(RADIATOR) problem with AuthBy Group
sajida kalsoom
sajida at advcomm.net
Mon Aug 20 07:41:39 CDT 2001
Hi Users!
I have configured Radiator 2.17.1 with openldap server its woking fine and authenticating request I have used AuthBy LDAP2 clause . LDAP server used mysql database at backend. Then in a separat configuration file I configured AuthBy SQL clause so that Accounting logs to be stored in mysql database I configured it too and works successfully with db authentication . Now I want to combined both of these clauses so that I can perform Authentication through ldap server and logs accountig detail into database. When i combined both the auth by clauses with AuthBy Group clause using the ' AuthByPolicy ContinuewhileAccept' both the ldap and SQL clauses perform authentications and then accounting ... when I set 'IgnoreAuthentication' in AuthBY SQL clause Radiator server says ...'Unknown key word IgnoreAuthentication' . what should i do to obtain this functionaly... can any body please help me..
#############################################################
# ldap.cfg
#
# Example Radiator configuration file for authenticating from
# an local LDAP server
#
# This very simple file will allow you to get started with
# a simple LDAP authentication system.
#
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# In this example, there is a local LDAP database
# The LDAP database administrator has a common name of:
# cn = Directory Manager
# and a password from dmpasswd
# The LDAP server in this example manages a Base DN of:
# o=Open System Consultants, c=AU
# IN the database, there is an entry for each user. Their username
# is in the LDAP attribute called "uid", and there is a plaintext
# password in the LDAP attribute called userPassword
#
# So, the example will work with the sample databases supplied with
# UMich and Netscape LDAP servers.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# You should consider this file to be a starting point only
# $Id: ldap.cfg,v 1.2 2000/02/15 07:07:54 mikem Exp $
Foreground
LogStdout
LogDir .
DbDir .
Trace 4
# You will probably want to change this to suit your site.
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy GROUP>
AuthByPolicy ContinuewhileAccept
<AuthBy LDAP2>
# Tell Radiator how to talk to the LDAP server
Host localhost
# You will only need these if your LDAP server
# requires authentication:
#AuthPassword fred
# This the top of the search tree where users
# will be found. It should match the configuration
# of your server
BaseDN o=sql , c=RU
# This is the attribute to match the radius user name
UsernameAttr uid
# If you dont specify ServerChecksPassword, you
# need to tell Radiator wjhich attribute contains
# the password. It can be plaintext or encrypted
EncryptedPasswordAttr userPassword
# You can use CheckAttr, ReplyAttr and AuthAttrDef
# to specify check and reply attributes int eh LDAP
# database. See the reference manual for more
# information
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
# You can enable debugging of the Net::LDAP
# module with this:
#Debug 255
</AuthBy>
<AuthBy SQL>
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource DBI:mysql:hinet:localhost:3306
DBUsername root
#DBAuth root
IgnoreAuthentication
# For Authenication from Solaris encrypted password
# AuthByPolicy ContinueWhileAccept
#AuthSelect select Password,CallingStationId,ServiceType,FramedProtocol,FramedIPNetmask,NASPortType,SimultaneousUse,FramedIPAddress,SessionTimeout,TimeDuration from TblUserLogin where Active=1 and LoginName='%n'
#AuthColumnDef 0, Encrypted-Password, check
#AuthColumnDef 1, GENERIC, check
#AuthColumnDef 2, Service-Type, check
#AuthColumnDef 3, Framed-Protocol, reply
#AuthColumnDef 4, Framed-IP-Netmask, reply
#AuthColumnDef 5, NAS-Port-Type, check
#AuthColumnDef 6, Simultaneous-Use, check
#AuthColumnDef 7, GENERIC, reply
#AuthColumnDef 8, GENERIC, reply
#AuthColumnDef 9, GENERIC, check
# You may want to tailor these for your ACCOUNTING table
AccountingTable TblTransactionRad
AccountingStopsOnly
AcctColumnDef LoginName,User-Name
#,formatted-date,'%Y-%m-%d %H:%M:%S'
AcctColumnDef TimeClose,Timestamp
#AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef RecordType,Acct-Status-Type
AcctColumnDef BytesIn,Acct-Input-Octets,integer
AcctColumnDef BytesOut,Acct-Output-Octets,integer
AcctColumnDef SessionId,Acct-Session-Id
AcctColumnDef Duration,Acct-Session-Time,integer
AcctColumnDef TerminationCause,Acct-Terminate-Cause
AcctColumnDef NASIdentifier,NAS-Identifier
AcctColumnDef NASIPAddress,NAS-IP-Address
AcctColumnDef PortNo,NAS-Port,integer
AcctColumnDef FramedIPAddress,Framed-IP-Address
AcctColumnDef CLI,Calling-Station-Id
</AuthBy>
</AuthBy>
# Log accounting to the detail file in LogDir
#AcctLogFileName ./detail
</Realm>
<SessionDatabase SQL>
# Specify the SQL database to connect to is similar to AuthSQL
# You can specify multiple databases as fallbacks etc. See
# the reference manual for more details
DBSource DBI:mysql:hinet:localhost:3306
DBUsername root
#DBAuth root
# You can alter the SQL statements used to add, delete and count
# sessions with AddQuery, DeleteQuery, ClearNasQuery and
# CountQuery. That means you can accomodate many different
# SQL Session Database schemas. The defaults for these parameters
# are suitable for the example RADONLINE table in the example SQL
# scripts in the goodies directory.
# See the reference manual for more details
AddQuery insert into TblActiveSessions (LoginName, SessionId,TimeStart,NASIPAddress,FramedIPAddress,PortNo,NASPortType,CLI,NASIdentifier) values \
('%n','%{Acct-Session-Id}',now(),'%{NAS-IP-Address}','%a','%{NAS-Port}','%{NAS-Port-Type}','%{Calling-Station-Id}','%N')
DeleteQuery delete from TblActiveSessions where LoginName='%n' and \
PortNo=%{NAS-Port} and \
NASIdentifier='%N'
ClearNasQuery delete from TblActiveSessions where NASIdentifier='%N'
CountQuery select NASIdentifier, PortNo, SessionId from TblActiveSessions where LoginName='%n'
# Optional identifier. Its just a name
# Identifier SDB1
</SessionDatabase>
<Log SQL>
DBSource DBI:mysql:hinet:localhost:3306
DBUsername root
#DBAuth root
Table TblRadiusLogs
</Log>
#############################################################
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20010820/832121a6/attachment.html>
More information about the radiator
mailing list