(RADIATOR) duplicating accounting requests
Hugh Irvine
hugh at open.com.au
Fri May 7 18:16:13 CDT 2004
Hello Jesse -
Something like this:
<Handler Realm=wingnet.net>
# Grab just the user portion
RewriteUsername s/^([^@]+).*/$1/
PasswordLogFileName %L/pw.%Y.%m
AcctLogFileName %L/detail.wingnet
AuthByPolicy ContinueAlways
<AuthBy RADIUS>
.....
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
Filename %D/users.filter
</AuthBy>
<AuthBy FILE>
# don't fall through to DEFAULT if a users check item
failed
NoDefaultIfFound
Filename %D/users
</AuthBy>
</AuthBy>
</Handler>
regards
Hugh
On 8 May 2004, at 00:31, Jesse Guardiani wrote:
> On Tuesday 04 May 2004 18:28, Hugh Irvine wrote:
>> Hello Jesse -
>>
>> Yes it is very easy to do what you describe with Radiator.
>>
>> The exact details will depend on what else you are doing in your
>> configuration file, but you will need to use an AuthBy RADIUS clause
>> to
>> proxy the accounting requests to the billing server.
>>
>> Something like this would work:
>>
>> <Realm ....>
>> AuthByPolicy ContinueAlways
>> # proxy to billing server
>> <AuthBy RADIUS>
>> Host ....
>> Secret ....
>> AcctPort ....
>> IgnoreAuthentication
>> IgnoreAccountingResponse
>> </AuthBy>
>> # your normal AuthBy
>> <AuthBy ....>
>> .....
>> </AuthBy>
>> .....
>> </Realm>
>
> OK. I see what you are doing above. I'm just a little confused by the
> AuthByPolicy.
>
> We currently use this:
>
> <Handler Realm=wingnet.net>
> # Grab just the user portion
> RewriteUsername s/^([^@]+).*/$1/
> PasswordLogFileName %L/pw.%Y.%m
> AcctLogFileName %L/detail.wingnet
> AuthByPolicy ContinueWhileAccept
> <AuthBy FILE>
>
> Filename %D/users.filter
> </AuthBy>
> <AuthBy FILE>
> # don't fall through to DEFAULT if a users check item
> failed
> NoDefaultIfFound
>
> Filename %D/users
> </AuthBy>
> </Handler>
>
> We MUST check the 'users.filter' file so we can block certain users.
> The 'users.filter'
> file contains a blank DEFAULT for when the user doesn't exist in
> users.filter. Then
> Radiator moves on to the real authentication clause where it checks
> the 'users' file.
>
> And I am unsure if placing this:
>
> <AuthBy RADIUS>
> Host ....
> Secret ....
> AcctPort ....
> IgnoreAuthentication
> IgnoreAccountingResponse
> </AuthBy>
>
> Before my first AuthBy FILE would prevent Radiator from checking the
> AuthBy FILE because the AuthBy RADIUS is returning an Ignore instead
> of an Accept. The documentation is a little unclear about that.
>
> Any ideas? (Thanks for the help, BTW!)
>
>
>> This topic has been discussed previously on the mailing list:
>>
>> www.open.com.au/archives/radiator
>
> Do you normally use google to search that or what? That's the most
> unfriendly
> mail archive I've seen in a while.
>
>
>> BTW - the most recent version is Radiator 3.9 (plus some patches).
>>
>> regards
>>
>> Hugh
>>
>> On 5 May 2004, at 04:45, Jesse Guardiani wrote:
>>> Howdy list,
>>>
>>> Please forgive me if this question shows me lack of understanding
>>> regarding the RADIUS protocol. If that is the case, then if someone
>>> could point me to a good website that explains the protocol I would
>>> appreciate it. RADIUS is still a bit of black magic to me,
>>> unfortunately.
>>>
>>> We have just installed a new billing server. This server includes its
>>> own RADIUS daemon (merit) and requires that accounting packets
>>> be sent to this RADIUS daemon in order for hourly dialup accounts
>>> to be properly billed.
>>>
>>> However, currently, all of our accounting packets are being sent to
>>> Radiator server. Would it be possible to have Radiator forward those
>>> accounting packets to this new merit daemon (on a different machine)
>>> but still log the packets?
>>>
>>> Basically, we bought Radiator a long time ago, and we'd like to keep
>>> using it as our main RADIUS server, but we need accounting packets
>>> to be sent to the billing machine...
>>>
>>> Currently we've configured our terminal server to send packets to
>>> BOTH daemons. This is working, but it isn't a good long term
>>> solution.
>>>
>>> Any ideas?
>>>
>>> Thanks!
>>>
>>> --
>>> Jesse Guardiani, Systems Administrator
>>> WingNET Internet Services,
>>> P.O. Box 2605 // Cleveland, TN 37320-2605
>>> 423-559-LINK (v) 423-559-5145 (f)
>>> http://www.wingnet.net
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
> --
> Jesse Guardiani, Systems Administrator
> WingNET Internet Services,
> P.O. Box 2605 // Cleveland, TN 37320-2605
> 423-559-LINK (v) 423-559-5145 (f)
> http://www.wingnet.net
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list