<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:52505761;
mso-list-type:hybrid;
mso-list-template-ids:-2107709240 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l1
{mso-list-id:866455550;
mso-list-template-ids:1802512742;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body bgcolor=white lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Mohamed,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Your
description of the IPOQUE device and how it works is very strange. I was not
able to find any usefully documentation on the IPOQUE device but here is what I
think it is trying to do in a service provider network.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Assume
the service provider network uses DSL, 3G wireless, 802.11, etc. Users connect
to the network via the NAS which could be a BRAS, GGSN, wireless AP, etc. The
NAS sends an access request to the RADIUS server to authenticate the user. All
user traffic going to the Internet goes through the IPOQUE device. The service
provider wants to the IPOQUE device to manage traffic based on user or groups
of users. Devices on the network are dynamically assigned an IP address. So,
the IPOQUE device needs to map the IP address to the user, group of user and
their bandwidth management “policy”. The NAS is configured to send RADIUS
accounting packets to the RADIUS server. The RADIUS server is configured to add
the IPOQUE attributes to the accounting request and proxy the request to the
IPOQUE device. When the IPOQUE device receives the Accounting Start packet, it
uses the information in the packet to map the IP address (Framed-IP-Address
attribute) to the IPOQUE bandwidth management policy (ipoque-class attribute). The
bandwidth management policy would then be applied to all traffic from that
particular user/IP address.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>What
type of network is your customer running (DSL, 3G, 802.11, etc.)? Do they
authenticate user access to the network using a NAS which then contacts the RADIUS
server? Is the IPOQUE device transparent to the user or does the IPOQUE device
require users to authenticate themselves via a web page or some other
mechanism?<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Tim<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'>
<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span
style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.org
[mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freeradius.org]
<b>On Behalf Of </b>Mohamed Abdulla<br>
<b>Sent:</b> Saturday, March 27, 2010 3:26 AM<br>
<b>To:</b> freeradius-users@lists.freeradius.org<br>
<b>Subject:</b> Help with executing accounting!<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hi All,</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I am new to
using freeradius. I am in the process of integrating freeradius with
"ipoque", which is a bandwidth control device. IPOQUE expects to see
an accounting request from the radius server with specific attributes embedded,
in order to control the bandwidth of the logged-in user. The scenario I am
trying to realize is as follows:</span><o:p></o:p></p>
</div>
<ol start=1 type=1>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo1'><span style='font-family:"Arial","sans-serif"'>For
each user wishing to authenticate with freeradius, I have added two
attributes in "users.conf" file. The first attribute is
"Framed-IP-Address", while the second is a VSA
"ipoque-class".</span><o:p></o:p></li>
<li class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;
mso-list:l1 level1 lfo1'><span style='font-family:"Arial","sans-serif"'>When
the user successfully authenticate with the freeradius, and after the
freeradius sends Access-Accept, I want the radclient.exe to
automatically send Accounting request to ipoque, including the following:
User-Name, Framed-IP-Address, Accounting-Status-Type= Start and
ipoque-class as configured in users.conf file. This should inform ipoque
device about the user IP and the class of that user in order to apply
th proper bandwidth rules for that user category.</span><o:p></o:p></li>
</ol>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I have
started by creating a test user in users.conf as follows:</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>shafzeen
Auth-Type := Local, User-Password == "1234"<br>
Framed-IP-Address = "192.168.1.12",<br>
ipoque-class = "raduser"</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>then I
created a text file named "ipoquestart.txt" with the following
content:</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>User-Name =
"%{User-Name}",<br>
Framed-IP-Address = "%{reply:Framed-IP-Address}",<br>
Acct-Status-Type = Start,<br>
ipoque-class = "%{reply:ipoque-class}"</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Then in the
radiusd.conf, in the modules section I have defined the following (The ipoque
device IP is 192.168.0.1, secret "prx"):</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>exec Start {<br>
wait = yes<br>
program = "${bindir}/radclient.exe -d ${raddbdir} -f
${bindir}/ipoquestart.txt -x -s 192.168.1 acct prx"<br>
input_pairs = reply<br>
output_pairs = reply<br>
packet_type = Access-Accept <br>
}</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>and in the
instantiate section I have added Start. Also, in the post-auth I have put Start
trying to send the radclient acct request towards ipoque.</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>I have
started freeradius in debug mode, and I noticed that the radclient is sending
Framed-IP-Address as "0.0.0.0", and "ipoque-class"=
"",</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>and after
that it is sending the reply with the needed values of Framed-IP-Address and
"ipoque-class". I know there is some where something wrong I am
doing, but I need someone to analyse what is happening and tell me how to
correct it! Thanks</span><o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>