(RADIATOR) SQLRADIUS Failurepolicy
Keith Dornbusch
keith at uschoice.net
Tue Apr 27 10:49:09 CDT 2004
I am having a problem getting FailurePolicy to work in my <AuthBy
SQLRADIUS>.
FailurePolicy is set to 0 for ACCEPT.
Any Ideas?
Here is a sample of the Trace
---- Trace Start -----------------------
Tue Apr 27 10:33:27 2004: DEBUG: Rewrote user name to quailch1 at airpad.net
Tue Apr 27 10:33:27 2004: DEBUG: Handling request with Handler
'Realm=airpad.net'
Tue Apr 27 10:33:27 2004: DEBUG: Deleting session for quailch1 at airpad.net,
66.100.36.X, 20107
Tue Apr 27 10:33:27 2004: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='66.100.36.X' and NASPORT=020107':
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthFILE:
Tue Apr 27 10:33:27 2004: DEBUG: Radius::AuthFILE looks for match with
quailch1 at airpad.net
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthSQL
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthSQL
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthRADIUS
Tue Apr 27 10:33:27 2004: DEBUG: Query is: 'select HOST1, SECRET, AUTHPORT,
ACCTPORT, RETRIES, RETRYTIMEOUT, USEOLDASCENDPASSWORDS,
SERVERHASBROKENPORTNUMBERS, SERVERHASBROKENADDRESSES, IGNOREREPLYSIGNATURE,
FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='airpad.net'':
Tue Apr 27 10:33:27 2004: INFO: AuthRADIUS could not find a working host to
forward to. Ignoring
Tue Apr 27 10:33:28 2004: DEBUG: Packet dump:
---------- Trace End ------------------------------------
Here is my .cfg file (partial)
------------ Start .cfg -------------------------
<Realm xxxxxxx.xxx>
# MaxSessions 1
# Log accounting to a detail file. %D is replaced by DbDir above
AcctLogFileName %L/detail
AuthByPolicy ContinueUntilAccept
# Log for all authentication attemps
PasswordLogFileName %L/%RPWLog
<AuthLog SQL>
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
Table radauthlog
# Identifier authlogger
LogSuccess 1
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) values
(%t, '%n', 1)
LogFailure 1
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON)
values (%t, '%n', 0, %1)
</AuthLog>
<StatsLog SQL>
# You need to specify which database to connect to:
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
# The logging interval in seconds (Default 600 Seconds or 10 Mins)
# Interval 2
# You can configure the SQL query to be used for each log.
# %0, %1 etc are replaced by each statistic, in alphabetical order
# of their name.This example just logs the time, object type, id and
# average responseTime
# InsertQuery insert into MYTABLE (TIME_STAMP, TYPE, ID, RESPONSETIME)
values (%0, %1, %2, %23)
</StatsLog>
<AuthBy FILE>
# Look up user details in a flat file
# %D is replaced by DbDir above
Filename %D/users
</AuthBy>
<AuthBy SQL>
# SQLRecoveryFile is Version 3.8 or higher
SQLRecoveryFile %L/missedaccounting
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
DateFormat '%b $d,%Y %H:%M:%S'
HandleAcctStatusTypes Start
