(RADIATOR) SQLRADIUS Failurepolicy
Frank Danielson
fdanielson at csky.com
Tue Apr 27 12:02:38 CDT 2004
The catch here is that it appears your query did not return any results so
there was no host to forward to. In that case there wold also be no
failurePolicy returned either. A good place to start would be to run the
query manually and make sure it gets results and they match what you have
defined with your HostColumnDef statements. In this instance what you really
need is a hardwired failurePolicy in the config file which is not currently
a feature. It's on my list of things to do when I get the time. A quick
review of the AuthSQLRADIUS.pm code tells me that you should be able to add
the failurePolicy keyword and add a fallback to the configured failurePolicy
if none is returned from the DB. Here's a diff of the changes I made-
diff AuthSQLRADIUS.pm AuthSQLRADIUS2.pm
20a21
> 'failurePolicy' => 'integer',
201a203,208
> } elsif (defined $self->{failurePolicy}) {
> # The config file told us how to deal with failure
> $self->adjustReply($p);
>
> $p->{Handler}->handlerResult
> ($p, $self->{failurePolicy}, 'SQLRADIUS Proxy failed');
202a210
>
Of course this hasn't been extensively tested and could burst into flames at
any moment.
Frank Danielson
Infrastructure Architect
ClearSky Mobile Media
56 E. Pine St.
Orlando, FL 32801
USA
-----Original Message-----
From: Keith Dornbusch [mailto:keith at uschoice.net]
Sent: Tuesday, April 27, 2004 11:49 AM
To: radiator at open.com.au
Subject: (RADIATOR) SQLRADIUS Failurepolicy
I am having a problem getting FailurePolicy to work in my <AuthBy
SQLRADIUS>.
FailurePolicy is set to 0 for ACCEPT.
Any Ideas?
Here is a sample of the Trace
---- Trace Start -----------------------
Tue Apr 27 10:33:27 2004: DEBUG: Rewrote user name to quailch1 at airpad.net
Tue Apr 27 10:33:27 2004: DEBUG: Handling request with Handler
'Realm=airpad.net'
Tue Apr 27 10:33:27 2004: DEBUG: Deleting session for quailch1 at airpad.net,
66.100.36.X, 20107
Tue Apr 27 10:33:27 2004: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER='66.100.36.X' and NASPORT=020107':
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthFILE:
Tue Apr 27 10:33:27 2004: DEBUG: Radius::AuthFILE looks for match with
quailch1 at airpad.net
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthSQL
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthSQL
Tue Apr 27 10:33:27 2004: DEBUG: Handling with Radius::AuthRADIUS
Tue Apr 27 10:33:27 2004: DEBUG: Query is: 'select HOST1, SECRET, AUTHPORT,
ACCTPORT, RETRIES, RETRYTIMEOUT, USEOLDASCENDPASSWORDS,
SERVERHASBROKENPORTNUMBERS, SERVERHASBROKENADDRESSES, IGNOREREPLYSIGNATURE,
FAILUREPOLICY from RADSQLRADIUS where TARGETNAME='airpad.net'':
Tue Apr 27 10:33:27 2004: INFO: AuthRADIUS could not find a working host to
forward to. Ignoring
Tue Apr 27 10:33:28 2004: DEBUG: Packet dump:
---------- Trace End ------------------------------------
Here is my .cfg file (partial)
------------ Start .cfg -------------------------
<Realm xxxxxxx.xxx>
# MaxSessions 1
# Log accounting to a detail file. %D is replaced by DbDir above
AcctLogFileName %L/detail
AuthByPolicy ContinueUntilAccept
# Log for all authentication attemps
PasswordLogFileName %L/%RPWLog
<AuthLog SQL>
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
Table radauthlog
# Identifier authlogger
LogSuccess 1
SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) values
(%t, '%n', 1)
LogFailure 1
FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON)
values (%t, '%n', 0, %1)
