AuthBy SQL and AuthLog

Robert Blayzor rblayzor at inoc.net
Fri Feb 1 23:33:19 CST 2002 

See sample entries in my config file below.

We do backend RADIUS auth for several realms in our databases.  The
problem is the customer does not always log in fully realmed.  SO we
pass our SQL extra information so the database stored proceedure can
figure out the realm.  The problem is that Radiator doesn't always know
what the realm is... And therefore, does not have a decorated username
attribute.

The problem with this is the AuthLog file.  While this works good, if
user "joe" has been attempting the wrong password, we may not really
know which ISP "joe" is from.  So we fully decorate the names on the
backend if they are not (or even if they are) and send them back as
"user at realm" in the RADIUS "Class" attribute.  This works extremely well
except for the fact that when I try to AuthLog store what I return back
to Radiator from my AuthBy, the field comes up blank, even though I know
I'm returning something.  It's like if the access request fails, that
those attributes don't get populated, therefore they show as NULL or
empty in my AuthLog.

Is there a way I can return a column back from the SQL server and have
AuthLog show that value?  Regardless of success or failure.



#
# Setup a default AuthLog
#
<AuthLog FILE>
        Identifier Auth-Log-General
        Filename %L/password.log
        LogSuccess 0
        LogFailure 1
        FailureFormat %m/%d/%Y %H:%M:%S  Failed login: %{Class}  PW: %P
%{Calling-Station-Id}
</AuthLog>

<AuthBy SQL>
        Identifier      Auth-NAS
        DBSource        dbi:Sybase:server=mysql
        DBUsername      xxx
        DBAuth          xxx
        AuthSelect      EXEC sp_RadiusLookup '%n',
'%{Called-Station-Id}', '%N'
        AuthColumnDef   0, Class, reply
        AuthColumnDef   1, User-Password, check
        AuthColumnDef   2, GENERIC, check
        AuthColumnDef   3, GENERIC, reply
</AuthBy>

--
Robert Blayzor, BOFH
INOC, LLC
rblayzor at inoc.net

Calculating in binary code is as easy as 01,10,11.

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc 
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list