(RADIATOR) problem with AuthBy Group
sajida kalsoom
sajida at advcomm.net
Tue Aug 21 02:05:44 CDT 2001
THANKS A LOT :)
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "sajida kalsoom" <sajida at advcomm.net>; <radiator at open.com.au>
Sent: Tuesday, August 21, 2001 5:47 AM
Subject: Re: (RADIATOR) problem with AuthBy Group
>
> Hello Sajida -
>
> The IgnoreAuthentication and IgnoreAccounting flags were only added in
> Radiator 2.18, so I suggest you upgrade to the latest version. The current
> version of Radiator is 2.18.2 but there will be a new release out next
week.
>
> Alternatively you can use Handlers instead of Realms, which I prefer in
any
> case as I find it easier to understand:
>
> # define AuthBy clauses
>
> <AuthBy LDAP2>
> Identifier LDAPAuthentication
> .....
> </AuthBy>
>
> <AuthBy SQL>
> Identifier SQLAccounting
> .....
> </AuthBy>
>
> #define Handlers
>
> <Handler Request-Type = Accounting-Request>
> AuthBy SQLAccounting
> </Handler>
>
> <Handler>
> AuthBy LDAPAuthentication
> .....
> </Handler>
>
> hth
>
> Hugh
>
>
> On Monday 20 August 2001 22:41, sajida kalsoom wrote:
>
> > > Hi Users!
> > I have configured Radiator 2.17.1 with openldap server its woking
fine
> > and authenticating request I have used AuthBy LDAP2 clause . LDAP server
> > used mysql database at backend. Then in a separat configuration file I
> > configured AuthBy SQL clause so that Accounting logs to be stored in
> > mysql database I configured it too and works successfully with db
> > authentication . Now I want to combined both of these clauses so that I
> > can perform Authentication through ldap server and logs accountig detail
> > into database. When i combined both the auth by clauses with AuthBy
Group
> > clause using the ' AuthByPolicy ContinuewhileAccept' both the ldap and
> > SQL clauses perform authentications and then accounting ... when I set
> > 'IgnoreAuthentication' in AuthBY SQL clause Radiator server says
> > ...'Unknown key word IgnoreAuthentication' . what should i do to obtain
> > this functionaly... can any body please help me..
> >
> > #############################################################
> > # ldap.cfg
> > #
> > # Example Radiator configuration file for authenticating from
> > # an local LDAP server
> > #
> > # This very simple file will allow you to get started with
> > # a simple LDAP authentication system.
> > #
> > # We suggest you start simple, prove to yourself that it
> > # works and then develop a more complicated configuration.
> > #
> > # In this example, there is a local LDAP database
> > # The LDAP database administrator has a common name of:
> > # cn = Directory Manager
> > # and a password from dmpasswd
> > # The LDAP server in this example manages a Base DN of:
> > # o=Open System Consultants, c=AU
> > # IN the database, there is an entry for each user. Their username
> > # is in the LDAP attribute called "uid", and there is a plaintext
> > # password in the LDAP attribute called userPassword
> > #
> > # So, the example will work with the sample databases supplied with
> > # UMich and Netscape LDAP servers.
> > #
> > # See radius.cfg for more complete examples of features and
> > # syntax, and refer to the reference manual for a complete description
> > # You should consider this file to be a starting point only
> > # $Id: ldap.cfg,v 1.2 2000/02/15 07:07:54 mikem Exp $
> >
> > Foreground
> > LogStdout
> > LogDir .
> > DbDir .
> > Trace 4
> >
> > # You will probably want to change this to suit your site.