</AuthLog>
<StatsLog SQL>
# You need to specify which database to connect to:
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
# The logging interval in seconds (Default 600 Seconds or 10 Mins)
# Interval 2
# You can configure the SQL query to be used for each log.
# %0, %1 etc are replaced by each statistic, in alphabetical order
# of their name.This example just logs the time, object type, id and
# average responseTime
# InsertQuery insert into MYTABLE (TIME_STAMP, TYPE, ID, RESPONSETIME)
values (%0, %1, %2, %23)
</StatsLog>
<AuthBy FILE>
# Look up user details in a flat file
# %D is replaced by DbDir above
Filename %D/users
</AuthBy>
<AuthBy SQL>
# SQLRecoveryFile is Version 3.8 or higher
SQLRecoveryFile %L/missedaccounting
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
DateFormat '%b $d,%Y %H:%M:%S'
HandleAcctStatusTypes Start
AcctInsertQuery insert into %0(%1) values (%2)
AuthSelect
AccountingTable accounting
AcctColumnDef User_Name,User-Name
AcctColumnDef Start_Time,Timestamp
AcctColumnDef Stop_Time,Timestamp
AcctColumnDef State,State
AcctColumnDef Password,Password
AcctColumnDef Expiration,Expiration
AcctColumnDef Service_Type,Service-Type
AcctColumnDef Framed_Protocol,Framed-Protocol
AcctColumnDef Ascend_Assign_IP_Pool,Ascend-Assign-IP-Pool
AcctColumnDef Ascend_Idle_Limit,Ascend-Idle-Limit
AcctColumnDef Ascend_Maximum_Channels,Ascend-Maximum-Channels
AcctColumnDef Ascend_Minimum_Channels,Ascend-Minimum-Channels
AcctColumnDef Framed_IP_Address,Framed-IP-Address
AcctColumnDef Framed_IP_Netmask,Framed-IP-Netmask
AcctColumnDef NAS_IP_Address,NAS-IP-Address
AcctColumnDef NAS_Port,NAS-Port
AcctColumnDef NAS_Port_Type,NAS-Port-Type
AcctColumnDef Acct_Status_Type,Acct-Status-Type
AcctColumnDef Acct_Delay_Time,Acct-Delay-Time
AcctColumnDef Acct_Session_Id,Acct-Session-Id
AcctColumnDef Acct_Authentic,Acct-Authentic
AcctColumnDef Acct_Session_Time,Acct-Session-Time
AcctColumnDef Acct_Input_Octets,Acct-Input-Octets
AcctColumnDef Acct_Output_Octets,Acct-Output-Octets
AcctColumnDef Acct_Input_Packets,Acct-Input-Packets
AcctColumnDef Acct_Output_Packets,Acct-Output-Packets
AcctColumnDef Ascend_Disconnect_Cause,Ascend-Disconnect-Cause
AcctColumnDef Ascend_Connect_Progress,Ascend-Connect-Progress
AcctColumnDef Ascend_Xmit_Rate,Ascend-Xmit-Rate
AcctColumnDef Ascend_Data_Rate,Ascend-Data-Rate
AcctColumnDef Ascend_PreSession_Time,Ascend-PreSession-Time
AcctColumnDef Ascend_Pre_Input_Octets,Ascend-Pre-Input-Octets
AcctColumnDef Ascend_Pre_Output_Octets,Ascend-Pre-Output-Octets
AcctColumnDef Ascend_Pre_Input_Packets,Ascend-Pre-Input-Packets
AcctColumnDef Ascend_Pre_Output_Packets,Ascend-Pre-Output-Packets
AcctColumnDef Ascend_First_Dest,Ascend-First-Dest
AcctColumnDef Ascend_Multilink_ID,Ascend-Multilink-ID
AcctColumnDef Ascend_Num_In_Multilink,Ascend-Num-In-Multilink
AcctColumnDef Acct_Link_Count,Acct-Link-Count
AcctColumnDef Acct_Multi_Session_Id,Acct-Multi-Session-Id
AcctColumnDef Ascend_Modem_PortNo,Ascend-Modem-PortNo
AcctColumnDef Ascend_Modem_SlotNo,Ascend-Modem-SlotNo
AcctColumnDef Calling_Station_Id,Calling-Station-Id
AcctColumnDef Called_Station_Id,Called-Station-Id
AcctColumnDef CHAP_Password,CHAP-Password
