(RADIATOR) auth ldap acct sql

Hugh Irvine hugh at open.com.au
Wed Oct 2 01:57:43 CDT 2002 

Hello Aaron -

I suspect you have not installed the latest patches for Radiator 3.3.1, 
as there was a bug with %W just like you show below.

regards

Hugh


On Wednesday, October 2, 2002, at 06:05 AM, Aaron Collins wrote:

> Well, I've tried those special characters, and the only ones that work
> in Basedn are %0 %1 things like %W don't work, here are the traces from
> the ldap server, I'm using authldap, and acct sql via authby group.
> Does that make a differance, am I running the wrong version, have I
> configured something wrong. Sorry I was mailing you directly before
> Hugh.
>
> With %0
> slapd[13614]: conn=514 op=1 SRCH base="ou=dialup, ou=uid, dc=domain,
> dc=com" scope=1
> filter="(&(accountStatus=active)(uid=aaroncollins at example.com))"
>
> With %W
> slapd[13541]: conn=245 op=1 SRCH base="ou=dialup, ou=%W, dc=domain,
> dc=com" scope=1
> filter="(&(accountStatus=active)(uid=aaroncollins at example.com))"
>
> Here is my config
> <AuthBy LDAP2>
>   Identifier LDAPAuthentication
>   Host xxxx.domain.net
>   Port 389
>   AuthDN cn=admin, dc=domain, dc=com
>   AuthPassword secret
>   SearchFilter (&(accountStatus=active)(%0=%1))
>   BaseDN   ou=dialup, ou=%W, dc=domain, dc=com
>   Scope   one
>   UsernameAttr uid
>   PasswordAttr userPassword
>   HoldServerConnection
>   DefaultReply  Framed-IP-Address = 255.255.255.254,\
>                 Session-Timeout = 14400,\
>                 Idle-Timeout = 1200,\
>                 Framed-Compression = Van-Jacobson-TCP-IP,\
>                 Service-Type = Framed-User,\
>                 Framed-IP-Netmask = 255.255.255.255,\
>                 Framed-Protocol = PPP,\
>                 Ascend-Data-Filter = ip in forward tcp est,\
>                 Ascend-Data-Filter = ip in forward dstip  x.x.x.0/24,\
>                 Ascend-Data-Filter = ip in forward dstip  x.x.x.0/24,\
>                 Ascend-Data-Filter = ip in drop tcp dstport = 25,\
>                 Ascend-Data-Filter = ip in forward
> </AuthBy>
>
> <AuthBy SQL>
>   Identifier SQLAccounting
>   # empty AuthSelect to disable authentication
>   AuthSelect
>   DBSource dbi:Sybase:server=x.x.x.x
>   DBUsername name
>   DBAuth password
>   AcctColumnDef   USERNAME,User-Name
>   AcctColumnDef   TIME_STAMP,Timestamp,integer
>   AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>   AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>   AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>   AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>   AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>   AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>   AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>   AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>   AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>   AcctColumnDef   NASPORT,NAS-Port,integer
>   Description Dialup Users
> </AuthBy>
>
> <AuthBy GROUP>
>         Identifier LDAPandMSSQL
>         AuthByPolicy ContinueAlways
>         AuthBy SQLAccounting
>         AuthBy LDAPAuthentication
> </AuthBy>
>
> <Realm example.com>
>
>         AcctLogFileName /var/log/radius/example.com/detail
>         PasswordLogFileName  /var/log/radius/example.com/Bad-passwd
>         AuthBy LDAPandMSSQL
> </Ream>
>
> Hugh Irvine wrote:
>>
>> Hello Aaron -
>>
>> You can use any of the special characters defined in section 6.2 of 
>> the
>> Radiator 3.3.1 reference manual.
>> ("doc/ref.html").
>>
>> Also have a look at section 6.35.7 for details on BaseDN.
>>
>> regards
>>
>> Hugh
>>
>> On Saturday, September 28, 2002, at 07:42 AM, Aaron Collins wrote:
>>
>>> Hey, does anyone know how to make the Basedn use variables?
>>> BaseDN   ou=dialup, ou=$domain, dc=example, dc=com
>>> I'm trying to make it so that I can use one <Authby LDAP2>
>>> stanza to autheticate multiple realms.
>>>
>>>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>
> -- 
> Signed,
> Aaron Collins
> Lead Internet Infrastructure Engineer
> acollins at teamgtc.com
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list