TechLibrary

[+] Expand All

[-] Collapse All

Steel-Belted Radius Carrier 8.4.1 Reference Guide
- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- About This Guide
- Introduction
  - Introduction to Configuration Files
    - Configuration Files
    - Tips for Editing Configuration Files
- Steel-Belted Radius Carrier Core and Radius Front-End Files
  - Operations Files
    - access.ini File
      - [Settings] Section
      - [Users] and [Groups] Sections
    - admin.ini File
      - [AccessLevel] Section
      - [SNMPAgent] Section
    - events.ini File
      - [EventDilutions] Section
        Example
      - [Suppress] Section
        Example
      - [Thresholds] Section
        Example
    - events.xml File
    - radius.ini File
      - [Addresses] Section
        Example 1
        Example 2
      - [AuditLog] Section
      - [AuthRejectLog] Section
      - [Configuration] Section
      - [CurrentSessions] Section
      - [DynAuthProxy]
      - [LatencyLog]
      - [EmbedInClass] Section
      - [HiddenEAPIdentity] Section
      - [IPPoolSuffixes] Section
      - [IPv6] Section
      - [JavaScript] Section
      - [LDAP] Section
      - [LDAPAddresses] Section
      - [Logging] Section
        Log File Naming Conventions and Log Rollover
        Thread Identifiers
        Session Identifiers
        Example
        Enhanced Proxy Logging
      - [MsChapNameStripping] Section
      - [PurgeThreadLogging] Section
      - [Ports] Section
      - [Self] Section
      - [StaticAcctProxy] Section
      - [Status] Section
      - [Strip] Section
      - [StripPrefix] Section
      - [StripSuffix] Section
      - [UserNameTransform] Section
        Example
      - [ValidateAuth] and [ValidateAcct] Sections
    - sbrd.conf File
    - services File
    - servtype.ini File
    - update.ini File
      - [HUP] and [USR2] Sections
        Example
    - Auto-Restart Files
      - Perl SNMP Support
      - Perl System Log Support
      - sbrd.conf File
      - radiusd.conf File
        radiusd.conf Configuration File
  - Authentication Configuration Files
    - authlog.ini File
    - authReport.ini File
    - authReportAccept.ini File
      - [Attributes] Section
      - [Settings] Section
    - authReportBadSharedSecret.ini File
      - [Attributes] Section
      - [Settings] Section
    - authReportReject.ini File
      - [Attributes] Section
      - [Settings] Section
    - authReportUnknownClient.ini File
      - [Attributes] Section
      - [Settings] Section
    - blacklist.ini File
    - lockout.ini File
      - [ClientExclusionList] Section
      - [UserExclusionList] Section
    - redirect.ini File
      - [Settings] Section
      - [ClientExclusionList] Section
    - statlog.ini File
      - [Settings] Section
      - [Statistics] Section
  - Attribute Processing Files
    - Dictionary Files
      - .dct Files
        .dct File Location
        .dct File Records
        Editing .dct Dictionary Files
        Include Records
        Master Dictionary for .dct Files
        ATTRIBUTE Records
        Attribute Name and Identifier
        Syntax Type Identifier
        Compound Syntax Types
        Flag Characters
        VALUE Records
        Macro Records
        OPTION Records
      - .dic Files
        .dic File Location
        <?dict> Element
        <vendor> Element
        <attribute> Element
        Editing .dic Dictionary Files
    - Structured Attributes
      - Structured Attribute Dictionary Definitions
        XML Format of Dictionary Files
        <dictionary> Element
        <attribute> Element
        Subattribute Elements
        <constant>
      - Functional Areas That Use Subattributes
        Packet Parsing and Formatting
        Features that Support the Use of Structured and Subattributes
        Single Subattribute Insertion
        Attribute Filtering
        Proxy Attribute Mapping
        Structured Attributes in Return Lists and Check Lists
        Using Web GUI to Configure Subattributes in Return Lists and Checklists
        Using the LCI to Define Subattributes in Return Lists and Check Lists
        Javascript
        Converting Previous Attribute Flatteners with Subattributes
        Plug-in Attribute Access
      - Example of Configuration and Usage of a Structured Attribute
        3GPP2 Data Definition
        SBR Carrier XML Dictionary Definition
        Example Data
        LCI Encoding
    - classmap.ini File
      - [AttributeName] Section
    - filter.ini File
      - Filter Rules
      - Order of Filter Rules
        Examples
