(RADIATOR) Net Accelerator Config?
Kyle Hultman
khultman at lcmail.net
Thu Feb 19 11:04:38 CST 2004
Hi, I've got an interesting question, that I havent really seen on the
message board (maybe I havent looked hard enough). We're starting to do
a net accelerator with a third party company. I want it to be as
seamless as possible to my customers, so what I would like to do is have
a Y,N flag in the subscribers table in a field called Accelerator. If
it's set to Y then radius calls an <authby radius>, strips Accelerator
from the reply, and goes about it's business. If Accelerator = N, then
it just gets striped from the reply and goes about it's business as
normal. I'm not quite sure how to incorporate this though. Below is my
config file, secrets removed. Thanks.
# radius.cfg
#
# This is the LCS radius configuration file.
# Run the server in the Foreground
Foreground
# Set the information level
# 0 ERR
# 1 WARNING
# 2 NOTICE
# 3 INFO
# 4 DEBUG
# 5 DEBUG with raw packet dumps
Trace 3
# Bind to only a specific IP Address
BindAddress 24.75.105.102,127.0.0.1
# Listen for Authentication on port 1812 per RFC 2138
# Also bind to the deprecated port 1645 for legacy
AuthPort 1812,1645
# Listen for Accounting on port 1813 per RFC 2139
# Also bind to the deprecated port 1646 for legacy
AcctPort 1813,1646
# Load the dictionary
DictionaryFile /usr/local/etc/radiator/dictionary
# Log to Standard output as well
LogStdout
# Set the default log directory for file based logging
LogDir /var/log/radius
# Set the default dbDir for file based authentication
DbDir /usr/local/etc/radiator
# Set the Username Character set to reject based on line noise
UsernameCharset a-zA-Z0-9\._ at -
# Set the Username of who we want radiator to run as
User radiusd
# Set the Group of who we want radiator to run as
Group radiusd
# Tell radiator where snmpget is
SnmpgetProg /usr/local/bin/snmpget
<ClientListSQL>
DBSource dbi:mysql:x
DBUsername x
DBAuth x
</ClientListSQL>
<AuthLog SQL>
Identifier AuthLog_1
DBSource dbi:mysql:x
DBUsername x
DBAuth x
## Set the default Table
Table RADAUTHLOG
FailureQuery INSERT INTO RADAUTHLOG VALUES('%n', %t , %0, %1)
</AuthLog>
<AddressAllocator SQL>
DBSource dbi:mysql:x
DBUsername x
DBAuth x
Identifier myallocator
<AddressPool pool1>
Subnetmask 255.255.255.255
DNSServer 24.75.105.103
Range 24.75.107.2 24.75.107.96
</AddressPool>
<AddressPool pool2>
Subnetmask 255.255.255.255
DNSServer 12.155.97.27
Range 10.246.0.1 10.246.0.254
Range 10.246.1.0 10.246.1.254
Range 10.246.2.0 10.246.2.254
</AddressPool>
</AddressAllocator>
<Realm nesbeonline.com>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:mysql:x
DBUsername x
DBAuth x
AuthSelect select PASSWORD, \
ENCRYPTEDPASSWORD, \
PROTOCOL, \
CHECKATTR, \
REPLYATTR, \
PROFILE \
from NESBEONLINE \
where USERNAME='%n' and STATUS='A'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Encrypted-Password, check
AuthColumnDef 2, Framed-Protocol, reply
AuthColumnDef 3, GENERIC, check
AuthColumnDef 4, GENERIC, reply
AuthColumnDef 5, Profile, reply
AddToReply Service-Type = Framed-User
#cisco-avpair="ip:addr_pool=cm"
#cisco-avpair="lcp:interface-config=ip policy route-map
nesbe"
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:x
DBUsername x
DBAuth x
AuthSelect SELECT IDLETIMEOUT, SESSIONTIMEOUT \
FROM PROFILES WHERE
PROFILE='%{Reply:Profile}'
AuthColumnDef 0, Idle-Timeout, reply
AuthColumnDef 1, Session-Timeout, reply
StripFromReply Profile
</AuthBy>
<AuthBy DYNADDRESS>
# Point to the address allocator
Allocator myallocator
PoolHint pool2
</AuthBy>
</Realm>
<Realm DEFAULT>
AuthByPolicy ContinueWhileAccept
RewriteUsername s/^([^@]+).*/$1/
<AuthBy SQL>
DBSource dbi:mysql:x
DBUsername x
DBAuth x
Timeout 30
FailureBackoffTime 300
RejectEmptyPassword
# Set the default IP address group
#FramedGroup = 0
AuthSelect select PASSWORD, \
ENCRYPTEDPASSWORD, \
CRYPTPASSWD, \
PROTOCOL, \
IPADDRESS, \
IPNETMASK, \
MAXSESSIONS, \
PORTLIMIT, \
CHECKATTR, \
REPLYATTR, \
PROFILE \
from LCSUBSCRIBERS \
where USERNAME='%n' and STATUS='A'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Encrypted-Password, check
AuthColumnDef 2, Encrypted-Password, check
AuthColumnDef 3, Framed-Protocol, reply
AuthColumnDef 4, Framed-IP-Address, reply
AuthColumnDef 5, Framed-Netmask, reply
AuthColumnDef 6, Simultaneous-Use, check
AuthColumnDef 7, Port-Limit, reply
AuthColumnDef 8, GENERIC, check
AuthColumnDef 9, GENERIC, reply
AuthColumnDef 10, Profile, reply
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctFailedLogFileName %D/missedaccounting
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:x
DBUsername x
DBAuth x
AuthSelect SELECT IDLETIMEOUT, SESSIONTIMEOUT \
FROM PROFILES WHERE
PROFILE='%{Reply:Profile}'
AuthColumnDef 0, Idle-Timeout, reply
AuthColumnDef 1, Session-Timeout, reply
AddToReply Service-Type = Framed-User
StripFromReply Profile
</AuthBy>
<AuthBy DYNADDRESS>
# Point to the address allocator
Allocator myallocator
PoolHint pool1
</AuthBy>
SessionDatabase SDB1
AuthLog AuthLog_1
</Realm>
<SessionDatabase SQL>
## Set the database Identifier
Identifier SDB1
## Set the database source
DBSource dbi:mysql:x
DBUsername x
DBAuth x
AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, \
SERVICETYPE) values ('%n','%N',%{NAS-Port},'%{Acct-Session-Id}', \
%{Timestamp},'%{Framed-IP-Address}','%{NAS-Port-Type}', \
'%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and \
NASIDENTIFIER='%N' and NASPORT=%{NAS-Port}
ClearNasQuery delete from RADONLINE where NASIDENTIFIER="%N'
CountQuery select NASIDENTIFIER,NASPORT,ACCTSESSIONID from \
RADONLINE where USERNAME='%n'
</SessionDatabase>
<StatsLog SQL>
DBSource dbi:mysql:X
DBUsername X
DBAuth X
# Enter a statistic every 5 minutes
Interval 300
</StatsLog>
--
Kyle Hultman Lynchburg Computer Systems
Network Engineer 7605 Timberlake Road
khultman at lcmail.net Lynchburg, VA 24502
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list