(RADIATOR) Logging to MSSQL 7.0

Tony B tonyb at go-concepts.com
Mon Mar 11 11:38:50 CST 2002


Here is my conf:

# radius.cfg
#
# You should consider this file to be a starting point only
# $Id: linux-radius.cfg,v 1.2 2001/08/30 03:41:02 mikem Exp $

#Foreground
#LogStdout
LogDir          /var/log/radius
DbDir           /etc/radiator
DictionaryFile %D/dictionary
# Use a low trace level in production systems. Increase
# it to 4 or 5 for debugging, or use the -trace flag to radiusd
Trace           3


#Lower case
RewriteUsername   tr/A-Z/a-z/

#Remove Spaces
RewriteUsername          s/\s+//g

<ClientListSQL>
		#this is part of the MS SQL database
                DBSource DBI:Sybase:database=databasename;server=server
                DBUsername username
                DBAuth xxxxx
                GetClientQuery select
NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL,DEFAULTREALM,NASTYP
E,SNMPCOMMUNITY,LIVINGSTONOFFS,LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS,FRA
MEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME,NOIGNOREDUPLICATES,PREHANDLERH
OOK from NASClients
</ClientListSQL>


<SessionDatabase SQL>
        DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
        DBUsername radiusd
        DBAuth  ch2900
</SessionDatabase>

<Handler Realm=go-concepts.com,Request-Type=Access-Request>
        RewriteUsername s/^([^@]+).*/$1/
        <AuthBy SQL>
                Identifier GOCsql
                DefaultReply
Ascend-Shared-Profile-Enable=0,User-Service=Framed-User,Framed-Protocol=
PPP,Framed-Routing=None,Ascend-Base-Channel-Count=1,Ascend-Minimum-Chann
els=1,Ascend-Maximum-Channels=1,Ascend-Assign-IP-Pool=1,Ascend-Multicast
-Client=Multicast-Yes

                DBSource DBI:Sybase:database=datbasename;server=server
                DBUsername username
                DBAuth xxxxx

                AuthSelect AuthSelect %n

                AuthColumnDef 0, User-Password, check
                AuthColumnDef 1, Framed-Address, reply
                AuthColumnDef 2, Framed-Protocol, reply
                AuthColumnDef 3, Ascend-Maximum-Channels, reply
                AuthColumnDef 4, Ascend-IP-Direct, reply
                AuthColumnDef 5, Ascend-Assign-IP-Pool, reply
                AuthColumnDef 6, GENERAL, reply

                AddToReplyIfNotExist
User-Service=Framed-User,Framed-Protocol=PPP,Framed-Routing=None,Ascend-
Base-Channel-Count=1,Ascend-Minimum-Channels=1,Ascend-Maximum-Channels=1
,Ascend-Assign-IP-Pool=1,Ascend-Multicast-Client=Multicast-Yes

        </AuthBy SQL>
</Handler>
 

<Handler Request-Type=Accounting-Request>
        <AuthBy SQL>
                Identifier MySQL
                DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
                DBUsername username
                DBAuth  xxxxx 


                AuthSelect              

                AcctColumnDef   USERNAME,%n,formatted
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
        </AuthBy SQL>
</Handler>

We do several rewrites to the username, that is why we us %n for the
username field, that way you see the formatted username after all the
rewrites occur.  The Accounting Request are all logged into the mysql
server.  You can define what you want logged into what columns using the
AcctColumnDef command.   We are not yet using this in a production
server but we have tested it may time and it works great.  If you have
any questions feel free to ask. 

Thanks,
Tony B, CCNA, Network+
Systems Administration
GO Concepts, Inc. / www.go-concepts.com
Are you on the GO yet?
What about those you know, are they on the GO?
513.934.2800
1.888.ON.GO.YET


-----Original Message-----
From: Shane Malden [mailto:maldensh at hotmail.com] 
Sent: Sunday, March 10, 2002 11:51 PM
To: tonyb
Subject: Re: (RADIATOR) Logging to MSSQL 7.0

Tony,
        I would be interested on more information on how to do
accounting
with SQL. We use Radiator 2.19 and authenticate with SecurID. We don't
have
any direct control over our NAS as they are supported by out
Telecommunications provider. I would be very interested in finding out
how
to see what data and time users are connecting for. If your able to
help, it
would be appreciated.

Regards,
Shane

----- Original Message -----
From: "tonyb" <tonyb at go-concepts.com>
To: "Dan Melomedman" <dmelomed at devonitnet.com>; <radiator at open.com.au>
Sent: Monday, March 11, 2002 2:38 PM
Subject: RE: (RADIATOR) Logging to MSSQL 7.0


> We are an ISP that just recently evaluated and purchased radiator.
And
> I agree that it is a great radius program...anyway back to sql
>
> We use FreeTDS for many of our perl scripts, not just radiator. If you
> have FreeTDS installed and configured you can use the perl DBD::Sybase
> to connect to a MSSQL.  Setup varies slightly based on the version of
> FreeTDS and Sybase module but if you would like more detailed
> installation information I would be happy to help. We you MSSQL for
> authenticating and MySQL for accounting but I dough that it would be
any
> different for logging
>
> Thanks,
> Tony B CCNA, Network+
> GO Concepts, Inc.
> http://www.go-concepts.com
>
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]
On
> Behalf Of Dan Melomedman
> Sent: Saturday, March 09, 2002 2:04 PM
> To: radiator at open.com.au
> Subject: (RADIATOR) Logging to MSSQL 7.0
>
> First, let me add my praise about this product to the already long
list.
>
> We're evaluating Radiator. This is the best commercial server product
I
> have
> ever dealt with, great job! Finally a RADIUS server that's almost, if
> not,
> perfect. Rock on!
>
> Anyway, we use FreeTDS for PHP scripts, and some things work, some
break
> and
> cause segfaults depending on the features we're trying to use through
> FreeTDS. As much as I hate logging to the database, some of our
existing
>
> reporting scripts (VB Script) require it anyway, so this is a part of
> evaluation as well. Do any of you on this list log to an MSSQL
database
> from
> a Unix variant with FreeTDS library? Any caveats? Thanks much.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list