(RADIATOR) auth ldap acct sql
Hugh Irvine
hugh at open.com.au
Fri Sep 27 03:58:45 CDT 2002
Hello Aaron -
The problem is that you have two Identifiers in the AuthBy SQL clause.
You should remove the second one (that is overwriting the first).
regards
Hugh
>
> Hello all, I would like to be able to auth from LDAP, and accounting to
> SQL, I thought I setup my config right, and it authenticates properly,
> but it doesn't log accounting packets right, here is my config, and
> below is the trace 4. The odd part is it looks like it trys to handel
> the accounting packet via the authby ldap BTW i'm running Radiator 3.1
>
> <AuthBy LDAP2>
> Identifier LDAPAuthentication
> Host sv00-1028.gtcinternet.net
> Port 389
> AuthDN cn=admin, dc=domain, dc=com
> AuthPassword secret
> BaseDN ou=dialup, ou=example .com, dc=domain, dc=com
> Scope one
> UsernameAttr uid
> PasswordAttr userPassword
> HoldServerConnection
> DefaultReply Framed-IP-Address = 255.255.255.254,\
> Session-Timeout = 14400,\
> Idle-Timeout = 1200,\
> Framed-Compression = Van-Jacobson-TCP-IP,\
> Service-Type = Framed-User,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Protocol = PPP,\
> Ascend-Data-Filter = ip in forward tcp est,\
> Ascend-Data-Filter = ip in forward dstip x.x.x.0/24,\
> Ascend-Data-Filter = ip in forward dstip x.x.x.0/24,\
> Ascend-Data-Filter = ip in drop tcp dstport = 25,\
> Ascend-Data-Filter = ip in forward
>
> </AuthBy>
>
>
> <AuthBy SQL>
> Identifier SQLAccounting
> AuthSelect
> DBSource dbi:Sybase:server=hostname
> DBUsername username
> DBAuth secret
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> Description Dialup Users
> Identifier Example.com Users
> </AuthBy>
>
> <AuthBy GROUP>
> Identifier LDAPandMSSQL
> AuthByPolicy ContinueAlways
> AuthBy SQLAccounting
> AuthBy LDAPAuthentication
> </AuthBy>
>
> <Realm example.com>
>
> RewriteUsername s/\@.*//
> AcctLogFileName /var/log/radius/example.com/detail
> PasswordLogFileName /var/log/radius/example.com/Bad-passwd
> AuthBy LDAPandMSSQL
> </Ream>
>
>
> And here, is the trace
> Thu Sep 26 16:51:57 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32867 ....
> Code: Access-Request
> Identifier: 134
> Authentic: <250>nB<196><167>Z<183><5><221>%<173>O<143><180><170>/
> Attributes:
> Service-Type = Framed-User
> User-Name = "username at example.com"
> User-Password = "K+
> 2<222><227>i<196><175><2><171><18>(<5>q<158>"
> NAS-IP-Address = 10.0.64.14
> NAS-Port = 0
>
> Thu Sep 26 16:51:57 2002: DEBUG: Handling request with Handler
> 'Realm=example.com'
> Thu Sep 26 16:51:57 2002: DEBUG: Rewrote user name to username
> Thu Sep 26 16:51:57 2002: DEBUG: Deleting session for
> username at example.com, 10.0.0.10, 0
> Thu Sep 26 16:51:57 2002: DEBUG: Handling with Radius::AuthGROUP
> Thu Sep 26 16:51:57 2002: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPAuthentication
> Thu Sep 26 16:51:57 2002: DEBUG: LDAP got result for cn=username,
> ou=dialup,ou=example.com,dc=domain, dc=com
> Thu Sep 26 16:51:57 2002: DEBUG: LDAP got userPassword:
> {crypt}sad4X522Vs1L1
> Thu Sep 26 16:51:57 2002: DEBUG: Radius::AuthLDAP2 looks for match with
> username
> Thu Sep 26 16:51:57 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Thu Sep 26 16:51:57 2002: DEBUG: Access accepted for username
> Thu Sep 26 16:51:57 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32867 ....
> Code: Access-Accept
> Identifier: 134
> Authentic: <250>nB<196><167>Z<183><5><221>%<173>O<143><180><170>/
> Attributes:
> Framed-IP-Address = 255.255.255.254
> Session-Timeout = 14400
> Idle-Timeout = 1200
> Framed-Compression = Van-Jacobson-TCP-IP
> Service-Type = Framed-User
> Framed-IP-Netmask = 255.255.255.255
> Framed-Protocol = PPP
> Ascend-Data-Filter = ip in forward tcp est
> Ascend-Data-Filter = ip in forward dstip x.x.x.0/24
> Ascend-Data-Filter = ip in forward dstip x.x.x.0/24
> Ascend-Data-Filter = ip in drop tcp dstport = 25
> Ascend-Data-Filter = ip in forward
>
> *** Received from 127.0.0.1 port 32870 ....
> Code: Accounting-Request
> Identifier: 141
> Authentic: <220>jK6<240>LI<15>_<2>6<21>_<228><133><150>
> Attributes:
> Acct-Session-Id = "80801033084587"
> User-Name = "username at example.com"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Login-Service = Telnet
> Acct-Session-Time = 123
> NAS-IP-Address = 10.0.0.10
> NAS-Port = 0
> Acct-Delay-Time = 0
>
> Thu Sep 26 16:56:27 2002: DEBUG: Handling request with Handler
> 'Realm=example.com'
> Thu Sep 26 16:56:27 2002: DEBUG: Rewrote user name to username
> Thu Sep 26 16:56:27 2002: DEBUG: Deleting session for
> username at example.com, 10.0.0.10, 0
> Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthGROUP
> Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPAuthentication
> Thu Sep 26 16:56:27 2002: DEBUG: Accounting accepted
> Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32870 ....
> Code: Accounting-Response
> Identifier: 141
> Authentic: <220>jK6<240>LI<15>_<2>6<21>_<228><133><150>
> Attributes:
>
> Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 32870 ....
> Code: Accounting-Request
> Identifier: 142
> Authentic: z<28>B<167><205><175>6yd<189><197><20><252><236><1>1
> Attributes:
> Acct-Session-Id = "80801033084587"
> User-Name = "username at example.com"
> Acct-Status-Type = Stop
> Acct-Authentic = RADIUS
> Service-Type = Framed-User
> Login-Service = Telnet
> Acct-Session-Time = 123
> NAS-IP-Address = 10.0.0.10
> NAS-Port = 0
> Acct-Delay-Time = 0
>
> Thu Sep 26 16:56:27 2002: DEBUG: Handling request with Handler
> 'Realm=example.com'
> Thu Sep 26 16:56:27 2002: DEBUG: Rewrote user name to username
> Thu Sep 26 16:56:27 2002: DEBUG: Deleting session for
> username at example.com, 10.0.0.10, 0
> Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthGROUP
> Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthLDAP2:
> LDAPAuthentication
> Thu Sep 26 16:56:27 2002: DEBUG: Accounting accepted
> Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 32870 ....
> Code: Accounting-Response
> Identifier: 142
> Authentic: z<28>B<167><205><175>6yd<189><197><20><252><236><1>1
> Attributes:
>
>
>
> --
> Signed,
> Aaron Collins
> Lead Internet Infrastructure Engineer
> acollins at teamgtc.com
>
> -------------------------------------------------------
>
> --
> Mike McCauley mikem at open.com.au
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list