(RADIATOR) problem with AuthBy Group
Hugh Irvine
hugh at open.com.au
Mon Aug 20 19:47:10 CDT 2001
Hello Sajida -
The IgnoreAuthentication and IgnoreAccounting flags were only added in
Radiator 2.18, so I suggest you upgrade to the latest version. The current
version of Radiator is 2.18.2 but there will be a new release out next week.
Alternatively you can use Handlers instead of Realms, which I prefer in any
case as I find it easier to understand:
# define AuthBy clauses
<AuthBy LDAP2>
Identifier LDAPAuthentication
.....
</AuthBy>
<AuthBy SQL>
Identifier SQLAccounting
.....
</AuthBy>
#define Handlers
<Handler Request-Type = Accounting-Request>
AuthBy SQLAccounting
</Handler>
<Handler>
AuthBy LDAPAuthentication
.....
</Handler>
hth
Hugh
On Monday 20 August 2001 22:41, sajida kalsoom wrote:
> > Hi Users!
> I have configured Radiator 2.17.1 with openldap server its woking fine
> and authenticating request I have used AuthBy LDAP2 clause . LDAP server
> used mysql database at backend. Then in a separat configuration file I
> configured AuthBy SQL clause so that Accounting logs to be stored in
> mysql database I configured it too and works successfully with db
> authentication . Now I want to combined both of these clauses so that I
> can perform Authentication through ldap server and logs accountig detail
> into database. When i combined both the auth by clauses with AuthBy Group
> clause using the ' AuthByPolicy ContinuewhileAccept' both the ldap and
> SQL clauses perform authentications and then accounting ... when I set
> 'IgnoreAuthentication' in AuthBY SQL clause Radiator server says
> ...'Unknown key word IgnoreAuthentication' . what should i do to obtain
> this functionaly... can any body please help me..
>
> #############################################################
> # ldap.cfg
> #
> # Example Radiator configuration file for authenticating from
> # an local LDAP server
> #
> # This very simple file will allow you to get started with
> # a simple LDAP authentication system.
> #
> # We suggest you start simple, prove to yourself that it
> # works and then develop a more complicated configuration.
> #
> # In this example, there is a local LDAP database
> # The LDAP database administrator has a common name of:
> # cn = Directory Manager
> # and a password from dmpasswd
> # The LDAP server in this example manages a Base DN of:
> # o=Open System Consultants, c=AU
> # IN the database, there is an entry for each user. Their username
> # is in the LDAP attribute called "uid", and there is a plaintext
> # password in the LDAP attribute called userPassword
> #
> # So, the example will work with the sample databases supplied with
> # UMich and Netscape LDAP servers.
> #
> # See radius.cfg for more complete examples of features and
> # syntax, and refer to the reference manual for a complete description
> # You should consider this file to be a starting point only
> # $Id: ldap.cfg,v 1.2 2000/02/15 07:07:54 mikem Exp $
>
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> # You will probably want to change this to suit your site.
