AuthBy SQL - Accounting Only (no auth)
Tue May 13 18:09:29 CDT 2003
Hi folks,
I've searched through the archives and am still having some difficulties
with accounting information to a SQL database (without authenticating
against the SQL database). I've seen some posts that are close, but my
situation is a bit unique (aren't they all?)
My company is transitioning from a Windows NT domain to Active Directory.
Because of this, I need to be able to authenticate against both ADSI and NT.
Basically, ADSI is tried first, followed by NT. Because of this, I have:
AuthByPolicy ContinueWhileReject
in my config file, so it will continue down the line until done (but stop
once the user is authenticated). In essence, if the user is found in AD
(via ADSI), authentication stops and the Authby NT is never tried. This
works just fine.
In the examples I've seen on the list archives, the AuthByPolicy is set to
"ContinueAlways", which I don't think will work for our situation (correct
me if I'm wrong please).
So, I put an AuthBy SQL section in my config file. Since I want
authentication to be ignored for this clause, I add "IgnoreAuthentication".
Accounting DOES work, however it would appear that the AuthBy SQL clause is
still trying to do authentication even though I've told it NOT to. With
this section, ADSI or NT is never even tried.
Here's the snipped config file. Any help is appreciated...
------
<Realm DEFAULT>
AuthByPolicy ContinueWhileReject
<AuthBy SQL>
DBSource dbi:mysql:radius:<blah>
DBUsername radiator
DBAuth <blah>
# Just accounting, no auth
IgnoreAuthentication
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef <blah blah blah>
AcctColumnDef ...
</AuthBy>
<AuthBy ADSI>
[ ADSI config goes here, works fine ]
</AuthBy>
<AuthBy NT>
[ NT domain config here, works fine ]
</AuthBy>
</Realm>
-------------------------------------------------------
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list