(RADIATOR) Problem mixing AuthBy File and AuthBy SQL

Matthew Trout MatthewTrout at businessserve.co.uk
Thu Feb 13 10:38:59 CST 2003 

Or not ... try this instead - should be rather closer to the truth

#!/usr/bin/perl 

$/ = "\n\n";            # Or, if those three dots are from your file,
"\n...\n" 
while (<STDIN>) {               # Feed the user section in here 
        s/^(\S+)\s+//; 
        my $user = $1; 
        my @vals; 
        my @names = map { m/(\s+)\S+=\S+"?([^"]+)/; push(@vals,"'$2'"); $1;
} 
                                        split(/,?\s+\n\s+/, $_); 
        unshift(@names, "username"); 
        unshift(@vals, $user); 
        print "INSERT INTO userdata ( ".join(', ', @names)." ) 
                VALUES ( ".join(', ', at vals)."\n"; 
}

 
=== end of script === 
That, or something like it without the typos (don't have time to test it,
I'm afraid) should produce insert queries you can run straight onto a
database with the attribute names as the fields

> -----Original Message----- 
> From: terry at ccis.net [mailto:terry at ccis.net] 
> Sent: Thursday, February 13, 2003 3:32 PM 
> To: radiator at open.com.au 
> Subject: (RADIATOR) Problem mixing AuthBy File and AuthBy SQL 
> 
> 
> We've been running radiator using unix password 
> authentication. I needed to 
> add CHAP, and based on input from the list, here's what I 
> did. I took the 
> original, which looks up users in a file "users2" which 
> contains all the 
> unique check items (and a default), with "AuthType= "UNIX"". Then the 
> username/password is checked against a unix-encrypted file, passwd2, 
> thusly: 
> -------------------------- 
> 
> # This AuthBy wil be used to authenticate anyting in the 
> # users2 file with Auth-Type=UNIX by looking in passwd2 
> <AuthBy UNIX> 
>      Identifier UNIX 
>      Filename %D/passwd2 
> </AuthBy> 
> 
> <Handler> 
>      # remove the "@domain" part (if it exists) 
>      RewriteUsername s/^([^@]+).*/$1/ 
>      # remove spaces 
>      RewriteUsername s/\s//g 
>      AuthByPolicy ContinueAlways 
>      AcctLogFileName     %L/detail 
>         <AuthBy SQL> 
>                 # AuthSelect with empty string means dont do auth 
>                 AuthSelect 
>                 DBSource        dbi:mysql:radius:marvin.ccis.net 
>                ...blah blah blah... 
>         </AuthBy> 
>      # Make sure they appear in the users2 file 
>      # Anyone with Auth-Type=UNIX in the users2 file will be 
>      # authenticated with the AuthBy UNIX above 
>         <AuthBy FILE> 
>                 Filename        %D/users2 
>         </AuthBy> 
> </Handler> 
> 
> 
> ----------------- 
> Now comes the sticky part.. I thought all I had to do to 
> enable plaintext 
> passwords (for CHAP) was add another AuthBy in the Handler, 
> which looks up 
> username/password pairs in a MySQL database: 
> ----------------- 
> 
>      # authenticate from info in the passwd3 (local) database 
>      <AuthBy SQL> 
>           DBSource  dbi:mysql:nocol_replication 
>           DBUsername     XXXXX 
>           DBAuth    XXXXX 
>           AuthSelect     select password from passwd3 where 
> username=%0 
>           AuthColumnDef  0, User-Password, check 
>      </AuthBy> 
> 
> ----------------- 
> ..but it occurred to me around 4AM that all the check items 
> that give our 
> customers static IPs, subnets, and ISDN access, as well as 
> denying access 
> to email-only users with a "Reject" clause, are back in the old users2 
> file, which is not referenced in the AuthBy SQL clause. I 
> think I could put 
> the check items in the database, but that would be very 
> difficult, as the 
> SQL file is generated by Platypus, and the check items 'users2' are 
> generated by unix, using a combination of automation and 
> manual exceptions 
> file, like this: 
> ----------------- 
> .... 
> ickien Auth-Type = "Reject" 
> villari Auth-Type = "Reject" 
> whitfordcc Auth-Type = "Reject" 
> whs Auth-Type = "Reject" 
> willson Auth-Type = "Reject" 
> wjinc Auth-Type = "Reject" 
> wm Auth-Type = "Reject" 
> wwwfaddis Auth-Type = "Reject" 
> wwwfrankelec Auth-Type = "Reject" 
> 
> #BEGIN AUTO generated ISDN Users - PLAT 02/13/2003 09:46:50 
> lorri    Auth-Type = "UNIX" 
>         User-Service-Type = Framed-User, 
>         Framed-Protocol = PPP, 
>         Framed-Address = 209.195.204.34, 
>         Framed-Netmask = 255.255.255.255, 
>         Framed-Routing = None, 
>         Framed-MTU = 1500, 
>         Framed-Compression = Van-Jacobsen-TCP-IP 
> ... 
> thesignalgw      Auth-Type = "UNIX" 
>         User-Service-Type = Framed-User, 
>         Framed-Protocol = PPP, 
>         Framed-Address = 209.195.209.218, 
>         Framed-Netmask = 255.255.255.248, 
>         Framed-MTU = 1500, 
>         Framed-Compression = Van-Jacobsen-TCP-IP 
> ... 
> DEFAULT Auth-Type = "UNIX", NAS-Port-Type = Async 
>         User-Service-Type = Framed-User, 
>         Framed-Protocol = PPP, 
>         Framed-Address = 255.255.255.254, 
>         Framed-Netmask = 255.255.255.255, 
>         Framed-Routing = None, 
>         Framed-MTU = 1500, 
>         Framed-Compression = Van-Jacobsen-TCP-IP... 
> 
> ------------------------------ 
> I guess the question here is: Is there any way I can tell the 
> AuthBy SQL to 
> fetch the check items from the users2 file, while using it's 
> username and 
> password fields for the authentication part? 
> 
> 
> 
> === 
> Archive at http://www.open.com.au/archives/radiator/ 
> Announcements on radiator-announce at open.com.au 
> To unsubscribe, email 'majordomo at open.com.au' with 
> 'unsubscribe radiator' in the body of the message. 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030213/998f4b97/attachment.html>

More information about the radiator mailing list