(RADIATOR) More than one handler

Mike McCauley mikem at open.com.au
Fri Jan 20 06:25:45 CST 2006


Hello Martin,

The problem is because the  <AuthBy GROUP> in your <Handler Realm=hesasd.nl> 
does not have a closing </AuthBy>

Cheers.

On Friday 20 January 2006 21:56, Martijn Balink wrote:
> <Client obelix.a3.surf.net>
>  Secret 123
> </Client>
>  
> <Client idefix.a3.surf.net>
>  Secret 123
> </Client>
>  
> # Retreive clients from MySQL Database
> <ClientListSQL>
>  DBSource dbi:mysql:Radiator
>  DBUsername RadiatorUser
>  DBAuth 123
>  GetClientQuery select NASIDENTIFIER,SECRET from RADCLIENTLIST
>  RefreshPeriod 1800
> </ClientListSQL>
>  
> <SessionDatabase SQL>
>  Identifier SaveSessions
>  DBSource dbi:mysql:Radiator
>  DBUsername RadiatorUser
>  DBAuth hallo
> </SessionDatabase>
>
> <Handler Request-Type = Accounting-Request>
>  <AuthBy SQL>
>   Identifier SQLAccounting
>   DBSource dbi:mysql:Radiator
>   DBUsername RadiatorUser
>   DBAuth hallo
>   AuthSelect
>  
>   AccountingTable ACCOUNTING
>   <loads of AcctColumnDef statements ;-)
>  </AuthBy SQL>
> </Handler>
>  
>
> <Handler Realm=hesasd.nl>
>  
>  ### Connect to ACTIVE-DIRECTORY
>  
>  # This one translates all uppercase chars to lowercase
>  RewriteUsername tr/[A-Z]/[a-z]/
>  # Haal het realm van de request voor verdere verwerking
>  RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>  RewriteUsername s/^([^@]+).*/$1/
>  AcctLogFileName C:/Program Files/Radiator/logfileint.log
>  
>  <AuthBy GROUP>
>  
>   <AuthBy LDAP2>
>    # LDAP CHECK TO FIRST DC
>    EAPType TTLS
>    EAPTLS_CAFile c:/certs/root/root-cert.pem
>    EAPTLS_CertificateFile c:/certs/server/servercert.pem
>    EAPTLS_CertificateType PEM
>    EAPTLS_PrivateKeyFile c:/certs/server/servercert.pem
>    EAPTLS_PrivateKeyPassword 123
>    EAPTLS_MaxFragmentSize 1024
>    AutoMPPEKeys
>  
>    Host 145.28.123.123
>    BaseDN ou=personeel, dc=hesasd, dc=nl
>    Port 389
>    Version 3
>    AuthDN hesasd\ldap
>    AuthPassword abcd1234
>    ServerChecksPassword
>    Timeout 3
>    UsernameAttr sAMAccountName
>    # Gebruik de numerieke waarde in het Ad-veld vlanid staat als vlan
> nummer.
>    AuthAttrDef vlanid,Tunnel-Private-Group-ID,reply
>    # Geef de twee velden zodat mee het vlanID het AP gaat beinvloeden.
>    AddToReply Tunnel-Type = VLAN,Tunnel-Medium-Type = Ether_802
>   </AuthBy>
>  
>   <AuthBy LDAP2>
>    # LDAP CHECK TO SECOND DC
>    EAPType TTLS
>    EAPTLS_CAFile c:/certs/root/root-cert.pem
>    EAPTLS_CertificateFile c:/certs/server/servercert.pem
>    EAPTLS_CertificateType PEM
>    EAPTLS_PrivateKeyFile c:/certs/server/servercert.pem
>    EAPTLS_PrivateKeyPassword 123
>    EAPTLS_MaxFragmentSize 1024
>    AutoMPPEKeys
>  
>    Host 145.28.123.124
>    BaseDN ou=personeel, dc=hesasd, dc=nl
>    Port 389
>    Version 3
>    AuthDN hesasd\ldap
>    AuthPassword abcd1234
>    ServerChecksPassword
>    Timeout 3
>    UsernameAttr sAMAccountName
>    # Gebruik de numerieke waarde in het Ad-veld vlanid staat als vlan
> nummer.
>    AuthAttrDef vlanid,Tunnel-Private-Group-ID,reply
>    # Geef de twee velden zodat mee het vlanID het AP gaat beinvloeden.
>    AddToReply Tunnel-Type = VLAN,Tunnel-Medium-Type = Ether_802
>   </AuthBy>
> </Handler>
>  
>
> #Outher authenticatie
> <Handler Realm=hesasd.nl>
>  <AuthBy FILE>
>   EAPType TTLS
>   EAPTLS_CAFile c:/certs/root/root-cert.pem
>   EAPTLS_CertificateFile c:/certs/server/servercert.pem
>   EAPTLS_CertificateType PEM
>   EAPTLS_PrivateKeyFile c:/certs/server/serverkey.pem
>   EAPTLS_PrivateKeyPassword ?RusPAT7eCh8yeC
>   EAPTLS_MaxFragmentSize 1024
>   AutoMPPEKeys
>   Filename  c:/program files/Radiator/dummy
>  </AuthBy>
> </Handler>
>  
>  
> ############# THIS IS THE PART THAT SHOULD BE APPLIED TO ALL USERS NOT
> AUTHENTICATED ABOVE ###################
> <Handler>
>  # This one translates all uppercase chars to lowercase
>  RewriteUsername tr/[A-Z]/[a-z]/
>  # Haal het realm van de request voor verdere verwerking
>  RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>  RewriteUsername s/^([^@]+).*/$1/
>  AcctLogFileName C:/Program Files/Radiator/logfileext.log
>  
>  <AuthBy GROUP>
>   <AuthBy RADIUS>
>    Host obelix.a3.surf.net
>    AuthPort 1812
>    AcctPort 1813
>    Secret Boc:d#@A3Gf$y!T>rfK<
>    Retries 1
>    StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
>    AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=220, Session-Timeout=1200
>   </AuthBy>
>   <AuthBy RADIUS>
>    Host idefix.a3.surf.net
>    AuthPort 1812
>    AcctPort 1813
>    Secret Boc:d#@A3Gf$y!T>rfK<
>    Retries 1
>    StripFromReply
> Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group-ID,Session-Timeout
>    AddToReply Tunnel-type=13,Tunnel-Medium-Type=6,
> Tunnel-Private-Group-ID=220, Session-Timeout=1200
>   </AuthBy>
>  </AuthBy GROUP>
> </Handler>
>    

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list