(RADIATOR) Problems
Stephen Malenshek
stephen at valuelinx.net
Wed Mar 27 10:48:15 CST 2002
I am having a very difficult time with this product. I have read and
reread the documentation on several occasions and evidently I am just to
stupid to figure this out. The following is the error messages that I
am getting:
Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
SUBSCRIBERS where USERNAME='stephen'': ERROR: Attribute 'password' not
found
Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
SUBSCRIBERS where USERNAME='stephen'': ERROR: Attribute 'password' not
found
Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
SUBSCRIBERS where USERNAME='DEFAULT'': ERROR: Attribute 'password' not
found
Tue Mar 26 10:12:03 2002: ERR: Execute failed for 'select PASSWORD from
SUBSCRIBERS where USERNAME='DEFAULT'': ERROR: Attribute 'password' not
found
Tue Mar 26 10:12:03 2002: INFO: Access rejected for stephen: No such
user
The following is the radius.cfg:
#Foreground
#LogStdout
LogDir /var/log/radius
DbDir /etc/raddb
Trace 3
<Client DEFAULT>
Secret xxxxxx
DupInterval 0
</Client>
<Realm DEFAULT>
<AuthBy FILE>
Filename %D/users
</AuthBy>
AcctLogFileName %L/detail
</Realm>
<Realm DEFAULT>
<AuthBy SQL>
DBSource
dbi:Pg:dbname=radius;host=xxx.xxx.xxx.xxx
DBUsername xxxxx
DBAuth xxxxxx
</AuthBy>
</Realm>
# <Handler Service-Type=Call-Check>
# RewriteUsername s/^([^@]+).*/$1/
# <AuthBy FILE>
# Filename %D/call-check
# </AuthBy>
# </Handler>
<Handler Realm=DEFAULT,Acct-Status-Type=/.+/>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/^P(.*)$/$1/
RewriteUsername tr/[A-Z]/[a-z]/
AcctLogFileName %L/detail-%Y-%m
# AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
WtmpFileName %L/wtmp
# PasswordLogFileName %L/password-%Y-%m
# PreAuthHook sub { print "Here I am in PreAuthHook\n" }
# PostAuthHook sub { print "Here I am in PostAuthHook\n" }
#AuthByPolicy ContinueWhileReject
#AuthByPolicy ContinueUntilAccept
AuthByPolicy DoAllAuths
<AuthBy SQL>
Fork
Identifier AcctSTART
AuthSelect
DBSource dbi:Pg:dbname=radius;host=
xxx.xxx.xxx.xxx
DBUsername xxxxx
DBAuth xxxxxx
# DBSource dbi:Pg:radius:backuphost
# DBUsername aUser
# DBAuth aPassWord
AccountingStartsOnly
AcctSQLStatement insert into ACCOUNTING \
( \
username,calledstationid,nasidentifier,\
clientip,nasport,nasporttype,\
acctstatustype,acctdelaytime,acctsessionid,\
time_stamp,servicetype,framedprotocol,\
framedipaddress,requestauth,\
start_time,stop_time,\
connect_info\
) \
values \
(\
ip_to_int('%{User-Name}',\
'%{Called-Station-Id}',\
'%{NAS-IP-Address}',\
'%{Client-IP-Address}',\
'%{NAS-Port}',\
'%{NAS-Port-Type}',\
'%{Acct-Status-Type}',\
'%{Acct-Delay-Time}',\
'%{Acct-Session-Id}',\
'%{Timestamp}',\
'%{Service-Type}',\
'%{Framed-Protocol}',\
'%{Framed-IP-Address}',\
'%{Request-Authenticator}\
# From_unixtime(%{Timestamp}),\
# 0,\
# '%{Connect-Info}'\
)
</AuthBy>
<AuthBy SQL>
Fork
Identifier AcctSTOP
AuthSelect
DBSource dbi:Pg:dbname=radius;host=
xxx.xxx.xxx.xxx
DBUsername xxxxx
DBAuth xxxxxx
# DBSource dbi:mysql:db:backuphost
# DBUsername aUser
# DBAuth aPassWord
AccountingStopsOnly
AcctSQLStatement insert into ACCOUNTING \
( \
nasport,nasporttype,acctinputoctets,\
acctoutputoctets,acctinputpackets,acctoutputpackets,\
acctstatustype,acctdelaytime,acctsessionid,acctsessiontime,\