AcctColumnDef Connect_Info,Connect-Info
AcctColumnDef Ascend_Handle_IPX,Ascend-Handle-IPX
AcctColumnDef NAS_Identifier,NAS-Identifier
AcctColumnDef CHAP_Challenge,CHAP-Challenge
AcctColumnDef Ascend_Netware_timeout,Ascend-Netware-timeout
AcctColumnDef Proxy_State,Proxy-State
AcctColumnDef Class,Class
AcctColumnDef Framed_Compression,Framed-Compression
AcctColumnDef Port_Limit,Port-Limit
AcctColumnDef Acct_Terminate_Cause,Acct-Terminate-Cause
AcctColumnDef CVX_SS7_Session_ID_Type,CVX-SS7-Session-ID-Type
AcctColumnDef CVX_Terminate_Cause,CVX-Terminate-Cause
AcctColumnDef Login_IP_Host,Login-IP-Host
AcctColumnDef User_Password,User-Password
AcctColumnDef Framed_Routing,Framed-Routing
AcctColumnDef Filter_Id,Filter-Id
AcctColumnDef Framed_MTU,Framed-MTU
AcctColumnDef Login_Service,Login-Service
AcctColumnDef Login_TCP_Port,Login-TCP-Port
AcctColumnDef Framed_Route,Framed-Route
AcctColumnDef Framed_IPX_Network,Framed-IPX-Network
AcctColumnDef Termination_Action,Termination-Action
AcctColumnDef Vendor_specific,Vendor-specific
AcctColumnDef Acct_Input_Gigawords,Acct-Input-Gigawords
AcctColumnDef Acct_Output_Gigawords,Acct-Output-Gigawords
AcctColumnDef Old_Password,Old-Password
AcctColumnDef Reply_Message,Reply-Message
AcctColumnDef Callback_Number,Callback-Number
AcctColumnDef Callback_ID,Callback-ID
AcctColumnDef User_Realm,User-Realm
AcctColumnDef CVX_Identification,CVX-Identification
AcctColumnDef Ascend_Source_Auth,Ascend-Source-Auth
AcctColumnDef Session_Authentic,Session-Authentic
AcctColumnDef Event_Timestamp,Event-Timestamp
AcctColumnDef cvx_ppp_inactivity_limit,CVX-PPP-Inactivity-Limit
AcctColumnDef GRIC_Timestamp,GRIC-Timestamp
AcctColumnDef Ascend_Modem_ShelfNo,Ascend-Modem-ShelfNo
AcctColumnDef Ascend_Owner_IP_Addr,Ascend-Owner-IP-Addr
AcctColumnDef Tunnel_Client_Endpoint,Tunnel-Client-Endpoint
AcctColumnDef Tunnel_Server_Endpoint,Tunnel-Server-Endpoint
AcctColumnDef Idle_Timeout,Idle-Timeout
AcctColumnDef Tunnel_Type,Tunnel-Type
AcctColumnDef Class_1,Class-1
AcctColumnDef Tunnel_ID,Tunnel-ID
AcctColumnDef Ascend_FR_Direct,Ascend-FR-Direct
AcctColumnDef CVX_VPOP_ID,CVX-VPOP-ID
AcctColumnDef CVX_Terminate_Component,CVX-Terminate-Component
AcctColumnDef Timestamp,Timestamp
DefaultSimultaneousUse 2
RejectEmptyPassword
</AuthBy>
<AuthBy SQL>
# SQLRecoveryFile is Version 3.8 or higher
SQLRecoveryFile %L/missedaccounting
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
DateFormat '%b $d,%Y %H:%M:%S'
HandleAcctStatusTypes Stop
# Start Record Fields Removed from stop Record Update
# set user_name = '%{User-Name}', nas_ip_address = '%{NAS-IP-Address}', \
# nas_port = '%{NAS-Port}', service_type = '%{Service-Type}',
framed_protocol = '%{Framed-Protocol}', \
# framed_ip_address = '%{Framed-IP-Address}', class = '%{Class}',
called_station_id = '%{Called-Station-Id}', \
# calling_station_id = '%{Calling-Station-Id}', nas_port_type =
'%{NAS-Port-Type}', connect_info = '%{Connect-Info}', \
AcctInsertQuery update %0 set Acct_Status_Type = '%{Acct-Status-Type}', \
Acct_Delay_Time = '%{Acct-Delay-Time}', Acct_Input_Octets =
'%{Acct-Input-Octets}', \
Acct_Output_Octets = '%{Acct-Output-Octets}', Acct_Authentic =
'%{Acct-Authentic}', \
