(RADIATOR) Postgres acct server

deden purnamahadi dedenph at hotmail.com
Wed Oct 29 04:16:39 CST 2003 

It worked !!
Thx Hugh !!



Warmest regards


ddn





>From: Hugh Irvine <hugh at open.com.au>
>To: "deden purnamahadi" <dedenph at hotmail.com>
>CC: radiator at open.com.au, chanakam at millenniumit.com
>Subject: Re: (RADIATOR) Postgres acct server
>Date: Wed, 29 Oct 2003 20:54:16 +1100
>
>
>Hello Deden -
>
>Here is another copy of an example showing how to do this.
>
>You will need two AuthBy clauses.
>
>You *must* use an AuthByPolicy of ContinueAlways and the authentication 
>*must* be done by the second AuthBy clause.
>
>
># configuration for LDAP and SQL
>
><Realm ....>
>	AuthByPolicy ContinueAlways
>	<AuthBy SQL>
>		# do accounting
>		AuthSelect
>		AccountingTable ACCOUNTING
>		AcctColumnDef ......
>		.....
>	</AuthBy>
>	<AuthBy LDAP2>
>		# do authentication
>		......
>	</AuthBy>
>	.....
></Realm>
>
>
>As mentioned in my previous mail this topic has been discussed numerous 
>times on the mailing list:
>
>	www.open.com.au/archives/radiator
>
>regards
>
>Hugh
>
>
>On 29/10/2003, at 8:10 PM, deden purnamahadi wrote:
>
>>dear all,
>>
>>here's my radius.cfg
>>
>>------------
>>
>>
>>Foreground
>>LogStdout
>>LogDir          /usr/local/src/Radiator-3.7/log
>>DbDir           .
>>#DbDir          /usr/local/srd/Radiator-3.7/raddb
>>Trace           4
>>
>># You will probably want to add other Clients to suit your site.
>><Client DEFAULT>
>>        Secret  mysecret
>>        DupInterval 0
>></Client>
>>
>><Realm DEFAULT>
>>        RewriteUsername s/^([^@]+).*/$1/
>>#       AcctLogFileName %L/details
>>
>>        <AuthBy LDAP2>
>>#               NoDefault
>>                Version         3
>>                Host            mail
>>                Port            389
>>                AuthDN          cn=root,o=adadeh,c=ID
>>                AuthPassword    secret
>>                BaseDN          o=adedeh,c=ID
>>                UsernameAttr    uid
>>                PasswordAttr    userPassword
>>                #AuthAttrDef    servicetype,Service-Type,check
>>                #AuthAttrDef    address,Frame-IP-Address,reply
>>                AddToReply      Framed-Protocol = PPP,\
>>                        Framed-IP-Netmask = 255.255.255.255,\
>>                        Framed-Routing = None,\
>>                        Framed-MTU = 1500,\
>>  Framed-Compression = Van-Jacobson-TCP-IP
>>                </AuthBy>
>>
>>
>>        <AuthBy SQL>
>>#do the accounting but not authentication
>>        AuthSelect
>>        DBSource        dbi:Pg:dbname=radiator
>>        DBUsername      post
>>        DBAuth          post
>>        AccountingTable accounting
>>        AcctColumnDef   username,User-Name
>>        AcctColumnDef   time_stamp,Timestamp,integer
>>        AcctColumnDef   acctstatustype,Acct-Status-Type
>>        AcctColumnDef   acctdelaytime,Acct-Delay-Time,integer
>>        AcctColumnDef   acctinputoctets,Acct-Input-Octets,integer
>>    AcctColumnDef   acctoutputoctets,Acct-Output-Octets,integer
>>        AcctColumnDef   acctsessionid,Acct-Session-Id
>>        AcctColumnDef   acctsessiontime,Acct-Session-Time,integer
>>        AcctColumnDef   acctterminatecause,Acct-Terminate-Cause
>>        AcctColumnDef   nasidentifier,NAS-Identifier
>>        AcctColumnDef   nasport,NAS-Port,integer
