AuthBy SQL - Accounting Only (no auth)


Tue May 13 18:09:29 CDT 2003 

Hi folks,

I've searched through the archives and am still having some difficulties
with accounting information to a SQL database (without authenticating
against the SQL database).  I've seen some posts that are close, but my
situation is a bit unique (aren't they all?)

My company is transitioning from a Windows NT domain to Active Directory.
Because of this, I need to be able to authenticate against both ADSI and NT.
Basically, ADSI is tried first, followed by NT.  Because of this, I have:

AuthByPolicy	ContinueWhileReject

in my config file, so it will continue down the line until done (but stop
once the user is authenticated).  In essence, if the user is found in AD
(via ADSI), authentication stops and the Authby NT is never tried.  This
works just fine.

In the examples I've seen on the list archives, the AuthByPolicy is set to
"ContinueAlways", which I don't think will work for our situation (correct
me if I'm wrong please).

So, I put an AuthBy SQL section in my config file.  Since I want
authentication to be ignored for this clause, I add "IgnoreAuthentication".
Accounting DOES work, however it would appear that the AuthBy SQL clause is
still trying to do authentication even though I've told it NOT to.  With
this section, ADSI or NT is never even tried.

Here's the snipped config file.  Any help is appreciated...

------
<Realm DEFAULT>

AuthByPolicy	ContinueWhileReject

<AuthBy SQL>
	DBSource        dbi:mysql:radius:<blah>
      DBUsername      radiator
      DBAuth          <blah>

	# Just accounting, no auth

	IgnoreAuthentication
	AuthSelect

	AccountingTable	ACCOUNTING
	AcctColumnDef	<blah blah blah>
	AcctColumnDef	...
</AuthBy>

<AuthBy ADSI>
	[ ADSI config goes here, works fine ]
</AuthBy>

<AuthBy NT>
	[ NT domain config here, works fine ]
</AuthBy>

</Realm>

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list