(RADIATOR) CFG files diffs

Fri Apr 5 15:12:25 CST 2002

Here is the .cfg file.  The documentation seems to indicate that the
secret is not need because it is in the mysql database.

There is not much to the logfile but it is at the end of the cfg.

Foreground
LogDir		/var/log/radius
LogFile		%L/detail.%d.log
DbDir		/usr/local/radiator
Trace		4
PidFile		/var/run/radius.pid
AuthPort	1645
AcctPort	1646
DictionaryFile	%D/dictionary
#DictionaryFile	%D/dictionary.cisco
#DictionaryFile	%D/dictionary.nortel
#DictionaryFile	%D/dictionary.ascend
#DictionaryFile	%D/dictionary.ascend2
#DictionaryFile	%D/dictionary.usr.merit

# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#<Client DEFAULT>
#	Secret	mysecret
#	DupInterval 0
#	IgnoreAcctSignature
#</Client>
<Client localhost>
        Secret specialsecret
        DupInterval 0
</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
	DBSource	dbi:mysql:radmin:localhost
	DBUsername	radmin
	DBAuth		top secret
</ClientListSQL>

# Handle everyone with RADMIN

<Realm DEFAULT>
        RewriteUsername s/^([^@]+).*/$1/

	<AuthBy RADMIN>
		# Change DBSource, DBUsername, DBAuth for your database
		# See the reference manual. You will also have to 
		# change the one in <SessionDatabse SQL> below
		# so its the same
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		highsecret

		# Verify called_station_id
		AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where USERNAME='%n' and ACTIVE='1'

		AuthColumnDef	3,Called-Station-Id,check

		# You can add to or change these if you want, but you
		# will probably want to change the database schema first
		AccountingTable	RADUSAGE
		AcctColumnDef	USERNAME,User-Name
		AcctColumnDef	TIME_STAMP,Timestamp,integer
		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
		AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
		#AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
		AcctColumnDef	NASPORT,NAS-Port,integer
		AcctColumnDef	DNIS,Called-Station-Id

		# This updates the time and octets left
		# for this user
		AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
		AddToReply Framed-Protocol = PPP,\
			Service-Type=Framed-User,\
        #		Framed-IP-Netmask = 255.255.255.255,\
        		Framed-Routing = None,\
        		Framed-MTU = 1500,\
			Session-Timeout = 28800,\
			Framed-Compression = Van-Jacobson-TCP-IP

	</AuthBy>
</Realm>

#<Realm /cnnw/i>
#        RewriteUsername s/^([^@]+).*/$1/
#	
#	<AuthBy RADIUS>
#		#Identifier ProxyToMerit
#		Host 208.187.190.253
#		Secret guess
#		AuthPort 1645
#		IgnoreAccountingResponse
#	</AuthBy>
#</Realm>

<Realm /netmask/i>
        RewriteUsername s/^([^@]+).*/$1/

	<AuthBy RADMIN>
		# Change DBSource, DBUsername, DBAuth for your database
		# See the reference manual. You will also have to 
		# change the one in <SessionDatabse SQL> below
		# so its the same
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		lalala

		# Verify called_station_id
		AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where USERNAME='%n' and ACTIVE='1'

		AuthColumnDef	3,Called-Station-Id,check

		# You can add to or change these if you want, but you
		# will probably want to change the database schema first
		AccountingTable	RADUSAGE
		AcctColumnDef	USERNAME,User-Name
		AcctColumnDef	TIME_STAMP,Timestamp,integer
		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
		AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
		#AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
		AcctColumnDef	NASPORT,NAS-Port,integer
		AcctColumnDef	DNIS,Called-Station-Id

		# This updates the time and octets left
		# for this user
		AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
		AddToReply Framed-Protocol = PPP,\
			Service-Type=Framed-User,\
        		Framed-IP-Netmask = 255.255.255.224,\
        		Framed-Routing = None,\
        		Framed-MTU = 1500,\
			Framed-Compression = Van-Jacobson-TCP-IP
	</AuthBy>
</Realm>

<Realm /netmask240/i>
        RewriteUsername s/^([^@]+).*/$1/

	<AuthBy RADMIN>
		# Change DBSource, DBUsername, DBAuth for your database
		# See the reference manual. You will also have to 
		# change the one in <SessionDatabse SQL> below
		# so its the same
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		wrong

		# Verify called_station_id
		AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where USERNAME='%n' and ACTIVE='1'

		AuthColumnDef	3,Called-Station-Id,check

		# You can add to or change these if you want, but you
		# will probably want to change the database schema first
		AccountingTable	RADUSAGE
		AcctColumnDef	USERNAME,User-Name
		AcctColumnDef	TIME_STAMP,Timestamp,integer
		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
		AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
		#AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
		AcctColumnDef	NASPORT,NAS-Port,integer
		AcctColumnDef	DNIS,Called-Station-Id

		# This updates the time and octets left
		# for this user
		AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
		AddToReply Framed-Protocol = PPP,\
			Service-Type=Framed-User,\
        		Framed-IP-Netmask = 255.255.255.240,\
        		Framed-Routing = None,\
        		Framed-MTU = 1500,\
			Framed-Compression = Van-Jacobson-TCP-IP
	</AuthBy>
</Realm>

<Realm /dedicated/i>
        RewriteUsername s/^([^@]+).*/$1/

	<AuthBy RADMIN>
		# Change DBSource, DBUsername, DBAuth for your database
		# See the reference manual. You will also have to 
		# change the one in <SessionDatabse SQL> below
		# so its the same
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		blah

		# Verify called_station_id
		AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where USERNAME='%n' and ACTIVE='1'

		AuthColumnDef	3,Called-Station-Id,check

		# You can add to or change these if you want, but you
		# will probably want to change the database schema first
		AccountingTable	RADUSAGE
		AcctColumnDef	USERNAME,User-Name
		AcctColumnDef	TIME_STAMP,Timestamp,integer
		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
		AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
		#AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
		AcctColumnDef	NASPORT,NAS-Port,integer
		AcctColumnDef	DNIS,Called-Station-Id

		# This updates the time and octets left
		# for this user
		AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
		AddToReply Framed-Protocol = PPP,\
			Service-Type=Framed-User,\
        	#	Framed-IP-Netmask = 255.255.255.0,\
        		Framed-Routing = None,\
        		Framed-MTU = 1500,\
			Framed-Compression = Van-Jacobson-TCP-IP

	</AuthBy>
</Realm>

<SessionDatabase SQL>
	# This database spec usually should be exactly the same
	# as in <AuthBy RADMIN> above
	DBSource	dbi:mysql:radmin:localhost
	DBUsername	radmin
	DBAuth		stuff

</SessionDatabase>

# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg

----------Logfile-------
Thu Apr  4 16:11:46 2002: DEBUG: Adding Clients from SQL database
Thu Apr  4 16:11:46 2002: DEBUG: Query is: select 
	NASIDENTIFIER,
	SECRET,
	IGNOREACCTSIGNATURE,
	DUPINTERVAL,
	DEFAULTREALM,
	NASTYPE,
	SNMPCOMMUNITY,
	LIVINGSTONOFFS,
	LIVINGSTONHOLE,
	FRAMEDGROUPBASEADDRESS,
	FRAMEDGROUPMAXPORTSPERCLASSC,
	REWRITEUSERNAME,
	NOIGNOREDUPLICATES,
	PREHANDLERHOOK from RADCLIENTLIST

Thu Apr  4 16:11:46 2002: ERR: No Secret defined for Radius::Client at '/usr/local/etc/ipns.cfg' line 37
Thu Apr  4 16:11:46 2002: INFO: Server started: Radiator 3.0 on triton.ipns.com

Der Hausmeister
~~~~~~JESUS
           ~~~~~~
Jesus Duarte
UNIX System Administrator (geek)
IPNS/CNNW

jesus at cnnw.net        jduarte at cnnw.net	      postmaster at cnnw.net
abuse at cnnw.net        support at cnnw.net	      dns at cnnw.net
abuse at ipns.com        jesus at ipns.com

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.