(RADIATOR) RewriteUsername statements
Mike Gomez
mgomez at iland.net
Thu Jun 8 10:01:03 CDT 2006
So....I'd need to have something like this?
<Client "IP of first modem pool from first domain">
IdenticalClients "IP of second modem pool from first domain"
IdenticalClients "IP of third modem pool from first domain"
IgnoreAcctSignature
Secret xxxxxxxx
DupInterval 0
DefaultRealm domain1.net
</Client>
<Client "IP of first modem pool from second domain">
IgnoreAcctSignature
Secret xxxxxxxx
IdenticalClients "IP of second modem pool from second domain"
IdenticalClients "IP of third modem pool from second domain"
DefaultRealm domain2.net
</Client>
<SessionDatabase SQL>
Identifier InSQL
DBSource dbi:mysql:radius:xxxxxxxx
DBUsername xxxxxx
DBAuth xxxxxx
</SessionDatabase>
<Realm domain1.net>
RewriteUsername s/^([^@]+)$/$1\@domain1.net/
<AuthBy SQL>
DBSource dbi:mysql:radius:xxxxxxx
DBUsername xxxxxx
DBAuth xxxxxx
AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
from SUBSCRIBERS \
where USERNAME = '%n'
#AddToReply Service-Type = Framed-User, \
#Framed-Protocol = PPP
AccountingTable ACCT%Y%m
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause
AcctColumnDef NASPORT_TYPE,NAS-Port-Type
AcctColumnDef NASADDRESS,NAS-IP-Address
AcctColumnDef FRAMEDADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef USRCONSPEED,Connect-Speed
AcctColumnDef USRCONSPEED,Connect-Info
AcctColumnDef MODULATION,Modulation-Type
AcctColumnDef CSI,Calling-Station-Id
</AuthBy>
# Log accounting to a detail file
AcctLogFileName ./detail
</Realm>
<Realm domain2.net>
RewriteUsername s/^([^@]+)$/$1\@domain2.net/
<AuthBy SQL>
DBSource dbi:mysql:radius:xxxxxxx
DBUsername xxxxxx
DBAuth xxxxxx
AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
from SUBSCRIBERS \
where USERNAME = '%n'
#AddToReply Service-Type = Framed-User, \
#Framed-Protocol = PPP
AccountingTable ACCT%Y%m
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause
AcctColumnDef NASPORT_TYPE,NAS-Port-Type
AcctColumnDef NASADDRESS,NAS-IP-Address
AcctColumnDef FRAMEDADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef USRCONSPEED,Connect-Speed
AcctColumnDef USRCONSPEED,Connect-Info
AcctColumnDef MODULATION,Modulation-Type
AcctColumnDef CSI,Calling-Station-Id
</AuthBy>
# Log accounting to a detail file
AcctLogFileName ./detail
</Realm>
Thereby essentially throwing anyone from the first group of modems into the
the domain1.net Realm (and using it's RewriteUsername statement), and
throwing anyone from the second group into the domain2.net Realm (and using
it's *different* RewriteUsername statement)?
Mike
On Thursday 08 June 2006 09:39, Hugh Irvine wrote:
> Hello Mike -
>
> You would normally use a DefaultRealm in your Client clauses to add
> the correct Realm to usernames without them, then use different Realm
> clauses like this:
>
>
> # define Client clauses with DefautRealm
>
> <Client 1.1.1.1>
> ......
> DefaultRealm domain1.net
> </Client>
>
> .....
>
> <Client n.n.n.n>
> ......
> DefaultRealm domain1.net
> </Client>
>
> <Client 3.3.3.3>
> ......
> DefaultRealm domain2.net
> </Client>
>
> .....
>
> <Client m.m.m.m>
> ......
> DefaultRealm domain2.net
> </Client>
>
> .....
>
> <Realm domain1.net>
> ......
> </Realm>
>
> <Realm domain2.net>
> .....