acctterminatecause,time_stamp,servicetype,framedprotocol,\
framedipaddress,requestauth,\
start_time,stop_time,\
connect_info\
) \
values \
(\
ip_to_int('%{User-Name}',\
'%{Called-Station-Id}',\
'%{NAS-IP-Address}',\
'%{NAS-Port}',\
'%{NAS-Port-Type}',\
'%{Acct-Input-Octets}',\
'%{Acct-Output-Octets}',\
'%{Acct-Input-Packets}',\
'%{Acct-Output-Packets}',\
'%{Acct-Status-Type}',\
'%{Acct-Delay-Time}',\
'%{Acct-Session-Id}',\
'%{Acct-Session-Time}',\
'%{Acct-Terminate-Cause}',\
'%{Timestamp}',\
'%{Service-Type}',\
'%{Framed-Protocol}',\
'%{Framed-IP-Address}',\
'%{Request-Authenticator}\
# From_unixtime(%{Timestamp}),\
# 0,\
# '%{Connect-Info}'\
)
AcctSQLStatement update usertime set \
time_on = %{Acct-Session-Time,NULL},\
InBytes = %{Acct-Input-Octets,NULL},\
OutBytes = %{Acct-Output-Octets,NULL},\
term_cause = %{Acct-Terminate-Cause,integerNULL},\
stop_time = From_unixtime(%{Timestamp}),\
terminate_detail = '%{LE-Terminate-Detail}',\
connect_info = concat(connect_info ,";",
'%{Connect-Info}') \
WHERE \
server = ip_to_int('%{NAS-IP-Address}') AND \
id = '%{Acct-Session-Id}' AND \
name = '%{User-Name}' AND \
port = '%{NAS-Port}'
</AuthBy>
<AuthBy TEST>
# Return a Packet
</AuthBy>
</Handler>
<Handler Realm=DEFAULT,Proxy-State="0">
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/^P(.*)$/$1/
RewriteUsername tr/[A-Z]/[a-z]/
AcctLogFileName %L/roam-detail-auth-%Y-%m
PasswordLogFileName %L/password-roam-%Y-%m
AuthByPolicy ContinueWhileReject
#AuthByPolicy ContinueUntilAccept
#AuthByPolicy DoAllAuths
<AuthBy SQL>
DBSource dbi:Pg:dbname=radius;host=
xxx.xxx.xxx.xxx
DBUsername xxxxx
DBAuth xxxxxx
# DBSource dbi:mysql:db:backuphost
# DBUsername aUser
# DBAuth aPassWord
AuthSelect select \
if(pw_iscrypt=0,passwd,concat('{crypt}',passwd)),\
port_limit,\
radius_check,\
concat(\
if("%{Service-Type}"="Framed-User","Service-Type=Framed-User,",""),\
if(server=3,"NAS-Port-Type = Async,",""),\
if(type=2,"Time=Al1550-0930,SaSu0000-2400","")\
),\
radius_reply,\
concat(\
if("%{Service-Type}"="Framed-User",\
"Service-Type=Framed-User,Framed-Compression=Van-Jacobson-TCP-IP,Framed-
MTU=1500,Framed-Protocol=PPP,",""),\
if("%{Service-Type}"="Framed-User" &&
filter.name>""
,\
concat("Filter-Id=",filter.name,","),""),\
if("%{Service-Type}"="Framed-User",if(ISNULL(static_ip) ||
static_ip='',\
'Framed-IP-Address=255.255.255.254,',concat("Framed-IP-Address=",static_
ip,",")),\
""),\
if("%{Service-Type}"="Framed-User",if(ISNULL(static_netmask) ||
static_netmask='',\
'Framed-IP-Netmask=255.255.255.254,',concat("Framed-IP-Netmask=",static_
netmask,",")),\
""),\
if("%{Service-Type}"<>"Framed-User","Service-Type=Login-User,Login-IP-Ho
st=phobos.kiss.de,Login-Service=Rlogin,","")\
),\
if(expires<"1990-01-01",NULL,expires),\
port_limit \
FROM accounts left outer join filter ON
accounts.filter=filter.id \
WHERE \
accounts.name = '%n' AND active <> 0 AND
(type <= OR type =3) AND \
(server IN ('1','2','3') OR server =
ip_to_int('%N')
)
# type=3 : only-radius
# type=0 : normal
# type<0 : Versch. restrictions
# server 0 = NONE
# server 1 = ALL
# server 2 = ISDN
# server 3 = Analog
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,GENERIC,check
AuthColumnDef 3,GENERIC,check
AuthColumnDef 4,GENERIC,reply
AuthColumnDef 5,GENERIC,reply
