[RADIATOR] SessionDatabaseUseRewrittenName
Hugh Irvine
hugh at open.com.au
Fri Nov 21 01:01:50 CST 2008
Hello Ian -
You should be using '%n' in your query - see section 5.2 in the
Radiator 4.3.1 reference manual ("doc/ref.pdf").
regards
Hugh
On 21 Nov 2008, at 17:12, Ian Henderson wrote:
> Hi all,
>
> I'm running a very simple Radiator installation that keeps a session
> database of connected users from wired 802.1x, wireless 802.1x and
> VPN (a sort of "where's bob" utility). I'm using
> 'SessionDatabaseUseRewrittenName' with two rewrites - one to
> lowercase, and then Windows domain\user to user at domain. The session
> database isn't seeing the rewritten username though.
>
> Ubuntu Linux 8.04.1
> Radiator 4.3.1
> MySQL 5.0.51a-3ubuntu5.3-log
>
> Log entries show the rewrites occurring, and then the replace into
> using the old username. This is causing MySQL to interpret the slash
> as a control character. For example, a user 'DOMAIN\nick' is being
> interpreted by MySQL as 'DOMAIN<newline>ick'.
>
> Fri Nov 21 05:56:22 2008: DEBUG: Rewrote user name to domain\johndoe
> Fri Nov 21 05:56:22 2008: DEBUG: Rewrote user name to johndoe at domain
> Fri Nov 21 05:56:22 2008: DEBUG: session Replacing session for
> johndoe at domain, 10.59.208.3, 17380
> Fri Nov 21 05:56:22 2008: DEBUG: do query is: 'replace into
> RADONLINE (USERNAME, NASIPADDRESS, ACCTSESSIONID, TIME_STAMP,
> FRAMEDIPADDRESS, NASPORTTYPE, CISCONASPORT, CALLEDSTATIONID,
> CALLINGSTATIONID) values ("DOMAIN\johndoe", '10.59.208.3',
> '000064B4', 1227246982, '', 'Wireless-IEEE-802-11', '',
> '0016.9cba.c780', '001c.bf8a.c9d8')':
>
> Anybody have any ideas? Config follows.
>
> -----
> Foreground
> AcctPort 1813,1646
> AuthPort 1812,1645
> BindAddress 0.0.0.0
> LogDir /var/log/radiator/
> DbDir /etc/radiator/
> LogFile %L/acct.log
> Trace 10
>
> <Client DEFAULT>
> Secret xxxxx
> DupInterval 0
> </Client>
>
> <Handler>
> # Translate all uppercase to lowercase
> RewriteUsername tr/A-Z/a-z/
> # Rewrite domain/user into user at domain
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
> <AuthBy SQL>
> </AuthBy>
>
> SessionDatabaseUseRewrittenName
>
> </Handler>
>
> <SessionDatabase SQL>
> Identifier session
> DBSource dbi:mysql:radius
> DBUsername xxxxx
> DBAuth xxxxx
>
> ReplaceQuery replace into RADONLINE (USERNAME, NASIPADDRESS,
> ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE,
> CISCONASPORT, CALLEDSTATIONID, CALLINGSTATIONID) values ("%u", '%
> {NAS-IP-Address}', '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-
> Address}', '%{NAS-Port-Type}', '%{Cisco-NAS-Port}', '%{Called-
> Station-Id}', '%{Calling-Station-Id}')
>
> DeleteQuery delete from RADONLINE where NASIPADDRESS = '%{NAS-
> IP-Address}' and ACCTSESSIONID='%{Acct-Session-Id}'
>
> </SessionDatabase>
> -----
>
> Thanks,
>
>
>
> - I.
>
> --
> Ian Henderson, CCIE #14721
> Senior Network Engineer, iiNet Limited
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list