> > <Client DEFAULT>
> > Secret mysecret
> > DupInterval 0
> > </Client>
> >
> > <Realm DEFAULT>
> > <AuthBy GROUP>
> > AuthByPolicy ContinuewhileAccept
> >
> > <AuthBy LDAP2>
> > # Tell Radiator how to talk to the LDAP server
> > Host localhost
> >
> > # You will only need these if your LDAP server
> > # requires authentication:
> > #AuthPassword fred
> >
> > # This the top of the search tree where users
> > # will be found. It should match the configuration
> > # of your server
> > BaseDN o=sql , c=RU
> >
> > # This is the attribute to match the radius user name
> > UsernameAttr uid
> > # If you dont specify ServerChecksPassword, you
> > # need to tell Radiator wjhich attribute contains
> > # the password. It can be plaintext or encrypted
> > EncryptedPasswordAttr userPassword
> >
> > # You can use CheckAttr, ReplyAttr and AuthAttrDef
> > # to specify check and reply attributes int eh LDAP
> > # database. See the reference manual for more
> > # information
> >
> > # These are the classic things to add to each users
> > # reply to allow a PPP dialup session. It may be
> > # different for your NAS. This will add some
> > # reply items to everyone's reply
> > AddToReply Framed-Protocol = PPP,\
> > Framed-IP-Netmask = 255.255.255.255,\
> > Framed-Routing = None,\
> > Framed-MTU = 1500,\
> > Framed-Compression = Van-Jacobson-TCP-IP
> >
> > # You can enable debugging of the Net::LDAP
> > # module with this:
> > #Debug 255
> >
> > </AuthBy>
> > <AuthBy SQL>
> >
> > # Adjust DBSource, DBUsername, DBAuth to suit your DB
> > DBSource DBI:mysql:hinet:localhost:3306
> > DBUsername root
> > #DBAuth root
> > IgnoreAuthentication
> > # For Authenication from Solaris encrypted password
> > # AuthByPolicy ContinueWhileAccept
> > #AuthSelect select
> >
Password,CallingStationId,ServiceType,FramedProtocol,FramedIPNetmask,NASPor
> >tType,SimultaneousUse,FramedIPAddress,SessionTimeout,TimeDuration from
> > TblUserLogin where Active=1 and LoginName='%n' #AuthColumnDef 0,
> > Encrypted-Password, check
> > #AuthColumnDef 1, GENERIC, check
> > #AuthColumnDef 2, Service-Type, check
> > #AuthColumnDef 3, Framed-Protocol, reply
> > #AuthColumnDef 4, Framed-IP-Netmask, reply
> > #AuthColumnDef 5, NAS-Port-Type, check
> > #AuthColumnDef 6, Simultaneous-Use, check
> > #AuthColumnDef 7, GENERIC, reply
> > #AuthColumnDef 8, GENERIC, reply
> > #AuthColumnDef 9, GENERIC, check
> >
> > # You may want to tailor these for your ACCOUNTING table
> > AccountingTable TblTransactionRad
> > AccountingStopsOnly
> > AcctColumnDef LoginName,User-Name
> > #,formatted-date,'%Y-%m-%d %H:%M:%S'
> > AcctColumnDef TimeClose,Timestamp
> > #AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> > AcctColumnDef RecordType,Acct-Status-Type
> > AcctColumnDef BytesIn,Acct-Input-Octets,integer
> > AcctColumnDef BytesOut,Acct-Output-Octets,integer
> > AcctColumnDef SessionId,Acct-Session-Id
> > AcctColumnDef Duration,Acct-Session-Time,integer
> > AcctColumnDef TerminationCause,Acct-Terminate-Cause
> > AcctColumnDef NASIdentifier,NAS-Identifier
> > AcctColumnDef NASIPAddress,NAS-IP-Address
> > AcctColumnDef PortNo,NAS-Port,integer
> > AcctColumnDef FramedIPAddress,Framed-IP-Address
> > AcctColumnDef CLI,Calling-Station-Id
> > </AuthBy>
> >
> > </AuthBy>
> > # Log accounting to the detail file in LogDir
> > #AcctLogFileName ./detail
> > </Realm>
> > <SessionDatabase SQL>
> > # Specify the SQL database to connect to is similar to AuthSQL
> > # You can specify multiple databases as fallbacks etc. See
> > # the reference manual for more details
> > DBSource DBI:mysql:hinet:localhost:3306
> > DBUsername root
> > #DBAuth root
> > # You can alter the SQL statements used to add, delete and count
> > # sessions with AddQuery, DeleteQuery, ClearNasQuery and
> > # CountQuery. That means you can accomodate many different
> > # SQL Session Database schemas. The defaults for these parameters
> > # are suitable for the example RADONLINE table in the example SQL
> > # scripts in the goodies directory.
> > # See the reference manual for more details
> >
> > AddQuery insert into TblActiveSessions (LoginName,
> >
SessionId,TimeStart,NASIPAddress,FramedIPAddress,PortNo,NASPortType,CLI,NAS
> >Identifier) values \
> >
('%n','%{Acct-Session-Id}',now(),'%{NAS-IP-Address}','%a','%{NAS-Port}','%{
> >NAS-Port-Type}','%{Calling-Station-Id}','%N')
> >
> > DeleteQuery delete from TblActiveSessions where LoginName='%n' and \
> > PortNo=%{NAS-Port} and \
> > NASIdentifier='%N'
> >
> > ClearNasQuery delete from TblActiveSessions where NASIdentifier='%N'
> > CountQuery select NASIdentifier, PortNo, SessionId from
TblActiveSessions
> > where LoginName='%n'
> >
> >
> > # Optional identifier. Its just a name
> > # Identifier SDB1
> >
> > </SessionDatabase>
> >
> > <Log SQL>
> > DBSource DBI:mysql:hinet:localhost:3306
> > DBUsername root
> > #DBAuth root
> > Table TblRadiusLogs
> > </Log>
> >
> >
> > #############################################################
>
> ----------------------------------------
> Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
> Content-Transfer-Encoding: quoted-printable
> Content-Description:
> ----------------------------------------
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list