# test.cfg - this is the combined auth config that I threw together
#
Foreground
LogStdout
LogDir /etc/radiator
DbDir .
DictionaryFile /etc/radiator/dictionary
# User a lower trace level in production systems:
Trace 4
Identifier Cisco
Secret #######
DupInterval 0
Identifier Sophos
Secret ######
DupInterval 0
Identifier Paolo
Secret #######
DupInterval 0
#
# DBSource dbi:mysql:radiator:localhost:3306
# DBUsername ######
# DBAuth ########
# RefreshPeriod 300
#
# This is where we authenticate a PEAP inner request, which will be an
# EAP request. The username of the inner request will anonymous by
# default, although the identity of the EAP request will be the real
# username we are trying to authenticate.
Identifier Cisco
DBSource dbi:mysql:radiator:localhost:3306
DBUsername #######
DBAuth #########
AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0
# You can use statement caching and bound variables with AuthSelectParam:
# AuthSelect select PASSWORD, FILTER from SUBSCRIBERS where USERNAME=?
# AuthSelectParam %u
# You can control what is done with each field returned from the
# AuthSelect query with the AuthColumnDef parameter:
AuthColumnDef 0, User-Password, check
# AuthColumnDef 1, Filter-Id, reply, formatted
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
#
AcctFailedLogFileName /etc/radiator/missedaccounting
#
SQLRecoveryFile /etc/radiator/missedaccounting
#
#RoundRobinOnFailure
#
# AuthBy SQL supports a number of special check items, with corresponding SQL queries for
# getting the counts:
# Check Item SQL Query Parameter
# Max-All-Session AcctTotalQuery
# Max-Hourly-Session AcctTotalSinceQuery
# Max-Daily-Session AcctTotalSinceQuery
# Max-Monthly-Session AcctTotalSinceQuery
# Max-All-Octets AcctTotalOctetsQuery
# Max-All-Gigawords AcctTotalGigawordsQuery
# Max-Hourly-Octets AcctTotalOctetsSinceQuery
# Max-Hourly-Gigawords AcctTotalGigawordsSinceQuery
# Max-Daily-Octets AcctTotalOctetsSinceQuery
# Max-Daily-Gigawords AcctTotalGigawordsSinceQuery
# Max-Monthly-Octets AcctTotalOctetsSinceQuery
# Max-Monthly-Gigawords AcctTotalGigawordsSinceQuery
# You can implement queries to get total session times in order
# to enforce Max-All-Session, Max-Daily-Session,
# Max-Hourly-Session and Max-Monthly-Session check items
# %0 is replaced bythe username and %1 is replaced by the unix time of
# the start of the time interval concerned.
#AcctTotalQuery SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName=%0
#AcctTotalSinceQuery SELECT SUM(AcctSessionTime - GREATEST((%1 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName=%0 AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > %1
#AcctTotalOctetsQuery SELECT SUM(ACCTINPUTOCTETS + ACCTOUTPUTOCTETS) FROM ACCOUNTING WHERE USERNAME=%0
#
#AcctTotalOctetsSinceQuery SELECT SUM(ACCTINPUTOCTETS + ACCTOUTPUTOCTETS) FROM ACCOUNTING WHERE USERNAME=%0 AND TIME_STAMP > %1
#
#AcctTotalGigawordsQuery SELECT SUM(ACCTINPUTOCTETS + ACCTOUTPUTOCTETS) DIV 4294967296 + SUM(ACCTINPUTGIGAWORDS + ACCTOUTPUTGIGAWORDS) FROM ACCOUNTING WHERE USERNAME=%0
#
#AcctTotalGigawordsSinceQuery SELECT SUM(ACCTINPUTOCTETS + ACCTOUTPUTOCTETS) DIV 4294967296 + SUM(ACCTINPUTGIGAWORDS + ACCTOUTPUTGIGAWORDS) FROM ACCOUNTING WHERE USERNAME=%0 AND TIME_STAMP > %1
#
# If you are using EAP-FAST, and wish to store PACS in a database (or to pre-provision
# pacs in a database, define the CreateEAPFastPACQuery and GetEAPFastPACQuery parameters
# to save and get PAC data
# CreateEAPFastPACQuery insert into EAPFAST_PAC (PAC_OPAQUE, PAC_LIFETIME, PAC_KEY) values ('%0', '%1', '%2')
# GetEAPFastPACQuery select PAC_LIFETIME, PAC_KEY from EAPFAST_PAC where PAC_OPAQUE='%0' and PAC_LIFETIME >= %1
#
# If group membership is to be checked, this optional parameter defines the SQL
# query that will be used to get the names of the group(s) to which the user belongs.
# %0 is replaced by the user name being checked. %1 is replaced by the group name being checked.
# It is expected to return a single row, where the first field is the name of the group the user belongs to.
# You can also use GroupMembershipQueryParam to provide bound variables.
# %0 is is replaced by the user name being checked. %1 is replaced by the group name being checked.
#GroupMembershipQuery select GROUPNAME from GROUPS where USERNAME=? and GROUPNAME=?
