--- Forwarded mail from [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: Wed, 11 Jul 2001 19:36:25 -0500
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [Harrison
Ng <[EMAIL PROTECTED]>]
>From [EMAIL PROTECTED] Wed Jul 11 19:36:25 2001
Received: from lsm01.hksmartone.com ([202.73.249.110])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id f6C0aMD08704
for <[EMAIL PROTECTED]>; Wed, 11 Jul 2001 19:36:23 -0500
Received: from exweb01.hksmartone.com ([202.73.249.57])
by lsm01.hksmartone.com (8.9.3/8.9.3) with ESMTP id KAA29442;
Thu, 12 Jul 2001 10:21:49 +0800
Received: by EXWEB01 with Internet Mail Service (5.5.2654.89)
id <3X8M8DFX>; Thu, 12 Jul 2001 10:29:34 +0800
Message-ID: <22F54FFAA006DC4F92523E90AABC944A8A25E8@EX01>
From: Harrison Ng <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Cc: Harrison Ng <[EMAIL PROTECTED]>
Subject: RE: (RADIATOR) AuthBy Radius, limiting Calling ID stations
Date: Thu, 12 Jul 2001 10:27:31 +0800
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2654.89)
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C10A7A.33CBD9D0"
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C10A7A.33CBD9D0
Content-Type: text/plain;
charset="iso-8859-1"
Lloyd,
I guest you want radius proxy to screen out unwanted calling-station-id,
before passing auth packet to remote radius server. Am I right?
Here is my suggestion:-
1. Put all calling-station-id into a database table. My example is a mysql
db.
2. Construct <AuthBy SQL>, the SELECT statement will search and compare the
calling-station-id.
3. Put AuthByPolicy, and two AuthBy clause.
4. Do some test under trace 4, watch radiator behaviour and fine tune
radius.cfg to suit your needs.
The advantage of using a db to store the calling-station-id:-
1. Redirect loading of proxy server to db server. (assume both server are in
different boxes)
2. Make radius.cfg shorter and easier to read.
Regards,
Harrison
P.S. Anybody has better suggestion, welcome your comment.
<AuthBy RADIUS>
Identifier proxyserver
Host xxx.xxx.xxx.xxx
Secret xxx
AuthPort 1812
AcctPort 1813
</AuthBy>
<AuthBy SQL>
Identifier callfromsomewhere
DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
DBUsername xxx
DBAuth xxx
AuthSelect select callerid from CALLTABLE where callerid =
%{Calling-Station-Id}
AuthColumnDef 0, Calling-Station-Id, check
NoDefault
</AuthBy>
<Handler Client-Id = xxx.xxx.xxx.xxx>
AuthByPolicy ContinueWhileAccept
AuthBy callfromsomewhere
AuthBy proxyserver
</Handler>
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of lloyd
Sent: Wednesday, July 11, 2001 2:56 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) AuthBy Radius, limiting Calling ID stations
hi there,
this is what we have right now....we have this radius that does
authentication...our radius also does proxying to other radius by AuthBy
Radius clause...our problem right now is how do we limit the users say
user01@realm1 from dialling at Calling-Station-Id, say 1234?
the complication: if our radius finds out that the user has realm =
realm1, it proxys it to another radius server but before our radius
server proxys that particular user, we need to find out if that user is
dialling the correct Calling-Station-Id....so the question is how do we
proxy to another radius together with limiting that particular user from
dialling to a set of numbers..
does this work? or do you have any suggestions in mind?
