[RADIATOR] Radius Accounting to LDAP and Radius server

Hugh Irvine hugh at open.com.au
Mon Jul 30 05:38:53 CDT 2012 

Hello eliran shlomo -

You would do something like this:


…..

<AuthBy LDAP2>
        Identifier LDAP_User
        EAPType MD5
        # Tell Radiator how to talk to the LDAP server
        include %{GlobalVar:CONFIGROOT}/include/Use_LDAP.inc
        include %{GlobalVar:CONFIGROOT}/include/LDAP_User.inc
        include %{GlobalVar:CONFIGROOT}/include/LDAP_User_PostSearchHook.inc
</AuthBy>

<AuthBy RADIUS>
	Identifier ProxyAccounting
        NoForwardAuthentication
        Host **************
        AcctPort 1813
        FailureBackoffTime 180
        Retries 1
        RetryTimeout 3
        Secret secret
</AuthBy>

# process accounting

<Handler Request-Type=Accounting-Request, Acct-Status-Type = /^(Start|Stop)/>
        include %{GlobalVar:CONFIGROOT}/include/RewriteUsername.inc
        PostProcessingHook file:"%{GlobalVar:CONFIGROOT}/include/write-start-file.pl"
        SessionDatabase SDB1
        AccountingHandled
        AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
        AcctLogFileFormat  \
                %{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\
                %{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
                %{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
                %{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
                %{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\
                %{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
                %{Acct-Input-Gigawords},%{Acct-Output-Gigawords},\
                %{RB-QoS-Metering-Profile-Name},%{Acct-Terminate-Cause},\
                %{Acct-Session-Time},%{Event-Timestamp},\
                %{Acct-Authentic},%{Acct-Delay-Time},\
                %{Acct-Input-Packets},%{Acct-Output-Packets},\
                %{Framed-Protocol},%{Service-Type}
	# forward the accounting
	AuthBy ProxyAccounting
</Handler>

# process authentication

<Handler>
	AuthBy LDAP_User
</Handler>


hope that helps

regards

Hugh



On 30 Jul 2012, at 18:44, eliran shlomo <eliranshlomo at gmail.com> wrote:

> Hi,
> I'm trying to set multiple accounting respond but something isn't clear to me.
> currently now the radius using AuthBy LDAP2, and i want that the accounting respond after the authentication will be send to another accounting server.
> 
> i set this up for now
> 
> <AuthBy LDAP2>
>         Identifier LDAP_User
>         EAPType MD5
>         # Tell Radiator how to talk to the LDAP server
>         include %{GlobalVar:CONFIGROOT}/include/Use_LDAP.inc
>         include %{GlobalVar:CONFIGROOT}/include/LDAP_User.inc
>         include %{GlobalVar:CONFIGROOT}/include/LDAP_User_PostSearchHook.inc
> </AuthBy>
> 
> <AuthBy RADIUS>
>         NoForwardAuthentication
>         Host **************
>         AcctPort 1813
>         FailureBackoffTime 180
>         Retries 1
>         RetryTimeout 3
>         Secret secret
> </AuthBy>
> 
> and this is the handler
> 
> <Handler Request-Type=Accounting-Request, Acct-Status-Type = /^(Start|Stop)/>
>         include %{GlobalVar:CONFIGROOT}/include/RewriteUsername.inc
>         PostProcessingHook file:"%{GlobalVar:CONFIGROOT}/include/write-start-file.pl"
>         SessionDatabase SDB1
>         AccountingHandled
>         AcctLogFileName %{GlobalVar:DETAILDIR}/%c/detail-%Y%m%d.csv
>         AcctLogFileFormat  \
>                 %{User-Name},%{Acct-Session-Id},%{Framed-IP-Address},\
>                 %{Calling-Station-Id},%{Called-Station-Id},%{NAS-IP-Address},\
>                 %{NAS-Port-Type},%{NAS-Port},%{Acct-Status-Type},\
>                 %{Tunnel-Server-Endpoint},%{Tunnel-Client-Endpoint},\
>                 %{Tunnel-Server-Auth-ID},%{Tunnel-Client-Auth-ID},\
>                 %{RB-Context-Name},%{Acct-Input-Octets},%{Acct-Output-Octets},\
>                 %{Acct-Input-Gigawords},%{Acct-Output-Gigawords},\
>                 %{RB-QoS-Metering-Profile-Name},%{Acct-Terminate-Cause},\
>                 %{Acct-Session-Time},%{Event-Timestamp},\
>                 %{Acct-Authentic},%{Acct-Delay-Time},\
>                 %{Acct-Input-Packets},%{Acct-Output-Packets},\
>                 %{Framed-Protocol},%{Service-Type}
> 
> </Handler>
> 
> any idea how to continue from here?
> kinda get lost...
> 
> Best regards,
> 
> Eliran
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list