      - Values in Filter Rules
      - Referencing Attribute Filters
    - sample.rr File
    - spi.ini File
      - [Keys] Section
      - [Hosts] Section
    - vendor.ini File
      - [Vendor-Product Identification] Section
      - Product-Scan Settings
    - Adding NAS Location Information to Access-Request Messages
      - Location-Specific Configuration Files
      - locspec.ctrl File
        Example
        Example
        Example
        Example
      - proxy.ini File
        Example
      - realm.pro File
        Example realm.pro file:
      - Example Configuration for Adding NAS Location Attributes to Access-Request
        Example Overview
        Example Configuration
  - Address Assignment Files
    - dhcp.ini File
      - [Settings] Section
      - [Pools] Section
    - pool.dhc Files
  - Accounting Configuration Files
    - account.ini File
    - acctReport.ini File
    - sessionTable.ini File
      - [Settings] Section
  - Realm Configuration Files
    - Proxy Realm Configuration Files
    - Directed Realm Configuration Files
      - Sample proxy.ini File
      - Sample Directed Realm (.dir) File
    - proxy.ini File
    - Proxyrl.ini File
    - Proxy RADIUS Configuration (.pro) File
      - [Auth] Section
      - [Acct] Section
      - [AutoStop] Section
      - [Called-Station-ID] Section
      - [DynAuth] Section
      - Target Selection Rules
        Round-Robin Load Balancing
        Selecting a Backup Server
        Realm Retry Policy
      - [FastFail] Section
      - [ModifyUser] Section
      - [SpooledAccounting] Section
        Retry Sequence
    - Directed Realm Configuration (.dir) File
    - radius.ini Realm Settings
  - EAP Configuration Files
    - eap.ini File
    - peapauth.aut File
      - [Bootstrap] Section
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [Inner_Authentication] Section
      - [Request Filters] Section
      - [Response Filters] Section
      - [Session_Resumption] Section
    - tlsauth.aut File
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [CRL_Checking] Section
      - [Session_Resumption] Section
      - Sample tlsauth.aut File
    - tlsauth.eap File
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [Secondary_Authorization] Section
      - [CRL_Checking] Section
      - [Session_Resumption] Section
      - Sample tlsauth.eap File
      - Configuring Secondary Authorization
        SQL Authentication
        LDAP Authentication
    - ttlsauth.aut File
      - [Bootstrap] Section
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [Inner_Authentication] Section
      - [Request_Filters] Section
      - [Response_Filters] Section
      - [CRL_Checking] Section
      - [Session_Resumption] Section
      - Sample ttlsauth.aut File
  - Session State Register (SSR) Configuration Files
    - Configuring the config.ini File
    - Configuring the dbclusterndb.gen File
      - [Bootstrap] Section
      - [NDB] Section
        [Database] Section
      - [IpAddressPools] Section
      - [IpAddressPools:PoolName] Section
    - Using the georedSess.ses File to Configure the Geo-Redundancy Feature
  - Local CST Configuration Files
    - dbclusterRPC.gen File
    - cstserver.ini File
      - [Configuration] Section
      - [HA-Settings] Section
- Back-End Authentication and Accounting
  - SQL Plug-Ins
    - Common Configuration Items
      - [Bootstrap] Section
      - [Settings] Section
        Limitations of Underlying Database APIs
        SQL Parameter
        ErrorMap
        mssql.ini File
        [SoftErrors] Section
        mysql.ini File
        [SoftErrors] Section
        oracle.ini File
        [SoftErrors] Section
        LogLevel
      - [Server] Section
      - [Server/name] Sections
        Last Resort Server
      - Load Balancing Example
      - JDBC Plug-ins
    - SQL Authentication
      - [Settings] Section
        PasswordFormat
        ClearTextBinary
        DefaultResults
        SuccessResult
        UpperCaseName
      - [Results] Section
        Default [Results] Parameters
      - [FailedSuccessResultAttributes] Section
      - [Failure] Section
      - [Strip] Sections
      - Example: SQL Authentication Configuration File
    - SQL Accounting
    - SQL Accessors
    - Detailed Use Cases
      - Working with Stored Procedures
      - SQL Database Data Retrieval Methods
        SQL=SELECT Method for Data Retrieval from SQL Databases
        SQL=SELECT Method: SELECT Statement
        SQL=SELECT Method: [Results] Section
        SQL=SELECT Method: Section Correlations Illustrated
