[RADIATOR] AuthByPolicy - Always do every authentication method
Alex Massover
alex at jajah.com
Thu Mar 26 02:19:52 CST 2009
Hi Hugh!
It really looks like it goes to the second AuthByGROUP, but it doesn't reach AuthByURL inside the group. Here's a full log:
Thu Mar 26 08:04:50 2009: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Thu Mar 26 08:04:50 2009: DEBUG: Deleting session for , x.x.x.x, 5060
Thu Mar 26 08:04:50 2009: DEBUG: Handling with Radius::AuthGROUP:
Thu Mar 26 08:04:50 2009: DEBUG: Handling with Radius::AuthSQL:
Thu Mar 26 08:04:50 2009: DEBUG: Handling accounting with Radius::AuthSQL
Thu Mar 26 08:04:50 2009: DEBUG: do query is: 'insert into RATEDCDR (AcctSessionId,AcctStatusType,CalledStationId,CallingStationId,ConnectInfo,EventTimestamp,NASIPAddress,SIPTOTAG,ServiceType,SipFromTag,SipMethod,SipResponseCode) values ('MjcxYjQyMTg2MjEwMmM2YWNlNzIwZjlmN2VkYjczM2U.','Stop','test','xxxxxxxxx','sip:test at 172.50.10.45:27510;transport=udp',1238054689,'x.x.x.x','3447043391-77604','Sip-Session','096b2e07','Bye',200)':
Thu Mar 26 08:04:50 2009: DEBUG: Handling with Radius::AuthGROUP:
Thu Mar 26 08:04:50 2009: DEBUG: AuthBy GROUP result: ACCEPT,
Thu Mar 26 08:04:50 2009: DEBUG: Accounting accepted
Thu Mar 26 08:04:50 2009: DEBUG: Packet dump:
Looks like the second AuthByGROUP return immediately ACCEPT without even trying AuthByURLs inside.
Even more simple configuration:
<AuthBy GROUP>
AuthByPolicy Every
<AuthBy SQL>
</AuthBy>
<AuthBy URL>
</AuthBy>
</AuthBy>
Produce exactly the same log:
Thu Mar 26 08:16:04 2009: DEBUG: Handling with Radius::AuthGROUP:
Thu Mar 26 08:16:04 2009: DEBUG: Handling with Radius::AuthSQL:
Thu Mar 26 08:16:04 2009: DEBUG: Handling accounting with Radius::AuthSQL
Thu Mar 26 08:16:04 2009: DEBUG: do query is: 'insert into RATEDCDR (AcctSessionId,AcctStatusType,CalledStationId,CallingStationId,ConnectInfo,EventTimestamp,NASIPAddress,SIPTOTAG,ServiceType,SipFromTag,SipMethod,SipResponseCode) values ...
Thu Mar 26 08:16:04 2009: DEBUG: AuthBy GROUP result: ACCEPT,
Thu Mar 26 08:16:04 2009: DEBUG: Accounting accepted
Thu Mar 26 08:16:04 2009: DEBUG: Packet dump:
Looks like "AuthByPolicy Every" doesn't do every auth method like it supposed to.
--
Best Regards,
Alex Massover
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, March 25, 2009 11:19 PM
To: Alex Massover
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] AuthByPolicy - Always do every authentication method
Hello Alex -
I don't think there is anything wrong with your configuration - the
debug shows you are doing the first AuthBy GROUP and the second AuthBy
GROUP.
However, what you are looking at is an accounting request, not an
authentication request.
regards
Hugh
On 25 Mar 2009, at 23:50, Alex Massover wrote:
> Hi!
>
> I'm working with accounting and trying to log every request to SQL
> prior to sending it to application server.
>
> Docs state for AuthByPolicy:
> "- anything else
> Always do every authentication method. Returns the result of the
> last one."
>
> And this is exactly what I need, i.e. always do SQL and after send
> it to application server and return the result of application server.
>
> Here what I have:
>
> cat radius.cfg | grep AuthBy
>
> <AuthBy GROUP>
> AuthByPolicy Every
> <AuthBy SQL>
> </AuthBy>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
> <AuthBy URL>
> </AuthBy>
> <AuthBy URL>
> </AuthBy>
> <AuthBy URL>
> </AuthBy>
> <AuthBy INTERNAL>
> </AuthBy>
> </AuthBy>
> </AuthBy>
>
> But the requests never continue beyond the SQL:
>
> Wed Mar 25 11:56:16 2009: DEBUG: Handling with Radius::AuthGROUP:
> Wed Mar 25 11:56:16 2009: DEBUG: Handling with Radius::AuthSQL:
> Wed Mar 25 11:56:16 2009: DEBUG: Handling accounting with
> Radius::AuthSQL
> ...
> Wed Mar 25 11:56:16 2009: DEBUG: Handling with Radius::AuthGROUP:
> Wed Mar 25 11:56:16 2009: DEBUG: AuthBy GROUP result: ACCEPT,
> Wed Mar 25 11:56:16 2009: DEBUG: Accounting accepted
>
>
> What can be wrong with my configuration please?
>
> --
> Best Regards,
> Alex Massover
>
>
>
>
> This mail was sent via Mail-SeCure System.
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
This mail was received via Mail-SeCure System.
This mail was sent via Mail-SeCure System.
More information about the radiator
mailing list