AcctInsertQuery insert into %0(%1) values (%2)
AuthSelect
AccountingTable accounting
AcctColumnDef User_Name,User-Name
AcctColumnDef Start_Time,Timestamp
AcctColumnDef Stop_Time,Timestamp
AcctColumnDef State,State
AcctColumnDef Password,Password
AcctColumnDef Expiration,Expiration
AcctColumnDef Service_Type,Service-Type
AcctColumnDef Framed_Protocol,Framed-Protocol
AcctColumnDef Ascend_Assign_IP_Pool,Ascend-Assign-IP-Pool
AcctColumnDef Ascend_Idle_Limit,Ascend-Idle-Limit
AcctColumnDef Ascend_Maximum_Channels,Ascend-Maximum-Channels
AcctColumnDef Ascend_Minimum_Channels,Ascend-Minimum-Channels
AcctColumnDef Framed_IP_Address,Framed-IP-Address
AcctColumnDef Framed_IP_Netmask,Framed-IP-Netmask
AcctColumnDef NAS_IP_Address,NAS-IP-Address
AcctColumnDef NAS_Port,NAS-Port
AcctColumnDef NAS_Port_Type,NAS-Port-Type
AcctColumnDef Acct_Status_Type,Acct-Status-Type
AcctColumnDef Acct_Delay_Time,Acct-Delay-Time
AcctColumnDef Acct_Session_Id,Acct-Session-Id
AcctColumnDef Acct_Authentic,Acct-Authentic
AcctColumnDef Acct_Session_Time,Acct-Session-Time
AcctColumnDef Acct_Input_Octets,Acct-Input-Octets
AcctColumnDef Acct_Output_Octets,Acct-Output-Octets
AcctColumnDef Acct_Input_Packets,Acct-Input-Packets
AcctColumnDef Acct_Output_Packets,Acct-Output-Packets
AcctColumnDef Ascend_Disconnect_Cause,Ascend-Disconnect-Cause
AcctColumnDef Ascend_Connect_Progress,Ascend-Connect-Progress
AcctColumnDef Ascend_Xmit_Rate,Ascend-Xmit-Rate
AcctColumnDef Ascend_Data_Rate,Ascend-Data-Rate
AcctColumnDef Ascend_PreSession_Time,Ascend-PreSession-Time
AcctColumnDef Ascend_Pre_Input_Octets,Ascend-Pre-Input-Octets
AcctColumnDef Ascend_Pre_Output_Octets,Ascend-Pre-Output-Octets
AcctColumnDef Ascend_Pre_Input_Packets,Ascend-Pre-Input-Packets
AcctColumnDef Ascend_Pre_Output_Packets,Ascend-Pre-Output-Packets
AcctColumnDef Ascend_First_Dest,Ascend-First-Dest
AcctColumnDef Ascend_Multilink_ID,Ascend-Multilink-ID
AcctColumnDef Ascend_Num_In_Multilink,Ascend-Num-In-Multilink
AcctColumnDef Acct_Link_Count,Acct-Link-Count
AcctColumnDef Acct_Multi_Session_Id,Acct-Multi-Session-Id
AcctColumnDef Ascend_Modem_PortNo,Ascend-Modem-PortNo
AcctColumnDef Ascend_Modem_SlotNo,Ascend-Modem-SlotNo
AcctColumnDef Calling_Station_Id,Calling-Station-Id
AcctColumnDef Called_Station_Id,Called-Station-Id
AcctColumnDef CHAP_Password,CHAP-Password
AcctColumnDef Connect_Info,Connect-Info
AcctColumnDef Ascend_Handle_IPX,Ascend-Handle-IPX
AcctColumnDef NAS_Identifier,NAS-Identifier
AcctColumnDef CHAP_Challenge,CHAP-Challenge
AcctColumnDef Ascend_Netware_timeout,Ascend-Netware-timeout
AcctColumnDef Proxy_State,Proxy-State
AcctColumnDef Class,Class
AcctColumnDef Framed_Compression,Framed-Compression
AcctColumnDef Port_Limit,Port-Limit
AcctColumnDef Acct_Terminate_Cause,Acct-Terminate-Cause
AcctColumnDef CVX_SS7_Session_ID_Type,CVX-SS7-Session-ID-Type
AcctColumnDef CVX_Terminate_Cause,CVX-Terminate-Cause
AcctColumnDef Login_IP_Host,Login-IP-Host
AcctColumnDef User_Password,User-Password
