authentic: ><11><145><128>o<17>.<20>K<22>-<11><165>r<190><209>
Attributes:
Framed-IP-Netmask = 255.255.255.0
Framed-IP-Address = 200.187.208.11
AcctPort 1646
AuthPort 1645
DbDir .
Foreground
LogDir .
LogStdout
Trace 4 .
LogFile logfile.zipnet.1645
RewriteUsername tr/A-Z/a-z/
RewriteUsername tr/A-Za-z0-9_@.//cd
RewriteUsername s/^ig$/ig\@ig/
DictionaryFile dictionary
<AddressAllocator SQL>
Identifier redeip
DBSource dbi:Oracle:radius
DBUsername xxxxx
DBAuth xxxxx
<AddressPool pool1>
Subnetmask 255.255.255.0
Range 200.187.208.1 200.187.208.254
Range 200.187.209.1 200.187.209.254
Range 200.187.210.1 200.187.210.254
Range 200.187.211.1 200.187.211.254
</AddressPool>
</AddressAllocator>
<Client DEFAULT>
Secret xxxxx
DupInterval 0
</Client>
<Client 200.187.218.84>
Secret xxxx
DupInterval 0
</Client>
<Realm DEFAULT>
AcctLogFileName zip.log
<AuthBy SQL>
DBSource dbi:Oracle:radius
DBUsername xxx
DBAuth xxx
AuthSelect select PASSWORD from SUBSCRIBERS where ( USERNAME='%n' \
or username = '%n'||'@zip.net') and ( status != '1' or \
status is null )
AuthColumnDef 0, Encrypted-Password, check
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CALING_ID,Calling-Station-Id
</AuthBy>
</Realm>
<Realm zipnet.com.br>
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName redeip.log
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:Oracle:radius
DBUsername xxx
DBAuth xxx
AuthSelect select PASSWORD from SUBSCRIBERS where ( USERNAME='%n' \
or username = '%n'||'@zip.net') and ( status != '1' or \
status is null )
AuthColumnDef 0, Encrypted-Password, check
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CALING_ID,Calling-Station-Id
</AuthBy>
<AuthBy DYNADDRESS>
Allocator redeip
PoolHint pool1
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint
</AuthBy>
</Realm>
<Realm ig>
RewriteUsername s/^([^@]+).*/$1/
#AcctLogFileName ig.log
<AuthBy SQL>
DBSource dbi:Oracle:radius
DBUsername xxxx
DBAuth xxxxx
AuthSelect select PASSWORD from SUBSCRIBERS where ( USERNAME='%n' \
or username = '%n'||'@ig') and ( status != '1' or \
status is null )
AuthColumnDef 0, Encrypted-Password, check
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CALING_ID,Calling-Station-Id
</AuthBy>
</Realm>
<Realm IPASS>
<AuthBy IPASS>
Config /usr/ipass/ipass.conf
Home /usr/ipass
</AuthBy>
</Realm>
<SessionDatabase SQL>
DBSource dbi:Oracle:radius
DBUsername xxx
DBAuth xxx
AddQuery insert into radonline (username, nasidentifier, nasport,\
acctsessionid, time_stamp, framedipaddress, nasporttype, servicetype,\
caling_id) values ('%n', '%N', '%{NAS-Port}', '%{Acct-Session-Id}',\
%{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}',\
'%{Service-Type}', '%{Calling-Station-Id}')
DeleteQuery delete from radonline where username = '%n' and nasidentifier = '%N'
and nasport ='%{NAS-Port}'
ClearNasQuery delete from radonline where nasidentifier='%N'
</SessionDatabase>
