(RADIATOR) additional accounting column
Hugh Irvine
hugh at open.com.au
Mon Mar 21 15:40:20 CST 2005
Hello Christoph -
You should keep in mind that the authentication and the accounting
happen at different times.
You should return the value that you want to record in a Class
attribute, then use the Class attribute in your accounting.
When you return a Class attribute in an access accept, all subsequent
accounting attributes for the session will contain that Class
attribute.
regards
Hugh
On 21 Mar 2005, at 10:32, CHS wrote:
> hi
> I currently have a problem with the accounting which I do with <authby
> sql>. What I want to do is to add an additional column (LOGINSERVICE)
> to the mysql db where the Login-Service that is stored in the LDAP db
> will be saved.
>
> I have trace 4 turned on and in the log file I'll never see the
> mentioned attribute in the "sql insert" statement.
>
> could you please check my config file and tell me what's wrong or
> missing in there.
>
> thanks
> christoph
>
> # ldap.cfg
> #
>
> #Foreground
> LogStdout
> DbDir /usr/local/radiator
>
> # Debugging Level & Logging
> # 0 ERR.Error conditions. Serious and unexpected failures
> # 1 WARNING. Warning conditions. Unexpected failures
> # 2 NOTICE. Normal but significant conditions.
> # 3 INFO. Informational messages.
> # 4 DEBUG. Debugging messages.
> # 5 Incoming raw packet dumps in hexadecimal.
> Trace 4
> LogFile /var/log/radius.log
>
> PidFile /var/run/radius.pid
>
> ### NAS CLIENTS ###
> # default client if no other is defined
> # !!! Client order is important, default should be the last !!!
>
> <Client 127.0.0.1>
> Secret mysecret
> Identifier 1038
> </Client>
>
> <Client 1.2.3.41>
> Secret mysecret
> Identifier TA
> </Client>
>
> <Client 2.3.4.5>
> Secret mysecret
> Identifier DSL
> </Client>
>
> <Client DEFAULT>
> Secret mysecret
> DupInterval 0
> </Client>
>
>
> ##################
> ### ACCOUNTING ###
>
> <AuthBy SQL>
> Identifier AcctSQL
> DBSource dbi:mysql:****
> DBUsername rad
> DBAuth ******
>
> # !!! Table must exist !!!
> AccountingTable ACCOUNTING%Y%m
>
> #AcctColumnDef Column,Attribute[,Type][,Format]
>
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> AuthAttrDef radiusLoginService,Login-Service,reply
> #AcctColumnDef LOGINSERVICE,Login-Service
> AcctColumnDef LOGINSERVICE,%{Reply:Login-Service},formatted
>
> # Missedaccountings are written to log, e.g. if mysql db is down
> AcctFailedLogFileName /var/log/radius_missedaccounting.log
>
> </AuthBy>
>
> ########################
> ### AUTHENTIFICATION ###
>
> ### Auth for 1038 Customers ###
> <AuthBy LDAP2>
> Identifier CheckLDAP-1038
>
> ### Login Info for LDAP DB ###
> # Tell Radiator how to talk to the LDAP server
> Host localhost
>
> # LDAP server authentication.
> AuthDN cn=***
> AuthPassword *****
>
> # This the top of the search tree where users will be found.
> BaseDN ******
>
> # This is the LDAP attribute to match the radius user name
> UsernameAttr uid
>
> PasswordAttr userPassword
>
> #DefaultSimultaneousUse 1
>
> # CheckAttr, ReplyAttr and AuthAttrDef
> # will be replied for accounting and authentication
> # AuthAttrDef ldapattributename , radiusattributename , type
>
> AuthAttrDef radiusFramedIPAddress,Framed-IP-Address,reply
> AuthAttrDef radiusFramedRoute,Framed-Route,reply
> AuthAttrDef radiusFramedProtocol,Framed-Protocol,reply
> AuthAttrDef radiusUserService,reply
> AuthAttrDef Cisco-AVPair,cisco-avpair,reply
> AuthAttrDef radiusLoginService,Login-Service,reply
> AuthAttrDef radiusSimultaneousUse,Simultaneous-Use,reply
>
>
> # Search if user matches to group 1038
> SearchFilter (&(radiusLoginService=1038) (uid=%1))
>
> # Debugging of the Net::LDAP
> Debug 255
>
> # You can control the timout for connection failure
> Timeout 5
> FailureBackoffTime 10
>
> # You can control the LDAP protocol version to be used
> Version 3
> </AuthBy>
>
> ###### restliche authby hier noch eintragen!! ###
>
> <Handler Request-Type=Accounting-Request>
> AuthBy AcctSQL
> </Handler>
>
> <Handler Client-Identifier=1038>
> AuthByPolicy ContinueUntilAccept
> # Delete @auol.at from the User-Name
> RewriteUsername s/^([^@]+).*/$1/
>
> AuthBy CheckLDAP-1038
> #AuthBy CheckLDAP-TA
>
> # Give additional message if "Request Denied"i
> RejectHasReason
> </Handler>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list