<Handler Calling-Station-Id = /123445 | 91836724912 | 913240123/ ,
Client-Id=/202.202.202.202/>
<AuthBy RADIUS>
Host ********
Secret *******
AuthPort
AcctPort
</AuthBy>
</Handler>
p.s.
follow-up: how do we bind to NO PORT...i mean how do we reject
completely a user....say for
example....NOT BINDING TO AN AUTHPORT OR NOT BINDING TO AN ACCTPORT?
that's all i guess
thank you
hope you can reply soon
Lloyd Brian V. Dagoc
Consulting Engineer
InterDotNet Philipines Incorporated
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
------_=_NextPart_001_01C10A7A.33CBD9D0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>RE: (RADIATOR) AuthBy Radius, limiting Calling ID =
stations</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=3D2>Lloyd,</FONT>
</P>
<P><FONT SIZE=3D2>I guest you want radius proxy to screen out unwanted =
calling-station-id, before passing auth packet to remote radius server. =
Am I right?</FONT></P>
<P><FONT SIZE=3D2>Here is my suggestion:-</FONT>
</P>
<P><FONT SIZE=3D2>1. Put all calling-station-id into a database table. =
My example is a mysql db.</FONT>
<BR><FONT SIZE=3D2>2. Construct <AuthBy SQL>, the SELECT =
statement will search and compare the calling-station-id.</FONT>
<BR><FONT SIZE=3D2>3. Put AuthByPolicy, and two AuthBy clause.</FONT>
<BR><FONT SIZE=3D2>4. Do some test under trace 4, watch radiator =
behaviour and fine tune radius.cfg to suit your needs.</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>The advantage of using a db to store the =
calling-station-id:-</FONT>
<BR><FONT SIZE=3D2>1. Redirect loading of proxy server to db server. =
(assume both server are in different boxes)</FONT>
<BR><FONT SIZE=3D2>2. Make radius.cfg shorter and easier to =
read.</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2>Regards,</FONT>
<BR><FONT SIZE=3D2>Harrison</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>P.S. Anybody has better suggestion, welcome your =
comment.</FONT>
</P>
<BR>
<BR>
<BR>
<P><FONT SIZE=3D2><AuthBy RADIUS></FONT>
<BR><FONT SIZE=3D2> =
Identifier proxyserver</FONT>
</P>
<P><FONT SIZE=3D2> Host =
xxx.xxx.xxx.xxx</FONT>
<BR><FONT SIZE=3D2> Secret =
xxx</FONT>
<BR><FONT SIZE=3D2> AuthPort =
1812</FONT>
<BR><FONT SIZE=3D2> AcctPort =
1813</FONT>
</P>
<P><FONT SIZE=3D2></AuthBy></FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2><AuthBy SQL></FONT>
<BR><FONT SIZE=3D2> =
Identifier callfromsomewhere</FONT>
</P>
<P><FONT SIZE=3D2> DBSource =
dbi:mysql:radius:xxx.xxx.xxx.xxx</FONT>
<BR><FONT SIZE=3D2> =
DBUsername xxx</FONT>
<BR><FONT SIZE=3D2> DBAuth =
xxx</FONT>
</P>
<P><FONT SIZE=3D2> AuthSelect =
select callerid from CALLTABLE where callerid =3D =
%{Calling-Station-Id}</FONT>
</P>
<P><FONT SIZE=3D2> =
AuthColumnDef 0, Calling-Station-Id, check</FONT>
</P>
<P><FONT SIZE=3D2> =
NoDefault</FONT>
<BR><FONT SIZE=3D2></AuthBy></FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=3D2><Handler Client-Id =3D xxx.xxx.xxx.xxx></FONT>
</P>
<P><FONT SIZE=3D2> =
AuthByPolicy ContinueWhileAccept</FONT>
</P>
<P><FONT SIZE=3D2> AuthBy =
callfromsomewhere</FONT>
<BR><FONT SIZE=3D2> AuthBy =
proxyserver</FONT>
</P>
<P><FONT SIZE=3D2></Handler></FONT>
</P>
<BR>
<BR>
<BR>
<P><FONT SIZE=3D2>-----Original Message-----</FONT>
