(RADIATOR) Problem with the username that is used for online confirmation

Hugh Irvine hugh at open.com.au
Thu Mar 30 04:00:52 CST 2006


Hello Vangelis -

You must extend the RADONLINE table to include a field to contain the  
original username and modify the AddQuery so it adds both the  
rewritten username and the original username to the table. Then the  
fifth field in the CountQuery must be the original username.

hope that helps

regards

Hugh


On 30 Mar 2006, at 20:43, Vangelis Kyriakakis wrote:

> Hello,
>
>     I see from the logfiles that Radiator always uses the whole  
> username that is being authenticated as the username that is used  
> for online confirmation via SNMP.
>     The manual says in CountQuery "If a user name is present as the  
> fifth field returned by the query, that is the user name that will  
> be used to confirm the user is still on line.".
>     Using the following configuration:
>
> <Handler Client-Identifier=adsl>
>        RejectHasReason
>        RewriteUsername s/^([^@]+).*/$1/
>        AuthBy adsl
>        SessionDatabase Session-dsl
>        AuthLog logger
> </Handler>
>
> <SessionDatabase SQL>
>        Identifier Session-dsl
>        DBSource dbi:Sybase:RADIUS
>        DBUsername tacacs
>        DBAuth xxxxxxx
>        Timeout 5
>        FailureBackoffTime 5
>        AddQuery insert into netman..RADONLINE  
> (USERNAME,NASIDENTIFIER,NASPORT,\
>               ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,\
>               SERVICETYPE) values ('%U','%N',0%{NAS-Port},'%{Acct- 
> Session-Id}',\
>               %{Timestamp},'%{Framed-IP-Address}','%{NAS-Port-Type}',\
>               '%{Service-Type}')
>        DeleteQuery delete from netman..RADONLINE where  
> NASIDENTIFIER='%1' and NASPORT=0%2
>        ClearNasQuery delete from netman..RADONLINE where  
> NASIDENTIFIER='%N'
>        CountQuery select NASIDENTIFIER, NASPORT, hextoint 
> (ACCTSESSIONID), FRAMEDIPADDRESS, USERNAME from netman..RADONLINE wh
> ere USERNAME='%U'
> </SessionDatabase>
> If the user that is being authenticated is user at domain then  
> Radiator always uses user at domain as the username that is checked  
> against the snmpget result although the RADONLINE database keeps  
> only user in the USERNAME field.
>
>     Am I doing something wrong, or is this a bug?
>
>                   Regards
>                        Vangelis Kyriakakis
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list