(RADIATOR) LDAP AUTH and MySQL Accounting
Hugh Irvine
hugh at open.com.au
Thu Oct 4 18:02:35 CDT 2001
Hello Andreas -
This is fairly straightforward to implement.
Here is how to do it:
# radius.cfg
AuthPort 1645
AcctPort 1646
# define Client(s)
<Client x.x.x.x>
Secret mysecret
DupInterval 0
</Client>
# define AuthBy(s)
<AuthBy FILE>
Identifier CheckFILE
Filename /usr/local/etc/users
DefaultSimultaneousUse 1
AcctLogFileName /usr/local/etc/detail
</AuthFile>
<AuthBy LDAP2>
Identifier CheckLDAP
......
</AuthBy>
<AuthBy SQL>
Identifier AcctSQL
DBSource dbi:mysql:radius
DBUsername root
DBAuth hegge74
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
</AuthBy>
# define SessionDatabase
<SessionDatabase SQL>
Identifier SQLSDB
DBSource dbi:mysql:radius:localhost
DBUsername mysqluser
DBAuth mysqlpasswd
</SessionDatabase>
# define Realm(s)
<Realm DEFAULT>
AuthByPolicy ContinueAlways
AuthBy AcctSQL
AuthBy CheckLDAP
SessionDatabase SQLSDB
</Realm>
If you have any other questions, please ask.
regards
Hugh
On Thursday 04 October 2001 22:36, Andreas Häggander wrote:
> Hi !
>
> I want use LDAP for Authentucation and store the Accounting in a MySQL
> database. At the same time i want to use a MySQL database for a session
> database.
>
> Is this possible ?
>
> I have tried this (AUTH by FILE and not LDAP for so long) , see below, but
> i can´t get it working with the SessionDB and the Accunting.
> A
>
>
> radius.cfg
>
> AuthPort 1645
> AcctPort 1646
>
> <Client x.x.x.x>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
>
> <AuthBy FILE>
> Filename /usr/local/etc/users
> DefaultSimultaneousUse 1
> AcctLogFileName /usr/local/etc/detail
> </AuthFile>
>
> <AuthBy SQL>
>
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth hegge74
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
>
> DBSource dbi:mysql:radius:localhost
> DBUsername mysqluser
> DBAuth mysqlpasswd
>
> </SessionDatabase>
>
>
>
> Code: Access-Request
> Identifier: 62
> Authentic: <0><0>b<25><0><0>:<129><0><0>w<19><0><0>HS
> Attributes:
> User-Name = "mike at test.net"
> User-Password =
> "<4><255>i<14><204>Ol<177><242>h<207><127><168><180><247><194>"
> Acct-Session-Id = "9800003e"
> NAS-IP-Address = x.x.x.x
> Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> NAS-Port = 123965696
>
> Thu Oct 4 14:12:11 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Thu Oct 4 14:12:11 2001: DEBUG: Deleting session for
> mike at test.net, x.x.x.x, 123965696
> Thu Oct 4 14:12:11 2001: DEBUG: Handling with Radius::AuthFILE:
> Thu Oct 4 14:12:11 2001: DEBUG: Radius::AuthFILE looks for match with
> mike at test.net
> Thu Oct 4 14:12:11 2001: DEBUG: Radius::AuthFILE ACCEPT:
> Thu Oct 4 14:12:11 2001: DEBUG: Access accepted for mike at test.net
> Thu Oct 4 14:12:11 2001: DEBUG: Packet dump:
> *** Sending to 212.73.0.14 port 49152 ....
> Code: Access-Accept
> Identifier: 62
> Authentic: <0><0>b<25><0><0>:<129><0><0>w<19><0><0>HS
>
> Attributes:
> Framed-IP-Address = 0.0.0.0
> Framed-IP-Netmask = 0.0.0.0
>
>
> Thu Oct 4 14:12:11 2001: DEBUG: Packet dump:
> *** Received from x.x.x.x port 49153 ....
> Code: Accounting-Request
> Identifier: 89
> Authentic: <227>O<zl<146>#qn<4>9<238><209>3<253><138>
> Attributes:
> Acct-Status-Type = Start
> User-Name = "mike at test.net"
> Event-Timestamp = 1002204666
> Service-Type = Annex-Framed-Tunnel
> NAS-IP-Address = x.x.x.x
> Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
> NAS-Port = 180
> Acct-Session-Id = "9800003e"
> Acct-Authentic = RADIUS
> Framed-IP-Address = 10.75.0.222
> Framed-IP-Netmask = 255.255.255.255
>
> Thu Oct 4 14:12:11 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Thu Oct 4 14:12:11 2001: DEBUG: Adding session for
> mike at test.net, x.x.x.x, 180
> Thu Oct 4 14:12:11 2001: DEBUG: Handling with Radius::AuthFILE:
> Thu Oct 4 14:12:11 2001: DEBUG: Accounting accepted
> Thu Oct 4 14:12:11 2001: DEBUG: Packet dump:
> *** Sending to 212.73.0.14 port 49153 ....
> Code: Accounting-Response
> Identifier: 89
> Authentic: <227>O<zl<146>#qn<4>9<238><209>3<253><138>
> Attributes:
>
> Thu Oct 4 14:14:49 2001: DEBUG: Packet dump:
> *** Received from x.x.x.x port 49153 ....
> Code: Accounting-Request
> Identifier: 90
> Authentic: <196><132><231>`<7><1><155><198>MGZ<173><31><25>Wn
> Attributes:
> Acct-Status-Type = Stop
> User-Name = "mike at test.net"
> Event-Timestamp = 1002204823
> Service-Type = Annex-Framed-Tunnel
> NAS-IP-Address = x.x.x.x
> Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
> NAS-Port = 180
> Acct-Session-Id = "9800003e"
> Acct-Authentic = RADIUS
> Framed-IP-Address = 10.75.0.222
> Framed-IP-Netmask = 255.255.255.255
> Acct-Input-Octets = 10224
> Acct-Output-Octets = 46328
> Acct-Input-Packets = 92
> Acct-Output-Packets = 95
> Acct-Terminate-Cause = Lost-Carrier
> Acct-Session-Time = 157
>
> Thu Oct 4 14:14:49 2001: DEBUG: Handling request with Handler
> 'Realm=DEFAULT' Thu Oct 4 14:14:49 2001: DEBUG: Deleting session for
> mike at test.net, x.x.x.x, 180
> Thu Oct 4 14:14:49 2001: DEBUG: Handling with Radius::AuthFILE:
> Thu Oct 4 14:14:49 2001: DEBUG: Accounting accepted
> Thu Oct 4 14:14:49 2001: DEBUG: Packet dump:
> *** Sending to 212.73.0.14 port 49153 ....
> Code: Accounting-Response
> Identifier: 90
> Authentic: <196><132><231>`<7><1><155><198>MGZ<173><31><25>Wn
> Attributes:
>
>
> mysql> select * from ACCOUNTING;
> Empty set (0.00 sec)
>
> mysql> select * from RADONLINE;
> Empty set (0.00 sec)
>
>
>
> Cheers
>
> /Andreas
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list