        Stored Procedure Method for Data Retrieval from SQL Databases
        Stored Procedure Method: BEGIN Statement of sqlaccessor.gen
        Stored Procedure Method: [Results] Section of sqlaccessor.gen
        Stored Procedure Method: Database Schema
        Stored Procedure Method: Data Retrieval
        Stored Procedure Method: Example
  - LDAP Plug-Ins
    - Overview
    - Common Configurations
    - LDAP Authentication
    - LDAP Accessor Files
  - CDR Accounting Plug-Ins
    - CDR Process Overview
    - Types of Call Detail Records
    - Configuring Accounting Options with cdracct.acc
      - [Bootstrap] Section of cdracct.acc
        Example
      - [Settings] Section of cdracct.acc
        Example
    - Displaying CDR Information
    - CDR Fields
    - CDR Field Formats for Binary and ASN.1 CDR Files
      - Field Formats for Binary Version 1 and Binary Version 2 CDR Files
- SIM Authentication Module
  - Common Configurations
    - ss7db.gen File
      - [Bootstrap] Section
      - [Settings] Section
    - gsmmap.gen File
      - [Bootstrap] Section
      - [Settings] Section
      - [Realms] Section
      - Configuring Each Realm Section
        Example
        Relationship Between Sections
      - Network Equipment and Data Needed for Processing Access-Requests
        Example: Authorization String
        Disabling Authorization from EAP-SIM
      - Target Module Section
        Target Module Fields (General Case)
        MAP Gateway Target Module Fields
        Example of MAP Gateway Target Module Fields
        SQL Database Target Module Fields
        Example of SQL Database Target Module
        LDAP Database Target Module Fields
        Example of LDAP Database Target Module
    - Signalware MML Commands
  - SIM/AKA Authentication
    - Overview
    - Configuring the simauth.aut File
    - Authentication Gateway
      - Configuring the ulcmmg.conf File
      - Configuring the GWrelay.conf File
      - Starting and Stopping the GWrelay Process
      - Configuring the authGateway.conf File
        [Routing-Configuration] Section
        Authorization Options
        Example 1—authGateway.conf file [Routing-Configuration] Section
        Example 2—authGateway.conf file [Routing-Configuration] Section
        [Supported-MAP-Messages] Section
        [Common-AGW-Configurations] Section
        [Process<name>] Section
        Example
      - Configuring the authGateway Startup with MML Commands
        Example—Creating and Starting the authGateway Process
- Optional Mobility Module Configuration Files
  - WiMAX Mobility Module Configuration File
    - wimax.ini File
- SNMP Configuration Files
  - SNMP Configuration Overview
  - SNMP Traps and Statistics Overview
- Appendixes
  - Authentication Protocols
  - Vendor-Specific Attributes
  - Configuration Examples
    - Steel-Belted Radius Carrier: 3G-to-Wi-Fi Offload Solution Using the SBR MAP Gateway with EAP-SIM or EAP-AKA
  - Detailed Use Cases
    - Using SQL Accessors
      - Configuring gsmmap.gen for Key Field Identification
        Examples
      - Configuring sqlaccessor.gen or sqlaccessor_jdbc.gen for Key Field Identification
        Examples
    - Using LDAP Accessors
      - Configuring ldapaccessor.gen for Key Field Identification
    - Assigning IP Addresses Based on APN
    - Adding Attributes to an Access-Accept
      - Overview
      - Data Flow
      - Configuration Tasks
      - Configuring Files for Adding Attributes to Access-Accept
      - Example Configuration for Adding Attributes to Access-Accept
        Example Overview
        Example Notes
        Access-Request
        SIMAuth
        Radsql.aut
        Eap.ini
        SQL Database Table 1
        Access-Accept
      - Activate the Authentication Method
    - Interfacing with a Kineto IP Network Controller
      - Attribute Handling Methods
      - Access-Request Conversion
      - Access-Accept Conversion
      - Access-Reject Conversion
      - Configuring the SIM Authentication Module for Handling Kineto Attributes
        Configuring the kinetoUMAAttrHandler.ctrl File
        Example kinetoUMAAttrHandler.ctrl file
        Configuring the controlpoints.ini File
        Configuring Kineto Attribute Recognition
        Activating the Authentication Method
        Developing Applications for the S1 Interface
    - Using Managed IPv6 Address Pools
  - SIR.conf File
  - Glossary
    - Numerics
    - A
    - B
    - C
    - D
    - E
    - F
    - G
    - H
    - I
    - J
    - L
    - M
    - N
    - O
    - P
    - Q
    - R
    - S
    - T
    - U
    - V
    - W