Acct_Session_Time = '%{Acct-Session-Time}', Stop_Time = '%{Timestamp}', \
Acct_Input_Packets = '%{Acct-Input-Packets}', Acct_Output_Packets =
'%{Acct-Output-Packets}', \
Acct_Terminate_Cause = '%{Acct-Terminate-Cause}', \
Ascend_Pre_Input_Octets = '%{Ascend-Pre-Input-Octets}', \
Ascend_Pre_Output_Octets = '%{Ascend-Pre-Output-Octets}',
Ascend_Pre_Input_Packets = '%{Ascend-Pre-Input-Packets}', \
Ascend_Pre_Output_Packets = '%{Ascend-Pre-Output-Packets}',
Ascend_Disconnect_Cause = '%{Ascend-Disconnect-Cause}', \
Ascend_Connect_Progress = '%{Ascend-Connect-Progress}', Ascend_Data_Rate =
'%{Ascend-Data-Rate}', \
Ascend_PreSession_Time = '%{Ascend-PreSession-Time}', Ascend_Xmit_Rate =
'%{Ascend-Xmit-Rate}' \
where Acct_Session_Id = '%{Acct-Session-Id}'
# AcctInserQuery update %0 set nas_ip_address = '%{NAS-IP-Address}' where
acct_session_id = '%{Acct-Session-Id}'
AuthSelect
AccountingTable accounting
AcctColumnDef User_Name,User-Name
AcctColumnDef Start_Time,Timestamp
AcctColumnDef Stop_Time,Timestamp
AcctColumnDef State,State
AcctColumnDef Password,Password
AcctColumnDef Expiration,Expiration
AcctColumnDef Service_Type,Service-Type
AcctColumnDef Framed_Protocol,Framed-Protocol
AcctColumnDef Ascend_Assign_IP_Pool,Ascend-Assign-IP-Pool
AcctColumnDef Ascend_Idle_Limit,Ascend-Idle-Limit
AcctColumnDef Ascend_Maximum_Channels,Ascend-Maximum-Channels
AcctColumnDef Ascend_Minimum_Channels,Ascend-Minimum-Channels
AcctColumnDef Framed_IP_Address,Framed-IP-Address
AcctColumnDef Framed_IP_Netmask,Framed-IP-Netmask
AcctColumnDef NAS_IP_Address,NAS-IP-Address
AcctColumnDef NAS_Port,NAS-Port
AcctColumnDef NAS_Port_Type,NAS-Port-Type
AcctColumnDef Acct_Status_Type,Acct-Status-Type
AcctColumnDef Acct_Delay_Time,Acct-Delay-Time
AcctColumnDef Acct_Session_Id,Acct-Session-Id
AcctColumnDef Acct_Authentic,Acct-Authentic
AcctColumnDef Acct_Session_Time,Acct-Session-Time
AcctColumnDef Acct_Input_Octets,Acct-Input-Octets
AcctColumnDef Acct_Output_Octets,Acct-Output-Octets
AcctColumnDef Acct_Input_Packets,Acct-Input-Packets
AcctColumnDef Acct_Output_Packets,Acct-Output-Packets
AcctColumnDef Ascend_Disconnect_Cause,Ascend-Disconnect-Cause
AcctColumnDef Ascend_Connect_Progress,Ascend-Connect-Progress
AcctColumnDef Ascend_Xmit_Rate,Ascend-Xmit-Rate
AcctColumnDef Ascend_Data_Rate,Ascend-Data-Rate
AcctColumnDef Ascend_PreSession_Time,Ascend-PreSession-Time
AcctColumnDef Ascend_Pre_Input_Octets,Ascend-Pre-Input-Octets
AcctColumnDef Ascend_Pre_Output_Octets,Ascend-Pre-Output-Octets
AcctColumnDef Ascend_Pre_Input_Packets,Ascend-Pre-Input-Packets
AcctColumnDef Ascend_Pre_Output_Packets,Ascend-Pre-Output-Packets
AcctColumnDef Ascend_First_Dest,Ascend-First-Dest
AcctColumnDef Ascend_Multilink_ID,Ascend-Multilink-ID
AcctColumnDef Ascend_Num_In_Multilink,Ascend-Num-In-Multilink
AcctColumnDef Acct_Link_Count,Acct-Link-Count
AcctColumnDef Acct_Multi_Session_Id,Acct-Multi-Session-Id
AcctColumnDef Ascend_Modem_PortNo,Ascend-Modem-PortNo
AcctColumnDef Ascend_Modem_SlotNo,Ascend-Modem-SlotNo
AcctColumnDef Calling_Station_Id,Calling-Station-Id
AcctColumnDef Called_Station_Id,Called-Station-Id
AcctColumnDef CHAP_Password,CHAP-Password
AcctColumnDef Connect_Info,Connect-Info
