(RADIATOR) SQL logging and User-Name
Wyman Miles
wm63 at cornell.edu
Tue May 22 19:38:10 CDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --On Wednesday, May 23, 2007 9:18 AM +1000 Hugh Irvine <hugh at open.com.au>
wrote:
>
> Hello Wyman -
>
> You should use something like this:
>
>
> AcctColumnDef USERNAME, %w, formatted
>
>
> You will also need to check a trace 4 debug to see exactly what is in
> the User-Name attribute when the accounting requests are received.
>
We're keeping flat file accounting records to recover from things like
this.
We'll get "User-Name = rrguest_555" while the entry in the SQL DB is just
empty.
> See sections 5.2 and 5.29.14 in the Radiator 3.17.1 reference manual
> ("doc/ref.html").
>
I'll take a look. Thanks!
> regards
>
> Hugh
>
>
>
> On 23 May 2007, at 00:46, Wyman Miles wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I'm trying to get a clean username logged out of accounting
>> records, but
>> having a little trouble. We've got a variety of NAS contributing
>> to this
>> - -- 3Com ARC, Cisco ASA5500, and Siemens HiPath.
>>
>> Pertinent config looks like:
>>
>> <AuthBy SQL>
>> Identifier SQLAccounting
>> AuthSelect
>> DBSource ...
>> DBUsername ...
>> DBAuth ...
>> HandleAcctStatusTypes Start,Stop
>> AcctFailedLogFileName %L/sqlacct.misfires
>> AccountingTable radacct
>> AcctColumnDef USERNAME,User-Name
>> AcctColumnDef REALM,%W
>> ...
>> </AuthBy>
>>
>> In the above config, I'll get "wm63 at CIT.VPN"
>>
>> I've been through various flavors of "%u" "%U" and "%w". For some
>> combination of NAS and User-Name sent, I'll get empty values in the
>> table.
>>
>> What's the magic syntax to get the username as sent in the initial
>> packet,
>> minus the realm, reliably?
>>
>> Thanks!
>>
>>
>> Wyman Miles
>> Senior Security Engineer
>> Cornell University, Ithaca, NY
>> (607) 255-8421
>> -----BEGIN PGP SIGNATURE-----
>> Version: Mulberry PGP Plugin v3.0
>> Comment: processed by Mulberry PGP Plugin
>>
>> iQA/AwUBRlMCSMRE6QfTb3V0EQKoNQCfYN/c9YQzULdSd+4Es+Zo09evN9IAn1C9
>> KVBvvd9fEcMvW3OyhWwKwLSC
>> =WYGW
>> -----END PGP SIGNATURE-----
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
Wyman Miles
Senior Security Engineer
Cornell University, Ithaca, NY
(607) 255-8421
-----BEGIN PGP SIGNATURE-----
Version: Mulberry PGP Plugin v3.0
Comment: processed by Mulberry PGP Plugin
iQA/AwUBRlOM8sRE6QfTb3V0EQIHwgCcC+gHHFYAHrYsU3wIUY5f7slhu9YAnAgS
w+hZszRE2k9qQD4R0/Y2KEwl
=dAM7
-----END PGP SIGNATURE-----
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list