(RADIATOR) SQL logging and User-Name
Hugh Irvine
hugh at open.com.au
Tue May 22 18:18:24 CDT 2007
Hello Wyman -
You should use something like this:
AcctColumnDef USERNAME, %w, formatted
You will also need to check a trace 4 debug to see exactly what is in
the User-Name attribute when the accounting requests are received.
See sections 5.2 and 5.29.14 in the Radiator 3.17.1 reference manual
("doc/ref.html").
regards
Hugh
On 23 May 2007, at 00:46, Wyman Miles wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm trying to get a clean username logged out of accounting
> records, but
> having a little trouble. We've got a variety of NAS contributing
> to this
> - -- 3Com ARC, Cisco ASA5500, and Siemens HiPath.
>
> Pertinent config looks like:
>
> <AuthBy SQL>
> Identifier SQLAccounting
> AuthSelect
> DBSource ...
> DBUsername ...
> DBAuth ...
> HandleAcctStatusTypes Start,Stop
> AcctFailedLogFileName %L/sqlacct.misfires
> AccountingTable radacct
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef REALM,%W
> ...
> </AuthBy>
>
> In the above config, I'll get "wm63 at CIT.VPN"
>
> I've been through various flavors of "%u" "%U" and "%w". For some
> combination of NAS and User-Name sent, I'll get empty values in the
> table.
>
> What's the magic syntax to get the username as sent in the initial
> packet,
> minus the realm, reliably?
>
> Thanks!
>
>
> Wyman Miles
> Senior Security Engineer
> Cornell University, Ithaca, NY
> (607) 255-8421
> -----BEGIN PGP SIGNATURE-----
> Version: Mulberry PGP Plugin v3.0
> Comment: processed by Mulberry PGP Plugin
>
> iQA/AwUBRlMCSMRE6QfTb3V0EQKoNQCfYN/c9YQzULdSd+4Es+Zo09evN9IAn1C9
> KVBvvd9fEcMvW3OyhWwKwLSC
> =WYGW
> -----END PGP SIGNATURE-----
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list