servtype.ini File
The servtype.ini file configures service type mapping in Steel-Belted Radius Carrier. Service type mapping allows a single user to have multiple authorization attribute sets based on the service type the user is requesting. The service type is determined based on request attributes using rules that may differ depending on the network access device.
Using static configuration parameters in the servtype.ini file, you can specify, on a device-by-device basis, a mapping of request attributes and values to service type strings. These strings can be attached to the username as a prefix or as a suffix. The elaborated username is used for both authentication and authorization, and for allowing different authorizations based on service type requested.
Refer to the Steel-Belted Radius Carrier Administration and Configuration Guide for information on how to configure and use service type mapping.
[Settings] Section
The [Settings] section of servtype.ini (Table 28) controls how the service type string is attached to the username prior to look-up in the Native User database.
 |
NOTE: If Prefix and Suffix are both set to 0 in the [Settings] section, service type mapping is disabled. |
[NAS] Section
The [NAS] section of the servtype.ini file lets you map network access devices to [mapping] sections. The syntax for [NAS] is:
[NAS]
NASname=mappingName
NASname=mappingName
Each NASname entry in the [NAS] section must match the name of a RADIUS client entry in the Steel-Belted Radius Carrier database. When an Access-Request is received, its NAS-IP-Address attribute is matched to a RADIUS client entry in the database. If a match can be found and the RADIUS client name matches a NASname in the [NAS] section, Steel-Belted Radius Carrier looks for a corresponding [Mapping] section in the servtype.ini file.
[MappingName] Section
Each [MappingName] section of the servtype.ini file identifies the strings to be added to the username for lookups in the Native User database, which allows Steel-Belted Radius Carrier to retrieve the appropriate return list, and specifies the rules an incoming Access-Request packet must meet before Steel-Belted Radius Carrier returns an Access-Accept message. The name of each [MappingName] section must match a mappingName entry in the [NAS] section.
The syntax for each [MappingName] section is:
[mapping]
ServiceTypeString
RADIUSattribute = value
~RADIUSattribute = value
Each rule is a statement about an attribute that must be present in the incoming Access-Request packet. Each rule must be indented with a tab character, followed by a RADIUSattribute = value string, followed by a carriage return. Every component of the rule is optional, so there are many syntax variations.
If a rule includes a RADIUSattribute field, this field must identify a standard or vendor-specific RADIUS attribute that is known to the server. If a rule provides an optional value field, this field must name a valid possible value for that attribute.
If the RADIUSattribute field for a rule is preceded by a tilde (~), then the specified RADIUSattribute, if present in the Access-Request packet, must have a value other than value for the rule to be true. If the RADIUSattribute is not present in the Access-Request packet, or if it is present and has the value specified, the rule is false and authorization fails.
Example
[Settings]
Prefix=1
Suffix=0
Default=defaultmap
[NAS]
nas1=nas1map
nas2=nas2map
[nas1map]
ppp:
Framed-Protocol=1
Service-Type=2
vpn:
Framed-Protocol=6
~Service-Type=2
other:
Framed-Protocol
Service-Type
[nas2map]
analog:
NAS-Port-Type=1
isdn:
NAS-Port-Type=2
[defaultmap]
ppp: