(RADIATOR) CFG files diffs
Ronan Eckelberry
radiator at gowebco.com
Fri Apr 5 15:17:28 CST 2002
I don't see a GetClientQuery in there. Check out Section 6.6.2 of the
Radiator Docs (http://www.open.com.au/radiator/ref.html#pgfId=433587).
Check that out and see if that helps.
-Ronan
-----Original Message-----
From: Jesus Duarte [mailto:jduarte at cnnw.net]
Sent: Friday, 05 April, 2002 16:12
To: Ronan Eckelberry
Cc: radiator at open.com.au
Subject: RE: (RADIATOR) CFG files diffs
Here is the .cfg file. The documentation seems to indicate that the
secret is not need because it is in the mysql database.
There is not much to the logfile but it is at the end of the cfg.
Foreground
LogDir /var/log/radius
LogFile %L/detail.%d.log
DbDir /usr/local/radiator
Trace 4
PidFile /var/run/radius.pid
AuthPort 1645
AcctPort 1646
DictionaryFile %D/dictionary
#DictionaryFile %D/dictionary.cisco
#DictionaryFile %D/dictionary.nortel
#DictionaryFile %D/dictionary.ascend
#DictionaryFile %D/dictionary.ascend2
#DictionaryFile %D/dictionary.usr.merit
# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
#<Client DEFAULT>
# Secret mysecret
# DupInterval 0
# IgnoreAcctSignature
#</Client>
<Client localhost>
Secret specialsecret
DupInterval 0
</Client>
# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth top secret
</ClientListSQL>
# Handle everyone with RADMIN
<Realm DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth highsecret
# Verify called_station_id
AuthSelect select
PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_
ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
USERNAME='%n' and ACTIVE='1'
AuthColumnDef 3,Called-Station-Id,check
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
#AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type=Framed-User,\
# Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Session-Timeout = 28800,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
</Realm>
#<Realm /cnnw/i>
# RewriteUsername s/^([^@]+).*/$1/
#
# <AuthBy RADIUS>
# #Identifier ProxyToMerit
# Host 208.187.190.253
# Secret guess
# AuthPort 1645
# IgnoreAccountingResponse
# </AuthBy>
#</Realm>
<Realm /netmask/i>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth lalala
# Verify called_station_id
AuthSelect select
PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_
ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
USERNAME='%n' and ACTIVE='1'
AuthColumnDef 3,Called-Station-Id,check
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
#AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type=Framed-User,\
Framed-IP-Netmask = 255.255.255.224,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
</Realm>
<Realm /netmask240/i>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth wrong
# Verify called_station_id
AuthSelect select
PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_
ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
USERNAME='%n' and ACTIVE='1'
AuthColumnDef 3,Called-Station-Id,check
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
#AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type=Framed-User,\
Framed-IP-Netmask = 255.255.255.240,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
</Realm>
<Realm /dedicated/i>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth blah
# Verify called_station_id
AuthSelect select
PASS_WORD,STATICADDRESS,TIMELEFT,MAXLOGINS,FRAMED_NETMASK,FRAMED_FILTER_
ID,MAXIDLETIME,CALLED_STATION_ID,MAXSESSIONTIME from RADUSERS where
USERNAME='%n' and ACTIVE='1'
AuthColumnDef 3,Called-Station-Id,check
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
#AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Service-Type=Framed-User,\
# Framed-IP-Netmask = 255.255.255.0,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin:localhost
DBUsername radmin
DBAuth stuff
</SessionDatabase>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg
----------Logfile-------
Thu Apr 4 16:11:46 2002: DEBUG: Adding Clients from SQL database
Thu Apr 4 16:11:46 2002: DEBUG: Query is: select
NASIDENTIFIER,
SECRET,
IGNOREACCTSIGNATURE,
DUPINTERVAL,
DEFAULTREALM,
NASTYPE,
SNMPCOMMUNITY,
LIVINGSTONOFFS,
LIVINGSTONHOLE,
FRAMEDGROUPBASEADDRESS,
FRAMEDGROUPMAXPORTSPERCLASSC,
REWRITEUSERNAME,
NOIGNOREDUPLICATES,
PREHANDLERHOOK from RADCLIENTLIST
Thu Apr 4 16:11:46 2002: ERR: No Secret defined for Radius::Client at
'/usr/local/etc/ipns.cfg' line 37
Thu Apr 4 16:11:46 2002: INFO: Server started: Radiator 3.0 on
triton.ipns.com
Der Hausmeister
~~~~~~JESUS
~~~~~~
Jesus Duarte
UNIX System Administrator (geek)
IPNS/CNNW
jesus at cnnw.net jduarte at cnnw.net postmaster at cnnw.net
abuse at cnnw.net support at cnnw.net dns at cnnw.net
abuse at ipns.com jesus at ipns.com
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list