AcctColumnDef Ascend_Handle_IPX,Ascend-Handle-IPX
AcctColumnDef NAS_Identifier,NAS-Identifier
AcctColumnDef CHAP_Challenge,CHAP-Challenge
AcctColumnDef Ascend_Netware_timeout,Ascend-Netware-timeout
AcctColumnDef Proxy_State,Proxy-State
AcctColumnDef Class,Class
AcctColumnDef Framed_Compression,Framed-Compression
AcctColumnDef Port_Limit,Port-Limit
AcctColumnDef Acct_Terminate_Cause,Acct-Terminate-Cause
AcctColumnDef CVX_SS7_Session_ID_Type,CVX-SS7-Session-ID-Type
AcctColumnDef CVX_Terminate_Cause,CVX-Terminate-Cause
AcctColumnDef Login_IP_Host,Login-IP-Host
AcctColumnDef User_Password,User-Password
AcctColumnDef Framed_Routing,Framed-Routing
AcctColumnDef Filter_Id,Filter-Id
AcctColumnDef Framed_MTU,Framed-MTU
AcctColumnDef Login_Service,Login-Service
AcctColumnDef Login_TCP_Port,Login-TCP-Port
AcctColumnDef Framed_Route,Framed-Route
AcctColumnDef Framed_IPX_Network,Framed-IPX-Network
AcctColumnDef Termination_Action,Termination-Action
AcctColumnDef Vendor_specific,Vendor-specific
AcctColumnDef Acct_Input_Gigawords,Acct-Input-Gigawords
AcctColumnDef Acct_Output_Gigawords,Acct-Output-Gigawords
AcctColumnDef Old_Password,Old-Password
AcctColumnDef Reply_Message,Reply-Message
AcctColumnDef Callback_Number,Callback-Number
AcctColumnDef Callback_ID,Callback-ID
AcctColumnDef User_Realm,User-Realm
AcctColumnDef CVX_Identification,CVX-Identification
AcctColumnDef Ascend_Source_Auth,Ascend-Source-Auth
AcctColumnDef Session_Authentic,Session-Authentic
AcctColumnDef Event_Timestamp,Event-Timestamp
AcctColumnDef cvx_ppp_inactivity_limit,CVX-PPP-Inactivity-Limit
AcctColumnDef GRIC_Timestamp,GRIC-Timestamp
AcctColumnDef Ascend_Modem_ShelfNo,Ascend-Modem-ShelfNo
AcctColumnDef Ascend_Owner_IP_Addr,Ascend-Owner-IP-Addr
AcctColumnDef Tunnel_Client_Endpoint,Tunnel-Client-Endpoint
AcctColumnDef Tunnel_Server_Endpoint,Tunnel-Server-Endpoint
AcctColumnDef Idle_Timeout,Idle-Timeout
AcctColumnDef Tunnel_Type,Tunnel-Type
AcctColumnDef Class_1,Class-1
AcctColumnDef Tunnel_ID,Tunnel-ID
AcctColumnDef Ascend_FR_Direct,Ascend-FR-Direct
AcctColumnDef CVX_VPOP_ID,CVX-VPOP-ID
AcctColumnDef CVX_Terminate_Component,CVX-Terminate-Component
AcctColumnDef Timestamp,Timestamp
DefaultSimultaneousUse 2
RejectEmptyPassword
</AuthBy>
<AuthBy SQLRADIUS>
# For downstream (PROXY) Radius use
# This uses the users realm to look up the target
# radius server in an SQL database
DBSource dbi:mysql:Radiator:xx.xxx.xx.xx:xxxx
DBUsername user
DBAuth pass
# NumHosts 2
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES,
RETRYTIMEOUT, \
USEOLDASCENDPASSWORDS, SERVERHASBROKENPORTNUMBERS,
SERVERHASBROKENADDRESSES, \
IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS \
where TARGETNAME='%R'
HostColumnDef 0,TARGETNAME
HostColumnDef 1,HOST1
HostColumnDef 2,HOST2
HostColumnDef 3,SECRET
HostColumnDef 4,AUTHPORT
HostColumnDef 5.ACCTPORT
HostColumnDef 6,RETRIES
HostColumnDef 7,RETRYTIMEOUT
HostColumnDef 8,USEOLDASCENDPASSWORDS
HostColumnDef 9,SERVERHASBROKENPORTNUMBERS
HostColumnDef 10,SERVERHASBROKENADDRESSES
HostColumnDef 11,IGNOREREPLYSIGNATURE
HostColumnDef 12,FAILUREPOLICY
</AuthBy>
</Realm>
---- End of <Realm>
Thanks;
Keith Dornbusch
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list