(RADIATOR) logging IPASS accounting records to Database
Hugh Irvine
hugh at open.com.au
Wed Jan 15 19:23:01 CST 2003
Hello Tunde -
You just need to add an AuthBy SQL clause to your configuration file,
something like this:
<Client localhost>
# ipass client for VNAS (incoming metrong roamers)
Secret
Identifier ipassclient
IdenticalClients 63.10.10.212
RewriteUsername
s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
</Client>
<AuthBy RADIUS>
Identifier ipassNetserver
Host 63.10.10.211
Secret
AuthPort 11812
AcctPort 11813
AddToRequest Called-Station-Id=%{Called-Station-Id},
NAS-IP-Address=%N
DefaultSimultaneousUse 1
</AuthBy>
<AuthBy SQL>
Identifier SQLAccounting
DBSource .....
DBUsername .....
DBAuth .....
# empty AuthSelect to disable authentication
AuthSelect
# configure AccountingTable and AcctColumnDef's
AccountingTable IPASSACCOUNTING
AcctColumnDef .....
.....
</AuthBy>
<Handler Realm=myipass>
AcctLogFileName %L/ipass/detail
RewriteUsername
s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy ipassNetserver
</Handler>
<Handler Client-Identifier=ipassclient>
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/
UsernameCharset a-zA-Z0-9\._ at -
AcctLogFileName %L/account.log
PasswordLogFileName %L/password.log
SessionDatabase SDB1
AuthBy SQLClientauth
StripFromReply Framed-IP-Address
</Handler>
regards
Hugh
On Thursday, Jan 16, 2003, at 06:52 Australia/Melbourne, Ayotunde
Itayemi wrote:
> Hi Hugh, Hi All,
>
> I would like to log only IPASS accounting start and stop request to a
> database
> table so as to get some sort of record locally - how can I implement
> this?
> I want something a little bit "simpler" than the long detail file
> generated by
> the AcctLogFileName clause (see below pls). One can more easily peruse
> entries in an Oracle table.
>
> Regards,
> Tunde Itayemi.
>
>
> Relevant parts of my config :
>
> <Client localhost>
> # ipass client for VNAS (incoming metrong roamers)
> Secret
> Identifier ipassclient
> IdenticalClients 63.10.10.212
> RewriteUsername
> s/^IPASS\/([^@]+)\@([^@]+)$/IPASS\/$1#$2\@myipass/
> </Client>
>
> <AuthBy RADIUS>
> Identifier ipassNetserver
> Host 63.10.10.211
> Secret
> AuthPort 11812
> AcctPort 11813
> AddToRequest Called-Station-Id=%{Called-Station-Id},
> NAS-IP-From owner-radiator at open.com.au Wed Jan 15 14:23:50 2003
Received: (from majordomo at localhost)
by server1.open.com.au (8.11.0/8.11.0) id h0FKNoL19896
for radiatorzz-list; Wed, 15 Jan 2003 14:23:50 -0600
X-Authentication-Warning: server1.open.com.au: majordomo set sender to owner-radiator at open.com.au using -f
Received: from postman202.stms.stt.com.sg (postman202.stms.stt.com.sg [202.79.217.56])
by server1.open.com.au (8.11.0/8.11.0) with SMTP id h0FKNlx19889
for <radiator at open.com.au>; Wed, 15 Jan 2003 14:23:49 -0600
Received: (qmail 7212 invoked by uid 503); 16 Jan 2003 01:23:30 -0000
Received: from unknown (HELO stnmc003.stms.stt.com.sg) (10.200.4.1)
by 0 with SMTP; 16 Jan 2003 01:23:30 -0000
Subject: Re: (RADIATOR) 100% processor load outside the time service window
To: MStefan at enertel.nl
Cc: owner-radiator at open.com.au, radiator at open.com.au
X-Mailer: Lotus Notes Release 5.0.6a January 17, 2001
Message-ID: <OFEEA44638.DBAB6012-ON48256CB0.000785C0 at stms.stt.com.sg>
From: queksteven at stsunpage.st.com.sg
Date: Thu, 16 Jan 2003 09:23:29 +0800
X-MIMETrack: Serialize by Router on STNMC003/M/ST Group(Release 5.0.10 |March 22, 2002) at
01/16/2003 09:23:29 AM
MIME-Version: 1.0
Content-type: text/plain; charset=us-ascii
Sender: owner-radiator at open.com.au
Precedence: bulk
List-Id: <radiator.list-id.open.com.au>
Hi,
U should included the NODEFAULTs clauses.
