(RADIATOR) Can you use SQL if statements in radiator?

Toomas Kärner tomkar at estpak.ee
Fri Nov 28 00:56:18 CST 2003


Hi,

So in total second auhtby (or you can put it first too) would look like:

 <AuthBy SQL>
 DBSource dbi:ODBC:x
 DBUsername xx
 DBAuth xx

 FailureBackoffTime 30
 NoDefault
 IgnoreAuthentication
 #IgnoreAccounting
 AccountingStartsOnly
 AcctSQLStatement \
 update Login \
 set Expiry_Date = getdate() + 7, First_Use = getdate() \
         where Login_name = %U and \
         First_Use is NULL


 </AuthBy SQL>

Rgds.
Toomas

----- Original Message -----
From: "Mike McCauley" <mikem at open.com.au>
To: "Toomas Kärner" <tomkar at estpak.ee>; "Craig Gittens"
<cgittens at sunbeach.net>; "Radiator" <radiator at open.com.au>
Sent: Friday, November 28, 2003 8:46 AM
Subject: Re: (RADIATOR) Can you use SQL if statements in radiator?


> On Fri, 28 Nov 2003 05:26 pm, Toomas Kärner wrote:
> > Hi
> > I'm not sure if AuthSQLStatement  is executed when IgnoreAuthentication
is
> > set.
>
> It is not executed.
>
> > I'd suggest to use IgnoreAuthentication, AcctStart only and make an
> > AcctSQLStatement instead with the same query.
> >
> > Rgds.
> > Toomas
> > ps. I think that then the order change is not needed also.
> >
> > ----- Original Message -----
> > From: "Craig Gittens" <cgittens at sunbeach.net>
> > To: "Toomas Kärner" <tomkar at estpak.ee>; "Radiator"
<radiator at open.com.au>
> > Sent: Thursday, November 27, 2003 11:55 PM
> > Subject: RE: (RADIATOR) Can you use SQL if statements in radiator?
> >
> > > Ok, thanks to Toomas I have come up with this solution but it doesn't
> > > work unless I comment out the second AuthBy...it does do an ACCEPT for
> > > the
> >
> > first
> >
> > > AuthBy but doesn't work for some reason unless I comment out the
second
> > > AuthBy. Log below. It doesn't send a reply unless I comment out the
> > > second AuthBy.
> > >
> > > Thanks for your help guys.
> > >
> > > Craig.
> > >
> > > <Realm oneweek.sunbeach.net>
> > >
> > > #Will log Authentication failures to SQL table.
> > > AuthLog AuthSQLLogger
> > >
> > > RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> > > RewriteUsername s/^([^@]+).*/$1/
> > >
> > > #Continue to use AuthBy clauses if AccessAccept to get IP Address
> > > assigned AuthByPolicy ContinueUntilReject
> > > #Show Reject Reason From SQL Authenticate SP Query
> > > RejectHasReason
> > >
> > > <AuthBy SQL>
> > > DBSource dbi:ODBC:xx
> > > DBUsername xx
> > > DBAuth xx
> > >
> > > FailureBackoffTime 30
> > > NoDefault
> > > AddToReply Service-Type=Framed-User
> > > #DefaultSimultaneousUse 1
> > > CaseInsensitivePasswords
> > > RejectEmptyPassword
> > >
> > > # Accounting
> > > AccountingTable CallAccounting
> > > ....blah
> > >
> > >
> > > # Authentication query - calls function Authenticate.
> > > AuthSelect \
> > > select \
> > > Blah blah blah
> > >
> > > AuthColumnDef 0,User-Password,check
> > > AuthColumnDef 1,GENERIC,check
> > > AuthColumnDef 2,GENERIC,reply
> > >
> > > </AuthBy SQL>
> > >
> > >
> > > <AuthBy SQL>
> > > DBSource dbi:ODBC:x
> > > DBUsername xx
> > > DBAuth xx
