(RADIATOR) Using SQL accounting with ttls authentication
Hugh Irvine
hugh at open.com.au
Thu Dec 8 16:47:29 CST 2005
Hello Martijn -
Add this as the first Handler in your configuration file:
# SQL accounting
<Handler Request-Type = Accounting-Request>
<AuthBy SQL>
......
AccountingTable ACCOUNTING
AcctColumnDef .....
</AuthBy>
</Handler>
# Inner Athentication
<Handler Realm=_our_realm_>
# This one translates all uppercase chars to lowercase
RewriteUsername tr/[A-Z]/[a-z]/
.....
See section 6.29 in the Radiator 3.13 reference manual ("doc/ref.html").
regards
Hugh
On 8 Dec 2005, at 19:47, Martijn Balink wrote:
> Hi,
>
> I've got a perfectly working config to authenticate our wireless
> users using 802.1x (the European EduRoam project...).
> I want to use SQL for storing auccounting information. I've tried
> to rebuild my config to enable this, but with every attempt, one of
> the following two things happen:
> * I do get authenticated, but for the accounting part I get errors
> in my logfile: Could not find a handler for <username>: request is
> ignored
> * Or I don't get authenticated at all.
> I think I've read just about every article in the mailing list
> archive about SQL accounting, but I still can't figure out what to
> do. I see a lot of configurations with an AuthBy GROUP statement in
> 'em, but I just can think of a way how to implement that in my
> config (see below).
>
> -------------------------------------------
>
> # Inner Athentication
> <Handler Realm=_our_realm_>
> # This one translates all uppercase chars to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
> #Strip realm from request
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> RewriteUsername s/^([^@]+).*/$1/
> AcctLogFileName C:/Program Files/Radiator/logfileint.log
>
> <AuthBy FILE>
> EAPType TTLS
> _whole bunch of TLS-params_
> Filename c:/program files/Radiator/users
> </AuthBy>
> </Handler>
>
> #Outer authenticatie
> <Handler Realm=_our_realm_>
> AuthByPolicy ContinueWhileIgnore
> <AuthBy FILE>
> _whole bunch of TLS-params_
> AutoMPPEKeys
> Filename c:/program files/Radiator/dummy
> </AuthBy>
> </Handler>
>
> <Handler Realm=DEFAULT>
> # This one translates all uppercase chars to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
> # Strip realm from request
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> RewriteUsername s/^([^@]+).*/$1/
> AcctLogFileName C:/Program Files/Radiator/logfileext.log
>
> <AuthBy GROUP>
> <AuthBy RADIUS>
> # this part below is used to authenticate users from realms
> outside our organization (EduRoam)
> Host obelix.a3.surf.net
> AuthPort 1645
> AcctPort 1646
> Secret _our_secret_
> Retries 3
> StripFromReply Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-
> Group-ID,Session-Timeout
> AddToReply Tunnel-type=13,Tunnel-Medium-Type=6, Tunnel-Private-
> Group-ID=220, Session-Timeout=1200
> </AuthBy>
> <AuthBy RADIUS>
> Host idefix.a3.surf.net
> AuthPort 1645
> AcctPort 1646
> Secret _our_secret_
> Retries 3
> StripFromReply Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-
> Group-ID,Session-Timeout
> AddToReply Tunnel-type=13,Tunnel-Medium-Type=6, Tunnel-Private-
> Group-ID=220, Session-Timeout=1200
> </AuthBy>
> </AuthBy GROUP>
> </Handler>
> -------------------------------
>
> Can anybody give me some info on how to rebuild my config-file to
> enable SQL accounting?
>
> Thanks in advance,
>
> Martijn Balink
> Network administrator
> Amsterdam School of Business.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list