(RADIATOR) AuthBy SQL - Accounting Only (no auth)
Hugh Irvine
hugh at open.com.au
Tue May 13 23:45:17 CDT 2003
Hello Mark -
You will need to use the AuthBy GROUP construct to be able to apply
different AuthByPolicy's.
Something like this:
# define AuthBy clauses
<AuthBy SQL>
Identifier SQLAccounting
DBSource dbi:mysql:radius:<blah>
DBUsername radiator
DBAuth <blah>
# Just accounting, no auth
IgnoreAuthentication
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef <blah blah blah>
AcctColumnDef ...
</AuthBy>
<AuthBy ADSI>
Identifier CheckADSI
[ ADSI config goes here, works fine ]
</AuthBy>
<AuthBy NT>
Identifier CheckNT
[ NT domain config here, works fine ]
</AuthBy>
# define AuthBy GROUP
<AuthBy GROUP>
Identifier CheckUser
AuthByPolicy ContinueUntilAccept
AuthBy CheckNT
AuthBy CheckADSI
</AuthBy>
# define Realm's
<Realm DEFAULT>
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy CheckUsers
.....
</Realm>
Hope that helps.
regards
Hugh
>
> Hi folks,
>
> I've searched through the archives and am still having some
> difficulties
> with accounting information to a SQL database (without authenticating
> against the SQL database). I've seen some posts that are close, but my
> situation is a bit unique (aren't they all?)
>
> My company is transitioning from a Windows NT domain to Active
> Directory.
> Because of this, I need to be able to authenticate against both ADSI
> and NT.
> Basically, ADSI is tried first, followed by NT. Because of this, I
> have:
>
> AuthByPolicy ContinueWhileReject
>
> in my config file, so it will continue down the line until done (but
> stop
> once the user is authenticated). In essence, if the user is found in
> AD
> (via ADSI), authentication stops and the Authby NT is never tried.
> This
> works just fine.
>
> In the examples I've seen on the list archives, the AuthByPolicy is
> set to
> "ContinueAlways", which I don't think will work for our situation
> (correct
> me if I'm wrong please).
>
> So, I put an AuthBy SQL section in my config file. Since I want
> authentication to be ignored for this clause, I add
> "IgnoreAuthentication".
> Accounting DOES work, however it would appear that the AuthBy SQL
> clause is
> still trying to do authentication even though I've told it NOT to.
> With
> this section, ADSI or NT is never even tried.
>
> Here's the snipped config file. Any help is appreciated...
>
> ------
> <Realm DEFAULT>
>
> AuthByPolicy ContinueWhileReject
>
> <AuthBy SQL>
> DBSource dbi:mysql:radius:<blah>
> DBUsername radiator
> DBAuth <blah>
>
> # Just accounting, no auth
>
> IgnoreAuthentication
> AuthSelect
>
> AccountingTable ACCOUNTING
> AcctColumnDef <blah blah blah>
> AcctColumnDef ...
> </AuthBy>
>
> <AuthBy ADSI>
> [ ADSI config goes here, works fine ]
> </AuthBy>
>
> <AuthBy NT>
> [ NT domain config here, works fine ]
> </AuthBy>
>
> </Realm>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list