(RADIATOR) Re: AuthBy SQL and AuthLog
Hugh Irvine
hugh at open.com.au
Sat Feb 2 02:31:21 CST 2002
Hello Robert -
You should use %{Reply:Class} to refer to the Class attribute in the reply
packet (%{Class} refers to the request packet).
regards
Hugh
On Sat, 2 Feb 2002 16:33, Robert Blayzor wrote:
> See sample entries in my config file below.
>
> We do backend RADIUS auth for several realms in our databases. The
> problem is the customer does not always log in fully realmed. SO we
> pass our SQL extra information so the database stored proceedure can
> figure out the realm. The problem is that Radiator doesn't always know
> what the realm is... And therefore, does not have a decorated username
> attribute.
>
> The problem with this is the AuthLog file. While this works good, if
> user "joe" has been attempting the wrong password, we may not really
> know which ISP "joe" is from. So we fully decorate the names on the
> backend if they are not (or even if they are) and send them back as
> "user at realm" in the RADIUS "Class" attribute. This works extremely well
> except for the fact that when I try to AuthLog store what I return back
> to Radiator from my AuthBy, the field comes up blank, even though I know
> I'm returning something. It's like if the access request fails, that
> those attributes don't get populated, therefore they show as NULL or
> empty in my AuthLog.
>
> Is there a way I can return a column back from the SQL server and have
> AuthLog show that value? Regardless of success or failure.
>
>
>
> #
> # Setup a default AuthLog
> #
> <AuthLog FILE>
> Identifier Auth-Log-General
> Filename %L/password.log
> LogSuccess 0
> LogFailure 1
> FailureFormat %m/%d/%Y %H:%M:%S Failed login: %{Class} PW: %P
> %{Calling-Station-Id}
> </AuthLog>
>
> <AuthBy SQL>
> Identifier Auth-NAS
> DBSource dbi:Sybase:server=mysql
> DBUsername xxx
> DBAuth xxx
> AuthSelect EXEC sp_RadiusLookup '%n',
> '%{Called-Station-Id}', '%N'
> AuthColumnDef 0, Class, reply
> AuthColumnDef 1, User-Password, check
> AuthColumnDef 2, GENERIC, check
> AuthColumnDef 3, GENERIC, reply
> </AuthBy>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list