(RADIATOR) LDAP AUTH and MySQL Accounting
Andreas Häggander
andreas at defero.net
Fri Oct 5 03:12:47 CDT 2001
Hi again !
>This is fairly straightforward to implement.
>
>Here is how to do it:
I thought so to, but it still dont work.
I used the config file you sent but i got:
# Fri Oct 5 10:10:31 2001: DEBUG: Packet dump:
*** Received from 212.73.0.14 port 49152 ....
Code: Access-Request
Identifier: 76
Authentic: <0><0><12><133><0><0><20>~<0><0>i<9><0><0><2><220>
Attributes:
User-Name = "mike at test.net"
User-Password = "-T<206>_<241><222><29>R<10><194>v<190>i<17><196>3"
Acct-Session-Id = "9800004c"
NAS-IP-Address = 212.73.0.14
Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 123965696
Fri Oct 5 10:10:31 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Fri Oct 5 10:10:31 2001: DEBUG: SQLSDB Deleting session for mike at test.net,
212.73.0.14, 123965696
Fri Oct 5 10:10:31 2001: DEBUG: do query is: delete from RADONLINE where
NASIDENTIFIER='212.73.0.14' and NASPORT=0123965696
Fri Oct 5 10:10:31 2001: DEBUG: Handling with Radius::AuthFILE: CheckFILE
Fri Oct 5 10:10:31 2001: DEBUG: Radius::AuthFILE looks for match with
mike at test.net
Fri Oct 5 10:10:31 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='mike at test.net'
Fri Oct 5 10:10:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
Fri Oct 5 10:10:31 2001: DEBUG: Handling with Radius::AuthSQL
Fri Oct 5 10:10:31 2001: INFO: Access rejected for mike at test:
Authentication disabled
Fri Oct 5 10:10:31 2001: DEBUG: Packet dump:
*** Sending to 212.73.0.14 port 49152 ....
Code: Access-Reject
Identifier: 76
Authentic: <0><0><12><133><0><0><20>~<0><0>i<9><0><0><2><220>
Attributes:
Framed-IP-Address = 0.0.0.0
Framed-IP-Netmask = 0.0.0.0
Reply-Message = "Request Denied"
I dont want to hold the user-table in mysql.
/Andreas
At 09:02 2001-10-05 +1000, Hugh Irvine wrote:
>Hello Andreas -
>
>This is fairly straightforward to implement.
>
>Here is how to do it:
>
># radius.cfg
>
>AuthPort 1645
>AcctPort 1646
>
># define Client(s)
>
><Client x.x.x.x>
> Secret mysecret
> DupInterval 0
></Client>
>
># define AuthBy(s)
>
><AuthBy FILE>
> Identifier CheckFILE
> Filename /usr/local/etc/users
> DefaultSimultaneousUse 1
> AcctLogFileName /usr/local/etc/detail
></AuthFile>
>
><AuthBy LDAP2>
> Identifier CheckLDAP
> ......
></AuthBy>
>
><AuthBy SQL>
> Identifier AcctSQL
> DBSource dbi:mysql:radius
> DBUsername root
> DBAuth hegge74
> AuthSelect
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
></AuthBy>
>
># define SessionDatabase
>
><SessionDatabase SQL>
> Identifier SQLSDB
> DBSource dbi:mysql:radius:localhost
> DBUsername mysqluser
> DBAuth mysqlpasswd
></SessionDatabase>
>
># define Realm(s)
>
><Realm DEFAULT>
> AuthByPolicy ContinueAlways
> AuthBy AcctSQL
> AuthBy CheckLDAP
> SessionDatabase SQLSDB
></Realm>
>
>
>If you have any other questions, please ask.
>
>regards
>
>Hugh
>
>
>On Thursday 04 October 2001 22:36, Andreas Häggander wrote:
> > Hi !
> >
> > I want use LDAP for Authentucation and store the Accounting in a MySQL
> > database. At the same time i want to use a MySQL database for a session
> > database.
> >
> > Is this possible ?
> >
> > I have tried this (AUTH by FILE and not LDAP for so long) , see below, but
> > i can´t get it working with the SessionDB and the Accunting.
