(RADIATOR) change realm based on the dial-in box

Frank Danielson fdanielson at csky.com
Tue Apr 13 11:07:34 CDT 2004


Hi Bogdan-

It looks like you've confused NAS-Identifier and Identifier. According to
section 6.6 of my Radiator manual Identifier should be in field 14 of the
query. Your config should look something like this:

<ClientListSQL>
	DBSource        dbi:mysql:radiator
	DBUsername      radiator
	DBAuth          xxx

	GetClientQuery select Nas_ip,Secret,null,null,null,
	NasType,null,null,null,null,null,null,
	null,null,NasIdentifier from clients
</ClientListSQL>

Frank Danielson
Infrastructure Architect

ClearSky Mobile Media
56 E. Pine St.
Orlando, FL 32801
USA

1.407.515.8633

-----Original Message-----
From: Bogdan TARU [mailto:bgd at icomag.de]
Sent: Tuesday, April 13, 2004 10:53 AM
To: Hugh Irvine
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) change realm based on the dial-in box




	Dear Hugh and all,

 Thanks for the replies. This works indeed, but I still have one
 problem that I couldn't solve. I am trying to put all the
 informations about the clients in the database, and fetch them by
 using 'ClientListSQL'... But don't know how to assign a 'name' to a
 certain IP, thing that is pretty easily done in the configuration
 file:

 <Client x.x.x.x>
       Identifier Dialin-1
       .....
 </Client>

 <Client y.y.y.y>
       Identifier Dialin-2
       .....
 </Client>

 I have created a mysql database which looks like:

mysql> desc clients;
+---------------+--------------+------+-----+---------+----------------+
| Field         | Type         | Null | Key | Default | Extra
|
+---------------+--------------+------+-----+---------+----------------+
| id            | int(11)      |      | PRI | NULL    | auto_increment
|
| Nas_ip        | varchar(255) | YES  |     | NULL    |
|
| NasIdentifier | varchar(255) | YES  |     | NULL    |
|
| Secret        | varchar(16)  | YES  |     | NULL    |
|
| NasType       | varchar(30)  | YES  |     | Cisco   |
|
+---------------+--------------+------+-----+---------+----------------+

 And made entries for all the clients that I've got right now:

mysql> select id, Nas_ip,NasIdentifier,NasType from clients;
+----+--------------+---------------+---------+
| id | Nas_ip       | NasIdentifier | NasType |
+----+--------------+---------------+---------+
|  1 | 192.168.0.9  | cisco-1       | Cisco   |
|  2 | 192.168.0.10 | cisco-2       | Cisco   |
|  3 | 127.0.0.1    | localhost     | Cisco   |
+----+--------------+---------------+---------+
3 rows in set (0.00 sec)


 But a:

<ClientListSQL>
        DBSource        dbi:mysql:radiator
        DBUsername      radiator
        DBAuth          xxx

        GetClientQuery select Nas_ip,NasIdentifier,Secret,NasType from
clients
</ClientListSQL>

 doesn't work... 

 Any ideas?

 Thanks,
 bogdan


On Thu, Apr 08, 2004 at 08:41:55AM +1000, Hugh Irvine wrote:
> 
> Hello Bogdan -
> 
> I generally find it easier to use Handlers for this sort of thing.
> 
> # define Client clauses
> 
> <Client x.x.x.x>
> 	Identifier Dialin-1
> 	.....
> </Client>
> 
> <Client y.y.y.y>
> 	Identifier Dialin-2
> 	.....
> </Client>
> 
> ......
> 
> # define Handlers
> 
> <Handler Client-Identifier = Dialin-1>
> 	<AuthBy SQL>
> 		.....
> 	</AuthBy>
> 	.....
> </Handler>
> 
> <Handler Client-Identifier = Dialin-2>
> 	<AuthBy SQL>
> 		.....
> 	</AuthBy>
> 	.....
> </Handler>
> 
> 
> regards
> 
> Hugh
> 
> 
> 
> On 7 Apr 2004, at 19:30, Bogdan TARU wrote:
> 
> >
> >
> >	Hi guys,
> >
> > I have a scenario in which two cisco dialin boxes are accepting
> > dialins and should authentificate against a single radiator, but the
> > dialin infos should go to two different accounting mysql tables,
> > depending on the dialin box.
> >
> > I think this could be solved by running two radiators, but I'm
> > curious if there is any other way as well... for example, to modifiy
> > the realm of the dialin based on the dialin box, for example if the
> > realm was @1 and the dialin box was the first cisco, modify the realm
> > to @1-cisco1, and then create different <realm> statements. But don't
> > know exactly how can I decide from which dialin box I get the
> > authentification request, and how to 'add' the realm to the existing
> > realm...
> >
> > Could anyone help me?
> >
> > Thanks,
> > bogdan
> >
> >--
> >Archive at http://www.open.com.au/archives/radiator/
> >Announcements on radiator-announce at open.com.au
> >To unsubscribe, email 'majordomo at open.com.au' with
> >'unsubscribe radiator' in the body of the message.
> >
> >
> 
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list