(RADIATOR) Generating accounting records for squid auth requests
Hugh Irvine
hugh at open.com.au
Fri Jan 28 17:38:02 CST 2005
Hello Alex -
The problem you have is due to the lack of accounting records being
generated by the web caches.
It is generally easier to think of RADIUS as two separate protocols -
one for authentication (access request) and authorisation (access
accept), and the other for accounting (accounting requests generated
after a successful access request/access accept).
This being the case, if there are no accounting requests being
generated in the first place, it then follows that there is nothing to
write into the accounting table.
Your only alternative is to use an AuthLog SQL clause to log the
authentication requests.
See section 6.61 in the Radiator 3.11 reference manual ("doc/ref.html").
regards
Hugh
On 29 Jan 2005, at 00:32, Alex Sharaz wrote:
> Chaps,
>
> Just installed radiator here so i'm starting to crawl up the learing
> curve.
>
> I've got a number of squid web caches configured to use radius
> authentication. The radius code does just that and doesn't generate
> any accounting start or stop records.
>
>> From an authentication point of view, requests from the webcache
>> client are
> proxied off to another server vi an <AuthBy RADIUS> statement. This
> works just fine.
>
> What I'd like to to is generate some sort of logging to go into a
> mysql "accounting" table as defined by the mysql file in the goodies
> directory.
>
>
> What I thought I'd do is
>
> <Handler Realm=hull.ac.uk>
> AuthByPolicy doAccountingThenAuth <-- if not one of the valid options
> do 1st authby then 2nd
> AuthBy acctOnly <-- Define an AuthBy sql statement
> that just accesses a DB
> AuthBy radHull <-- do the real auth via an AuthBy
> RADIUS statement
> AuthLog authlog <-- bit of logging
> AuthLog mySqlAuthLog
> RejectHasReason
> SessionDatabase hullRadInfo
> </Handler>
>
> where
> acctOnly is
>
> <AuthBy SQL>
> DBSource dbi:mysql:radSupport:a.b.c.d:3306
> DBUsername username
> DBAuth password
> Identifier acctOnly
> AccountingTable accounting
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> </AuthBy>
>
> Looking in the accounting table entries however, nothing appears. is
> this simply because no accounting records are being generated. Do I
> have to generate a dummy sql insert statement at this point to get
> something into the table?
>
> TIA
>
> Alex
>
>
> Sent using Mulberry 3.1.2
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list