(RADIATOR) TTLS Accounting Problem
Sevcik Berndt
berndt.sevcik at tgm.ac.at
Tue Jan 6 08:52:10 CST 2004
I use TTLS for authentication. In the SQL database the User is always shown
as anonymous. I found out that the problem can be solved with the following
lines in the configuration (goodies/eap_ttls.cfg):
PreProcessingHook file:"goodies/eap_anon_hook.pl"
PostAuthHook file:"goodies/eap_anon_hook.pl"
There these lines are in the Handler clause. When you look at my
configuration I use one Handler four both PEAP and TTLS configuration. But
PEAP works without this patch. How can I only apply this patch to TTLS
Accounting?
AuthPort 1645
AcctPort 1646
<Client DEFAULT>
Secret XXX
DupInterval 0
</Client>
<ClientListSQL>
DBSource dbi:mysql:radius
DBUsername XXX
DBAuth XXX
</ClientListSQL>
<AuthBy SQL>
Identifier SQLAccounting
AuthSelect
DBSource dbi:mysql:radius
DBUsername XXX
DBAuth XXX
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
#AcctFailedLogFileName %D/missedaccounting
</AuthBy>
<AuthBy FILE>
Identifier OUTERAuthentication
Filename %D/users
EAPType PEAP,TTLS
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 1000
#EAPTLS_DHFile %D/certificates/cert/dh
#EAPTLS_CRLCheck
#EAPTLS_CRLFile %D/certificates/crl.pem
#EAPTLS_CRLFile %D/certificates/revocations.pem
AutoMPPEKeys
SSLeayTrace 4
</AuthBy>
<Handler TunnelledByPEAP=1>
RewriteUsername s/(.*)\\(.*)/$2/
<AuthBy LDAP2>
Identifier LDAPPEAPAuthentication
RcryptKey whatever
Host 10.2.4.21
AuthDN XXXXXXXXXXX
AuthPassword XXXXXXXXX
BaseDN XXXX
UsernameAttr uid
PasswordAttr profilePath
AuthAttrDef radiusAuthType,GENERIC,check
# You can enable debugging of the Net::LDAP
# module with this:
# Debug 255
EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler TunnelledByTTLS=1>
RewriteUsername s/(.*)\\(.*)/$2/
<AuthBy LDAP2>
Identifier LDAPTTLSAuthentication
RcryptKey whatever
Host 10.2.4.21
AuthDN XXXX
AuthPassword XXXX
BaseDN XXXX
UsernameAttr uid
PasswordAttr scriptPath
# AuthAttrDef radiusAuthType,GENERIC,check
# You can enable debugging of the Net::LDAP
# module with this:
# Debug 255
# EAPType MSCHAP-V2
</AuthBy>
</Handler>
<Handler Request-Type = Accounting-Request>
AuthBy SQLAccounting
</Handler>
<Handler>
# AuthByPolicy ContinueWhileReject
AuthBy OUTERAuthentication
# AuthBy PEAPAuthentication
</Handler>
Thanks
Berndt
-----------------------------------------
TGM - Die Schule der Technik
IT-Service
A-1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: berndt.sevcik at tgm.ac.at
-----------------------------------------
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list