(RADIATOR) empty Authselect/AccountingTable
Hugh Irvine
hugh at open.com.au
Thu Nov 29 02:43:09 CST 2001
Hello Darwin -
At 11:09 +0800 01/11/29, Darwin A. Bawasanta wrote:
>hi Hugh/Mike, i hope you guys are doing well.
>
>i'd like to get your opinion as to whether this config will serve me right
>and at the same to solicit other neat ways of implementing my requirements.
OK.
>we recieve every now and then duplicate STOP packets from our various NAS,
>however, in this particular case, we deduct the session-timeout values
>against the "value" (in our table) but we are seeing double or multiple
>deductions from the same SESSION-IDs.
Understood.
>so i'm thinking of adding sort of a flag that tells RADIATOR when to deduct
>and otherwise. i'd like to clarrify some things.
Fine.
>1. what should be the proper AuthByPolicy to use here? making sure that
>everybody gets authenticated and all accounting packets get processed.
>2. are the sequence of my cascading AuthBys correct? or do i have to
>transfer the AuthPolicy after the StopAcctng?
>3. i've tried testing the config but i don't seem to get the accounting
>packets at all.
>4. will this config ever work in the first place?
You are almost there, but it would be *much* easier to do this:
# define Handlers
<Handler Realm=/acme.com$/i, Acct-Status-Type = Start>
AcctLogFileName /acct/logs/acctlog
AuthBy StartAcctng
</Handler>
<Handler Realm=/acme.com$/i, Acct-Status-Type = Stop>
AcctLogFileName /acct/logs/acctlog
AuthBy StopAcctng
</Handler>
<Handler Realm=/acme.com$/i>
MaxSessions 1
AuthBy AuthPolicy
</Handler>
>
You should probably also add this to the AuthPolicy clause:
AuthSQLStatement update users set deduct = "T" where username='%n'
Note that the AuthSQLStatement is only supported in Radiator 2.19.
cheers
Hugh
>thanks in advace.
>
>
>--------
><Handler Realm=/acme.com$/i>
> AcctLogFileName /acct/logs/acctlog
> MaxSessions 1
> AuthByPolicy ContinueUntilReject
>
> AuthBy AuthPolicy
> AuthBy StartAcctng
> AuthBy StopAcctng
>
></Handler>
>
><AuthBy SQL>
> Identifier AuthPolicy
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername xxx
> DBAuth xxx
>
> AuthSelect select password, value, value from users \
> where username='%n' and status = 1 and value > 0 \
> and valid_until>= "'%Y'-'%m'-'%d'"
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Session-Timeout, reply
> AuthColumnDef 2, Ascend-Maximum-Time, reply
>
> AccountingTable
>
> AddToReply Service-Type = Framed-User,\
> Framed-Protocol = PPP, \
> Framed-MTU = 1500, \
> Framed-Routing = None, \
></AuthBy>
>
><AuthBy SQL>
> Identifier StartAcctng
>
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername xxx
> DBAuth xxx
>
> AuthSelect
>
> AccountingStartsOnly
>
> AccountingTable radacctng
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Caller-Id
> AcctColumnDef CLASS,Class
> AcctColumnDef RATE,Connect-Speed,integer
> AcctColumnDef RATE,Ascend-Xmit-Rate,integer
>
> # setting initial login date and expiry dates
> AcctSQLStatement update users set ......
>
> AcctSQLStatement update users set deduct = "T" where username='%n'
>
></AuthBy>
>
>
><AuthBy SQL>
> Identifier StopAcctng
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername xxx
> DBAuth xxx
>
> AuthSelect
>
> AccountingStopsOnly
>
> AccountingTable radacctng
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Caller-Id
> AcctColumnDef CLASS,Class
> AcctColumnDef RATE,Connect-Speed,integer
> AcctColumnDef RATE,Ascend-Xmit-Rate,integer
>
> AcctSQLStatement update users set \
> value = value - 0%{Acct-Session-Time} where username='%n' and
>deduct="T"
>
> AcctSQLStatement update users set deduct = "F" where username='%n'
>
></AuthBy>
>
>
>
>
>--
> __
>OO- `. Darwin A. Bawasanta marsmalow at skyinet.net
>* ||| Systems Development Manager SKYCablenet/SKYinternet Inc.
>L_(_/ Ofc: +63 32 253-6677 Mobile: +63 917 486-5033
> |||==
> ((_| "If the facts don't fit the theory, change the facts."
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list