AcctColumnDef Framed_Routing,Framed-Routing
AcctColumnDef Filter_Id,Filter-Id
AcctColumnDef Framed_MTU,Framed-MTU
AcctColumnDef Login_Service,Login-Service
AcctColumnDef Login_TCP_Port,Login-TCP-Port
AcctColumnDef Framed_Route,Framed-Route
AcctColumnDef Framed_IPX_Network,Framed-IPX-Network
AcctColumnDef Termination_Action,Termination-Action
AcctColumnDef Vendor_specific,Vendor-specific
AcctColumnDef Acct_Input_Gigawords,Acct-Input-Gigawords
AcctColumnDef Acct_Output_Gigawords,Acct-Output-Gigawords
AcctColumnDef Old_Password,Old-Password
AcctColumnDef Reply_Message,Reply-Message
AcctColumnDef Callback_Number,Callback-Number
AcctColumnDef Callback_ID,Callback-ID
AcctColumnDef User_Realm,User-Realm
AcctColumnDef CVX_Identification,CVX-Identification
AcctColumnDef Ascend_Source_Auth,Ascend-Source-Auth
AcctColumnDef Session_Authentic,Session-Authentic
AcctColumnDef Event_Timestamp,Event-Timestamp
AcctColumnDef cvx_ppp_inactivity_limit,CVX-PPP-Inactivity-Limit
AcctColumnDef GRIC_Timestamp,GRIC-Timestamp
AcctColumnDef Ascend_Modem_ShelfNo,Ascend-Modem-ShelfNo
AcctColumnDef Ascend_Owner_IP_Addr,Ascend-Owner-IP-Addr
AcctColumnDef Tunnel_Client_Endpoint,Tunnel-Client-Endpoint
AcctColumnDef Tunnel_Server_Endpoint,Tunnel-Server-Endpoint
AcctColumnDef Idle_Timeout,Idle-Timeout
AcctColumnDef Tunnel_Type,Tunnel-Type
AcctColumnDef Class_1,Class-1
AcctColumnDef Tunnel_ID,Tunnel-ID
AcctColumnDef Ascend_FR_Direct,Ascend-FR-Direct
AcctColumnDef CVX_VPOP_ID,CVX-VPOP-ID
AcctColumnDef CVX_Terminate_Component,CVX-Terminate-Component
AcctColumnDef Timestamp,Timestamp
DefaultSimultaneousUse 2
RejectEmptyPassword
</AuthBy>
<AuthBy SQL>
# SQLRecoveryFile is Version 3.8 or higher
SQLRecoveryFile %L/missedaccounting
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
DateFormat '%b $d,%Y %H:%M:%S'
HandleAcctStatusTypes Stop
# Start Record Fields Removed from stop Record Update
# set user_name = '%{User-Name}', nas_ip_address = '%{NAS-IP-Address}', \
# nas_port = '%{NAS-Port}', service_type = '%{Service-Type}',
framed_protocol = '%{Framed-Protocol}', \
# framed_ip_address = '%{Framed-IP-Address}', class = '%{Class}',
called_station_id = '%{Called-Station-Id}', \
# calling_station_id = '%{Calling-Station-Id}', nas_port_type =
'%{NAS-Port-Type}', connect_info = '%{Connect-Info}', \
AcctInsertQuery update %0 set Acct_Status_Type = '%{Acct-Status-Type}', \
Acct_Delay_Time = '%{Acct-Delay-Time}', Acct_Input_Octets =
'%{Acct-Input-Octets}', \
Acct_Output_Octets = '%{Acct-Output-Octets}', Acct_Authentic =
'%{Acct-Authentic}', \
Acct_Session_Time = '%{Acct-Session-Time}', Stop_Time = '%{Timestamp}', \
Acct_Input_Packets = '%{Acct-Input-Packets}', Acct_Output_Packets =
'%{Acct-Output-Packets}', \
Acct_Terminate_Cause = '%{Acct-Terminate-Cause}', \
Ascend_Pre_Input_Octets = '%{Ascend-Pre-Input-Octets}', \
Ascend_Pre_Output_Octets = '%{Ascend-Pre-Output-Octets}',
Ascend_Pre_Input_Packets = '%{Ascend-Pre-Input-Packets}', \
Ascend_Pre_Output_Packets = '%{Ascend-Pre-Output-Packets}',