>>        AcctColumnDef   frameipaddress,Framed-IP-Address
>>
>>        # You can arrange to log accounting to a file if the
>>        # SQL insert fails with AcctFailedLogFileName
>>        # That way you could recover from a broken SQL
>>        # server
>>
>>        AcctFailedLogFileName %D/missedaccounting
>>
>>        #Check and reply items should be in LDAP ??
>>
>>
>>
>></AuthBy>
>>
>></Realm>
>>
>>
>>
>>--- here is the log file :
>>
>>Wed Oct 29 16:03:28 2003: DEBUG: Handling request with Handler 
>>'Realm=DEFAULT'
>>Wed Oct 29 16:03:28 2003: DEBUG: Rewrote user name to soleh
>>Wed Oct 29 16:03:28 2003: DEBUG:  Deleting session for soleh, 
>>203.63.154.1, 1234
>>Wed Oct 29 16:03:28 2003: DEBUG: Handling with Radius::AuthLDAP2:
>>Wed Oct 29 16:03:28 2003: INFO: Connecting to mail, port 389
>>Wed Oct 29 16:03:28 2003: INFO: Attempting to bind to LDAP server 
>>mail:389)
>>Wed Oct 29 16:03:28 2003: DEBUG: LDAP got result for 
>>uid=soleh,ou=isp,o=tot,c
>>=IX
>>Wed Oct 29 16:03:28 2003: DEBUG: LDAP got userPassword: test
>>Wed Oct 29 16:03:28 2003: DEBUG: Radius::AuthLDAP2 looks for match with 
>>soleh
>>Wed Oct 29 16:03:28 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
>>Wed Oct 29 16:03:28 2003: ERR: Bad attribute=value pair: Framed-Protocol = 
>>PPP,F
>>ramed-IP-Netmask = 255.255.255.255,Framed-Routing = None,Framed-MTU = 
>>1500,Frame
>>d-Compression = Van-Jacobson-TCP-IP
>>Wed Oct 29 16:03:28 2003: DEBUG: Access accepted for soleh
>>Wed Oct 29 16:03:28 2003: DEBUG: Packet dump:
>>*** Sending to 127.0.0.1 port 33006 ....
>>Code:       Access-Accept
>>Identifier: 192
>>Authentic:  1234567890123456
>>Attributes:
>>
>>Wed Oct 29 16:03:28 2003: DEBUG: Packet dump:
>>*** Received from 127.0.0.1 port 33006 ....
>>Code:       Accounting-Request
>>Identifier: 193
>>Authentic:  <186><17><214><240>=<200>v3-<149>6:<208><223>M<15>
>>Attributes:
>>        User-Name = "soleh"
>>        Service-Type = Framed-User
>>        NAS-IP-Address = 203.63.154.1
>>        NAS-Port = 1234
>>        NAS-Port-Type = Async
>>        Acct-Session-Id = "00001234"
>>        Acct-Status-Type = Start
>>        Called-Station-Id = "123456789"
>>        Calling-Station-Id = "98..................
>>
>>
>>-------
>>
>>
>>The acct is not written to Postgresql.
>>
>>Anyone could help ?
>>
>>
>>
>>
>>
>>
>>
>>Warmest regards
>>
>>
>>ddn
>>
>>_________________________________________________________________
>>The new MSN 8: advanced junk mail protection and 2 months FREE* 
>>http://join.msn.com/?page=features/junkmail
>>
>>===
>>Archive at http://www.open.com.au/archives/radiator/
>>Announcements on radiator-announce at open.com.au
>>To unsubscribe, email 'majordomo at open.com.au' with
>>'unsubscribe radiator' in the body of the message.
>>
>>
>
>NB: have you included a copy of your configuration file (no secrets),
>together with a trace 4 debug showing what is happening?
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>-
>CATool: Private Certificate Authority for Unix and Unix-like systems.
>

_________________________________________________________________
Cheer a special someone with a fun Halloween eCard from American Greetings! 
Go to  http://www.msn.americangreetings.com/index_msn.pd?source=msne134

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list