Hugh Irvine wrote:
> Hello Felipe -
>
> > > > Hugh Irvine wrote:
> > > >
> > > > > Well this is most peculiar. Can you please send me a copy of your
>configuration
> > > > > file (no secrets) together with a trace 4 debug that corresponds to that
> > > > > configuration?
> > > > >
> > > > > A couple of questions. What dictionary are you using? Is the
>Framed-IP-Address
> > > > > above correct? And finally, what other attributes are you returning to the
>NAS?
> > > > > You probably have a problem because you are not sending enough information in
> > > > > your reply attributes to start the session (specifically Service-Type if you
> > > > > are using a Cisco).
> > > > >
> > > > > thanks
> > > > >
> > > > > Hugh
> > > > >
> > >
> > > Thanks for sending the additional information.
> > >
> > > As I mentioned in my previous message above, I think the reason you are not
> > > getting a session started is due to the fact that you probably need to send
> > > some additional attributes in your Access-Accept. I would have thought that you
> > > would need something like the following, including the Framed-IP-Address and
> > > Framed-IP-Netmask:
> > >
> > > Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> > > Framed-IP-Address = xxx.xxx.xxx.xxx,
> > > Framed-IP-Netmask = yyy.yyy.yyy.yyy,
> > > Framed-Compression = Van-Jacobson-TCP-IP,
> > > Session-Timeout = nnn,
> > > Idle-Timeout = mmm
> > >
> > > The exact reply attributes will depend on your NAS and your requirements.
> > >
> > > Also, on the Oracle error that is being reported, could you try to execute the
> > > same query that Radiator is using, in sqlplus (interactive SQL tool)? This will
> > > tell us whether the problem is in Oracle or in Radiator.
> > >
> > > Here is the query:
> > >
> > > select YIADDR, SUBNETMASK, DNSSERVER from RADPOOL where POOL='pool1' and
> > > STATE=0 order by TIME_STAMP
> > >
> > > thanks
> > >
> > > Hugh
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> >
> > Do I set the reply attributes in the DefaultReply line ??
> >
>
> You can start by using AddToReply (DefaultReply will only add attributes if
> there are none there already).
>
> regards
>
> Hugh
>
>
Hugh,
Attached is my conf file and a trace 4 debug. I added an AddToReply but in the other
side
my connection hang up yet while trying to authenticate. See in the log that the
radiator
is sending the ip address, netmask, etc but I dont know why my connection isn't
accepted.
Thanks!
--
Felipe Bariani Salum
System Administrator
Zip.net
*** Received from 200.187.218.85 port 1645 ....
Code: Access-Request
Identifier: 1
Authentic: <146><29><243>P-S<7><4>a{<196><200><250>%l<140>
Attributes:
NAS-Identifier = "200.187.218.84"
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = "[EMAIL PROTECTED]"
Client-Port-DNIS = "73980105"
Caller-Id = "1131710760"
User-Password = "xxxx"
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0001
Fri Jun 2 15:00:46 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Fri Jun 2 15:00:46 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Fri Jun 2 15:00:46 2000: DEBUG: Rewrote user name to [EMAIL PROTECTED]
Fri Jun 2 15:00:46 2000: DEBUG: Handling request with Handler 'Realm=zipnet.com.br'
Fri Jun 2 15:00:46 2000: DEBUG: Rewrote user name to fsalum
Fri Jun 2 15:00:46 2000: DEBUG: Deleting session for [EMAIL PROTECTED],
200.187.218.84, 1
Fri Jun 2 15:00:46 2000: DEBUG: do query is: delete from radonline where username =
'fsalum' and nasidentifier = '200.187.218.84' and nasport ='1'
Fri Jun 2 15:00:46 2000: DEBUG: Handling with Radius::AuthSQL
Fri Jun 2 15:00:46 2000: DEBUG: Handling with Radius::AuthSQL
Fri Jun 2 15:00:46 2000: DEBUG: Query is: select PASSWORD from SUBSCRIBERS where (
USERNAME='fsalum' or username = 'fsalum'||'@zip.net') and ( status != '1' or status is
null )
Fri Jun 2 15:00:46 2000: DEBUG: Radius::AuthSQL looks for match with fsalum
Fri Jun 2 15:00:46 2000: DEBUG: Radius::AuthSQL ACCEPT:
Fri Jun 2 15:00:46 2000: DEBUG: Handling with Radius::AuthDYNADDRESS
Fri Jun 2 15:00:46 2000: DEBUG: Query is: select YIADDR, SUBNETMASK, DNSSERVER from
RADPOOL where POOL='pool1' and STATE=0 order by TIME_STAMP
Fri Jun 2 15:00:46 2000: DEBUG: do query is: update RADPOOL set STATE=1,
TIME_STAMP=959968846, EXPIRY=960055246, USERNAME='fsalum' where
YIADDR='200.187.208.18'
Fri Jun 2 15:00:46 2000: DEBUG: Access accepted for fsalum
Fri Jun 2 15:00:46 2000: DEBUG: Packet dump:
*** Sending to 200.187.218.85 port 1645 ....
Code: Access-Accept
Identifier: 1
Authentic: <146><29><243>P-S<7><4>a{<196><200><250>%l<140>
Attributes:
Proxy-State = 0001
Framed-IP-Address = 200.187.208.18
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Framed-Routing = None
...
<AddressAllocator SQL>
Identifier redeip
DBSource dbi:Oracle:radius
DBUsername xxx
DBAuth xx
<AddressPool pool1>
Subnetmask 255.255.255.0
Range 200.187.208.1 200.187.208.254
Range 200.187.209.1 200.187.209.254
Range 200.187.210.1 200.187.210.254
Range 200.187.211.1 200.187.211.254
</AddressPool>
</AddressAllocator>
...
<Realm zipnet.com.br>
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName redeip.log
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:Oracle:radius
DBUsername xxx
DBAuth xx
AuthSelect select PASSWORD from SUBSCRIBERS where ( USERNAME='%n' \
or username = '%n'||'@zip.net') and ( status != '1' or \
status is null )
AuthColumnDef 0, Encrypted-Password, check
# You may want to tailor these for your ACCOUNTING table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef CALING_ID,Calling-Station-Id
</AuthBy>
<AuthBy DYNADDRESS>
Allocator redeip
PoolHint pool1
MapAttribute yiaddr, Framed-IP-Address
#MapAttribute subnetmask, Framed-IP-Netmask
StripFromReply PoolHint,Framed-IP-Netmask
AddToReply Service-Type=Framed-User,Framed-Protocol=PPP,\
Framed-IP-Netmask=255.255.255.255,Framed-Compression=Van-Jacobson-TCP-IP,\
Framed-MTU=1500, Framed-Routing=None
</AuthBy>
</Realm>
...