Ascend_Disconnect_Cause = '%{Ascend-Disconnect-Cause}', \
Ascend_Connect_Progress = '%{Ascend-Connect-Progress}', Ascend_Data_Rate =
'%{Ascend-Data-Rate}', \
Ascend_PreSession_Time = '%{Ascend-PreSession-Time}', Ascend_Xmit_Rate =
'%{Ascend-Xmit-Rate}' \
where Acct_Session_Id = '%{Acct-Session-Id}'
# AcctInserQuery update %0 set nas_ip_address = '%{NAS-IP-Address}' where
acct_session_id = '%{Acct-Session-Id}'
AuthSelect
AccountingTable accounting
AcctColumnDef User_Name,User-Name
AcctColumnDef Start_Time,Timestamp
AcctColumnDef Stop_Time,Timestamp
AcctColumnDef State,State
AcctColumnDef Password,Password
AcctColumnDef Expiration,Expiration
AcctColumnDef Service_Type,Service-Type
AcctColumnDef Framed_Protocol,Framed-Protocol
AcctColumnDef Ascend_Assign_IP_Pool,Ascend-Assign-IP-Pool
AcctColumnDef Ascend_Idle_Limit,Ascend-Idle-Limit
AcctColumnDef Ascend_Maximum_Channels,Ascend-Maximum-Channels
AcctColumnDef Ascend_Minimum_Channels,Ascend-Minimum-Channels
AcctColumnDef Framed_IP_Address,Framed-IP-Address
AcctColumnDef Framed_IP_Netmask,Framed-IP-Netmask
AcctColumnDef NAS_IP_Address,NAS-IP-Address
AcctColumnDef NAS_Port,NAS-Port
AcctColumnDef NAS_Port_Type,NAS-Port-Type
AcctColumnDef Acct_Status_Type,Acct-Status-Type
AcctColumnDef Acct_Delay_Time,Acct-Delay-Time
AcctColumnDef Acct_Session_Id,Acct-Session-Id
AcctColumnDef Acct_Authentic,Acct-Authentic
AcctColumnDef Acct_Session_Time,Acct-Session-Time
AcctColumnDef Acct_Input_Octets,Acct-Input-Octets
AcctColumnDef Acct_Output_Octets,Acct-Output-Octets
AcctColumnDef Acct_Input_Packets,Acct-Input-Packets
AcctColumnDef Acct_Output_Packets,Acct-Output-Packets
AcctColumnDef Ascend_Disconnect_Cause,Ascend-Disconnect-Cause
AcctColumnDef Ascend_Connect_Progress,Ascend-Connect-Progress
AcctColumnDef Ascend_Xmit_Rate,Ascend-Xmit-Rate
AcctColumnDef Ascend_Data_Rate,Ascend-Data-Rate
AcctColumnDef Ascend_PreSession_Time,Ascend-PreSession-Time
AcctColumnDef Ascend_Pre_Input_Octets,Ascend-Pre-Input-Octets
AcctColumnDef Ascend_Pre_Output_Octets,Ascend-Pre-Output-Octets
AcctColumnDef Ascend_Pre_Input_Packets,Ascend-Pre-Input-Packets
AcctColumnDef Ascend_Pre_Output_Packets,Ascend-Pre-Output-Packets
AcctColumnDef Ascend_First_Dest,Ascend-First-Dest
AcctColumnDef Ascend_Multilink_ID,Ascend-Multilink-ID
AcctColumnDef Ascend_Num_In_Multilink,Ascend-Num-In-Multilink
AcctColumnDef Acct_Link_Count,Acct-Link-Count
AcctColumnDef Acct_Multi_Session_Id,Acct-Multi-Session-Id
AcctColumnDef Ascend_Modem_PortNo,Ascend-Modem-PortNo
AcctColumnDef Ascend_Modem_SlotNo,Ascend-Modem-SlotNo
AcctColumnDef Calling_Station_Id,Calling-Station-Id
AcctColumnDef Called_Station_Id,Called-Station-Id
AcctColumnDef CHAP_Password,CHAP-Password
AcctColumnDef Connect_Info,Connect-Info
AcctColumnDef Ascend_Handle_IPX,Ascend-Handle-IPX
AcctColumnDef NAS_Identifier,NAS-Identifier
AcctColumnDef CHAP_Challenge,CHAP-Challenge
AcctColumnDef Ascend_Netware_timeout,Ascend-Netware-timeout
AcctColumnDef Proxy_State,Proxy-State
