(RADIATOR) Re: Multiple radius servers & RADONLINE table
Hugh Irvine
hugh at open.com.au
Tue Jan 29 15:37:09 CST 2002
Hello Gordon -
As far as I can see, your configuration is correct. Do the AcctSQL and
AuthSQL clauses operate correctly? And could you please send me a trace 4
debug showing what is happening?
thanks
Hugh
On Wed, 30 Jan 2002 08:10, Gordon Smith wrote:
> Hi Hugh,
>
> I'm setting up 2 radius servers that talk to a backend database (MySQL) on
> a separate box.
>
> Problem is, for some reason the local RADONLINE table is updated, which I
> don't want, as the user can be processed by either radius server. I want
> the sessions to be checked against the backend DB, which I thought was
> configured with the SessionDatabase attribute.
>
> Can you shed some light on this for me? The goal is to have both front end
> servers checking the back end radonline table for enforcing simultaneous
> use policies.
>
> Cheers,
> Gordon
>
>
> This is the relevent config:
>
> <AuthBy SQL>
> Identifier AcctSQL
> DBSource dbi:mysql:radmin:d3.morenet.net.nz
> DBUsername xxxx
> DBAuth zzzzzz
> AuthSelect
>
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
> AcctColumnDef CALLERID,Calling-Station-Id
> </AuthBy>
>
> <AuthBy RADMIN>
> Identifier AuthSQL
> DBSource dbi:mysql:radmin
> DBUsername xxx
> DBAuth zzz
>
> AddToReply \
> Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Service-Type = Framed-User,\
> Session-Timeout = 14400,\
> Idle-Timeout = 900,\
> Ascend-Client-Primary-DNS = 210.185.31.4,\
> Ascend-Client-Secondary-DNS = 210.185.31.5
> </AuthBy>
>
> <SessionDatabase SQL>
> Identifier SessSQL
> DBSource dbi:mysql:radmin:d3.morenet.net.nz
> DBUsername xxx
> DBAuth zzz
> </SessionDatabase>
>
> <AuthLog SQL>
> Identifier logAuth
> DBSource dbi:mysql:radmin:d3.morenet.net.nz
> DBUsername radmin
> DBAuth radminpw
>
> Table AUTH_LOG
>
> LogSuccess 0
> LogFailure 1
>
> SuccessQuery INSERT INTO AUTH_LOG \
> (ACCESS_OK,TIME_STAMP,USERNAME,SEVERITY,REASON) \
> VALUES \
> ('OK','%t','%n','%0','%1')
>
> FailureQuery INSERT INTO AUTH_LOG \
> (ACCESS_OK,TIME_STAMP,USERNAME,SEVERITY,REASON) \
> VALUES \
> ('NO','%t','%n','%0','%1')
> </AuthLog>
>
>
> <Realm infogen.net.nz>
> AuthByPolicy ContinueAlways
> AuthBy AcctSQL
> AuthBy AuthSQL
> AuthLog logAuth
> SessionDatabase SessSQL
>
> </Realm>
>
> <Realm morenet.net.nz>
> AuthByPolicy ContinueAlways
> AuthBy AcctSQL
> AuthBy AuthSQL
> AuthLog logAuth
> SessionDatabase SessSQL
> </Realm>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list