#GroupMembershipQueryParam %0
#GroupMembershipQueryParam %1
Identifier radiator
DBSource dbi:mysql:radiator:localhost:3306
DBUsername ######
DBAuth ###########
AddQuery insert into RADONLINE (USERNAME, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS) values ('%u', %3, %{Timestamp}, '%{Framed-IP-Address}')
Filename %L/%m-%Y-LKSD
LogSuccess 1
LogFailure 1
FailureFormat %l:%n:%P:POP%{Called-Station-Id}:%{Calling-Station-Id}:%1
SuccessFormat %l:%n:OK
Identifier Sophos
DBSource dbi:mysql:radiator:localhost:3306
DBUsername ######
DBAuth ############
AuthSelect select Password from RadUsers where Username=%0
AuthColumnDef 0, User-Password, check
# AuthColumnDef 1, Filter-Id, reply, formatted
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
#
# If group membership is to be checked, this optional parameter defines the SQL
# query that will be used to get the names of the group(s) to which the user belongs.
# %0 is replaced by the user name being checked. %1 is replaced by the group name being checked.
# It is expected to return a single row, where the first field is the name of the group the user belongs to.
# You can also use GroupMembershipQueryParam to provide bound variables.
# %0 is is replaced by the user name being checked. %1 is replaced by the group name being checked.
GroupMembershipQuery SELECT Groupname FROM RadUsers WHERE Username=`%0`
GroupMembershipQueryParam %0
GroupMembershipQueryParam %1
#AddToReply Reply-Message = "Test"
AddToReply Reply-Message = "%1"
#AddToReply Reply-Message = GroupMembershipQuery select Groupname from RadUsers where Username=%0 and Groupname=%1
Identifier radiator
DBSource dbi:mysql:radiator:localhost:3306
DBUsername #########
DBAuth ###################
AddQuery insert into RADONLINE (USERNAME, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS) values ('%u', %3, %{Timestamp}, '%{Framed-IP-Address}')
Filename %L/%m-%Y-LKSD
LogSuccess 1
LogFailure 1
FailureFormat %l:%n:%P:POP%{Called-Station-Id}:%{Calling-Station-Id}:%1
SuccessFormat %l:%n:OK
Identifier Paolo
DBSource dbi:mysql:radiator:localhost:3306
DBUsername #######
DBAuth ###############
AuthSelect select Password from RadUsers where Username=%0
AuthColumnDef 0, User-Password, check
# AuthColumnDef 1, Filter-Id, reply, formatted
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
#
# If group membership is to be checked, this optional parameter defines the SQL
# query that will be used to get the names of the group(s) to which the user belongs.
# %0 is replaced by the user name being checked. %1 is replaced by the group name being checked.
# It is expected to return a single row, where the first field is the name of the group the user belongs to.
# You can also use GroupMembershipQueryParam to provide bound variables.
# %0 is is replaced by the user name being checked. %1 is replaced by the group name being checked.
GroupMembershipQuery SELECT Groupname FROM RadUsers WHERE Username=`%0`
GroupMembershipQueryParam %0
GroupMembershipQueryParam %1
#AddToReply Reply-Message = "Test"
AddToReply Reply-Message = "%1"
#AddToReply Reply-Message = GroupMembershipQuery select Groupname from RadUsers where Username=%0 and Groupname=%1
Identifier radiator
DBSource dbi:mysql:radiator:localhost:3306
DBUsername ######
DBAuth ############
AddQuery insert into RADONLINE (USERNAME, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS) values ('%u', %3, %{Timestamp}, '%{Framed-IP-Address}')
Filename %L/%m-%Y-LKSD
LogSuccess 1
LogFailure 1
FailureFormat %l:%n:%P:POP%{Called-Station-Id}:%{Calling-Station-Id}:%1
SuccessFormat %l:%n:OK
SessionDatabase radiator
#AuthLog
AuthBy Cisco
AcctLogFileName /etc/radiator/cisco/%m-%Y-Local
SessionDatabase radiator
# AuthLog /etc/radiator/sophos
AuthBy Sophos
AcctLogFileName /etc/radiator/sophos/%m-%Y-Local
SessionDatabase radiator
# AuthLog /etc/radiator/paolo
AuthBy Paolo
AcctLogFileName /etc/radiator/paolo/%m-%Y-Local