AcctColumnDef Class,Class
AcctColumnDef Framed_Compression,Framed-Compression
AcctColumnDef Port_Limit,Port-Limit
AcctColumnDef Acct_Terminate_Cause,Acct-Terminate-Cause
AcctColumnDef CVX_SS7_Session_ID_Type,CVX-SS7-Session-ID-Type
AcctColumnDef CVX_Terminate_Cause,CVX-Terminate-Cause
AcctColumnDef Login_IP_Host,Login-IP-Host
AcctColumnDef User_Password,User-Password
AcctColumnDef Framed_Routing,Framed-Routing
AcctColumnDef Filter_Id,Filter-Id
AcctColumnDef Framed_MTU,Framed-MTU
AcctColumnDef Login_Service,Login-Service
AcctColumnDef Login_TCP_Port,Login-TCP-Port
AcctColumnDef Framed_Route,Framed-Route
AcctColumnDef Framed_IPX_Network,Framed-IPX-Network
AcctColumnDef Termination_Action,Termination-Action
AcctColumnDef Vendor_specific,Vendor-specific
AcctColumnDef Acct_Input_Gigawords,Acct-Input-Gigawords
AcctColumnDef Acct_Output_Gigawords,Acct-Output-Gigawords
AcctColumnDef Old_Password,Old-Password
AcctColumnDef Reply_Message,Reply-Message
AcctColumnDef Callback_Number,Callback-Number
AcctColumnDef Callback_ID,Callback-ID
AcctColumnDef User_Realm,User-Realm
AcctColumnDef CVX_Identification,CVX-Identification
AcctColumnDef Ascend_Source_Auth,Ascend-Source-Auth
AcctColumnDef Session_Authentic,Session-Authentic
AcctColumnDef Event_Timestamp,Event-Timestamp
AcctColumnDef cvx_ppp_inactivity_limit,CVX-PPP-Inactivity-Limit
AcctColumnDef GRIC_Timestamp,GRIC-Timestamp
AcctColumnDef Ascend_Modem_ShelfNo,Ascend-Modem-ShelfNo
AcctColumnDef Ascend_Owner_IP_Addr,Ascend-Owner-IP-Addr
AcctColumnDef Tunnel_Client_Endpoint,Tunnel-Client-Endpoint
AcctColumnDef Tunnel_Server_Endpoint,Tunnel-Server-Endpoint
AcctColumnDef Idle_Timeout,Idle-Timeout
AcctColumnDef Tunnel_Type,Tunnel-Type
AcctColumnDef Class_1,Class-1
AcctColumnDef Tunnel_ID,Tunnel-ID
AcctColumnDef Ascend_FR_Direct,Ascend-FR-Direct
AcctColumnDef CVX_VPOP_ID,CVX-VPOP-ID
AcctColumnDef CVX_Terminate_Component,CVX-Terminate-Component
AcctColumnDef Timestamp,Timestamp
DefaultSimultaneousUse 2
RejectEmptyPassword
</AuthBy>
<AuthBy SQLRADIUS>
# For downstream (PROXY) Radius use
# This uses the users realm to look up the target
# radius server in an SQL database
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
# NumHosts 2
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES,
RETRYTIMEOUT, \
USEOLDASCENDPASSWORDS, SERVERHASBROKENPORTNUMBERS,
SERVERHASBROKENADDRESSES, \
IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS \
where TARGETNAME='%R'
HostColumnDef 0,TARGETNAME
HostColumnDef 1,HOST1
HostColumnDef 2,HOST2
HostColumnDef 3,SECRET
HostColumnDef 4,AUTHPORT
HostColumnDef 5.ACCTPORT
HostColumnDef 6,RETRIES
HostColumnDef 7,RETRYTIMEOUT
HostColumnDef 8,USEOLDASCENDPASSWORDS
HostColumnDef 9,SERVERHASBROKENPORTNUMBERS
HostColumnDef 10,SERVERHASBROKENADDRESSES
HostColumnDef 11,IGNOREREPLYSIGNATURE
HostColumnDef 12,FAILUREPOLICY
</AuthBy>
</Realm>
---- End of <Realm>
Thanks;
Keith Dornbusch
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list