(RADIATOR) More than one handler
Mike McCauley
mikem at open.com.au
Fri Jan 20 06:25:45 CST 2006
Hello Martin,
The problem is because the <AuthBy GROUP> in your <Handler Realm=hesasd.nl>
does not have a closing </AuthBy>
Cheers.
On Friday 20 January 2006 21:56, Martijn Balink wrote:
> <Client obelix.a3.surf.net>
> Secret 123
> </Client>
>
> <Client idefix.a3.surf.net>
> Secret 123
> </Client>
>
> # Retreive clients from MySQL Database
> <ClientListSQL>
> DBSource dbi:mysql:Radiator
> DBUsername RadiatorUser
> DBAuth 123
> GetClientQuery select NASIDENTIFIER,SECRET from RADCLIENTLIST
> RefreshPeriod 1800
> </ClientListSQL>
>
> <SessionDatabase SQL>
> Identifier SaveSessions
> DBSource dbi:mysql:Radiator
> DBUsername RadiatorUser
> DBAuth hallo
> </SessionDatabase>
>
> <Handler Request-Type = Accounting-Request>
> <AuthBy SQL>
> Identifier SQLAccounting
> DBSource dbi:mysql:Radiator
> DBUsername RadiatorUser
> DBAuth hallo
> AuthSelect
>
> AccountingTable ACCOUNTING
> <loads of AcctColumnDef statements ;-)
> </AuthBy SQL>
> </Handler>
>
>
> <Handler Realm=hesasd.nl>
>
> ### Connect to ACTIVE-DIRECTORY
>
> # This one translates all uppercase chars to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
> # Haal het realm van de request voor verdere verwerking
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> RewriteUsername s/^([^@]+).*/$1/
> AcctLogFileName C:/Program Files/Radiator/logfileint.log
>
> <AuthBy GROUP>
>
> <AuthBy LDAP2>
> # LDAP CHECK TO FIRST DC
> EAPType TTLS
> EAPTLS_CAFile c:/certs/root/root-cert.pem
> EAPTLS_CertificateFile c:/certs/server/servercert.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile c:/certs/server/servercert.pem
> EAPTLS_PrivateKeyPassword 123
> EAPTLS_MaxFragmentSize 1024
> AutoMPPEKeys
>
> Host 145.28.123.123
> BaseDN ou=personeel, dc=hesasd, dc=nl
> Port 389
> Version 3
> AuthDN hesasd\ldap
> AuthPassword abcd1234
> ServerChecksPassword
> Timeout 3
> UsernameAttr sAMAccountName
> # Gebruik de numerieke waarde in het Ad-veld vlanid staat als vlan
> nummer.
> AuthAttrDef vlanid,Tunnel-Private-Group-ID,reply
> # Geef de twee velden zodat mee het vlanID het AP gaat beinvloeden.
> AddToReply Tunnel-Type = VLAN,Tunnel-Medium-Type = Ether_802
> </AuthBy>
>
> <AuthBy LDAP2>
> # LDAP CHECK TO SECOND DC
> EAPType TTLS
> EAPTLS_CAFile c:/certs/root/root-cert.pem
> EAPTLS_CertificateFile c:/certs/server/servercert.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile c:/certs/server/servercert.pem
> EAPTLS_PrivateKeyPassword 123
> EAPTLS_MaxFragmentSize 1024
> AutoMPPEKeys
>
> Host 145.28.123.124
> BaseDN ou=personeel, dc=hesasd, dc=nl
> Port 389
> Version 3
> AuthDN hesasd\ldap
> AuthPassword abcd1234
> ServerChecksPassword
> Timeout 3
> UsernameAttr sAMAccountName
> # Gebruik de numerieke waarde in het Ad-veld vlanid staat als vlan
> nummer.
> AuthAttrDef vlanid,Tunnel-Private-Group-ID,reply
> # Geef de twee velden zodat mee het vlanID het AP gaat beinvloeden.
> AddToReply Tunnel-Type = VLAN,Tunnel-Medium-Type = Ether_802
> </AuthBy>
> </Handler>
>
>
> #Outher authenticatie
> <Handler Realm=hesasd.nl>
> <AuthBy FILE>
> EAPType TTLS
> EAPTLS_CAFile c:/certs/root/root-cert.pem
> EAPTLS_CertificateFile c:/certs/server/servercert.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile c:/certs/server/serverkey.pem
> EAPTLS_PrivateKeyPassword ?RusPAT7eCh8yeC
> EAPTLS_MaxFragmentSize 1024
> AutoMPPEKeys
> Filename c:/program files/Radiator/dummy
> </AuthBy>
> </Handler>
>
>
> ############# THIS IS THE PART THAT SHOULD BE APPLIED TO ALL USERS NOT
> AUTHENTICATED ABOVE ###################
> <Handler>
> # This one translates all uppercase chars to lowercase
> RewriteUsername tr/[A-Z]/[a-z]/
> # Haal het realm van de request voor verdere verwerking
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
> RewriteUsername s/^([^@]+).*/$1/
> AcctLogFileName C:/Program Files/Radiator/logfileext.log
>
> <AuthBy GROUP>
> <AuthBy RADIUS>
> Host obelix.a3.surf.net
> AuthPort 1812
> AcctPort 1813
> Secret Boc:d#@A3Gf$y!T>rfK<
> Retries 1
> StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
> AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=220, Session-Timeout=1200
> </AuthBy>
> <AuthBy RADIUS>
> Host idefix.a3.surf.net
> AuthPort 1812
> AcctPort 1813
> Secret Boc:d#@A3Gf$y!T>rfK<
> Retries 1
> StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
> AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=220, Session-Timeout=1200
> </AuthBy>
> </AuthBy GROUP>
> </Handler>
>
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list