Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

servtype.ini File

The servtype.ini file configures service type mapping in Steel-Belted Radius Carrier. Service type mapping allows a single user to have multiple authorization attribute sets based on the service type the user is requesting. The service type is determined based on request attributes using rules that may differ depending on the network access server.

Using static configuration parameters in the servtype.ini file, you can specify, on a device-by-device basis, a mapping of request attributes and values to service type strings. These strings can be attached to the username as a prefix or as a suffix. The elaborated username is used for both authentication and authorization, and for allowing different authorizations based on service type requested.

Refer to the SBR Carrier Administration and Configuration Guide for information about how to configure and use service type mapping.

[Settings] Section

The [Settings] section (Table 36) of servtype.ini controls how the service type string is attached to the username before performing a lookup in the Native User database.

Note: If Prefix and Suffix are both set to 0 in the [Settings] section, service type mapping is disabled.

Table 36: servtype.ini [Settings] Syntax

Parameter

Function

Prefix

Specifies whether the service type string is prefixed to the username before performing a lookup in the Native User database.

  • If set to 1, the service type string is prefixed to the username.
  • If set to 0, the service type string is not prefixed to the username.

Default value is 0.

Suffix

Specifies whether the service type string is suffixed to the username before performing a lookup in the Native User database.

  • If set to 1, the service type string is suffixed to the username.
  • If set to 0, the service type string is not suffixed to the username.

Default value is 0.

Default

Mapping name that is used when an Access-Request message is received from a network access server not listed in the [NAS] section of servtype.ini.

If you do not configure a Default setting and the server cannot determine the mapping in any other way, the server ignores the service type and authenticates the user without it.

[NAS] Section

The [NAS] section of the servtype.ini file lets you map network access devices to [Mapping] sections. The syntax for [NAS] is:

[NAS]NASname = mappingNameNASname = mappingName

Each NASname entry in the [NAS] section must match the name of a RADIUS client entry in the Steel-Belted Radius Carrier database. When an Access-Request is received, its NAS-IP-Address attribute is matched to a RADIUS client entry in the database. If a match can be found and the RADIUS client name matches a NASname in the [NAS] section, Steel-Belted Radius Carrier looks for a corresponding mapping section in the servtype.ini file.

[MappingName] Section

Each [MappingName] section of the servtype.ini file identifies the strings to be added to the username for lookups in the Native User database, which allows Steel-Belted Radius Carrier to retrieve the appropriate return list, and specifies the rules an incoming Access-Request packet must meet before Steel-Belted Radius Carrier returns an Access-Accept message. The name of each [MappingName] section must match a mappingName entry in the [NAS] section.

The syntax for each [MappingName] section is:

[mapping] ServiceTypeStringRADIUSattribute = value~RADIUSattribute = value

ServiceTypeString is a string added to the username.

Each rule is a statement about an attribute that must be present in the incoming Access-Request packet. Each rule must be indented with a tab character, followed by a RADIUSattribute = value string, followed by a carriage return. Every component of the rule is optional, so there are many syntax variations.

If a rule includes a RADIUSattribute field, this field must identify a standard or vendor-specific RADIUS attribute that is known to the server. If a rule provides an optional value field, this field must name a valid possible value for that attribute.

If the RADIUSattribute field for a rule is preceded by a tilde (~), then the specified RADIUSattribute, if present in the Access-Request packet, must have a value other than value for the rule to be true. If the RADIUSattribute is not present in the Access-Request packet, or if it is present and has the value specified, the rule is false and authorization fails.

Example

[Settings]
Prefix=1
Suffix=0
Default=defaultmap

[NAS]
nas1=nas1map
nas2=nas2map

[nas1map]
ppp:
       Framed-Protocol=1
       Service-Type=2
vpn:
      Framed-Protocol=6
      ~Service-Type=2
other:
      Framed-Protocol
      Service-Type
[nas2map]
analog:
      NAS-Port-Type=1
isdn:
      NAS-Port-Type=2
[defaultmap]
ppp:

Modified: 2017-09-27