[RADIATOR] AuthByPolicy - Always do every authentication method

Hugh Irvine hugh at open.com.au
Thu Mar 26 04:26:24 CST 2009


Hello Alex -

As mentioned previously, you are looking at the processing for an  
accounting request, but you have not configured anything in the AuthBy  
URL clause to deal with accounting.

If you haven't specified "AcctUrl ...." in the configuration file,  
there will be no accounting processing and no logging.

See section 5.59 in the Radiator 4.4 reference manual ("doc/ref.html").

See also the example configuration file in "goodies/url.cfg".

regards

Hugh


On 26 Mar 2009, at 19:19, Alex Massover wrote:

> Hi Hugh!
>
> It really looks like it goes to the second AuthByGROUP, but it  
> doesn't reach AuthByURL inside the group. Here's a full log:
>
> Thu Mar 26 08:04:50 2009: DEBUG: Handling request with Handler  
> 'Realm=DEFAULT'
> Thu Mar 26 08:04:50 2009: DEBUG:  Deleting session for , x.x.x.x, 5060
> Thu Mar 26 08:04:50 2009: DEBUG: Handling with Radius::AuthGROUP:
> Thu Mar 26 08:04:50 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Mar 26 08:04:50 2009: DEBUG: Handling accounting with  
> Radius::AuthSQL
> Thu Mar 26 08:04:50 2009: DEBUG: do query is: 'insert into RATEDCDR  
> (AcctSessionId 
> ,AcctStatusType 
> ,CalledStationId 
> ,CallingStationId 
> ,ConnectInfo 
> ,EventTimestamp 
> ,NASIPAddress 
> ,SIPTOTAG,ServiceType,SipFromTag,SipMethod,SipResponseCode) values  
> ('MjcxYjQyMTg2MjEwMmM2YWNlNzIwZjlmN2VkYjczM2U 
> .','Stop','test','xxxxxxxxx','sip:test at 172.50.10.45:27510;transport=udp',1238054689,'x.x.x.x','3447043391-77604','Sip-Session','096b2e07','Bye',200)' 
> :
> Thu Mar 26 08:04:50 2009: DEBUG: Handling with Radius::AuthGROUP:
> Thu Mar 26 08:04:50 2009: DEBUG: AuthBy GROUP result: ACCEPT,
> Thu Mar 26 08:04:50 2009: DEBUG: Accounting accepted
> Thu Mar 26 08:04:50 2009: DEBUG: Packet dump:
>
> Looks like the second AuthByGROUP return immediately ACCEPT without  
> even trying AuthByURLs inside.
>
> Even more simple configuration:
>
> <AuthBy GROUP>
> AuthByPolicy Every
>        <AuthBy SQL>
>        </AuthBy>
>                <AuthBy URL>
>                </AuthBy>
> </AuthBy>
>
> Produce exactly the same log:
>
> Thu Mar 26 08:16:04 2009: DEBUG: Handling with Radius::AuthGROUP:
> Thu Mar 26 08:16:04 2009: DEBUG: Handling with Radius::AuthSQL:
> Thu Mar 26 08:16:04 2009: DEBUG: Handling accounting with  
> Radius::AuthSQL
> Thu Mar 26 08:16:04 2009: DEBUG: do query is: 'insert into RATEDCDR  
> (AcctSessionId 
> ,AcctStatusType 
> ,CalledStationId 
> ,CallingStationId 
> ,ConnectInfo 
> ,EventTimestamp 
> ,NASIPAddress 
> ,SIPTOTAG,ServiceType,SipFromTag,SipMethod,SipResponseCode) values ...
> Thu Mar 26 08:16:04 2009: DEBUG: AuthBy GROUP result: ACCEPT,
> Thu Mar 26 08:16:04 2009: DEBUG: Accounting accepted
> Thu Mar 26 08:16:04 2009: DEBUG: Packet dump:
>
> Looks like "AuthByPolicy Every" doesn't do every auth method like it  
> supposed to.
>
> --
> Best Regards,
> Alex Massover
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Wednesday, March 25, 2009 11:19 PM
> To: Alex Massover
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] AuthByPolicy - Always do every  
> authentication method
>
>
> Hello Alex -
>
> I don't think there is anything wrong with your configuration - the
> debug shows you are doing the first AuthBy GROUP and the second AuthBy
> GROUP.
>
> However, what you are looking at is an accounting request, not an
> authentication request.
>
> regards
>
> Hugh
>
>
> On 25 Mar 2009, at 23:50, Alex Massover wrote:
>
>> Hi!
>>
>> I'm working with accounting and trying to log every request to SQL
>> prior to sending it to application server.
>>
>> Docs state for AuthByPolicy:
>> "- anything else
>> Always do every authentication method. Returns the result of the
>> last one."
>>
>> And this is exactly what I need, i.e. always do SQL and after send
>> it to application server and return the result of application server.
>>
>> Here what I have:
>>
>> cat radius.cfg | grep AuthBy
>>
>> <AuthBy GROUP>
>> AuthByPolicy Every
>>       <AuthBy SQL>
>>       </AuthBy>
>>       <AuthBy GROUP>
>>       AuthByPolicy ContinueUntilAccept
>>                       <AuthBy URL>
>>                       </AuthBy>
>>                       <AuthBy URL>
>>                       </AuthBy>
>>                       <AuthBy URL>
>>                       </AuthBy>
>>               <AuthBy INTERNAL>
>>                       </AuthBy>
>>       </AuthBy>
>> </AuthBy>
>>
>> But the requests never continue beyond the SQL:
>>
>> Wed Mar 25 11:56:16 2009: DEBUG: Handling with Radius::AuthGROUP:
>> Wed Mar 25 11:56:16 2009: DEBUG: Handling with Radius::AuthSQL:
>> Wed Mar 25 11:56:16 2009: DEBUG: Handling accounting with
>> Radius::AuthSQL
>> ...
>> Wed Mar 25 11:56:16 2009: DEBUG: Handling with Radius::AuthGROUP:
>> Wed Mar 25 11:56:16 2009: DEBUG: AuthBy GROUP result: ACCEPT,
>> Wed Mar 25 11:56:16 2009: DEBUG: Accounting accepted
>>
>>
>> What can be wrong with my configuration please?
>>
>> --
>> Best Regards,
>> Alex Massover
>>
>>
>>
>>
>> This mail was sent via Mail-SeCure System.
>>
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
>
>
> This mail was received via Mail-SeCure System.
>
>
>
>
>
> This mail was sent via Mail-SeCure System.
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.




More information about the radiator mailing list