(RADIATOR) Problem with the username that is used for online confirmation
Hugh Irvine
hugh at open.com.au
Sat Apr 1 00:52:55 CST 2006
Hello Vangelis -
According to the history file this functionality was introduced in
Radiator 3.6.
Could you download and install Radiator 3.14 on a clean test server
and test it?
Please let me know what you discover.
thanks and regards
Hugh
On 31 Mar 2006, at 18:06, Vangelis Kyriakakis wrote:
> Hello Hugh,
>
> We are running 3.7.1. We are a little behind from the
> current version. If it is something that was fixed in a later
> version we'll upgrade.
>
> Regards
> Vangelis
>
> Hugh Irvine wrote:
>
>>
>> Hello Vangelis -
>>
>> What version of Radiator are you running?
>>
>> regards
>>
>> Hugh
>>
>>
>> On 30 Mar 2006, at 21:56, Vangelis Kyriakakis wrote:
>>
>>> Hello Hugh,
>>>
>>> Thanks for the answer. The username that I want to get back
>>> is the rewritten one, that is the one I allready store in the
>>> RADONLINE. But What I get is the full original username. I guess
>>> what you told me to do will give me the original username, or am
>>> I wrong?
>>>
>>> Regards
>>> Vangelis Kyriakakis
>>>
>>> Hugh Irvine wrote:
>>>
>>>>
>>>> Hello Vangelis -
>>>>
>>>> You must extend the RADONLINE table to include a field to
>>>> contain the original username and modify the AddQuery so it
>>>> adds both the rewritten username and the original username to
>>>> the table. Then the fifth field in the CountQuery must be the
>>>> original username.
>>>>
>>>> hope that helps
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 30 Mar 2006, at 20:43, Vangelis Kyriakakis wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I see from the logfiles that Radiator always uses the
>>>>> whole username that is being authenticated as the username
>>>>> that is used for online confirmation via SNMP.
>>>>> The manual says in CountQuery "If a user name is present
>>>>> as the fifth field returned by the query, that is the user
>>>>> name that will be used to confirm the user is still on line.".
>>>>> Using the following configuration:
>>>>>
>>>>> <Handler Client-Identifier=adsl>
>>>>> RejectHasReason
>>>>> RewriteUsername s/^([^@]+).*/$1/
>>>>> AuthBy adsl
>>>>> SessionDatabase Session-dsl
>>>>> AuthLog logger
>>>>> </Handler>
>>>>>
>>>>> <SessionDatabase SQL>
>>>>> Identifier Session-dsl
>>>>> DBSource dbi:Sybase:RADIUS
>>>>> DBUsername tacacs
>>>>> DBAuth xxxxxxx
>>>>> Timeout 5
>>>>> FailureBackoffTime 5
>>>>> AddQuery insert into netman..RADONLINE
>>>>> (USERNAME,NASIDENTIFIER,NASPORT,\
>>>>>
>>>>> ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,\
>>>>> SERVICETYPE) values ('%U','%N',0%{NAS-Port},'%
>>>>> {Acct- Session-Id}',\
>>>>> %{Timestamp},'%{Framed-IP-Address}','%{NAS-Port-
>>>>> Type}',\
>>>>> '%{Service-Type}')
>>>>> DeleteQuery delete from netman..RADONLINE where
>>>>> NASIDENTIFIER='%1' and NASPORT=0%2
>>>>> ClearNasQuery delete from netman..RADONLINE where
>>>>> NASIDENTIFIER='%N'
>>>>> CountQuery select NASIDENTIFIER, NASPORT, hextoint
>>>>> (ACCTSESSIONID), FRAMEDIPADDRESS, USERNAME from
>>>>> netman..RADONLINE wh
>>>>> ere USERNAME='%U'
>>>>> </SessionDatabase>
>>>>> If the user that is being authenticated is user at domain then
>>>>> Radiator always uses user at domain as the username that is
>>>>> checked against the snmpget result although the RADONLINE
>>>>> database keeps only user in the USERNAME field.
>>>>>
>>>>> Am I doing something wrong, or is this a bug?
>>>>>
>>>>> Regards
>>>>> Vangelis Kyriakakis
>>>>>
>>>>> --
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive (www.open.com.au/
>>>> archives/ radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>>
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/
>> archives/ radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list