(RADIATOR) Re: AuthBy SQL and AuthLog

Hugh Irvine hugh at open.com.au
Sat Feb 2 02:31:21 CST 2002 

Hello Robert -

You should use %{Reply:Class} to refer to the Class attribute in the reply 
packet (%{Class} refers to the request packet).

regards

Hugh


On Sat, 2 Feb 2002 16:33, Robert Blayzor wrote:
> See sample entries in my config file below.
>
> We do backend RADIUS auth for several realms in our databases.  The
> problem is the customer does not always log in fully realmed.  SO we
> pass our SQL extra information so the database stored proceedure can
> figure out the realm.  The problem is that Radiator doesn't always know
> what the realm is... And therefore, does not have a decorated username
> attribute.
>
> The problem with this is the AuthLog file.  While this works good, if
> user "joe" has been attempting the wrong password, we may not really
> know which ISP "joe" is from.  So we fully decorate the names on the
> backend if they are not (or even if they are) and send them back as
> "user at realm" in the RADIUS "Class" attribute.  This works extremely well
> except for the fact that when I try to AuthLog store what I return back
> to Radiator from my AuthBy, the field comes up blank, even though I know
> I'm returning something.  It's like if the access request fails, that
> those attributes don't get populated, therefore they show as NULL or
> empty in my AuthLog.
>
> Is there a way I can return a column back from the SQL server and have
> AuthLog show that value?  Regardless of success or failure.
>
>
>
> #
> # Setup a default AuthLog
> #
> <AuthLog FILE>
>         Identifier Auth-Log-General
>         Filename %L/password.log
>         LogSuccess 0
>         LogFailure 1
>         FailureFormat %m/%d/%Y %H:%M:%S  Failed login: %{Class}  PW: %P
> %{Calling-Station-Id}
> </AuthLog>
>
> <AuthBy SQL>
>         Identifier      Auth-NAS
>         DBSource        dbi:Sybase:server=mysql
>         DBUsername      xxx
>         DBAuth          xxx
>         AuthSelect      EXEC sp_RadiusLookup '%n',
> '%{Called-Station-Id}', '%N'
>         AuthColumnDef   0, Class, reply
>         AuthColumnDef   1, User-Password, check
>         AuthColumnDef   2, GENERIC, check
>         AuthColumnDef   3, GENERIC, reply
> </AuthBy>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list