(RADIATOR) More than one handler

Martijn Balink M.Balink at hesasd.nl
Fri Jan 20 05:56:48 CST 2006 

Hi,
 
My config file contains multiple handlers for several subdomains. I want
to create a last handler that will accept any request that my currents
handllers do not handle. 
The Handler.cfg in the goodies folder contains this bit of config:
-------------
# This clause matches anything that was not matched above and
authenticates
# them from a differnt users file
<Handler>
 <AuthBy FILE>
  Filename %D/users
 </AuthBy>
 # Log accounting to the detail file in LogDir
 AcctLogFileName %L/detail
</Realm>
-------------
 
I did not get this to be working, and thought the closing tag </realm>
to be a bit weird, since the opening tag is a <handler> tag. I replaced
the </realm> with a </handler>, but that didn't work either. 
My current config is pasted below. 
 
-----------
<Client obelix.a3.surf.net>
 Secret 123
</Client>
 
<Client idefix.a3.surf.net>
 Secret 123
</Client>
 
# Retreive clients from MySQL Database
<ClientListSQL>
 DBSource dbi:mysql:Radiator
 DBUsername RadiatorUser
 DBAuth 123
 GetClientQuery select NASIDENTIFIER,SECRET from RADCLIENTLIST
 RefreshPeriod 1800
</ClientListSQL>
 
<SessionDatabase SQL>
 Identifier SaveSessions
 DBSource dbi:mysql:Radiator
 DBUsername RadiatorUser
 DBAuth hallo
</SessionDatabase>

<Handler Request-Type = Accounting-Request>
 <AuthBy SQL>
  Identifier SQLAccounting
  DBSource dbi:mysql:Radiator
  DBUsername RadiatorUser
  DBAuth hallo
  AuthSelect
 
  AccountingTable ACCOUNTING
  <loads of AcctColumnDef statements ;-)
 </AuthBy SQL>
</Handler>
 

<Handler Realm=hesasd.nl>
 
 ### Connect to ACTIVE-DIRECTORY
 
 # This one translates all uppercase chars to lowercase
 RewriteUsername tr/[A-Z]/[a-z]/
 # Haal het realm van de request voor verdere verwerking
 RewriteUsername s/^(.*)\\(.*)/$2\@$1/
 RewriteUsername s/^([^@]+).*/$1/
 AcctLogFileName C:/Program Files/Radiator/logfileint.log
 
 <AuthBy GROUP>
 
  <AuthBy LDAP2>
   # LDAP CHECK TO FIRST DC
   EAPType TTLS
   EAPTLS_CAFile c:/certs/root/root-cert.pem
   EAPTLS_CertificateFile c:/certs/server/servercert.pem
   EAPTLS_CertificateType PEM
   EAPTLS_PrivateKeyFile c:/certs/server/servercert.pem
   EAPTLS_PrivateKeyPassword 123
   EAPTLS_MaxFragmentSize 1024
   AutoMPPEKeys
  
   Host 145.28.123.123
   BaseDN ou=personeel, dc=hesasd, dc=nl
   Port 389
   Version 3
   AuthDN hesasd\ldap
   AuthPassword abcd1234
   ServerChecksPassword
   Timeout 3
   UsernameAttr sAMAccountName
   # Gebruik de numerieke waarde in het Ad-veld vlanid staat als vlan
nummer. 
   AuthAttrDef vlanid,Tunnel-Private-Group-ID,reply
   # Geef de twee velden zodat mee het vlanID het AP gaat beinvloeden.
   AddToReply Tunnel-Type = VLAN,Tunnel-Medium-Type = Ether_802
  </AuthBy>
 
  <AuthBy LDAP2>
   # LDAP CHECK TO SECOND DC
   EAPType TTLS
   EAPTLS_CAFile c:/certs/root/root-cert.pem
   EAPTLS_CertificateFile c:/certs/server/servercert.pem
   EAPTLS_CertificateType PEM
   EAPTLS_PrivateKeyFile c:/certs/server/servercert.pem
   EAPTLS_PrivateKeyPassword 123
   EAPTLS_MaxFragmentSize 1024
   AutoMPPEKeys
  
   Host 145.28.123.124
   BaseDN ou=personeel, dc=hesasd, dc=nl
   Port 389
   Version 3
   AuthDN hesasd\ldap
   AuthPassword abcd1234
   ServerChecksPassword
   Timeout 3
   UsernameAttr sAMAccountName
   # Gebruik de numerieke waarde in het Ad-veld vlanid staat als vlan
nummer. 
   AuthAttrDef vlanid,Tunnel-Private-Group-ID,reply
   # Geef de twee velden zodat mee het vlanID het AP gaat beinvloeden.
   AddToReply Tunnel-Type = VLAN,Tunnel-Medium-Type = Ether_802
  </AuthBy>
</Handler>
 

#Outher authenticatie
<Handler Realm=hesasd.nl>
 <AuthBy FILE>
  EAPType TTLS
  EAPTLS_CAFile c:/certs/root/root-cert.pem
  EAPTLS_CertificateFile c:/certs/server/servercert.pem
  EAPTLS_CertificateType PEM
  EAPTLS_PrivateKeyFile c:/certs/server/serverkey.pem
  EAPTLS_PrivateKeyPassword ?RusPAT7eCh8yeC
  EAPTLS_MaxFragmentSize 1024
  AutoMPPEKeys
  Filename  c:/program files/Radiator/dummy
 </AuthBy>
</Handler>
 
 
############# THIS IS THE PART THAT SHOULD BE APPLIED TO ALL USERS NOT
AUTHENTICATED ABOVE ###################
<Handler>
 # This one translates all uppercase chars to lowercase
 RewriteUsername tr/[A-Z]/[a-z]/
 # Haal het realm van de request voor verdere verwerking
 RewriteUsername s/^(.*)\\(.*)/$2\@$1/
 RewriteUsername s/^([^@]+).*/$1/
 AcctLogFileName C:/Program Files/Radiator/logfileext.log
 
 <AuthBy GROUP>
  <AuthBy RADIUS>
   Host obelix.a3.surf.net
   AuthPort 1812
   AcctPort 1813
   Secret Boc:d#@A3Gf$y!T>rfK<
   Retries 1
   StripFromReply
Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
   AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=220, Session-Timeout=1200
  </AuthBy>
  <AuthBy RADIUS>
   Host idefix.a3.surf.net
   AuthPort 1812
   AcctPort 1813
   Secret Boc:d#@A3Gf$y!T>rfK<
   Retries 1
   StripFromReply
Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
   AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
Tunnel-Private-Group-ID=220, Session-Timeout=1200
  </AuthBy>
 </AuthBy GROUP>
</Handler>
   
---------
 
I keep getting "Fri Jan 20 12:15:39 2006: WARNING: Could not find a
handler for balme at hva.nl: request is ignored" errors in my logfile. 
I'm sure it's a minor detail I'm overlooking....
 
Any advice?
 
Best Regards,
 
Martijn Balink
Network Administrator
Amsterdam School of Business. 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20060120/61e54454/attachment.html>

More information about the radiator mailing list