(RADIATOR) appending realm to the end of a user.
Hugh Irvine
hugh at open.com.au
Wed Jul 25 01:47:16 CDT 2001
Hello Roger -
What you show below will not work because the AuthBy RADIUS clause does not
operate in the way you are expecting, and in any case the AuthByPolicy that
you are using will not do the right thing. The reason for this is that the
AuthBy RADIUS clause is asynchronous and returns immediately, therefore the
AuthByPolicy will not work correctly.
If you explain what you are trying to do, I will be happy to make some
suggestions.
Note that we also offer consulting and installation services if required.
regards
Hugh
On Wednesday 25 July 2001 16:18, Roger Mangraviti wrote:
> Hi Hugh,
>
> I have been playing with the config a bit and i'm trying to achieve the
> following:
>
> account to one sql server, with the realm appended to the user.
> proxy auth to 2 different radius auth servers.
>
> the problem being is that customers may not be appending a realm to the
> username.
> this is the main part of my config:
>
>
>
> <Realm DEFAULT>
>
> #strip realm
> RewriteUsername s/^([^@]+).*/$1/
>
> AuthByPolicy ContinueUntilAccept
>
> <AuthBy SQL>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>
> DBSource dbi:mysql:radius:localhost
> DBUsername radius
> DBAuth xx
>
> # You may want to tailor these for your ACCOUNTING table
> # You can add your own columns to store whatever you like
> AccountingTable ACCOUNTING
>
> AcctColumnDef USERNAME,UserName
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> # You can arrange to log accounting to a file if the
> # SQL insert fails with AcctFailedLogFileName
> # That way you could recover from a broken SQL
> # server
> #AcctFailedLogFileName %D/missedaccounting
> </AuthBy>
>
>
> <AuthBy RADIUS>
> AuthenticateAccounting
>
> AddToReply Class = atu.com.au
>
> FailureBackoffTime 60
>
> Synchronous
>
> Secret xx
> RetryTimeout 1
> Retries 1
>
> <Host 203.202.66.13>
> AuthPort 1812
> AcctPort 1813
> </Host>
>
> AcctFailedLogFileName %D/missedaccounting
>
> </AuthBy>
>
>
> <AuthBy RADIUS>
> AuthenticateAccounting
>
> AddToReply Class = viper.net.au
>
> FailureBackoffTime 60
>
> Synchronous
>
> Secret xx
> RetryTimeout 1
> Retries 1
>
>
> <Host 203.31.238.1>
> AuthPort 1812
> AcctPort 1813
> </Host>
>
> AcctFailedLogFileName %D/missedaccounting
>
> </AuthBy>
>
> </Realm>
>
>
> authentication seems to work (for a while till it freezes, which i need to
> debug), but the sql logging is not
> appending the realm to the username.
>
>
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Hugh Irvine
> Sent: Friday, 20 July 2001 1:50 PM
> To: Roger Mangraviti; radiator at open.com.au
> Subject: Re: (RADIATOR) appending realm to the end of a user.
>
>
>
> Hello Roger -
>
> On Friday 20 July 2001 13:09, Roger Mangraviti wrote:
> > Hello,
> >
> > we have 2 radius servers and a radiator box. We are not appending the
>
> realm
>
> > to the username, as we have 2 realms
> > dialing the same number on the same nas.
> >
> > We have authentication working using fall through AuthBy RADIUS, but we
> > need to append the realm for accounting purposes. How can the realm be
> > append to if we know which radius server the user was authenticated from?
>
> The simplest way to do this is with the Class attribute, which can be added
> to the access accept. If you send me a copy of your configuration file (no
> secrets) I will show you how to set this up. Typically you would use an
> AddToReply:
>
> <AuthBy RADIUS>
> .....
> AddToReply Class = some.realm
> </AuthBy>
>
> regards
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list