(RADIATOR) Problem mixing AuthBy File and AuthBy SQL

Matthew Trout MatthewTrout at businessserve.co.uk
Thu Feb 13 10:04:49 CST 2003 

Alternatively, write a quick perl script that does something like

#!/usr/bin/perl

$/ = "\n\n";		# Or, if those three dots are from your file,
"\n...\n"

while (<STDIN>) {		# Feed the user section in here
	s/^(\S+)\s+//;
	my $user = $1;
	my @vals;
	my @names = map { m/(\s+)\S+=\S+"([^"]+)"/; push(@vals,"'$2'"); }
					split(/,?\s+\n\s+/, $_);
	unshift(@names, "username");
	unshift(@vals, $user);
	print "INSERT INTO userdata ( ".join(', ', @names)." )
		VALUES ( ".join(', ', at vals)."\n";
}

=== end of script ===

That, or something like it without the typos (don't have time to test it,
I'm afraid) should produce insert queries you can run straight onto a
database with the attribute names as the fields

> -----Original Message-----
> From: terry at ccis.net [mailto:terry at ccis.net]
> Sent: Thursday, February 13, 2003 3:32 PM
> To: radiator at open.com.au
> Subject: (RADIATOR) Problem mixing AuthBy File and AuthBy SQL
> 
> 
> We've been running radiator using unix password 
> authentication. I needed to
> add CHAP, and based on input from the list, here's what I 
> did. I took the
> original, which looks up users in a file "users2" which 
> contains all the
> unique check items (and a default), with "AuthType= "UNIX"". Then the
> username/password is checked against a unix-encrypted file, passwd2,
> thusly:
> --------------------------
> 
> # This AuthBy wil be used to authenticate anyting in the
> # users2 file with Auth-Type=UNIX by looking in passwd2
> <AuthBy UNIX>
>      Identifier UNIX
>      Filename %D/passwd2
> </AuthBy>
> 
> <Handler>
>      # remove the "@domain" part (if it exists)
>      RewriteUsername s/^([^@]+).*/$1/
>      # remove spaces
>      RewriteUsername s/\s//g
>      AuthByPolicy ContinueAlways
>      AcctLogFileName     %L/detail
>         <AuthBy SQL>
>                 # AuthSelect with empty string means dont do auth
>                 AuthSelect
>                 DBSource        dbi:mysql:radius:marvin.ccis.net
>                ...blah blah blah...
>         </AuthBy>
>      # Make sure they appear in the users2 file
>      # Anyone with Auth-Type=UNIX in the users2 file will be
>      # authenticated with the AuthBy UNIX above
>         <AuthBy FILE>
>                 Filename        %D/users2
>         </AuthBy>
> </Handler>
> 
> 
> -----------------
> Now comes the sticky part.. I thought all I had to do to 
> enable plaintext
> passwords (for CHAP) was add another AuthBy in the Handler, 
> which looks up
> username/password pairs in a MySQL database:
> -----------------
> 
>      # authenticate from info in the passwd3 (local) database
>      <AuthBy SQL>
>           DBSource  dbi:mysql:nocol_replication
>           DBUsername     XXXXX
>           DBAuth    XXXXX
>           AuthSelect     select password from passwd3 where 
> username=%0
>           AuthColumnDef  0, User-Password, check
>      </AuthBy>
> 
> -----------------
> ..but it occurred to me around 4AM that all the check items 
> that give our
> customers static IPs, subnets, and ISDN access, as well as 
> denying access
> to email-only users with a "Reject" clause, are back in the old users2
> file, which is not referenced in the AuthBy SQL clause. I 
> think I could put
> the check items in the database, but that would be very 
> difficult, as the
> SQL file is generated by Platypus, and the check items 'users2' are
> generated by unix, using a combination of automation and 
> manual exceptions
> file, like this:
> -----------------
> ....
> ickien Auth-Type = "Reject"
> villari Auth-Type = "Reject"
> whitfordcc Auth-Type = "Reject"
> whs Auth-Type = "Reject"
> willson Auth-Type = "Reject"
> wjinc Auth-Type = "Reject"
> wm Auth-Type = "Reject"
> wwwfaddis Auth-Type = "Reject"
> wwwfrankelec Auth-Type = "Reject"
> 
> #BEGIN AUTO generated ISDN Users - PLAT 02/13/2003 09:46:50
> lorri    Auth-Type = "UNIX"
>         User-Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-Address = 209.195.204.34,
>         Framed-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobsen-TCP-IP
> ...
> thesignalgw      Auth-Type = "UNIX"
>         User-Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-Address = 209.195.209.218,
>         Framed-Netmask = 255.255.255.248,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobsen-TCP-IP
> ...
> DEFAULT Auth-Type = "UNIX", NAS-Port-Type = Async
>         User-Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-Address = 255.255.255.254,
>         Framed-Netmask = 255.255.255.255,
>         Framed-Routing = None,
>         Framed-MTU = 1500,
>         Framed-Compression = Van-Jacobsen-TCP-IP...
> 
> ------------------------------
> I guess the question here is: Is there any way I can tell the 
> AuthBy SQL to
> fetch the check items from the users2 file, while using it's 
> username and
> password fields for the authentication part?
> 
> 
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030213/e39267fe/attachment.html>

More information about the radiator mailing list