Download This Guide

Download this guide: Steel-Belted Radius Carrier 8.4.1 Reference Guide

admin.ini File

The admin.ini file maps administrative access levels to sets of access rights. These access levels are enforced for administrators connecting to Steel-Belted Radius Carrier by means of the Web GUI or LDAP configuration interface (LCI). Each [AccessLevel] section in the admin.ini file corresponds to an AccessLevel name entered in the access.ini file. You can create as many [AccessLevel] sections in the admin.ini file as you require.

Access rights are defined according to the categories of administrative data that an account is allowed to read and write. These data categories correspond to Web GUI pages and to objects directly under o=radius in the LDAP configuration schema.

Note: Due to interdependencies in configuration, to enable an administrator to configure users, the following settings are required in the [AccessLevel] section of the admin.ini file:

[AccessLevel]
Users=rw
IP-Pools=r
Profiles=r

Note: If you omit a keyword, access to that data category is specifically denied for all information and dialogs that correspond to that keyword. Misspelled keywords are considered omitted.

[AccessLevel] Section

The syntax for each [AccessLevel] section (Table 9) defined in the admin.ini file is:

[AccessLevel]
Access = value
Certificates = value
CCMPublish = value
CCMServerList = value
Configuration = value
CurrentUsers = value
ImportExport = value
IP-Pools = value
License = value
Profiles = value
Proxy = value
RAS-Clients = value
Report = value
RuleSets = value
Statistics = value
Tunnels = value
Users = value

Table 9: admin.ini Syntax

Parameter	Function
AccessLevel	Specifies the name of the access level. The value used here must be identical to the value used in the access.ini file.
Access	Specifies whether administrators with this access level can read or write (update) administrative access data, which is controlled by the Administrators List page. Valid values are: r—Read-only access w—Write-only access rw—Read/write access Note: When an administrator requests access, Steel-Belted Radius Carrier checks entries in the Administrators List page in Web GUI before checking the access.ini and admin.ini files. If an applicable administrative account exists in the Administrators List page, the user is given full access to the Steel-Belted Radius Carrier database, regardless of the configuration of the access.ini and admin.ini files.
Certificates	Specifies whether administrators with this access level can modify trusted root and server certificate information through Web GUI. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
CCMPublish	Specifies whether administrators with this access level can publish server replication (ccmpkg) information through Web GUI. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
CCMServerList	Specifies whether administrators with this access level can read or write (update) information in the Server List page in Web GUI. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
Configuration	Specifies whether administrators with this access level can read or write (update) information found in the Authentication Methods page in Web GUI. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
CurrentUsers	Specifies whether administrators with this access level can read or write (update) the Current Sessions Table, which can be displayed in the Reports page in Web GUI. Write access allows the administrator to delete entries from the Current Sessions Table. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
ImportExport	Controls whether the Import and Export menu items are enabled in the Web GUI. Read access allows file export. Write access allows file import. Valid values are: r—Read-only access (allows export but not import) w—Write-only access (allows import but not export) rw—Read/write access (allows import and export) Data categories without read access are disabled. If a user tries to export categories of data without having sufficient access rights, categories for which the user does not have read access are omitted from the export operation. Similarly, if a user tries to import categories of data without having sufficient access rights, categories for which the user does not have write access are omitted from the import operation. Note: Import and Export are subject to the particular rights that the user has to each type of item, such as Users or Tunnels.
IP-Pools	Specifies whether administrators with this access level can read or write (update) IP address pool data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access Note: This applies to standalone SBR Carrier servers only. For information about IP pools on Session State Register servers, see the SBR Carrier Installation Guide.
License	Specifies whether administrators with this access level can add a new license. Valid values are: w—Write-only access rw—Read/write access
Profiles	Specifies whether administrators with this access level can read or write (update) profile data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
Proxy	Specifies whether administrators with this access level can read or write (update) proxy target data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
RAS-Clients	Specifies whether administrators with this access level can read or write (update) RADIUS client data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
Report	Specifies whether administrators with this access level can read or write (update) report data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
RuleSets	Specifies whether certificates are replicated within a realm. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
Statistics	Specifies whether administrators can read Authentication, Accounting, and Proxy statistics generated by the server. Write access is not applicable. Valid values are: r—Read-only access
Tunnels	Specifies whether administrators with this access level can read or write (update) RADIUS tunnel data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access
Users	Specifies whether administrators with this access level can read or write (update) user data. Valid values are: r—Read-only access w—Write-only access rw—Read/write access Note: You must set the Users parameter to rw (read-write) for a user or group if you want the user or group to be able to import user information into Steel-Belted Radius Carrier.

[SNMPAgent] Section

If you use SNMP to monitor your Steel-Belted Radius Carrier server, the [SNMPAgent] section of admin.ini file must include this section to give Read access to the SNMP agent.

[SNMPAgent]
RAS-Clients=r
Users=r
Profiles=r
Proxy=r
Tunnels=r
IP-Pools=r
Access=r
Configuration=r
Statistics=r
CurrentUsers=r
Report=r
ImportExport=r
License=r

TechLibrary

Download This Guide

admin.ini File

[AccessLevel] Section

[SNMPAgent] Section

Modified: 2018-01-11