(RADIATOR) Multiple Accounting DBs, Single Auth DB.
Hugh Irvine
hugh at open.com.au
Wed Jul 9 03:28:57 CDT 2003
Hello Kevin -
You will really need a slightly more complicated setup to do this.
# define AuthBy clauses
<AuthBy SQL>
Identifier SQLAccounting
.....
</AuthBy>
<AuthBy RADIUS>
Identifier Proxy1
......
AddToReply Class = Proxy1
</AuthBy>
<AuthBy RADIUS>
Identifier Proxy2
....
AddToReply Class = Proxy2
</AuthBy>
# define Handlers
<Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/, Class = Proxy1>
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy Proxy1
.....
</Handler>
<Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/, Class = Proxy2>
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy Proxy2
.....
</Handler>
<Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/>
AuthByPolicy ContinueAlways
AuthBy Proxy1
AuthBy Proxy2
.....
</Handler>
Note that in the above example, the access requests will be proxied to
both targets, which is what I understand you want from your
description, but I may have got it wrong (this is an unusual
configuration).
regards
Hugh
On Wednesday, Jul 9, 2003, at 07:17 Australia/Melbourne, Kevin McKee
wrote:
> Hi,
>
> I'm trying to create a handler that will authenticate a user by the
> first RADIUS proxy that responds, but then sends Accounting packets to
> that RADIUS proxy and an additional SQL server.
>
> I have included the handler I am currently working with. My problem
> is that Accounting packets are being caught by the AuthBy SQL clause
> and are not passing to the AuthBy RADIUS clauses. If I change the
> AuthByPolicy to ContinueWhileAccept, then it will authenticate and
> send accounting to both of the AuthBy RADIUS clauses, and I want it to
> only go out to the first responding one.
>
> Any ideas how to do this?
>
> Thanks,
>
> ------------------------- _ _
> Kevin McKee, Network Mgr _ __ | |_(_)
> Northwest Telephone, Inc. | '_ \| __| |
> Tel: +1 509 661 2000 x112 | | | | |_| |
> Fax: +1 509 661 2020 |_| |_|\__|_|
>
>
> -----------------------------------------------------------------------
> -
>
> <Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/>
> #
> # Sample Handler
> #
> MaxSessions 1
> AcctLogFileName %L/%Y%m%d-XXXXXX-detail
> SessionDatabase XXXX
> RejectHasReason
> <AuthBy SQL>
> # Accounting only Database
> # Needs a copy of the Accounting packets
> DateFormat %Y-%m-%d %H:%M:%S
> DBSource dbi:mysql:XXXXXX:XX.XX.XX.XXX
> DBUsername XXXX
> DBAuth XXXX
> IgnoreAuthentication
> AccountingStopsOnly
> AccountingTable ACCOUNTING%Y%m
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef
> ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef
> ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIPADDRESS,NAS-IP-Address
> AcctColumnDef
> ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause
> AcctColumnDef
> ASCENDCONNECTPROGRESS,Ascend-Connect-Progress
> AcctColumnDef
> ASCENDXMITRATE,Ascend-Xmit-Rate,Integer
> AcctColumnDef
> ASCENDDATARATE,Ascend-Data-Rate,Integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AcctColumnDef ISP,"XXXXX",literal
> AcctFailedLogFileName %L/detail.newdb
> </AuthBy>
> <AuthBy RADIUS>
> # Customer's Primary RADIUS server
> Host XXX.XXX.XXX.101
> Secret sharedsecret
> AuthPort 1645
> AcctPort 1646
> StripFromRequest NAS-Port-Id,NAS-Port-Type
> ReplyHook sub {
> ${$_[1]}->delete_attr('Framed-IP-Address'); }
> LocalAddress XX.XX.XX.XXX
> </AuthBy>
> <AuthBy RADIUS>
> # Customer's Backup RADIUS server
> Host XXX.XXX.XXX.102
> Secret sharedsecret
> AuthPort 1645
> AcctPort 1646
> StripFromRequest NAS-Port-Id,NAS-Port-Type
> ReplyHook sub {
> ${$_[1]}->delete_attr('Framed-IP-Address'); }
> LocalAddress XX.XX.XX.XXX
> </AuthBy>
> </Handler>
>
> -------------------------------------------------------------
> This email and the files transmitted with it are confidential
> and intended solely for the use of the individual or entity to
> which they are addressed. If you have received this email in
> error, please notify the sender.
>
> This footnote also confirms that this email message
> and attachments have been scanned for the presence
> of computer viruses.
> -------------------------------------------------------------
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list