(RADIATOR) authby sql username check.
Hugh Irvine
hugh at open.com.au
Mon Nov 15 04:34:58 CST 2004
Hello Miguel -
You can do something like this:
<AddressAllocator SQL>
Identifier SQLAllocator
Include "%D/etc/sql.cfg"
<AddressPool private-pool>
Range 10.1.1.10 10.1.1.250
Subnetmask 255.255.255.255
</AddressPool>
</AddressAllocator>
<AuthBy DYNADDRESS>
Identifier AllocateIPAddress
....
</AuthBy>
<AuthBy SQL>
Identifier LOCAL
Include "%D/etc/sql.cfg"
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AuthSelect select passwd, checkattr, replyattr from auth where
username='%n'
AcctInsertQuery replace into %0 (%1) values (%2)
</AuthBy>
<AuthBy SQL>
# Check if username exists, if yes move onto LOCAL, otherwise
just assign out of private-pool
Identifier CHECK_USERNAME
Include "%D/etc/sql.cfg"
AuthColumnDef 0, User-Name, check
AuthSelect select username from auth where username like '%u'
</AuthBy>
<Handler>
AuthLog authlog
SessionDatabase Session1
AuthByPolicy ContinueUntilAccept
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
AuthBy CHECK_USERNAME
AuthBy LOCAL
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
AuthBy AllocateIPAddress
</AuthBy>
</Handler>
regards
Hugh
On 15 Nov 2004, at 18:23, Miguel Sanches wrote:
> Hiya
>
> Just wondering if anyone could shed a little light on how to do this
> (even just hypothetically).
>
> I'm trying to implement a simple username check before checking the
> users password: ie: request comes in, check if the username (inc
> realm) exists in a db table, if it does, continue on to the password
> auth, if not, don't reject them but allocate an IP address out of a
> pool (private-pool). I'm not sure whether this would best be done in a
> simple PreAuthHook or could be done only in AuthBy SQL.
>
> This is all I have in terms of a config so far (not much I know).
>
> (top stuff removed...)
>
> <AddressAllocator SQL>
> Include "%D/etc/sql.cfg"
>
> <AddressPool private-pool>
> Range 10.1.1.10 10.1.1.250
> Subnetmask 255.255.255.255
> </AddressPool>
> </AddressAllocator>
>
> <AuthBy SQL>
> Identifier LOCAL
> Include "%D/etc/sql.cfg"
> AuthColumnDef 0, Encrypted-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
> AuthSelect select passwd, checkattr, replyattr from auth where
> username='%n'
>
> AcctInsertQuery replace into %0 (%1) values (%2)
> </AuthBy>
>
> <AuthBy SQL>
> # Check if username exists, if yes move onto LOCAL, otherwise
> just assign out of private-pool
> Identifier CHECK_USERNAME
>
> Include "%D/etc/sql.cfg"
>
> AuthColumnDef 0, User-Name, check
> AuthSelect select username from auth where username like '%u'
> </AuthBy>
>
> <Handler>
> AuthByPolicy ContinueUntilAccept # not sure??
> AuthLog authlog
> SessionDatabase Session1
> AuthBy CHECK_USERNAME
> AuthBy LOCAL
> </Handler>
>
> _________________________________________________________________
> FREE pop-up blocking with the new MSN Toolbar - get it now!
> http://toolbar.msn.com/
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list