(RADIATOR) SQL Accounting not working

Hugh Irvine hugh at open.com.au
Mon Jan 19 01:53:49 CST 2004


Hello Todd -

The way you have your configuration set up, only the authentication 
requests will be "passed through" the first AuthBy SQL clause, the 
accounting requests will not.

A more usual approach is to do something like this:

# use an AuthBy GROUP to change the AuthByPolicy

<Realm gtest.us>

	AuthByPolicy ContinueAlways

	<AuthBy SQL>
		.....
		# empty AuthSelect
		AuthSelect	
		# do accounting
		AccountingTable .....
		AcctColumnDef .....
		.....
	</AuthBy>

	<AuthBy GROUP>

		AuthByPolicy ContinueWhileAccept

		<AuthBy SQL>
			.....
			# do number checking
			.....
		</AuthBy>

		<AuthBy SQL>
			.....
			# do user checking
			.....
		</AuthBy>
	
	</AuthBy>

	......

</Realm>


To log authentication results you should use an AuthLog clause.

See section 6.54 in the manual ("doc/ref.html").

You will also find a great many example configuration files in the 
"goodies" directory.

regards

Hugh


On 19 Jan 2004, at 18:14, Your Own ISP .com wrote:

> I see what's happening now..
>
> See, I am using Two <AuthBy SQL> sections when a request comes into
> Radiator.
>
> I am doing this by pointing this:
>
>     <Realm gtest.us>
>         AuthByPolicy ContinueWhileAccept
>         AuthBy CheckCalledStationId_G
>     </Realm>
>
> To this:
>
> <AuthBy SQL>
>  Identifier CheckCalledStationId_G
>  DBSource dbi:.....
>  DBUsername   .....
>  DBAuth  ....
>  NoDefault
>  AuthSelect select Action from netg \
>   where DataNumber = '%{Called-Station-Id}'
>  AuthColumnDef 0, GENERIC, check
> </AuthBy>
>
> Then points back to this:
>
>     <AuthBy SQL>
>   Identifier MySQLAuth
>  DBSource dbi:.....
>  DBUsername   .....
>  DBAuth  .....
>
>  AccountingTable accounting
>  AcctColumnDef USERNAME,User-Name
>  AcctColumnDef TIME_STAMP,Timestamp,integer
>  AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>  AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>  AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>  AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>  AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>  AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>  AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>  AcctColumnDef NASIDENTIFIER,NAS-Identifier
>  AcctColumnDef NASPORT,NAS-Port,integer
>
>     </AuthBy>
>
>
> When I remove the number lookup from the mix, my logging works fine. 
> Once I
> turn the number checking back on, I can still Auth fine but my logging
> quites working.. Any idea why?
>
> Also, how could I log somewhere in an error log table or something 
> when a
> auth is rejected due to the Called-Station-ID not being valid?
>
> Thanks,
> Todd Routhier
> Lightwave Technologies, LLC.
>
> --
> Start Your Own Internet Service!
> http://www.YourOwnISP.com
>
> ISP Information Exchange
> http://www.ISPboard.com
>
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Hugh Irvine" <hugh at open.com.au>
> Cc: <radiator at open.com.au>; "Your Own ISP .com" 
> <mylist at lightwavetech.com>
> Sent: Monday, January 19, 2004 12:47 AM
> Subject: Re: (RADIATOR) SQL Accounting not working
>
>
>>
>> Hello again Todd -
>>
>> It sounds like either you are not receiving any accounting requests, 
>> or
>> the database insert is failing.
>>
>> regards
>>
>> Hugh
>>
>>
>>
>> On 19 Jan 2004, at 17:33, Hugh Irvine wrote:
>>
>>>
>>> Hello Todd -
>>>
>>> I will need to see a trace 4 debug from Radiator showing what is
>>> happening.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On 19 Jan 2004, at 17:08, Your Own ISP .com wrote:
>>>
>>>> I have been breaking my head on this for a few days off and on.
>>>>
>>>> I think I have my config file correct but I never see anything in my
>>>> "accounting" table..
>>>>
>>>> I see that Radiator is logging to the text file just fine, I can
>>>> dialup
>>>> through a NAS an get authed fine. I even have Radiator checking the
>>>> list of
>>>> phone numbers for each realm in a MySQL file.
>>>>
>>>> All my MySQL perms are right etc..
>>>>
>>>> I am at a loss.. I have pasted my config below, I have removed most
>>>> of the
>>>> realms so you all won't have to view such a large file.
>>>>
>>>> Any clues? Thanks!
>>>>
>>>> Thanks,
>>>> Todd Routhier
>>>> Lightwave Technologies, LLC.
>>>>
>>>> --
>>>> Start Your Own Internet Service!
>>>> http://www.YourOwnISP.com
>>>>
>>>> ISP Information Exchange
>>>> http://www.ISPboard.com
>>>>
>>>>
>>>> ############Config###############
>>>>
>>>> Foreground
>>>> #LogStdout
>>>> LogDir  c:/Program Files/Radiator
>>>> DbDir  c:/Program Files/Radiator
>>>> AuthPort 1645
>>>> AcctPort 1646
>>>>
>>>> # This will log at DEBUG level: very verbose
>>>> # User a lower trace level in production systems, typically use 3
>>>> Trace   4
>>>>
>>>> # You will probably want to add other Clients to suit your site,
>>>> # one for each NAS you want to work with. This will work
>>>> # at least with radpwtst running on the local machine
>>>>     <Client DEFAULT>
>>>>  Secret MySecret
>>>>  DupInterval 0
>>>>     </Client>
>>>>
>>>>     <Realm gtest.us>
>>>>         AuthByPolicy ContinueWhileAccept
>>>>         AuthBy MySQLAuth
>>>>         #AuthBy CheckCalledStationId_G
>>>>     </Realm>
>>>>
>>>> <AuthBy SQL>
>>>>  Identifier CheckCalledStationId_G
>>>>  DBSource dbi:mysql:<DatabaseName>:<MySqlIP>:<MySQLPort>
>>>>  DBUsername   <UID>
>>>>  DBAuth  <PASS>
>>>>  NoDefault
>>>>  AuthSelect select Action from netg \
>>>>   where DataNumber = '%{Called-Station-Id}'
>>>>  AuthColumnDef 0, GENERIC, check
>>>> </AuthBy>
>>>>
>>>>
>>>>     <AuthBy SQL>
>>>>   Identifier MySQLAuth
>>>>  DBSource dbi:mysql:<DatabaseName>:<MySqlIP>:<MySQLPort>
>>>>  DBUsername   <UID>
>>>>  DBAuth  <PASS>
>>>>
>>>>  AccountingTable accounting
>>>>  AcctColumnDef USERNAME,User-Name
>>>>  AcctColumnDef TIME_STAMP,Timestamp,integer
>>>>  AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
>>>>  AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>>>>  AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>>>>  AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>>>>  AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>>>>  AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>>>>  AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
>>>>  AcctColumnDef NASIDENTIFIER,NAS-Identifier
>>>>  AcctColumnDef NASPORT,NAS-Port,integer
>>>>
>>>>     </AuthBy>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> NB: have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>> -
>>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list