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> <AuthBy GROUP>
> AuthByPolicy ContinuewhileAccept
>
> <AuthBy LDAP2>
> # Tell Radiator how to talk to the LDAP server
> Host localhost
>
> # You will only need these if your LDAP server
> # requires authentication:
> #AuthPassword fred
>
> # This the top of the search tree where users
> # will be found. It should match the configuration
> # of your server
> BaseDN o=sql , c=RU
>
> # This is the attribute to match the radius user name
> UsernameAttr uid
> # If you dont specify ServerChecksPassword, you
> # need to tell Radiator wjhich attribute contains
> # the password. It can be plaintext or encrypted
> EncryptedPasswordAttr userPassword
>
> # You can use CheckAttr, ReplyAttr and AuthAttrDef
> # to specify check and reply attributes int eh LDAP
> # database. See the reference manual for more
> # information
>
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
>
> # You can enable debugging of the Net::LDAP
> # module with this:
> #Debug 255
>
> </AuthBy>
> <AuthBy SQL>
>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
> DBSource DBI:mysql:hinet:localhost:3306
> DBUsername root
> #DBAuth root
> IgnoreAuthentication
> # For Authenication from Solaris encrypted password
> # AuthByPolicy ContinueWhileAccept
> #AuthSelect select
> Password,CallingStationId,ServiceType,FramedProtocol,FramedIPNetmask,NASPor
>tType,SimultaneousUse,FramedIPAddress,SessionTimeout,TimeDuration from
> TblUserLogin where Active=1 and LoginName='%n' #AuthColumnDef 0,
> Encrypted-Password, check
> #AuthColumnDef 1, GENERIC, check
> #AuthColumnDef 2, Service-Type, check
> #AuthColumnDef 3, Framed-Protocol, reply
> #AuthColumnDef 4, Framed-IP-Netmask, reply
> #AuthColumnDef 5, NAS-Port-Type, check
> #AuthColumnDef 6, Simultaneous-Use, check
> #AuthColumnDef 7, GENERIC, reply
> #AuthColumnDef 8, GENERIC, reply
> #AuthColumnDef 9, GENERIC, check
>
> # You may want to tailor these for your ACCOUNTING table
> AccountingTable TblTransactionRad
> AccountingStopsOnly
> AcctColumnDef LoginName,User-Name
> #,formatted-date,'%Y-%m-%d %H:%M:%S'
> AcctColumnDef TimeClose,Timestamp
> #AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef RecordType,Acct-Status-Type
> AcctColumnDef BytesIn,Acct-Input-Octets,integer
> AcctColumnDef BytesOut,Acct-Output-Octets,integer
> AcctColumnDef SessionId,Acct-Session-Id
> AcctColumnDef Duration,Acct-Session-Time,integer
> AcctColumnDef TerminationCause,Acct-Terminate-Cause
> AcctColumnDef NASIdentifier,NAS-Identifier
> AcctColumnDef NASIPAddress,NAS-IP-Address
> AcctColumnDef PortNo,NAS-Port,integer
> AcctColumnDef FramedIPAddress,Framed-IP-Address
> AcctColumnDef CLI,Calling-Station-Id
> </AuthBy>
>
> </AuthBy>
> # Log accounting to the detail file in LogDir
> #AcctLogFileName ./detail
> </Realm>
> <SessionDatabase SQL>
> # Specify the SQL database to connect to is similar to AuthSQL
> # You can specify multiple databases as fallbacks etc. See
> # the reference manual for more details
> DBSource DBI:mysql:hinet:localhost:3306
> DBUsername root
> #DBAuth root
> # You can alter the SQL statements used to add, delete and count
> # sessions with AddQuery, DeleteQuery, ClearNasQuery and
> # CountQuery. That means you can accomodate many different
> # SQL Session Database schemas. The defaults for these parameters
> # are suitable for the example RADONLINE table in the example SQL
> # scripts in the goodies directory.
> # See the reference manual for more details
>
> AddQuery insert into TblActiveSessions (LoginName,
> SessionId,TimeStart,NASIPAddress,FramedIPAddress,PortNo,NASPortType,CLI,NAS
>Identifier) values \
> ('%n','%{Acct-Session-Id}',now(),'%{NAS-IP-Address}','%a','%{NAS-Port}','%{
>NAS-Port-Type}','%{Calling-Station-Id}','%N')
>
> DeleteQuery delete from TblActiveSessions where LoginName='%n' and \
> PortNo=%{NAS-Port} and \
> NASIdentifier='%N'
>
> ClearNasQuery delete from TblActiveSessions where NASIdentifier='%N'
> CountQuery select NASIdentifier, PortNo, SessionId from TblActiveSessions
> where LoginName='%n'
>
>
> # Optional identifier. Its just a name
> # Identifier SDB1
>
> </SessionDatabase>
>
> <Log SQL>
> DBSource DBI:mysql:hinet:localhost:3306
> DBUsername root
> #DBAuth root
> Table TblRadiusLogs
> </Log>
>
>
> #############################################################
----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description:
----------------------------------------
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list