[RADIATOR] Reply-Message

Hugh Irvine hugh at open.com.au
Fri Feb 19 16:17:57 CST 2016 

Hello Gabe -

Here is how to do what you describe.
Note the AuthSelect and AuthColumnDef’s.

regards

Hugh


# test.cfg - this is the combined auth config that I threw together
#
Foreground
LogStdout
LogDir		/etc/radiator
DbDir		.
DictionaryFile	/etc/radiator/dictionary
# User a lower trace level in production systems:
Trace 		4

<Client #####>
	Identifier Cisco
        Secret  #######
        DupInterval 0
</Client>

<Client ######>
	Identifier Sophos
        Secret  ######
        DupInterval 0
</Client>

<Client #####>
	Identifier Paolo
        Secret  #######
        DupInterval 0
</Client>

<SessionDatabase SQL>
	Identifier radiator
	DBSource	dbi:mysql:radiator:localhost:3306
	DBUsername	######
	DBAuth	############
	AddQuery insert into RADONLINE (USERNAME, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS) values ('%u', %3, %{Timestamp}, '%{Framed-IP-Address}')
</SessionDataBase>

<AuthBy SQL>
	Identifier Cisco
	DBSource	dbi:mysql:radiator:localhost:3306
	DBUsername	#######
	DBAuth		#########
	AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0
	AuthColumnDef 0, User-Password, check
	# You may want to tailor these for your ACCOUNTING table
	# You can add your own columns to store whatever you like
	AccountingTable	ACCOUNTING
	AcctColumnDef	USERNAME,User-Name
	AcctColumnDef	TIME_STAMP,Timestamp,integer
	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
	AcctColumnDef	NASPORT,NAS-Port,integer
	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
	#
	AcctFailedLogFileName /etc/radiator/missedaccounting
	#
</AuthBy>

<AuthBy SQL>
	Identifier Sophos
	DBSource	dbi:mysql:radiator:localhost:3306
	DBUsername	######
	DBAuth		############

	AuthSelect select Password, Groupname from RadUsers where Username=%0
	AuthColumnDef 0, User-Password, check
	AuthColumnDef 1, Reply-Message, reply

	AccountingTable	ACCOUNTING
	AcctColumnDef	USERNAME,User-Name
	AcctColumnDef	TIME_STAMP,Timestamp,integer
	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
	AcctColumnDef	NASPORT,NAS-Port,integer
	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
	#
	AcctFailedLogFileName /etc/radiator/missedaccounting
	#
</AuthBy>

<AuthBy SQL>
	Identifier Paolo
	DBSource	dbi:mysql:radiator:localhost:3306
	DBUsername	#######
	DBAuth		###############

	AuthSelect select Password, Groupname from RadUsers where Username=%0
	AuthColumnDef 0, User-Password, check
	AuthColumnDef 1, Reply-Message, reply

	AccountingTable	ACCOUNTING
	AcctColumnDef	USERNAME,User-Name
	AcctColumnDef	TIME_STAMP,Timestamp,integer
	AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type
	AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
	AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
	AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
	AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
	AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
	AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause
	AcctColumnDef	NASIDENTIFIER,NAS-Identifier
	AcctColumnDef	NASPORT,NAS-Port,integer
	AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
	#
	AcctFailedLogFileName /etc/radiator/missedaccounting
	#
</AuthBy>

<Handler Client-Identifier = Cisco>
        SessionDatabase radiator
        #AuthLog 
        AuthBy Cisco
        AcctLogFileName /etc/radiator/cisco/%m-%Y-Local
</Handler>

<Handler Client-Identifier = Sophos>
        SessionDatabase radiator   
       # AuthLog /etc/radiator/sophos
        AuthBy Sophos                
        AcctLogFileName /etc/radiator/sophos/%m-%Y-Local
</Handler>

<Handler Client-Identifier = Paolo>
        SessionDatabase radiator   
       # AuthLog /etc/radiator/paolo
        AuthBy Paolo                
        AcctLogFileName /etc/radiator/paolo/%m-%Y-Local
</Handler>




> On 20 Feb 2016, at 05:27, Gabe Carmichael <gabe at lksd.org> wrote:
> 
> Good morning,
> I am running into an issue where Im stumped. I am trying to use a Reply-Message to reply with a group name from one of the mysql tables. Im not having any luck getting the Reply-Message to work the way I want. I know the mysql statement returns the right value, as I have it tested in phpmyadmin. 
> 
> Below is the query, and a level 4 trace, and my config. 
> 
> Table Structure:
> 
> Username  Password Groupname Notes Commonname
> 
> 
> 
> 
> -- 
> Gabe Carmichael
> Systems Analyst - Networking/Email
> Lower Kuskokwim School District
> 907-543-4860
> LKSD Internal 4 digit dial - 4860
> Skype: gabes72riv
> gabe at lksd.org
> 
> <Output.rtf><radius 2.cfg>_______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list