<BR><FONT SIZE=3D2>From: [EMAIL PROTECTED] [<A =
HREF=3D"mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]=
m.au</A>]On</FONT>
<BR><FONT SIZE=3D2>Behalf Of lloyd</FONT>
<BR><FONT SIZE=3D2>Sent: Wednesday, July 11, 2001 2:56 PM</FONT>
<BR><FONT SIZE=3D2>To: [EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=3D2>Subject: (RADIATOR) AuthBy Radius, limiting Calling =
ID stations</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>hi there,</FONT>
<BR><FONT SIZE=3D2>this is what we have right now....we have this =
radius that does</FONT>
<BR><FONT SIZE=3D2>authentication...our radius also does proxying to =
other radius by AuthBy</FONT>
<BR><FONT SIZE=3D2>Radius clause...our problem right now is how do we =
limit the users say</FONT>
<BR><FONT SIZE=3D2>user01@realm1 from dialling at Calling-Station-Id, =
say 1234?</FONT>
</P>
<P><FONT SIZE=3D2>the complication: if our radius finds out that the =
user has realm =3D</FONT>
<BR><FONT SIZE=3D2>realm1, it proxys it to another radius server but =
before our radius</FONT>
<BR><FONT SIZE=3D2>server proxys that particular user, we need to =
find out if that user is</FONT>
<BR><FONT SIZE=3D2>dialling the correct Calling-Station-Id....so the =
question is how do we</FONT>
<BR><FONT SIZE=3D2>proxy to another radius together with limiting that =
particular user from</FONT>
<BR><FONT SIZE=3D2>dialling to a set of numbers..</FONT>
</P>
<P><FONT SIZE=3D2>does this work? or do you have any suggestions in =
mind?</FONT>
</P>
<P><FONT SIZE=3D2><Handler Calling-Station-Id =3D /123445 | =
91836724912 | 913240123/ ,</FONT>
<BR><FONT SIZE=3D2>Client-Id=3D/202.202.202.202/></FONT>
<BR><FONT SIZE=3D2> <AuthBy RADIUS></FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; Host ********</FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; Secret *******</FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; AuthPort</FONT>
<BR><FONT =
SIZE=3D2> &nb=
sp; AcctPort</FONT>
<BR><FONT SIZE=3D2> </AuthBy></FONT>
<BR><FONT SIZE=3D2></Handler></FONT>
</P>
<P><FONT SIZE=3D2>p.s.</FONT>
<BR><FONT SIZE=3D2>follow-up: how do we bind to NO PORT...i mean how do =
we reject</FONT>
<BR><FONT SIZE=3D2>completely a user....say for</FONT>
<BR><FONT SIZE=3D2>example....NOT BINDING TO AN AUTHPORT OR NOT BINDING =
TO AN ACCTPORT?</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>that's all i guess</FONT>
<BR><FONT SIZE=3D2>thank you</FONT>
<BR><FONT SIZE=3D2>hope you can reply soon</FONT>
</P>
<BR>
<P><FONT SIZE=3D2>Lloyd Brian V. Dagoc</FONT>
<BR><FONT SIZE=3D2>Consulting Engineer</FONT>
<BR><FONT SIZE=3D2>InterDotNet Philipines Incorporated</FONT>
</P>
<P><FONT SIZE=3D2>=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2>Archive at <A =
HREF=3D"http://www.open.com.au/archives/radiator/"; =
TARGET=3D"_blank">http://www.open.com.au/archives/radiator/</A></FONT>
<BR><FONT SIZE=3D2>Announcements on =
[EMAIL PROTECTED]</FONT>
<BR><FONT SIZE=3D2>To unsubscribe, email '[EMAIL PROTECTED]' =
with</FONT>
<BR><FONT SIZE=3D2>'unsubscribe radiator' in the body of the =
message.</FONT>
</P>
</BODY>
</HTML>
------_=_NextPart_001_01C10A7A.33CBD9D0--
---End of forwarded mail from [EMAIL PROTECTED]
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
