(RADIATOR) Global RADMIN accounting for abuse tracking

Hugh Irvine hugh at open.com.au
Thu Jul 26 01:17:57 CDT 2001


Hello Miguel -

On Thursday 26 July 2001 14:33, Miguel A.L. Paraz wrote:
> On Sat, Jul 21, 2001 at 11:14:26AM +1000, Hugh Irvine wrote:
> > On Friday 20 July 2001 19:53, Miguel A.L. Paraz wrote:
> > > Hi,
> > > I tried AcctLogFilename and it works inside <Realm>.
> > > It does nothing when placed outside.
> > > Is this the correct behavior?
> > > I want one file to log to regardless of realm.
> >
> > This is the correct behaviour. You have to specify the AcctLogFilename in
> > each Realm or Handler (you can use the same file however).
>
> Thanks, here's more detail on what I want.
>
> I find that a plain text AcctLogFilename generates too much detail.  I only
> need the username, Framed-IP-Address, Calling-Station-ID and time stamp -
> enough to identify security/abuse violations.  For speed of lookups, I
> would like it to be in a SQL database.  I need an interface where
> complaints can be looked up by our security team, and will also take
> SpamCop mail as input.
>
> My RADMIN and others are already using MySQL.  From my reading archives I
> find that <AuthBy SQL> will do the logging.  But, don't want to auth since
> my incoming RADIUS requests are either local via RADMIN, or proxied.  What
> is the invocation to do SQL accounting only?
>
> Can I use <AuthBy RADMIN>, and the AccountingTable, even for proxied
> requests? If so, I think the way to do it for proxies is:
>
> <AuthBy RADIUS>
>   Host ...
> </AuthBy>
> <AuthBy RADMIN>
>   AccountingTable RADUSAGEPROXIED
>   AcctColumnDef ...
> </AuthBy>
>
> How do I make the <AuthBy RADMIN> be called only for accounting?
>
> Thanks, and I think this should be useful for everyone who proxies to
> servers not under their control but have to be responsible to the community
> for spam complaints and security incidents.
>

You are correct - many of our customers do exactly what you describe.

Here is an example of what to do:

# define AuthBy clauses

<AuthBy RADMIN>
	Identifier CheckRADMIN
	DBSource .....
	DBUsername ....
	DBAuth .....
	.......
</AuthBy>

# define AuthBy SQL for accounting only (note empty AuthSelect)
# use the same DBSource, etc. as AuthBy RADMIN

<AuthBy SQL>
	Identifier SQLAccounting
	DBSource .....
	DBUsername ....
	DBAuth .....
	AuthSelect
	AccountingTable RADUSAGEPROXIED
	AcctColumnDef .....
	.....
</AuthBy>

<AuthBy RADIUS>
	Identifier ProxyToDownstream
	.....
</AuthBy>

# define Realms

<Realm your.local.realm>
	AuthBy CheckRADMIN
	.....
</Realm>

<Realm some.other.realm>
	AuthByPolicy ContinueAlways
	AuthBy SQLAccounting
	AuthBy ProxyToDownstream
	....
</Realm>


Of course, you can do a similar thing with Handlers if you prefer.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list