(RADIATOR) duplicating accounting requests

Hugh Irvine hugh at open.com.au
Fri May 7 18:16:13 CDT 2004


Hello Jesse -

Something like this:

<Handler Realm=wingnet.net>
    # Grab just the user portion
    RewriteUsername s/^([^@]+).*/$1/
      PasswordLogFileName %L/pw.%Y.%m
      AcctLogFileName    %L/detail.wingnet

      AuthByPolicy ContinueAlways

      <AuthBy RADIUS>
           .....
      </AuthBy>

      <AuthBy GROUP>

           AuthByPolicy ContinueWhileAccept
           <AuthBy FILE>
                 Filename %D/users.filter
           </AuthBy>
           <AuthBy FILE>
                 # don't fall through to DEFAULT if a users check item 
failed
                 NoDefaultIfFound
                 Filename %D/users
           </AuthBy>

      </AuthBy>

</Handler>


regards

Hugh


On 8 May 2004, at 00:31, Jesse Guardiani wrote:

> On Tuesday 04 May 2004 18:28, Hugh Irvine wrote:
>> Hello Jesse -
>>
>> Yes it is very easy to do what you describe with Radiator.
>>
>> The exact details will depend on what else you are doing in your
>> configuration file, but you will need to use an AuthBy RADIUS clause 
>> to
>> proxy the accounting requests to the billing server.
>>
>> Something like this would work:
>>
>> <Realm ....>
>> 	AuthByPolicy ContinueAlways
>> 	# proxy to billing server
>> 	<AuthBy RADIUS>
>> 		Host ....
>> 		Secret ....
>> 		AcctPort ....
>> 		IgnoreAuthentication
>> 		IgnoreAccountingResponse
>> 	</AuthBy>
>> 	# your normal AuthBy
>> 	<AuthBy ....>
>> 		.....
>> 	</AuthBy>
>> 	.....
>> </Realm>
>
> OK. I see what you are doing above. I'm just a little confused by the 
> AuthByPolicy.
>
> We currently use this:
>
> <Handler Realm=wingnet.net>
>    # Grab just the user portion
>    RewriteUsername s/^([^@]+).*/$1/
>      PasswordLogFileName %L/pw.%Y.%m
>      AcctLogFileName    %L/detail.wingnet
>      AuthByPolicy ContinueWhileAccept
>         <AuthBy FILE>
>
>                 Filename %D/users.filter
>         </AuthBy>
>         <AuthBy FILE>
>                 # don't fall through to DEFAULT if a users check item 
> failed
>                 NoDefaultIfFound
>
>                 Filename %D/users
>         </AuthBy>
> </Handler>
>
> We MUST check the 'users.filter' file so we can block certain users. 
> The 'users.filter'
> file contains a blank DEFAULT for when the user doesn't exist in 
> users.filter. Then
> Radiator moves on to the real authentication clause where it checks 
> the 'users' file.
>
> And I am unsure if placing this:
>
>  	<AuthBy RADIUS>
>  		Host ....
>  		Secret ....
>  		AcctPort ....
>  		IgnoreAuthentication
>  		IgnoreAccountingResponse
>  	</AuthBy>
>
> Before my first AuthBy FILE would prevent Radiator from checking the
> AuthBy FILE because the AuthBy RADIUS is returning an Ignore instead
> of an Accept. The documentation is a little unclear about that.
>
> Any ideas? (Thanks for the help, BTW!)
>
>
>> This topic has been discussed previously on the mailing list:
>>
>> 	www.open.com.au/archives/radiator
>
> Do you normally use google to search that or what? That's the most 
> unfriendly
> mail archive I've seen in a while.
>
>
>> BTW - the most recent version is Radiator 3.9 (plus some patches).
>>
>> regards
>>
>> Hugh
>>
>> On 5 May 2004, at 04:45, Jesse Guardiani wrote:
>>> Howdy list,
>>>
>>> Please forgive me if this question shows me lack of understanding
>>> regarding the RADIUS protocol. If that is the case, then if someone
>>> could point me to a good website that explains the protocol I would
>>> appreciate it. RADIUS is still a bit of black magic to me,
>>> unfortunately.
>>>
>>> We have just installed a new billing server. This server includes its
>>> own RADIUS daemon (merit) and requires that accounting packets
>>> be sent to this RADIUS daemon in order for hourly dialup accounts
>>> to be properly billed.
>>>
>>> However, currently, all of our accounting packets are being sent to
>>> Radiator server. Would it be possible to have Radiator forward those
>>> accounting packets to this new merit daemon (on a different machine)
>>> but still log the packets?
>>>
>>> Basically, we bought Radiator a long time ago, and we'd like to keep
>>> using it as our main RADIUS server, but we need accounting packets
>>> to be sent to the billing machine...
>>>
>>> Currently we've configured our terminal server to send packets to
>>> BOTH daemons. This is working, but it isn't a good long term 
>>> solution.
>>>
>>> Any ideas?
>>>
>>> Thanks!
>>>
>>> --
>>> Jesse Guardiani, Systems Administrator
>>> WingNET Internet Services,
>>> P.O. Box 2605 // Cleveland, TN 37320-2605
>>> 423-559-LINK (v)  423-559-5145 (f)
>>> http://www.wingnet.net
>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>
> -- 
> Jesse Guardiani, Systems Administrator
> WingNET Internet Services,
> P.O. Box 2605 // Cleveland, TN 37320-2605
> 423-559-LINK (v)  423-559-5145 (f)
> http://www.wingnet.net
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list