[RADIATOR] MySQL Authentication from two possible fields

Hugh Irvine hugh at open.com.au
Mon Jun 7 09:43:08 CDT 2010 

Hello Adam -

To do what you show below you will need an AuthByPolicy ContinueUntilAccept:


<Realm DEFAULT>

	AuthByPolicy ContinueUntilAccept

	<AuthBy SQL>
		…..
	</AuthBy>

	<AuthBy SQL>
		…..
	</AuthBy>

</Realm>


regards

Hugh



On 7 Jun 2010, at 10:30, Adam Gerson wrote:

> We have successfully authenticated a MAC address passed into Raditor as the username against a SQL database using  <AuthBy SQL>
> 
> AuthSelect select REPLACE(mac_address,'.','') from computers where REPLACE(mac_address,'.','') = '%{User-Name}'
> AuthColumnDef 0, User-Name, check
> 
> Here is the problem. Our MYSQL database stores wired MAC in one field and wireless MAC in another field. We want either to result in a valid match.
> 
> Is there a way to tell Raditor to look for the username/mac in a field called mac_address OR alt_mac_address? Can we run a second AuthSelect query on the second field and have it return sucess if either one matches?
> 
> Based on the documentation I thought something like this would work, but it did not. I also tried adding AcceptIfMissing to the first AuthBy SQL, but then it accepted MACs not present in the database.
> 
> 
> <Realm DEFAULT>
>    <AuthBy SQL>
> 	
> 	DBSource	dbi:mysql:jamfsoftware:127.0.0.1
> 	DBUsername	jamfsoftware
> 	DBAuth		****
> 
> 	AuthSelect select REPLACE(mac_address,'.','') from computers where REPLACE(mac_address,'.','') = '%{User-Name}'
> 	AuthColumnDef 0, User-Name, check
> 	NoDefault
>    </AuthBy>
>    <AuthBy SQL>
> 	
> 	DBSource	dbi:mysql:jamfsoftware:127.0.0.1
> 	DBUsername	jamfsoftware
> 	DBAuth		****
> 	AuthSelect select REPLACE(alt_mac_address,'.','') from computers where REPLACE(alt_mac_address,'.','') = '%{User-Name}'
> 	AuthColumnDef 0, User-Name, check
> 	NoDefault
>    </AuthBy>
> 	# Log accounting to a detail file
> 	AcctLogFileName	%L/detail
> </Realm>
> 
> Thanks,
> Adam
> 
> 
> -- 
> Adam Gerson
> Assistant Director of Technology
> Columbia Grammar and Prep School
> phone. 212-749-6200 ex. 321
> fax.  212-428-6806
> agerson at cgps.org
> http://www.cgps.org
> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list