auth ldap acct sql

Aaron Collins acollins at teamgtc.com
Thu Sep 26 19:21:05 CDT 2002 

Hello all, I would like to be able to auth from LDAP, and accounting to
SQL, I thought I setup my config right, and it authenticates properly,
but it doesn't log accounting packets right, here is my config, and
below is the trace 4.  The odd part is it looks like it trys to handel
the accounting packet via the authby ldap BTW i'm running Radiator 3.1

<AuthBy LDAP2>
  Identifier LDAPAuthentication
  Host sv00-1028.gtcinternet.net
  Port 389
  AuthDN cn=admin, dc=domain, dc=com
  AuthPassword secret
  BaseDN   ou=dialup, ou=example .com, dc=domain, dc=com
  Scope   one
  UsernameAttr uid
  PasswordAttr userPassword
  HoldServerConnection
  DefaultReply  Framed-IP-Address = 255.255.255.254,\
                Session-Timeout = 14400,\
                Idle-Timeout = 1200,\
                Framed-Compression = Van-Jacobson-TCP-IP,\
                Service-Type = Framed-User,\
                Framed-IP-Netmask = 255.255.255.255,\
                Framed-Protocol = PPP,\
                Ascend-Data-Filter = ip in forward tcp est,\
                Ascend-Data-Filter = ip in forward dstip  x.x.x.0/24,\
                Ascend-Data-Filter = ip in forward dstip  x.x.x.0/24,\
                Ascend-Data-Filter = ip in drop tcp dstport = 25,\
                Ascend-Data-Filter = ip in forward

</AuthBy>


<AuthBy SQL>
  Identifier SQLAccounting
  AuthSelect
  DBSource dbi:Sybase:server=hostname
  DBUsername username
  DBAuth secret
  AcctColumnDef   USERNAME,User-Name
  AcctColumnDef   TIME_STAMP,Timestamp,integer
  AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
  AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
  AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
  AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
  AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
  AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
  AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
  AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
  AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
  AcctColumnDef   NASPORT,NAS-Port,integer
  Description Dialup Users
  Identifier Example.com Users
</AuthBy>

<AuthBy GROUP>
        Identifier LDAPandMSSQL
        AuthByPolicy ContinueAlways
        AuthBy SQLAccounting
	        AuthBy LDAPAuthentication
</AuthBy>

<Realm example.com>

        RewriteUsername s/\@.*//
        AcctLogFileName /var/log/radius/example.com/detail
        PasswordLogFileName  /var/log/radius/example.com/Bad-passwd
        AuthBy LDAPandMSSQL
</Ream>


And here, is the trace
Thu Sep 26 16:51:57 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32867 ....
Code:       Access-Request
Identifier: 134
Authentic:  <250>nB<196><167>Z<183><5><221>%<173>O<143><180><170>/
Attributes:
        Service-Type = Framed-User
        User-Name = "username at example.com"
        User-Password = "K+
2<222><227>i<196><175><2><171><18>(<5>q<158>"
        NAS-IP-Address = 10.0.64.14
        NAS-Port = 0

Thu Sep 26 16:51:57 2002: DEBUG: Handling request with Handler
'Realm=example.com'
Thu Sep 26 16:51:57 2002: DEBUG: Rewrote user name to username
Thu Sep 26 16:51:57 2002: DEBUG:  Deleting session for
username at example.com, 10.0.0.10, 0
Thu Sep 26 16:51:57 2002: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 26 16:51:57 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAPAuthentication
Thu Sep 26 16:51:57 2002: DEBUG: LDAP got result for cn=username,
ou=dialup,ou=example.com,dc=domain, dc=com
Thu Sep 26 16:51:57 2002: DEBUG: LDAP got userPassword:
{crypt}sad4X522Vs1L1
Thu Sep 26 16:51:57 2002: DEBUG: Radius::AuthLDAP2 looks for match with
username
Thu Sep 26 16:51:57 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
Thu Sep 26 16:51:57 2002: DEBUG: Access accepted for username
Thu Sep 26 16:51:57 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32867 ....
Code:       Access-Accept
Identifier: 134
Authentic:  <250>nB<196><167>Z<183><5><221>%<173>O<143><180><170>/
Attributes:
        Framed-IP-Address = 255.255.255.254
        Session-Timeout = 14400
        Idle-Timeout = 1200
        Framed-Compression = Van-Jacobson-TCP-IP
        Service-Type = Framed-User
        Framed-IP-Netmask = 255.255.255.255
        Framed-Protocol = PPP
        Ascend-Data-Filter = ip in forward tcp est
        Ascend-Data-Filter = ip in forward dstip  x.x.x.0/24
        Ascend-Data-Filter = ip in forward dstip  x.x.x.0/24
        Ascend-Data-Filter = ip in drop tcp dstport = 25
        Ascend-Data-Filter = ip in forward

*** Received from 127.0.0.1 port 32870 ....
Code:       Accounting-Request
Identifier: 141
Authentic:  <220>jK6<240>LI<15>_<2>6<21>_<228><133><150>
Attributes:
        Acct-Session-Id = "80801033084587"
        User-Name = "username at example.com"
        Acct-Status-Type = Stop
        Acct-Authentic = RADIUS
        Service-Type = Framed-User
        Login-Service = Telnet
        Acct-Session-Time = 123
        NAS-IP-Address = 10.0.0.10
        NAS-Port = 0
        Acct-Delay-Time = 0

Thu Sep 26 16:56:27 2002: DEBUG: Handling request with Handler
'Realm=example.com'
Thu Sep 26 16:56:27 2002: DEBUG: Rewrote user name to username
Thu Sep 26 16:56:27 2002: DEBUG:  Deleting session for
username at example.com, 10.0.0.10, 0
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAPAuthentication
Thu Sep 26 16:56:27 2002: DEBUG: Accounting accepted
Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32870 ....
Code:       Accounting-Response
Identifier: 141
Authentic:  <220>jK6<240>LI<15>_<2>6<21>_<228><133><150>
Attributes:

Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32870 ....
Code:       Accounting-Request
Identifier: 142
Authentic:  z<28>B<167><205><175>6yd<189><197><20><252><236><1>1
Attributes:
        Acct-Session-Id = "80801033084587"
        User-Name = "username at example.com"
        Acct-Status-Type = Stop
        Acct-Authentic = RADIUS
        Service-Type = Framed-User
        Login-Service = Telnet
        Acct-Session-Time = 123
        NAS-IP-Address = 10.0.0.10
	        NAS-Port = 0
        Acct-Delay-Time = 0

Thu Sep 26 16:56:27 2002: DEBUG: Handling request with Handler
'Realm=example.com'
Thu Sep 26 16:56:27 2002: DEBUG: Rewrote user name to username
Thu Sep 26 16:56:27 2002: DEBUG:  Deleting session for
username at example.com, 10.0.0.10, 0
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAPAuthentication
Thu Sep 26 16:56:27 2002: DEBUG: Accounting accepted
Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32870 ....
Code:       Accounting-Response
Identifier: 142
Authentic:  z<28>B<167><205><175>6yd<189><197><20><252><236><1>1
Attributes:



--
Signed,
Aaron Collins
Lead Internet Infrastructure Engineer
acollins at teamgtc.com

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list