(RADIATOR) AuthBy LDAP + SQL accounting

Hugh Irvine hugh at open.com.au
Thu Jul 15 02:56:54 CDT 2004 

Hello Andrew -

Keep in mind that the radius accounting happens _after_ the 
authentication, so you can use the Class attribute when you do the 
authentication to carry the LDAP attribute in the access accept that is 
returned to the NAS. The Class attribute will then be included in all 
subsequent accounting requests for the session and you can store it 
into the accounting table.

What you describe is one way of setting up your configuration file - 
the other is to use Handlers:

# deal with accounting

<Handler Request-Type = Accounting-Request>
	<AuthBy SQL>
		.....
		AuthSelect
		.....
		AccountingTable ACCOUNTING
		AcctColumnDef ....
		.....
	</AuthBy>
</Handler>

# deal with authentication

<Handler>
	<AuthBy LDAP2>
		.....
	</AuthBy>
</Handler>


regards

Hugh


On 15 Jul 2004, at 08:26, Andrew D. Clark wrote:

> Hello all,
>
> I have a small problem.  I'm using a do-nothing AuthBy SQL stanza in 
> order to get SQL accounting (do-nothing by virtue of an empty 
> AuthSelect statement (is there a better way to do this?)).  Since I'm 
> using AuthByPolicy ContinueWhileReject, the request falls through to 
> my later auth methods.  What I'd like to do is get a particular LDAP 
> attribute into the accounting table.  The problem is that the AuthBy 
> LDAP happens after the SQL accounting, so I'm not sure how to shove 
> that particular LDAP attribute into the accounting statement before 
> it's inserted.  Clear as mud?  Any suggestions?  I'm using the stock 
> ACCOUNTING table definition plus one additional column for the LDAP 
> attribute I'd like to capture.
>
> --
> Andrew Clark
> Campus Network Programmer
> Office of Information Technology
> University of California, Santa Barbara
> andrew.clark at ucsb.edu (805) 893-5311
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list