(RADIATOR) Three Authby Clauses and why they don't work
Leon Oosterwijk
leon at isdn.net
Mon Mar 25 09:24:33 CST 2002
Hugh,
I'm trying to set up the address allocation by using Radiator. I'm running
into the following problem. The goodies directory indicates that the authby
DYNADDRESS needs to be the last authby handler in a realm. This however
causes problems for me.
In the setup showed below the accounting needs to go to one database, while
the auth happens in a different database. This means that the original setup
whas
AuthByPolicy ContinueAlways. This will not work if the DynAddress is the
last auth by clause because the result would always be an accept. However if
it say continueWhileAccept the first AuthBySQL, the one that just does
accounting will return access denied, and that is the end of the processing.
What can be done to fix this problem?
Concider the following AuthBy clause
#*******************************************************************
# TEST - leon's ip pool test ippool.isdn.net
#*******************************************************************
<Handler Realm=ippool.isdn.net>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
# AuthByPolicy ContinueAlways
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
# Adjust DBSource, DBUsername, DBAuth to suit your
DB
DBSource dbi:dbtype:dbname:host=10.10.10.10
DBUsername user
DBAuth pass
FailureBackoffTime 60
# Empty Auth Select because this AuthBy is only for
Accounting
AuthSelect
#We only want stop records
AccountingStopsOnly
# You may want to tailor these for your ACCOUNTING
table
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef
ACCT_DATE,Timestamp,formatted-date,'%Y-%m-%d'
AcctColumnDef
ACCT_TIME,Timestamp,formatted-date,'%H:%M:%S'
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef
ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef
ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef
ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef
ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef
ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef
DisconnectCause,Ascend-Disconnect-Cause,integer
AcctColumnDef
ConnectProgress,Ascend-Connect-Progress,string
AcctColumnDef CallingStationId,Calling-Station-Id
AcctColumnDef CalledStationId,Called-Station-Id
</AuthBy>
<AuthBy SQL>
# Adjust DBSource, DBUsername, DBAuth to suit your
DB
DBSource dbi:dbtype:dbname
DBUsername user
DBAuth pass
# The SQL SELECT statement to fetch the right data
from the Mysql DB
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR
from SUBSCRIBERS where USERNAME='%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AddToReply Ascend-Shared-Profile-Enable =
Shared-Profile-Yes
</AuthBy>
# AuthBy DYNADDRESS needs to be the last AuthBy. If
# all the previous ones have succeeded, then an address
# is allocated
<AuthBy DYNADDRESS>
# This refers to the AddressAllocator
# defined below. IT says tyo us that allocator
# to get an address. Insterad ofg this, you can
# put the <AddressAllocator xxx> clause directly
# in here
Allocator PoolAllocator
# This specifies how to form the pool hint, that
# the allocator uses to specifiy which pool
# to allocate an address from. The default
# is %{Reply:PoolHint}, ie a pseudo
# attribute in teh current reply,
# presumably set by an earlier
# AuthBy, but it could be for example
# the NAS IP address or similar, or a hardwired
# string.
#PoolHint %{Reply:PoolHint}
# hard code the pool hint.
PoolHint 1
# These parameters tell us how to set reply
# attribtues from the result of the allocation.
# The left hand side of each pair is
# the "name" of the data item. The right hand
# side is the Radius attribute name to use
# in the reply. The valid data item names are:
# yiaddr - The allocated address
# subnetmask - The subnet mask to use
# dnsserver - the IP address of the DNS server
# The defualt mappings are:
#MapAttribute yiaddr, Framed-IP-Address
#MapAttribute subnetmask, Framed-IP-Netmask
# The AuthBy FILE above sets the pseudo reply attribute
# PoolHint as the clue to the address allocator
# need to strip it out at the end of processing
#StripFromReply PoolHint
# do not need to strip. we never added the poolhint
</AuthBy>
</Handler>
Sincerely,
Leon Oosterwijk
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list