> </Realm>
>
> .......
>
>
> Of course you should always test thoroughly on a test server before
> changing a production server.
>
> hope that helps
>
> regards
>
> Hugh
>
> On 8 Jun 2006, at 07:09, Mike Gomez wrote:
> > Hi there,
> >
> > I've been looking through the radiator reference manual on doing some
> > rewriteusername commands, and just wanted to get the list's opinion
> > on if I'm
> > going to be implementing this correctly. Here's my current config
> > file:
> >
> > <Client DEFAULT>
> > IgnoreAcctSignature
> > Secret xxxxxxxx
> > DupInterval 0
> > </Client>
> > <SessionDatabase SQL>
> > Identifier InSQL
> > DBSource dbi:mysql:radius:xxxxxxxx
> > DBUsername xxxxxx
> > DBAuth xxxxxx
> > </SessionDatabase>
> > <Realm DEFAULT>
> > RewriteUsername s/^([^@]+)$/$1\@domain1.net/
> > <AuthBy SQL>
> > DBSource dbi:mysql:radius:xxxxxxx
> > DBUsername xxxxxx
> > DBAuth xxxxxx
> > AuthSelect select PASSWORD,CHECKATTR,REPLYATTR \
> > from SUBSCRIBERS \
> > where USERNAME = '%n'
> >
> > #AddToReply Service-Type = Framed-User, \
> > #Framed-Protocol = PPP
> > AccountingTable ACCT%Y%m
> > AcctColumnDef USERNAME,User-Name
> > AcctColumnDef TIME_STAMP,Timestamp,integer-date
> > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-
> > Octets,integer
> > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-
> > Octets,integer
> > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > AcctColumnDef ACCTSESSIONTIME,Acct-Session-
> > Time,integer
> > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-
> > Cause
> > AcctColumnDef ACCTTERMINATECAUSE,Ascend-
> > Disconnect-Cause
> > AcctColumnDef NASPORT_TYPE,NAS-Port-Type
> > AcctColumnDef NASADDRESS,NAS-IP-Address
> > AcctColumnDef FRAMEDADDRESS,Framed-IP-Address
> > AcctColumnDef NASIDENTIFIER,NAS-Identifier
> > AcctColumnDef NASPORT,NAS-Port,integer
> > AcctColumnDef USRCONSPEED,Connect-Speed
> > AcctColumnDef USRCONSPEED,Connect-Info
> > AcctColumnDef MODULATION,Modulation-Type
> > AcctColumnDef CSI,Calling-Station-Id
> >
> >
> > </AuthBy>
> > # Log accounting to a detail file
> > AcctLogFileName ./detail
> > </Realm>
> >
> > As you can see, I've got the RewriteUsername s/^([^@]+)$/$1
> > \@domain1.net/
> > under <Realm DEFAULT>. What's happening is I've got a second set
> > of modem
> > pools (from a different domain) that I'm going to be switching to
> > our radius
> > server here soon. So, I need a different rewrite username statement
> > (RewriteUsername s/^([^@]+)$/$1\@domain2.net/) to apply to requests
> > only from
> > that second group of modem pools. Can I use something like:
> >
> > <Client "IP of first modem pool">
> > IgnoreAcctSignature
> > Secret xxxxxxxx
> > IdenticalClients "IP of second modem pool"
> > IdenticalClients "IP of third modem pool"
> > RewriteUsername s/^([^@]+)$/$1\@domain2.net/
> > </Client>
> >
> > or would the rewriteusername statement under <Realm DEFAULT>
> > override that? I
> > just wanted to get opinions on it before I start messing with a
> > production
> > system. ;)
> >
> > Thanks!
> > --
> > Mike Gomez
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB: I am travelling this week, so there may be delays in our
> correspondence.
--
Mike Gomez
Network Operations Center
I-Land Internet Services
660.829.4638 Ext. 130
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list