Radiator will attempt to incremental the user ID when the query failed till
u Reboot the PC.
MStefan at enertel.nl 15/01/2003 11:48 PM
Sent by: owner-radiator at open.com.au
To: radiator at open.com.au
cc: (bcc: QUEK Steven/Mgr - IDD Network/STSunPage/ST Group)
Subject: (RADIATOR) 100% processor load outside the time service window
I was trying to implement the Time and Simultaneous-use check/reply items
but the radiator is getting nervous
Inside the service window We08:00-16:00 everything goes perfect but
outside
the server gets stuck(100% load and blocked)
I am running a test on my computer with NT and Access ODBC
Any clue/help appreciated ?
Wed Jan 15 16:42:20 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:42:20 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT410
Wed Jan 15 16:42:20 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:42:20 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:42:20 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT411
Wed Jan 15 16:42:20 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:42:20 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:42:20 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT412
Wed Jan 15 16:42:20 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT247
3
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuAddress=%N
> DefaultSimultaneousUse 1
> </AuthBy>
>
> <Handler Realm=myipass>
> AcctLogFileName %L/ipass/detail
> RewriteUsername
> s/^IPASS\/([^#]+)\#([^@]+)\@myipass$/IPASS\/$1\@$2/
> AuthBy ipassNetserver
> </Handler>
>
> <Handler Client-Identifier=ipassclient>
> AuthByPolicy ContinueWhileAccept
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/A-Z/a-z/
> UsernameCharset a-zA-Z0-9\._ at -
> AcctLogFileName %L/account.log
> PasswordLogFileName %L/password.log
> SessionDatabase SDB1
> AuthBy SQLClientauth
> StripFromReply Framed-IP-Address
> </Handler>
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
thSQL looks for match with
DEFAULT247
4
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT247
5
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT247
6
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT247
7
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT247
8
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT247
9
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT248
0
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL REJECT: Time: not within
an
all
owable Time range
Wed Jan 15 16:38:50 2003: DEBUG: Query is: select
CLID,ctime,dtimeout,portlimit
from whitelist where DNIS=12345 and CLID=1234
Wed Jan 15 16:38:50 2003: DEBUG: Radius::AuthSQL looks for match with
DEFAULT248
1
Kind Regards
Marius Stefan
Service Designer/Development Department
Enertel N.V
K.P van der Mandelelaan 130-144
3062 MB Rotterdam
Postbus 25226
3001 HE Rotterdam
Phone:+31(0)10 880 3798
Fax :+31(0)10 880 3901
Mobile:+31(0)65 460 4973
www.enertel.nl
#***************************************************************************
#
# Dit e-mailbericht met eventuele attachments is uitsluitend bestemd voor
de
# geadresseerde(n) en bevat mogelijk vertrouwelijke gegevens en/of is
# beschermd door intellectuele eigendomsrechten. Bent u niet de
# geadresseerde, neemt u dan zo spoedig mogelijk contact op met de afzender
# en verzoeken wij u het e-mailbericht en eventuele attachments van uw
# computer te verwijderen. Elk gebruik van de inhoud van dit e-mailbericht
# en eventuele attachments (waaronder verveelvoudiging, verspreiding of het
# anderzins openbaar maken in welke vorm dan ook) door andere personen dan
# de bedoelde geadresseerden is verboden. De weergegeven mening is puur
# persoonlijk en hoeft niet noodzakelijk over een te komen met die van
# Enertel. Enertel is niet aansprakelijk voor de inhoud van dit
# e-mailbericht en eventuele attachments.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list