> > A
> >
> >
> > radius.cfg
> >
> > AuthPort 1645
> > AcctPort 1646
> >
> > <Client x.x.x.x>
> > Secret mysecret
> > DupInterval 0
> > </Client>
> >
> > <Realm DEFAULT>
> >
> > <AuthBy FILE>
> > Filename /usr/local/etc/users
> > DefaultSimultaneousUse 1
> > AcctLogFileName /usr/local/etc/detail
> > </AuthFile>
> >
> > <AuthBy SQL>
> >
> > DBSource dbi:mysql:radius
> > DBUsername root
> > DBAuth hegge74
> >
> > AccountingTable ACCOUNTING
> > AcctColumnDef USERNAME,User-Name
> > AcctColumnDef TIME_STAMP,Timestamp,integer
> > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > AcctColumnDef NASPORT,NAS-Port,integer
> > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> >
> > </AuthBy>
> > </Realm>
> >
> > <SessionDatabase SQL>
> >
> > DBSource dbi:mysql:radius:localhost
> > DBUsername mysqluser
> > DBAuth mysqlpasswd
> >
> > </SessionDatabase>
> >
> >
> >
> > Code: Access-Request
> > Identifier: 62
> > Authentic: <0><0>b<25><0><0>:<129><0><0>w<19><0><0>HS
> > Attributes:
> > User-Name = "mike at test.net"
> > User-Password =
> > "<4><255>i<14><204>Ol<177><242>h<207><127><168><180><247><194>"
> > Acct-Session-Id = "9800003e"
> > NAS-IP-Address = x.x.x.x
> > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > NAS-Port = 123965696
> >
> > Thu Oct 4 14:12:11 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT' Thu Oct 4 14:12:11 2001: DEBUG: Deleting session for
> > mike at test.net, x.x.x.x, 123965696
> > Thu Oct 4 14:12:11 2001: DEBUG: Handling with Radius::AuthFILE:
> > Thu Oct 4 14:12:11 2001: DEBUG: Radius::AuthFILE looks for match with
> > mike at test.net
> > Thu Oct 4 14:12:11 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Thu Oct 4 14:12:11 2001: DEBUG: Access accepted for mike at test.net
> > Thu Oct 4 14:12:11 2001: DEBUG: Packet dump:
> > *** Sending to 212.73.0.14 port 49152 ....
> > Code: Access-Accept
> > Identifier: 62
> > Authentic: <0><0>b<25><0><0>:<129><0><0>w<19><0><0>HS
> >
> > Attributes:
> > Framed-IP-Address = 0.0.0.0
> > Framed-IP-Netmask = 0.0.0.0
> >
> >
> > Thu Oct 4 14:12:11 2001: DEBUG: Packet dump:
> > *** Received from x.x.x.x port 49153 ....
> > Code: Accounting-Request
> > Identifier: 89
> > Authentic: <227>O<zl<146>#qn<4>9<238><209>3<253><138>
> > Attributes:
> > Acct-Status-Type = Start
> > User-Name = "mike at test.net"
> > Event-Timestamp = 1002204666
> > Service-Type = Annex-Framed-Tunnel
> > NAS-IP-Address = x.x.x.x
> > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
> > NAS-Port = 180
> > Acct-Session-Id = "9800003e"
> > Acct-Authentic = RADIUS
> > Framed-IP-Address = 10.75.0.222
> > Framed-IP-Netmask = 255.255.255.255
> >
> > Thu Oct 4 14:12:11 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT' Thu Oct 4 14:12:11 2001: DEBUG: Adding session for
> > mike at test.net, x.x.x.x, 180
> > Thu Oct 4 14:12:11 2001: DEBUG: Handling with Radius::AuthFILE:
> > Thu Oct 4 14:12:11 2001: DEBUG: Accounting accepted
> > Thu Oct 4 14:12:11 2001: DEBUG: Packet dump:
> > *** Sending to 212.73.0.14 port 49153 ....
> > Code: Accounting-Response
> > Identifier: 89
> > Authentic: <227>O<zl<146>#qn<4>9<238><209>3<253><138>
> > Attributes:
> >
> > Thu Oct 4 14:14:49 2001: DEBUG: Packet dump:
> > *** Received from x.x.x.x port 49153 ....
> > Code: Accounting-Request
> > Identifier: 90
> > Authentic: <196><132><231>`<7><1><155><198>MGZ<173><31><25>Wn
> > Attributes:
> > Acct-Status-Type = Stop
> > User-Name = "mike at test.net"
> > Event-Timestamp = 1002204823
> > Service-Type = Annex-Framed-Tunnel
> > NAS-IP-Address = x.x.x.x
> > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0"
> > NAS-Port = 180
> > Acct-Session-Id = "9800003e"
> > Acct-Authentic = RADIUS
> > Framed-IP-Address = 10.75.0.222
> > Framed-IP-Netmask = 255.255.255.255
> > Acct-Input-Octets = 10224
> > Acct-Output-Octets = 46328
> > Acct-Input-Packets = 92
> > Acct-Output-Packets = 95
> > Acct-Terminate-Cause = Lost-Carrier
> > Acct-Session-Time = 157
> >
> > Thu Oct 4 14:14:49 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT' Thu Oct 4 14:14:49 2001: DEBUG: Deleting session for
> > mike at test.net, x.x.x.x, 180
> > Thu Oct 4 14:14:49 2001: DEBUG: Handling with Radius::AuthFILE:
> > Thu Oct 4 14:14:49 2001: DEBUG: Accounting accepted
> > Thu Oct 4 14:14:49 2001: DEBUG: Packet dump:
> > *** Sending to 212.73.0.14 port 49153 ....
> > Code: Accounting-Response
> > Identifier: 90
> > Authentic: <196><132><231>`<7><1><155><198>MGZ<173><31><25>Wn
> > Attributes:
> >
> >
> > mysql> select * from ACCOUNTING;
> > Empty set (0.00 sec)
> >
> > mysql> select * from RADONLINE;
> > Empty set (0.00 sec)
> >
> >
> >
> > Cheers
> >
> > /Andreas
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list