[RADIATOR] Loading configuration dynamically from SQL database

Remco van Noorloos rvannoorloos at proxsys.nl
Mon Apr 11 03:42:59 CDT 2011 

Hi Heikki,

Thanks for your answer!

I've tried your suggestion and I managed to get some variables dynamically from an SQL database. 

When I try AuthColumnDef twice in two different AuthBy SQL's it doesn't seem to work though. The 'AUTH_BACKEND' and 'CONNECTION_ID' are working properly. When Radiator reaches the AuthBy LDAP2 it tries to connect with LDAP to 'LDAP_SERVER'. The value of this attribute isn't set and therefore Radiator is unable to authenticate against the Active Directory. The query in AuthSelect is returning correct values though. 

Is it not possible to use AuthColumnDef twice or something? I tried different configurations with the Authby's outside an Handler as well.

The current configuration is as follows:

---

LogDir		C:\Program Files\Radiator\logs
LogFile		%L\%Y%m%d-%H00-radius.log
DbDir		C:\Progam Files\Radiator
DictionaryFile C:\Program Files\Radiator\dictionary

Trace 		5

<Client DEFAULT>
	Secret			mysecret
	DupInterval 	0
</Client>

<AuthBy SQL>
	Identifier 	DETERMINE_AUTH_BACKEND
	
	DBSource	dbi:ODBC:DRIVER={SQL Server};SERVER={localhost};DATABASE=dbPMS
	DBUsername	sa_pmsuser
	DBAuth		123pms
	
	AuthSelect	EXEC spGetAuthenticationSource %0, %{Quote:%{NAS-Port-Type}}, %{Quote:%{Service-Type}}, %{Quote:%{Acct-Sess-ID}}
	
	AuthColumnDef 0, AUTH_BACKEND, request
	AuthColumnDef 1, CONNECTION_ID, request
</AuthBy>


<Handler>
	AuthByPolicy ContinueWhileAccept
	
	<AuthBy GROUP>
        AuthByPolicy 	ContinueUntilAccept
        AuthBy 			DETERMINE_AUTH_BACKEND
    </AuthBy>
    <AuthBy HANDLER>
        HandlerId 		AUTH_USER_%{AUTH_BACKEND}
    </AuthBy>
    #AuthBy sql-add-reply-attributes

</Handler>

<Handler>
    Identifier AUTH_USER_realmLDAP
	
	AuthByPolicy ContinueWhileAccept
	
	<AuthBy SQL>
		DBSource	dbi:ODBC:DRIVER={SQL Server};SERVER={localhost};DATABASE=dbPMS
		DBUsername	sa_pmsuser
		DBAuth		123pms
		
		AuthSelect	EXEC spLDAPGetProperties %0, %{CONNECTION_ID}
		
		AuthColumnDef 0, LDAP_SERVER, request
		AuthColumnDef 1, LDAP_AUTHDN, request
		AuthColumnDef 2, LDAP_AUTHPASSWORD, request
		AuthColumnDef 3, LDAP_BASEDN, request
		AuthColumnDef 4, LDAP_SEARCH_FILTER, request
	</AuthBy>
	<AuthBy LDAP2>
		Host			%{LDAP_SERVER}
		
		AuthDN			%{LDAP_AUTHDN}
		AuthPassword	%{LDAP_AUTHPASSWORD}

		BaseDN			%{LDAP_BASEDN}

		SearchFilter 	(&(userPrincipalName=%1)(memberOf=%{LDAP_SEARCH_FILTER}))

		ServerChecksPassword
		
		HoldServerConnection
		  
		#Debug 255

		Timeout 		10
		FailureBackoffTime 1

		Version 		3
	</AuthBy>
	
</Handler>

---

Logging:

---

Code:       Access-Request
Identifier: 71
Authentic:  <245><135><138>2<21><143>'<136><169><201><134>}<251><24>@<246>
Attributes:
	User-Name = "rvannoorloos at proxsys.net"
	Service-Type = Framed-User
	NAS-IP-Address = 203.63.154.1
	NAS-Identifier = "203.63.154.1"
	NAS-Port = 1234
	Called-Station-Id = "123456789"
	Calling-Station-Id = "987654321"
	NAS-Port-Type = Async
	User-Password = <158><252>xt"cP<217><217><197><4><229><208>-<6>;

Mon Apr 11 10:02:41 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 10:02:41 2011: DEBUG:  Deleting session for rvannoorloos at proxsys.net, 203.63.154.1, 1234
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthGROUP: 
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL: DETERMINE_AUTH_BACKEND
Mon Apr 11 10:02:41 2011: DEBUG: Query is: 'EXEC spGetAuthenticationSource 'rvannoorloos at proxsys.net', 'Async', 'Framed-User', ''': 
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL looks for match with rvannoorloos at proxsys.net [rvannoorloos at proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL ACCEPT: : rvannoorloos at proxsys.net [rvannoorloos at proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthGROUP: DETERMINE_AUTH_BACKEND result: ACCEPT, 
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy GROUP result: ACCEPT, 
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthHANDLER: 
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy HANDLER is redirecting to Handler 'AUTH_USER_realmLDAP'
Mon Apr 11 10:02:41 2011: DEBUG: Handling request with Handler '', Identifier 'AUTH_USER_realmLDAP'
Mon Apr 11 10:02:41 2011: DEBUG:  Deleting session for rvannoorloos at proxsys.net, 203.63.154.1, 1234
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL: 
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL: 
Mon Apr 11 10:02:41 2011: DEBUG: Query is: 'EXEC spLDAPGetProperties 'rvannoorloos at proxsys.net', 369': 
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL looks for match with rvannoorloos at proxsys.net [rvannoorloos at proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL ACCEPT: : rvannoorloos at proxsys.net [rvannoorloos at proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy SQL result: ACCEPT, 
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthLDAP2: 
Mon Apr 11 10:02:41 2011: INFO: Connecting to :389
Mon Apr 11 10:02:41 2011: ERR: Could not open LDAP connection to :389. Backing off for 1 seconds.
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy LDAP2 result: IGNORE, User database access error
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy HANDLER result: IGNORE, User database access error

More information about the radiator mailing list