AuthColumnDef 6,Expires,check
AuthColumnDef 7,Port-Limit,reply
#
StripFromReply Filter-Id
</AuthBy>
</Handler>
<Handler Realm=DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/^P(.*)$/$1/
RewriteUsername tr/[A-Z]/[a-z]/
AcctLogFileName %L/detail-auth-%Y-%m
# AcctLogFileFormat %{Timestamp} %{Acct-Session-Id} %{User-Name}
WtmpFileName %L/wtmp
# PasswordLogFileName %L/password-%Y-%m
# PreAuthHook sub { print "Here I am in PreAuthHook\n" }
# PostAuthHook sub { print "Here I am in PostAuthHook\n" }
AuthByPolicy ContinueWhileReject
#AuthByPolicy ContinueUntilAccept
#AuthByPolicy DoAllAuths
<AuthBy SQL>
DBSource dbi:Pg:dbname=radius;host=65.67.76.100
DBUsername radacct
DBAuth 5qweh*ujnbhtr
# DBSource dbi:mysql:db:backuphost
# DBUsername aUser
# DBAuth aPassWord
AuthSelect select \
if(pw_iscrypt=0,passwd,concat('{crypt}',passwd)),\
port_limit,\
radius_check,\
concat(\
if("%{Service-Type}"="Framed-User","Service-Type=Framed-User,",""),\
if(server=3,"NAS-Port-Type = Async,",""),\
if(type=2,"Time=Al1550-0930,SaSu0000-2400","")\
),\
radius_reply,\
concat(\
if("%{Service-Type}"="Framed-User",\
"Service-Type=Framed-User,Framed-Compression=Van-Jacobson-TCP-IP,Framed-
MTU=1500,Framed-Protocol=PPP,",""),\
if("%{Service-Type}"="Framed-User" &&
filter.name>""
,\
concat("Filter-Id=",filter.name,","),""),\
if("%{Service-Type}"="Framed-User",if(ISNULL(static_ip) ||
static_ip='',\
'Framed-IP-Address=255.255.255.254,',concat("Framed-IP-Address=",static_
ip,",")),\
""),\
if("%{Service-Type}"="Framed-User",if(ISNULL(static_netmask) ||
static_netmask='',\
'Framed-IP-Netmask=255.255.255.254,',concat("Framed-IP-Netmask=",static_
netmask,",")),\
""),\
if("%{Service-Type}"<>"Framed-User","Service-Type=Login-User,Login-IP-Ho
st=phobos.kiss.de,Login-Service=Rlogin,","")\
),\
if(expires<"1990-01-01",NULL,expires),\
port_limit \
FROM accounts left outer join filter ON
accounts.filter=filter.id \
WHERE \
accounts.name = '%n' AND active <> 0 AND
(type <= 0 OR type =3) AND \
(server IN ('1','2','3') OR server =
ip_to_int('%N')
)
# type=3 : only-radius
# type=0 : normal
# type<0 : Versch. restrictions
# server 0 = NONE
# server 1 = ALL
# server 2 = ISDN
# server 3 = Analog
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,GENERIC,check
AuthColumnDef 3,GENERIC,check
AuthColumnDef 4,GENERIC,reply
AuthColumnDef 5,GENERIC,reply
AuthColumnDef 6,Expires,check
AuthColumnDef 7,Port-Limit,reply
</AuthBy>
<AuthBy FILE>
Filename %D/users
</AuthBy>
</Handler>
<SessionDatabase SQL>
DBSource dbi:Pg:dbname=radius;host= xxx.xxx.xxx.xxx
DBUsername xxxxx
DBAuth xxxxxx
# DBSource dbi:mysql:db:backuphost
# DBUsername aUser
# DBAuth aPassWord
AddQuery insert into RADONLINE \
(USERNAME, CALLEDSTATIONID, NASIDENTIFIER, NASPORT,\
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, \
NASPORTTYPE, SERVICETYPE) \
values (\
'%n', %{Called-Station-Id}, '%N', %{NAS-Port,NULL}, \
'%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',\
'%{NAS-Port-Type}', '%{Service-Type}')
DeleteQuery delete from RADONLINE \
where USERNAME='%n' and \
NASIDENTIFIER='%N' and NASPORT=%{NAS-Port,NULL}
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from
RADONLINE w
here USERNAME='%n'
</SessionDatabase>
This is a list of tables that I have specified in the database.
