Forcing GNU-Radius to change authentication type
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
Forcing GNU-Radius to change authentication type
by Paul Cole
::
Rate this Message:
Dear Sergey and all,
I've foud out that my NAS was sending the same NAS-Port-ID attribute which is '0/0/0/0' for my pppoe users (normal because I have only one port from where all the users are connected, physical port 0 on the NAS). But the problem with that setting is that the radwho command will obviously show only the last user getting connected and disconnect the previous one.In my understanding, the session in GNU-Radius is defined by the couple of 'NAS-Port / Nas IP address' which explains that behavior when issuing the radwho command. I am trying now to set the session to use only the session ID rather than that couple which won't make radwho work for me. Need your help hare implementing this. Another thing : does radzap physically disconnect the customer from the NAS or just shut the session in Radius when the customer remains still connected to the NAS ? Thanks for your guidance. Regards, ____________________________________________________________________________ _____ Paul T. COLE _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@... http://lists.gnu.org/mailman/listinfo/help-gnu-radius |
|
|
Re: Forcing GNU-Radius to change authentication type
by Sergey Poznyakoff-2
::
Rate this Message:
Hi Paul,
> I've foud out that my NAS was sending the same NAS-Port-ID attribute > which is `0/0/0/0' for my pppoe users (normal because I have only one > port from where all the users are connected, physical port 0 on the > NAS). But the problem with that setting is that the radwho command will > obviously show only the last user getting connected and disconnect the > previous one...In my understanding, the session in GNU-Radius is > defined by the couple of `NAS-Port / Nas IP address' which explains > that behavior when issuing the radwho command. Yes, that's right. > I am trying now to set the session to use only the session ID rather > than that couple which won't make radwho work for me. Need your help > hare implementing this... The usual solution is to implement a rewriting function that would create a unique NAS-Port ID from another pieces of information in the request. This approach is described in section 10.2.4 "Rewriting Incoming Requests" of the documentation (available online at http://www.gnu.org/software/radius/manual/html_node/Rewriting-Incoming-Req uests.html). The examples/ directory contains some working samples, which might help you implement your own rewriting procedure: examples/cisco.rw: function cisco_pid, called from cisco_fixup. examples/c3620.rw: function c3620_decode, called from c3620_fixup. examples/ascend.rw: function max_decode_port, called from max_fixup. If you need any further help, please do not hesitate to write. > Another thing : does radzap physically disconnect the customer from the > NAS No, of course it does not. It has no way of doing so: there is no general interface which would connect to NAS and tell it to drop a line. Radzap is a last resort utility for bringing the system database in synch with the actual state of user pools. It operates only on rad[wu]tmp files. Normally, you rarely need to use it, if at all. Regards, Sergey _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@... http://lists.gnu.org/mailman/listinfo/help-gnu-radius |
|
|
RE: Re: Forcing GNU-Radius to change authentication type
by Paul Cole
::
Rate this Message:
Thanks, Sergey.
Regards, ____________________________________________________________________________ _____ Paul -----Message d'origine----- De : Sergey Poznyakoff [mailto:gray@...] Envoyé : jeudi 17 septembre 2009 10:04 À : Paul Cole Cc : help-gnu-radius@... Objet : [?? Probable Spam] Re: Forcing GNU-Radius to change authentication type Hi Paul, > I've foud out that my NAS was sending the same NAS-Port-ID attribute > which is `0/0/0/0' for my pppoe users (normal because I have only one > port from where all the users are connected, physical port 0 on the > NAS). But the problem with that setting is that the radwho command will > obviously show only the last user getting connected and disconnect the > previous one...In my understanding, the session in GNU-Radius is > defined by the couple of `NAS-Port / Nas IP address' which explains > that behavior when issuing the radwho command. Yes, that's right. > I am trying now to set the session to use only the session ID rather > than that couple which won't make radwho work for me. Need your help > hare implementing this... The usual solution is to implement a rewriting function that would create a unique NAS-Port ID from another pieces of information in the request. This approach is described in section 10.2.4 "Rewriting Incoming Requests" of the documentation (available online at http://www.gnu.org/software/radius/manual/html_node/Rewriting-Incoming-Req uests.html). The examples/ directory contains some working samples, which might help you implement your own rewriting procedure: examples/cisco.rw: function cisco_pid, called from cisco_fixup. examples/c3620.rw: function c3620_decode, called from c3620_fixup. examples/ascend.rw: function max_decode_port, called from max_fixup. If you need any further help, please do not hesitate to write. > Another thing : does radzap physically disconnect the customer from the > NAS No, of course it does not. It has no way of doing so: there is no general interface which would connect to NAS and tell it to drop a line. Radzap is a last resort utility for bringing the system database in synch with the actual state of user pools. It operates only on rad[wu]tmp files. Normally, you rarely need to use it, if at all. Regards, Sergey _______________________________________________ Help-gnu-radius mailing list Help-gnu-radius@... http://lists.gnu.org/mailman/listinfo/help-gnu-radius |
| Free embeddable forum powered by Nabble | Forum Help |
