forum.bitel.ru http://forum.bitel.ru/ |
|
SE100 Аутентификация по vlan - не поднимается сессия. http://forum.bitel.ru/viewtopic.php?f=44&t=10954 |
Страница 1 из 1 |
Автор: | Магнитка.RU [ 05 окт 2015, 11:15 ] |
Заголовок сообщения: | SE100 Аутентификация по vlan - не поднимается сессия. |
Здравствуйте не видно сессии в мониторе при аутентификации на SE100 по vlan (radius.servSearchMode=2), на устройстве используем свой SmartEdgeNDSCProtocolHandler который наследуется от вашего.Подскажите в чем может быть причина ? При аутентификации по (radius.servSearchMode=7) все работает сессия появляется. В идеале надо аутентифицироваться по (radius.servSearchMode=2-7) но с ним такая же проблема как и с radius.servSearchMode=2 не видно сессии. Цитата: ip.resource.categoryId=7 vlan.resource.category=1 const.access.attributes=Acct-Interim-Interval=900 radius.realm.ipn.attributes={@const.access.attributes} radius.realm.default.attributes={@const ... attributes} radius.realm=default,ipn radius.connection.checkDuplicate=1 radius.username.removeDomain=1 radius.username.removeWhitespace=0 radius.username.ignoreCase=0 radius.password.verification=0 radius.servSearchMode=7 sa.radius.option.attributesPrefix=radius.inetOption. sa.radius.connection.attributes=Acct-Session-Id redirect.attributes=Service-Name:1=RSE-REJECTED;Service-Options:1=1 sa.radius.disable.attributes=Session-Timeout=1800;{@redirect.attributes} sa.radius.enable.attributes=Deactivate-Service-Name:1=RSE-REJECTED sa.radius.connection.withoutBreak=1 sa.radius.connection.coa.onEnable=1 sa.radius.connection.stateModify=1 sa.radius.connection.close.enableMode=1 sa.radius.connection.close.disableMode=1 sa.radius.connection.close.disableServices=0 sa.radius.service.closeAttributes=Deactivate-Service-Name:1=RSE-SVC-EXT;Deactivate-Service-Name:2=RSE-SVC-INT radius.serviceName.disable=RSE-REJECTED connection.start.fromAccept=1 connection.start.fromUpdate=2 connection.suspend.timeout=960 connection.close.timeout=1920 connection.finish.timeout=5 session.split.onDeviceState=0 session.split.onTariffOption=1 radius.inetOption.1.attributes=Service-Name:1=RSE-SVC-EXT;Service-Options:1=1;Service-Parameter:1=in-Rate=10000 out-Rate=10000 in-Burst=1250000 out-Burst=1250000;Service-Name:2=RSE-SVC-INT;Service-Options:2=1;Service-Parameter:2=in-Rate=100000 out-Rate=100000 in-Burst=2500000 out-Burst=2500000 Код: package ru.svtk.inet; import java.net.InetAddress; import org.apache.log4j.Logger; import ru.bitel.bgbilling.kernel.network.dhcp.DhcpProtocolHandler; import ru.bitel.bgbilling.kernel.network.radius.RadiusAttribute; import ru.bitel.bgbilling.kernel.network.radius.RadiusDictionary; import ru.bitel.bgbilling.kernel.network.radius.RadiusPacket; import ru.bitel.bgbilling.kernel.network.radius.RadiusProtocolHandler; import ru.bitel.bgbilling.modules.inet.api.common.bean.InetDevice; import ru.bitel.bgbilling.modules.inet.api.common.bean.InetDeviceType; import ru.bitel.bgbilling.server.util.Setup; import ru.bitel.common.ParameterMap; import ru.bitel.common.Utils; import ru.bitel.common.sql.ConnectionSet; import java.util.regex.Pattern; import java.util.regex.Matcher; import ru.bitel.bgbilling.modules.inet.radius.InetRadiusProcessor; import ru.bitel.bgbilling.modules.inet.dyn.device.redback.SmartEdgeStaticClipsProtocolHandler; public class SmartEdgeNDSCProtocolHandler extends SmartEdgeStaticClipsProtocolHandler implements RadiusProtocolHandler { private static final Logger logger = Logger.getLogger( SmartEdgeNDSCProtocolHandler.class ); @Override public void init( Setup setup, int moduleId, InetDevice inetDevice, InetDeviceType inetDeviceType, ParameterMap deviceConfig ) throws Exception { super.init( setup, moduleId, inetDevice, inetDeviceType, deviceConfig ); } /** * Предобработка Access-Request пакета. */ @Override public void preprocessAccessRequest( final RadiusPacket request, final RadiusPacket response, final ConnectionSet connectionSet ) throws Exception { this.setVlanFromNasPort(request); // вызываем SmartEdgeServiceActivator.preprocessAccessRequest() super.preprocessAccessRequest( request, response, connectionSet ); } /* * Устанавливаем VLAN который передается в NAS-Port от Redback SE100. */ public void setVlanFromNasPort(final RadiusPacket request) throws Exception { String nasport = request.getStringAttribute( -1, RadiusDictionary.NAS_Port_Id, "empty" ); Pattern p = Pattern.compile("vlan-id ([0-9]+) "); Matcher m = p.matcher(nasport); // apply matcher if (m.find()) { logger.info("NAS Port vlan:"+m.group(1)); String vlan = m.group(1); request.setOption( InetRadiusProcessor.VLAN_ID, vlan ); } } } Цитата: radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] RadiusListenerWorker - REQUEST: Packet type: Access-Request Identifier: 62 Authenticator: {AB A0 CF 07 9D 4F D0 E7 7A 96 6A B9 9D E3 8B 8C} Attributes: User-Name=192.168.70.7 NAS-Port-Id=lg id 825 vlan-id 56 clips 134145 NAS-Identifier=IPN-static-clips User-Password=Redback NAS-IP-Address=10.0.0.1 NAS-Port=-1761604606 Service-Type=5 Acct-Session-Id=FF160339D8000C02-561200AA NAS-Port-Type=5 Platform-Type=4 Medium-Type=11 OS-Version=12.1.1.5 NAS-Real-Port=603979832 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] SmartEdgeNDSCProtocolHandler - NAS Port vlan:56 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusProcessor - REQUEST_AFTER_PREPROCESS: Packet type: Access-Request Identifier: 62 Authenticator: {AB A0 CF 07 9D 4F D0 E7 7A 96 6A B9 9D E3 8B 8C} Attributes: User-Name=192.168.70.7 NAS-Port-Id=lg id 825 vlan-id 56 clips 134145 NAS-Identifier=IPN-static-clips User-Password=Redback NAS-IP-Address=10.0.0.1 NAS-Port=-1761604606 Service-Type=5 Acct-Session-Id=FF160339D8000C02-561200AA NAS-Port-Type=5 Platform-Type=4 Medium-Type=11 OS-Version=12.1.1.5 NAS-Real-Port=603979832 Common options: {vlanId=56} radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetNas - Search serv on deviceId=90; vlanId=56 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusProcessor - [username=192.168.70.7] Authenticated as inetServId:5543 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetApplication - TariffOptionMap: {} radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetApplication - inetServ[id=5543] balance ok: 0.00 [0] radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetApplication - OptionSet: [5] radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusProcessor - Write new waiting connection to DB radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusProcessor - New connection id=8690180 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusProcessor - Return code=0 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetDhcpHelperProcessor - Skip userName: 192.168.70.7 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusProcessor - RESPONSE_BEFORE_POSTPROCESS: Packet type: Access-Accept Identifier: 62 Authenticator: {} Attributes: Acct-Interim-Interval=900 Framed-IP-Address=192.168.70.7 Service-Name:1=RSE-SVC-EXT Service-Name:2=RSE-SVC-INT Service-Options:1=1 Service-Options:2=1 Service-Parameter:1=in-Rate=100000 out-Rate=100000 in-Burst=2500000 out-Burst=2500000 Service-Parameter:2=in-Rate=100000 out-Rate=100000 in-Burst=2500000 out-Burst=2500000 Process time auth: 72 radius 10-05/09:31:24 INFO [rdsLstnr-p-8-t-4] InetRadiusListenerWorker - RESPONSE: Packet type: Access-Accept Identifier: 62 Authenticator: {53 19 09 A1 30 B6 F3 02 B6 62 2A 27 FB 03 7D 15} Attributes: Acct-Interim-Interval=900 Framed-IP-Address=192.168.70.7 Service-Name:1=RSE-SVC-EXT Service-Name:2=RSE-SVC-INT Service-Options:1=1 Service-Options:2=1 Service-Parameter:1=in-Rate=100000 out-Rate=100000 in-Burst=2500000 out-Burst=2500000 Service-Parameter:2=in-Rate=100000 out-Rate=100000 in-Burst=2500000 out-Burst=2500000 Process time auth: 74 Биллинг 6.1.868 |
Страница 1 из 1 | Часовой пояс: UTC + 5 часов [ Летнее время ] |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |