(RADIATOR) Postgres acct server
Hugh Irvine
hugh at open.com.au
Wed Oct 29 03:54:16 CST 2003
Hello Deden -
Here is another copy of an example showing how to do this.
You will need two AuthBy clauses.
You *must* use an AuthByPolicy of ContinueAlways and the authentication
*must* be done by the second AuthBy clause.
# configuration for LDAP and SQL
<Realm ....>
AuthByPolicy ContinueAlways
<AuthBy SQL>
# do accounting
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef ......
.....
</AuthBy>
<AuthBy LDAP2>
# do authentication
......
</AuthBy>
.....
</Realm>
As mentioned in my previous mail this topic has been discussed numerous
times on the mailing list:
www.open.com.au/archives/radiator
regards
Hugh
On 29/10/2003, at 8:10 PM, deden purnamahadi wrote:
> dear all,
>
> here's my radius.cfg
>
> ------------
>
>
> Foreground
> LogStdout
> LogDir /usr/local/src/Radiator-3.7/log
> DbDir .
> #DbDir /usr/local/srd/Radiator-3.7/raddb
> Trace 4
>
> # You will probably want to add other Clients to suit your site.
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
> <Realm DEFAULT>
> RewriteUsername s/^([^@]+).*/$1/
> # AcctLogFileName %L/details
>
> <AuthBy LDAP2>
> # NoDefault
> Version 3
> Host mail
> Port 389
> AuthDN cn=root,o=adadeh,c=ID
> AuthPassword secret
> BaseDN o=adedeh,c=ID
> UsernameAttr uid
> PasswordAttr userPassword
> #AuthAttrDef servicetype,Service-Type,check
> #AuthAttrDef address,Frame-IP-Address,reply
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
>
>
> <AuthBy SQL>
> #do the accounting but not authentication
> AuthSelect
> DBSource dbi:Pg:dbname=radiator
> DBUsername post
> DBAuth post
> AccountingTable accounting
> AcctColumnDef username,User-Name
> AcctColumnDef time_stamp,Timestamp,integer
> AcctColumnDef acctstatustype,Acct-Status-Type
> AcctColumnDef acctdelaytime,Acct-Delay-Time,integer
> AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
> AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
> AcctColumnDef acctsessionid,Acct-Session-Id
> AcctColumnDef acctsessiontime,Acct-Session-Time,integer
> AcctColumnDef acctterminatecause,Acct-Terminate-Cause
> AcctColumnDef nasidentifier,NAS-Identifier
> AcctColumnDef nasport,NAS-Port,integer
> AcctColumnDef frameipaddress,Framed-IP-Address
>
> # You can arrange to log accounting to a file if the
> # SQL insert fails with AcctFailedLogFileName
> # That way you could recover from a broken SQL
> # server
>
> AcctFailedLogFileName %D/missedaccounting
>
> #Check and reply items should be in LDAP ??
>
>
>
> </AuthBy>
>
> </Realm>
>
>
>
> --- here is the log file :
>
> Wed Oct 29 16:03:28 2003: DEBUG: Handling request with Handler
> 'Realm=DEFAULT'
> Wed Oct 29 16:03:28 2003: DEBUG: Rewrote user name to soleh
> Wed Oct 29 16:03:28 2003: DEBUG: Deleting session for soleh,
> 203.63.154.1, 1234
> Wed Oct 29 16:03:28 2003: DEBUG: Handling with Radius::AuthLDAP2:
> Wed Oct 29 16:03:28 2003: INFO: Connecting to mail, port 389
> Wed Oct 29 16:03:28 2003: INFO: Attempting to bind to LDAP server
> mail:389)
> Wed Oct 29 16:03:28 2003: DEBUG: LDAP got result for
> uid=soleh,ou=isp,o=tot,c
> =IX
> Wed Oct 29 16:03:28 2003: DEBUG: LDAP got userPassword: test
> Wed Oct 29 16:03:28 2003: DEBUG: Radius::AuthLDAP2 looks for match
> with soleh
> Wed Oct 29 16:03:28 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
> Wed Oct 29 16:03:28 2003: ERR: Bad attribute=value pair:
> Framed-Protocol = PPP,F
> ramed-IP-Netmask = 255.255.255.255,Framed-Routing = None,Framed-MTU =
> 1500,Frame
> d-Compression = Van-Jacobson-TCP-IP
> Wed Oct 29 16:03:28 2003: DEBUG: Access accepted for soleh
> Wed Oct 29 16:03:28 2003: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 33006 ....
> Code: Access-Accept
> Identifier: 192
> Authentic: 1234567890123456
> Attributes:
>
> Wed Oct 29 16:03:28 2003: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 33006 ....
> Code: Accounting-Request
> Identifier: 193
> Authentic: <186><17><214><240>=<200>v3-<149>6:<208><223>M<15>
> Attributes:
> User-Name = "soleh"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "98..................
>
>
> -------
>
>
> The acct is not written to Postgresql.
>
> Anyone could help ?
>
>
>
>
>
>
>
> Warmest regards
>
>
> ddn
>
> _________________________________________________________________
> The new MSN 8: advanced junk mail protection and 2 months FREE*
> http://join.msn.com/?page=features/junkmail
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list