(RADIATOR) additional accounting column

CHS chs at vol.at
Mon Mar 21 03:32:50 CST 2005 

hi
I currently have a problem with the accounting which I do with <authby 
sql>.  What I want to do is to add an additional column (LOGINSERVICE) 
to the mysql db where the Login-Service that is stored in the LDAP db 
will be saved.

I have trace 4 turned on and in the log file I'll never see the 
mentioned attribute in the "sql insert" statement.

could you please check my config file and tell me what's wrong or 
missing in there.

thanks
christoph

# ldap.cfg
#

        #Foreground
        LogStdout
        DbDir           /usr/local/radiator

        # Debugging Level & Logging
        # 0 ERR.Error conditions. Serious and unexpected failures
        # 1 WARNING. Warning conditions. Unexpected failures
        # 2 NOTICE. Normal but significant conditions.
        # 3 INFO. Informational messages.
        # 4 DEBUG. Debugging messages.
        # 5 Incoming raw packet dumps in hexadecimal.
        Trace           4
        LogFile         /var/log/radius.log

        PidFile /var/run/radius.pid

### NAS CLIENTS ###
# default client if no other is defined
# !!! Client order is important, default should be the last !!!

<Client 127.0.0.1>
        Secret mysecret
        Identifier 1038
</Client>

<Client 1.2.3.41>
        Secret mysecret
        Identifier TA
</Client>

<Client 2.3.4.5>
        Secret mysecret
        Identifier DSL
</Client>

<Client DEFAULT>
        Secret  mysecret
        DupInterval 0
</Client>


##################
### ACCOUNTING ###

<AuthBy SQL>
        Identifier      AcctSQL
        DBSource        dbi:mysql:****
        DBUsername      rad
        DBAuth          ******

        # !!! Table must exist !!!
        AccountingTable ACCOUNTING%Y%m

        #AcctColumnDef Column,Attribute[,Type][,Format]

        AcctColumnDef   USERNAME,User-Name
        AcctColumnDef   TIME_STAMP,Timestamp,integer
        AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
        AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
        AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
        AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
        AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
        AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
        AcctColumnDef   ACCTTERMINATECAUSE,Acct_Terminate-Cause
        AcctColumnDef   NASIDENTIFIER,NAS-Identifier
        AcctColumnDef   NASPORT,NAS-Port,integer
        AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address

        AuthAttrDef radiusLoginService,Login-Service,reply
        #AcctColumnDef  LOGINSERVICE,Login-Service
        AcctColumnDef   LOGINSERVICE,%{Reply:Login-Service},formatted

        # Missedaccountings are written to log, e.g. if mysql db is down
        AcctFailedLogFileName /var/log/radius_missedaccounting.log

</AuthBy>

########################
### AUTHENTIFICATION ###

### Auth for 1038 Customers ###
<AuthBy LDAP2>
        Identifier CheckLDAP-1038

        ### Login Info for LDAP DB ###
        # Tell Radiator how to talk to the LDAP server
        Host            localhost

        # LDAP server authentication.
        AuthDN          cn=***
        AuthPassword    *****

        # This the top of the search tree where users will be found.
        BaseDN          ******

        # This is the LDAP attribute to match the radius user name
        UsernameAttr    uid

        PasswordAttr    userPassword

        #DefaultSimultaneousUse  1

        # CheckAttr, ReplyAttr and AuthAttrDef
        # will be replied for accounting and authentication
        # AuthAttrDef ldapattributename , radiusattributename , type

        AuthAttrDef radiusFramedIPAddress,Framed-IP-Address,reply
        AuthAttrDef radiusFramedRoute,Framed-Route,reply
        AuthAttrDef radiusFramedProtocol,Framed-Protocol,reply
        AuthAttrDef radiusUserService,reply
        AuthAttrDef Cisco-AVPair,cisco-avpair,reply
        AuthAttrDef radiusLoginService,Login-Service,reply
        AuthAttrDef radiusSimultaneousUse,Simultaneous-Use,reply


        # Search if user matches to group 1038
        SearchFilter (&(radiusLoginService=1038) (uid=%1))

        # Debugging of the Net::LDAP
        Debug 255

        # You can control the timout for connection failure
        Timeout 5
        FailureBackoffTime 10

        # You can control the LDAP protocol version to be used
        Version 3
</AuthBy>

###### restliche authby hier noch eintragen!! ###

<Handler Request-Type=Accounting-Request>
       AuthBy AcctSQL
</Handler>

<Handler Client-Identifier=1038>
        AuthByPolicy ContinueUntilAccept
        # Delete @auol.at from the User-Name
        RewriteUsername     s/^([^@]+).*/$1/

        AuthBy CheckLDAP-1038
        #AuthBy CheckLDAP-TA

        # Give additional message if "Request Denied"i
        RejectHasReason
</Handler>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list