> > >
> > > FailureBackoffTime 30
> > > NoDefault
> > > IgnoreAuthentication
> > > IgnoreAccounting
> > >
> > > AuthSQLStatement \
> > > update Login \
> > > set Expiry_Date = getdate() + 7, First_Use = getdate() \
> > >         where Login_name = %U and \
> > >         First_Use is NULL
> > >
> > >
> > > </AuthBy SQL>
> > >
> > > </Realm oneweek.sunbeach.net>
> > >
> > > Thu Nov 27 17:36:01 2003: DEBUG: Packet dump:
> > > *** Received from 196.3.210.94 port 2048 ....
> > > Code:       Access-Request
> > > Identifier: 209
> > > Authentic:  <23>_$<28>T<148>9<194><26>?<206><229>)s<207>%
> > > Attributes:
> > > User-Password =
> >
> > "n)|<220><137>?<2><161><185><241><152><223><29>/<239><141>"
> >
> > > NAS-Identifier = "5"
> > > User-Name = "sunweek0 at oneweek.sunbeach.net"
> > > Acct-Session-Id = "000032E9"
> > > Called-Station-Id = "2929700"
> > > Calling-Station-Id = "2462280430"
> > > NAS-Port = 1288
> > > NAS-Port-Type = Async
> > > Framed-Protocol = PPP
> > > Service-Type = Framed-User
> > >
> > > Thu Nov 27 17:36:01 2003: DEBUG: Handling request with Handler
> > > 'Realm=oneweek.sunbeach.net'
> > > Thu Nov 27 17:36:01 2003: DEBUG: Rewrote user name to
> > > sunweek0 at oneweek.sunbeach.net
> > > Thu Nov 27 17:36:01 2003: DEBUG: Rewrote user name to sunweek0
> > > Thu Nov 27 17:36:01 2003: DEBUG:  Deleting session for
> > > sunweek0 at oneweek.sunbeach.net, 196.3.210.94, 1288
> > > Thu Nov 27 17:36:01 2003: DEBUG: do query is: 'delete from RADONLINE
> > > where NASIDENTIFIER = '196.3.210.94' and NASPORT = 1288':
> > >
> > > Thu Nov 27 17:36:01 2003: DEBUG: Handling with Radius::AuthSQL
> > > Thu Nov 27 17:36:01 2003: DEBUG: Handling with Radius::AuthSQL:
> > > Thu Nov 27 17:36:01 2003: DEBUG: Query is: 'select LoginPassword,
> >
> > CheckAttr,
> >
> > > ReplyAttr from Authenticate('sunweek0', '2462280430', '11/27/2003
> >
> > 17:36:01',
> >
> > > 'Async')':
> > >
> > > Thu Nov 27 17:36:01 2003: DEBUG: Radius::AuthSQL looks for match with
> > > sunweek0
> > > Thu Nov 27 17:36:01 2003: DEBUG: Radius::AuthSQL ACCEPT:
> > > Thu Nov 27 17:36:01 2003: DEBUG: Handling with Radius::AuthSQL
> > >
> > > Thu Nov 27 17:36:03 2003: DEBUG: Packet dump:
> > > *** Received from 196.3.210.94 port 2048 ....
> > > Code:       Access-Request
> > > Identifier: 209
> > > Authentic:  <23>_$<28>T<148>9<194><26>?<206><229>)s<207>%
> > > Attributes:
> > > User-Password =
> >
> > "n)|<220><137>?<2><161><185><241><152><223><29>/<239><141>"
> >
> > > NAS-Identifier = "5"
> > > User-Name = "sunweek0 at oneweek.sunbeach.net"
> > > Acct-Session-Id = "000032E9"
> > > Called-Station-Id = "2929700"
> > > Calling-Station-Id = "2462280430"
> > > NAS-Port = 1288
> > > NAS-Port-Type = Async
> > > Framed-Protocol = PPP
> > > Service-Type = Framed-User
> > >
> > > Thu Nov 27 17:36:03 2003: INFO: Duplicate request id 209 received from
> > > 196.3.210.94(2048): ignored
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> --
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP etc on Unix, Windows, MacOS etc.
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list