(RADIATOR) Logging in a database with a proxying realm

Thu Dec 20 16:59:31 CST 2001

Hello Alex -

I suspect there may be some confusion in what you are trying to do.

An AuthLog SQL clause will only log authentication requests, not accounting 
requests, and your configuration below looks like you want to record 
accounting requests.

If you do want to log accounting records, here is how to do it.

###############
<Realm always-onlineusa.com>
        AuthByPolicy ContinueAlways

        # configure AuthBy SQL clause for accounting only
        # note empty AuthSelect to disable authentication
        <AuthBy SQL>
                DBSource        dbi:Oracle:ncnora
                DBUsername      radius_21globe
                DBAuth      123456

                AuthSelect

                AccountingTable RADIUS_21GLOBE.ACCOUNTING
                DateFormat %a  %b %e, %Y %I:%M %p
                AcctColumnDef USERNAME, '%{User-Name}'
                AcctColumnDef TIME_STAMP, %{Timestamp}, integer
                AcctColumnDef LOGDATESTR, '%{Timestamp}', integer-date
                AcctColumnDef ACCTSTATUSTYPE, '%{Acct-Status-Type}'
                AcctColumnDef ACCTDELAYTIME, %{Acct-Delay-Time}
                AcctColumnDef ACCTINPUTOCTETS, %{Acct-Input-Octets}, integer
                AcctColumnDef ACCTOUTPUTOCTETS, %{Acct-Output-Octets}, integer
                AcctColumnDef ACCTSESSIONID, '%{Acct-Session-Id}'
                AcctColumnDef ACCTSESSIONTIME, %{Acct-Session-Time}, integer
                AcctColumnDef ACCTTERMINATECAUSE, %{Acct-Terminate-Cause}
                AcctColumnDef NASIDENTIFIER, '%{NAS-Identifier}'
                AcctColumnDef NASPORT, %{NAS-Port}, integer
                AcctColumnDef FRAMEDIPADDRESS, '%{Framed-IP-Address}'
                AcctColumnDef CALLINGSTATIONID, '%{Calling-Station-Id}'
                AcctColumnDef CALLSTATIONID, '%{Called-Station-Id}'

        </AuthBy>

        <AuthBy RADIUS>
                <Host 63.252.251.119>
                        Secret ncn123456
                        AuthPort 1814
                        AcctPort 1815
                </Host>
        </AuthBy>

        # Log accounting to a detail file
        AcctLogFileName ./logs/always-online.detail
</Realm>
##################

hth

Hugh

>
> Hey guys,
>   Just need a little help here.  We have some realms that are "passing
> through" our radius server.  The actual authentication takes place at their
> server but we are the server the NAS looks to.  We set it up to AuthBy
> RADIUS and that works great.  The problem is that we want to log the users
> that authenticate or fail to that realm.  We need to figure out how to
> insert the packets into our database.
>
> We tried using <AuthLog SQL> but were having difficulties getting it work
> correctly.  This is the piece of the config file we are having problems
> with:
>
> ###############
> <Realm always-onlineusa.com>
> AuthByPolicy ContinueWhileAccept
> 	<AuthBy RADIUS>
> 		<Host 63.252.251.119>
> 			Secret ncn123456
> 			AuthPort 1814
> 			AcctPort 1815
> 		</Host>
> 	</AuthBy>
> 	<AuthLog SQL>
> 		DBSource	dbi:Oracle:ncnora
> 		DBUsername	radius_21globe
> 		DBAuth      123456
> 		LogSuccess 1
> 		Table ACCOUNTING
> 		DateFormat %a  %b %e, %Y %I:%M %p
> 		SuccessQuery insert into RADIUS_21GLOBE.ACCOUNTING \
>                 	(USERNAME, TIME_STAMP, LOGDATESTR, ACCTSTATUSTYPE,
> ACCTDELAYTIME, \
> 			ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID, ACCTSESSIONTIME, \
> 			ACCTTERMINATECAUSE, NASIDENTIFIER, NASPORT, FRAMEDIPADDRESS, \
> 			CALLINGSTATIONID, CALLSTATIONID) \
>                 	values \
>                 	('%{User-Name}', %{Timestamp,integer}, \
> 			'%{Timestamp,integer-date}', '%{Acct-Status-Type}', \
> 			%{Acct-Delay-Time}, %{Acct-Input-Octets,integer}, \
> 			%{Acct-Output-Octets,integer}, '%{Acct-Session-Id}', \
> 			%{Acct-Session-Time,integer}, %{Acct-Terminate-Cause}, \
> 			'%{NAS-Identifier}', %{NAS-Port,integer}, \
> 			'%{NAS-IP-Address}', '%{Calling-Station-Id}', \
> 			'%{Called-Station-Id}')
> 	</AuthLog>
> 	# Log accounting to a detail file
> 	AcctLogFileName	./logs/always-online.detail
> </Realm>
> ##################
>
> Problem is that some of the values that come from the Special string
> formatting characters are coming back null (which needs to be fixed because
> we need those values) and this causes the SQL statement to fail.  Please
> help, we need to have these logs in our database and not in text files on
> the radius server.  Thanks.
>
> Alex Fritz
> alex at kerdaino.com
> Kerdaino Enterprises, Inc.
> Mobile, AL USA
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.307 / Virus Database: 168 - Release Date: 12/11/2001
>
> -------------------------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.