List of relations
Name | Type | Owner
----------------------+-------+----------
accounting | table | postgres
groupradius | table | postgres
radclientlist | table | postgres
radlog | table | postgres
radonline | table | postgres
radpool | table | postgres
radsqlradius | table | postgres
radsqlradiusindirect | table | postgres
radstatslog | table | postgres
subscribers | table | postgres
(10 rows)
radius=# \d accounting
Table "accounting"
Attribute | Type | Modifier
--------------------+-----------------------+----------
username | character varying(50) |
realm | character varying(50) |
calledstationid | integer |
nasidentifier | character varying(50) |
nasipaddress | character varying(50) |
clientip | character varying(25) |
nasport | integer |
nasporttype | character varying(30) |
acctinputoctets | integer |
acctoutputoctets | integer |
acctinputpackets | integer |
acctoutputpackets | integer |
acctstatustype | character varying(10) |
acctdelaytime | integer |
acctsessionid | character varying(30) |
acctsessiontime | integer |
acctterminatecause | integer |
time_stamp | integer |
servicetype | character varying(80) |
framedprotocol | character varying(50) |
framedipaddress | character varying(22) |
requestauth | character varying(50) |
start_time | character varying(50) |
stop_time | character varying(50) |
connect_info | character varying(50) |
Index: accounting_i
radius=# \d radclientlist
Table "radclientlist"
Attribute | Type | Modifier
------------------------------+-----------------------+----------
nasidentifier | character varying(50) | not null
secret | character varying(50) | not null
ignoreacctsignature | integer |
dupinterval | integer |
defaultrealm | character varying(50) |
nastype | character varying(20) |
snmpcommunity | character varying(20) |
livingstonoffs | integer |
livingstonhole | integer |
framedgroupbaseaddress | character varying(50) |
framedgroupmaxportsperclassc | integer |
rewriteusername | character varying(50) |
noignoreduplicates | character varying(50) |
prehandlerhook | character varying(50) |
Index: nasidentifier_i
radius=# \d radlog
Table "radlog"
Attribute | Type | Modifier
------------+------------------------+----------
time_stamp | integer |
priority | integer |
message | character varying(200) |
radius=# \d radonline
Table "radonline"
Attribute | Type | Modifier
-----------------+-----------------------+----------
username | character varying(50) |
calledstationid | character varying(20) |
nasidentifier | character varying(50) |
nasport | integer |
acctsessionid | character varying(30) |
time_stamp | integer |
framedipaddress | character varying(22) |
nasporttype | character varying(10) |
servicetype | character varying(20) |
Indices: radonline_i,
radonline_i2
radius=# \d radpool
Table "radpool"
Attribute | Type | Modifier
------------+-----------------------+----------
state | integer | not null
time_stamp | integer |
expiry | integer |
username | character varying(50) |
pool | character varying(50) | not null
yiaddr | character varying(50) | not null
subnetmask | character varying(50) | not null
dnsserver | character varying(50) |
Indices: radpool_i,
radpool_i2
radius=# \d radsqlradius
Table "radsqlradius"
Attribute | Type | Modifier
----------------------------+-----------------------+----------
targetname | character varying(50) |
host1 | character varying(50) |
host2 | character varying(50) |
secret | character varying(50) |
authport | character varying(20) |
acctport | character varying(20) |
retries | integer |
retrytimeout | integer |
useoldascendpasswords | integer |
serverhasbrokenportnumbers | integer |
serverhasbrokenaddresses | integer |
ignorereplysignature | integer |
failurepolicy | integer |
Index: radsqlradius_i
radius=# \d radsqlradiusindirect
Table "radsqlradiusindirect"
Attribute | Type | Modifier
------------+-----------------------+----------
sourcename | character varying(50) |
targetname | character varying(50) |
Index: radsqlradiusindirect_i
radius=# \d radstatslog
Table "radstatslog"
Attribute | Type | Modifier
-----------------------------+-----------------------+----------
time_stamp | integer |
type | character varying(20) |
identifier | character varying(30) |
accessaccepts | integer |
accesschallenges | integer |
accessrejects | integer |
accessrequests | integer |
accountingrequests | integer |
accountingresponses | integer |
badauthaccessrequests | integer |
badauthaccountingrequests | integer |
badauthrequests | integer |
droppedaccessrequests | integer |
droppedaccountingrequests | integer |
droppedrequests | integer |
dupaccessrequests | integer |
dupaccountingrequests | integer |
duplicaterequests | integer |
malformedaccessrequests | integer |
malformedaccountingrequests | integer |
proxiednoreply | integer |
proxiedrequests | integer |
requests | integer |
responsetime | numeric(12,6) |
radius=# \d subscribers
Table "subscribers"
Attribute | Type | Modifier
-----------+------------------------+----------
username | character varying(50) | not null
realname | character varying(50) |
passwd | character varying(50) |
epasswd | character varying(50) |
uid | integer |
gid | integer |
homedir | character varying(50) |
shell | character varying(50) |
checkattr | character varying(200) |
replyattr | character varying(200) |
Indices: realname_i,
subscribers_pkey,
username_i
Please forgive me if this is not the proper way to post to this list,
but I have wasted 3 days trying to figure the proper structure out for
this product. The documentation for a PostgreSQL documentation is
sparse and everything I have has been adapted from the
wimsComplexConfig.txt file located in the goodies directory. I have not
found any place that I can specify anything for SUBSCRIBERS for
authentication in the radius.cfg file and I do not know what structure
needs to be added to make this happen. This is my first implementation
with this product, but I have had a lot of experience with Cistron, and
trying to convert from one to the other is a little bit of a stretch.
Thanks in advance for any help that you might provide.
Stephen Malenshek
Valuelinx Corporation
stephen at valuelinx.net
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list