(RADIATOR) Global attributes

Hugh Irvine hugh at open.com.au
Mon Aug 20 19:28:43 CDT 2001


Hello Cliff -

To do what you describe, you will need to use a slightly different approach. 
This is because you want to do different things depending on whether you find 
a record in the database or not.

Try this:

# Define AuthBy clauses
# note the AuthSelect statement and AuthColumnDef's

<AuthBy SQL>
	Identifier CheckSQL
	......
	AuthSelect select PASSWORD, CHECKATTR, REPLYATTR, REPLYATTR2 \
		from SUBSCRIBERS WHERE USERNAME = '%n'

	AuthColumnDef 0, User-Password, check
	AuthColumnDef 1, GENERIC, check
	AuthColumnDef 2, GENERIC, reply
	AuthColumnDef 3, GENERIC, reply
</AuthBy>

<AuthBy RADIUS>
	Identifier CheckRADIUS
	.....
</AuthBy>

# define Realm

<Realm test.com>
	AuthBy CheckSQL
	.....
</Realm>


You will need to add a user record to your SQL table like this:

USERNAME	CHECKATTR
DEFAULT 	AuthType = CheckRADIUS


This will cause the CheckRADIUS clause to only be called if the user was not 
found in the database (ie. - a search will be made for "DEFAULT").

hth

Hugh


On Tuesday 21 August 2001 01:40, Cliff Cole wrote:
> Hello,
>     I have this configuration working some what.  I will paste my config
> for reference, maybe it'll help figure out how exactly to do what I need it
> to do.
>
> #config start
> <Realm test.com>
>      AuthByPolicy ContinueUntilIgnore
>         <AuthBy SQL>
>         DBSource        dbi:mysql:level3
>         DBUsername      root
>         DBAuth          eamide2
>         RewriteUsername s/^([^@]+).*/$1/
>         AuthSelect select PASSWORD, REPLYATTR, REPLYATTR2 from SUBSCRIBERS
> WHERE USERNAME = '%n'
>
>         AuthColumnDef 0, User-Password, check
>         AuthColumnDef 1, GENERIC, check
>         AuthColumnDef 2, GENERIC, reply
>         AuthColumnDef 3, GENERIC, reply
>
>       </AuthBy>
>       <AuthBy RADIUS>
>         Host 12.34.56.78
>         Secret test
>         </AuthBy>
> </Realm>
> #eo config
>
> What I need this to do.  First it will check to see if it is in the
> database.  Anything that will be in the database I want to automatically
> get rejected because these will be customers that have overages.  If they
> are not in the database, I would like to go to then next radius server for
> authentication.  I have tried a number of ContinueWhile* or ContinueUntil*.
> None of these seem to do the trick.  If there is any other way to make this
> work? I'm kind of stuck on the situation.
>
> Thanks,
> Cliff Cole
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Cliff Cole" <ccole at innerx.net>; <radiator at open.com.au>
> Sent: Tuesday, August 14, 2001 7:32 PM
> Subject: Re: (RADIATOR) Global attributes
>
> > Hello Cliff -
> >
> > This is very easy to configure - something like this:
> >
> > # define AuthBy clauses
> >
> > <AuthBy SQL>
> > Identifier CheckSQL
> > .....
> > </AuthBy>
> >
> > <AuthBy RADIUS>
> > Identifier CheckAnotherRadiusServer
> > .....
> > </AuthBy>
> >
> > # define Realms or Handlers
> >
> > <Handler ...>
> > AuthByPolicy ContinueUntilAccept
> > AuthBy CheckSQL
> > AuthBy CheckAnotherRadiusServer
> > </Handler>
> >
> > Have a look at section 6.27 in the Radiator 2.18.2 reference manual.
> >
> > hth
> >
> > Hugh
> >
> > On Wednesday 15 August 2001 00:22, Cliff Cole wrote:
> > > Hello,
> > >     I have sort of a strange situation that I have not ever thought
>
> about
>
> > > that we would like to do here at my company.  We are wanting to have a
> > > realm check a database (or flat file if need be) and if the username is
>
> not
>
> > > in the database it then passes the username at realm on to another radius
> > > server for authentication.  If the user is not in our databse when it
> > > passes through to the other Radius server it also will set global
> > > attributes for the users that get authenticated with the second radius.
>
> I
>
> > > really do not know where to start this configuration, so any help is
>
> very
>
> > > appreciated.
> > >
> > > Thanks,
> > > Cliff
> > >
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list