(RADIATOR) Using SQL accounting with ttls authentication

Martijn Balink M.Balink at hesasd.nl
Thu Dec 8 02:47:49 CST 2005 

Hi,
 
I've got a perfectly working config to authenticate our wireless users
using 802.1x (the European EduRoam project...). 
I want to use SQL for storing auccounting information. I've tried to
rebuild my config to enable this, but with every attempt, one of the
following two things happen:
* I do get authenticated, but for the accounting part I get errors in my
logfile: Could not find a handler for <username>: request is ignored
* Or I don't get authenticated at all. 
I think I've read just about every article in the mailing list archive
about SQL accounting, but I still can't figure out what to do. I see a
lot of configurations with an AuthBy GROUP statement in 'em, but I just
can think of a way how to implement that in my config (see below).
 
-------------------------------------------

# Inner Athentication
<Handler Realm=_our_realm_>
 # This one translates all uppercase chars to lowercase
 RewriteUsername tr/[A-Z]/[a-z]/
 #Strip realm from request
 RewriteUsername s/^(.*)\\(.*)/$2\@$1/
 RewriteUsername s/^([^@]+).*/$1/
 AcctLogFileName C:/Program Files/Radiator/logfileint.log
 
 <AuthBy FILE>
  EAPType TTLS
   _whole bunch of TLS-params_
  Filename  c:/program files/Radiator/users
 </AuthBy>
</Handler>
 
#Outer authenticatie
<Handler Realm=_our_realm_>
 AuthByPolicy ContinueWhileIgnore
 <AuthBy FILE>
  _whole bunch of TLS-params_
  AutoMPPEKeys
  Filename  c:/program files/Radiator/dummy
 </AuthBy>
</Handler>
 
<Handler Realm=DEFAULT>
 # This one translates all uppercase chars to lowercase
 RewriteUsername tr/[A-Z]/[a-z]/
 # Strip realm from request 
 RewriteUsername s/^(.*)\\(.*)/$2\@$1/
 RewriteUsername s/^([^@]+).*/$1/
 AcctLogFileName C:/Program Files/Radiator/logfileext.log
 
 <AuthBy GROUP>
  <AuthBy RADIUS>
   # this part below is used to authenticate users from realms outside
our organization (EduRoam)
   Host obelix.a3.surf.net
   AuthPort 1645
   AcctPort 1646
   Secret _our_secret_
   Retries 3
   StripFromReply
Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
   AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=220, Session-Timeout=1200
  </AuthBy>
  <AuthBy RADIUS>
   Host idefix.a3.surf.net
   AuthPort 1645
   AcctPort 1646
   Secret _our_secret_
   Retries 3
   StripFromReply
Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
   AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=220, Session-Timeout=1200
  </AuthBy>
 </AuthBy GROUP>
</Handler>
------------------------------- 
 
Can anybody give me some info on how to rebuild my config-file to enable
SQL accounting?
 
Thanks in advance,
 
Martijn Balink
Network administrator
Amsterdam School of Business. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20051208/85f3848a/attachment.html>

More information about the radiator mailing list