Re: (RADIATOR) SQL fallback to flat file

Sun, 20 Jun 1999 20:02:48 -0700 

Hi Derek,

On Jun 20, 10:09am, Derek Sanderson wrote:
> Subject: (RADIATOR) SQL fallback to flat file
> Hey, I'm trying to accomplish several things, but just cant get them to work
> together.  I Authenticate using AuthBy PLATYPUS, and also send additional
> accounting information and log info to a MySQL server.  The biggest problem
> is that my stinking Windows NT box that runs SQL server throws a
> temper-tantrum every week or so and insists on being rebooted.
>
> When the NT box is rebooted, obviously SQL stops and users cannot
> authenticate.  However, when it comes back up, radiator still thinks its
> down and rejects logins until radiusd is killed with a kill -9 and
> restarted.
Hmmm, thats not what I would expect to happen.
Are you at Radiator revision 2.13.1? Could you get a trace of what happens
during an event liek this at trace level 4?

Im the meantime....

> What I have done is create a script which runs nightly and
> creates a flat file to be used with AuthBy FILE.  Optimally, what I want to
> happen is if (when) MsSQL server goes down or stops responding, then radius
> authenticate through the flat file, write a common format detail file (and
> still log to my MySQL database), and then when (if) SQL comes back up, start
> authenticating through Platypus again.  I've been looking into the AuthBy
> GROUP command, which is what I think I need, but haven't had any luck.

Yes, I think you need to do a GROUP to solve this one, mainly because the
requirement for chaining are slightly different for each auth method. I think
you want something like this:


<Realm DEFAULT>
        AuthByPolicy ContinueAlways
        # We always want to save accounting to this database
        <AuthBy SQL>
                # As you have now
        </AuthBy>

        # Now auth by PLATYPUS, or FILE if PLATYPUS is not available
        <AuthBy GROUP>
                AuthByPolicy ContinueWhileIgnore
                <AuthBy PLATYPUS>
                        # As you have now
                </AuthBy>
                <AuthBy FILE>
                        # As you have now
                </AuthBy>
        </AuthBy>
</Realm>
>
> Below is what I am using now, without the fall-back to the flat file.  BTW,
> since I'm including this config, the Log RejectSQL doesnt work, any ideas?

Any chance of a log file at trace 4?


Hope that helps.
Cheers.

>
> Thanks!
>
>
>
>
> Foreground
> LogStdout
> LogDir  /var/log/radiusd
> DbDir  /usr/local/etc
> DictionaryFile /usr/local/etc/dictionary
> Trace 4
> <Client localhost>
>     Secret mysecret
> </Client>
> <Client DEFAULT>
>     Secret mysecret
> # DupInterval 0
> </Client>
>
> <Realm DEFAULT>
>
>     AuthByPolicy ContinueAlways
>
>     <AuthBy SQL>
>         DBSource        dbi:mysql:radiustbl:localhost
>         DBUsername      myusername
>         DBAuth          mypasswd
>         AuthSelect
>         AcctColumnDef ACCTAUTHENTIC,Acct-Authentic,integer
>         AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>         AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
>         AcctColumnDef ACCTINPUTPACKETS,Acct-Input-Packets,integer
>         AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>         AcctColumnDef ACCTOUTPUTPACKETS,Acct-Output-Packets,integer
>         AcctColumnDef ACCTSESSIONID,Acct-Session-Id
>         AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
>         AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
>         AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
>         AcctColumnDef ASCENDCONNECTPROGRESS,Ascend-Connect-Progress,integer
>         AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer
>         AcctColumnDef ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause,integer
>         AcctColumnDef ASCENDFIRSTDEST,Ascend-First-Dest
>         AcctColumnDef ASCENDMODEMPORTNO,Ascend-Modem-PortNo,integer
>         AcctColumnDef ASCENDMODEMSLOTNO,Ascend-Modem-SlotNo,integer
>         AcctColumnDef ASCENDMULTILINKID,Ascend-Multilink-ID,integer
>         AcctColumnDef ASCENDNUMINMULTILINK,Ascend-Num-In-Multilink,integer
>         AcctColumnDef ASCENDPREINPUTOCTETS,Ascend-Pre-Input-Octets,integer
>         AcctColumnDef ASCENDPREINPUTPACKETS,Ascend-Pre-Input-Packets,integer
>         AcctColumnDef ASCENDPREOUTPUTOCTETS,Ascend-Pre-Output-Octets,integer
>         AcctColumnDef
> ASCENDPREOUTPUTPACKETS,Ascend-Pre-Output-Packets,integer
>         AcctColumnDef ASCENDPRESESSIONTIME,Ascend-PreSession-Time,integer
>         AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer
>         AcctColumnDef CALLEDSTATIONID,Called-Station-Id
>         AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
>         AcctColumnDef CONNECTINFO,Connect-Info
>         AcctColumnDef FRAMEDIPADDRESS,Framed-Ip-Address
>         AcctColumnDef FRAMEDPROTOCOL,Framed-Protocol,integer
>         AcctColumnDef NASIPADDRESS,NAS-IP-Address
>         AcctColumnDef NASIDENTIFIER,NAS-Identifier
>         AcctColumnDef NASPORT,NAS-Port,integer
>         AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
>         AcctColumnDef SERVICETYPE,Service-Type,integer
>         AcctColumnDef TIMESTAMP,Timestamp,integer
>         AcctColumnDef USERNAME,User-Name
>     </AuthBy SQL>
>
>     <AuthBy PLATYPUS>
>         DBSource dbi:Sybase:MYINTNAME
>         DBUsername platusername
>         DBAuth  platpasswd
>         AuthSelect ' '
> #        AccountingTable
>     </AuthBy PLATYPUS>
>
>     MaxSessions 2
>     PasswordLogFileName /var/log/radiusd/pwlog
> #    Log accounting to the detail file in LogDir
> #    AcctLogFileName /var/log/radiusd/detail
> </Realm>
>
> <Log SQL>
>     DBSource        dbi:mysql:radiustbl:localhost
>     DBUsername      myusername
>     DBAuth          mypasswd
>     Trace  3
> </Log SQL>
>
> <Log RejectSQL>
>     DBSource dbi:mysql:radiustbl:localhost
>     DBUsername myusername
>     DBAuth  mypasswd
>     Table  rejectlog
> </Log RejectSQL>
>
> <SNMPAgent>
>     Community mysnmppw
>     Port mysnmpport
> </SNMPAgent>
>
> <SessionDatabase SQL>
>     Identifier SDB1
>     DBSource dbi:mysql:radiustbl:localhost
>     DBUsername myusername
>     DBAuth mypasswd
>     AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
>         ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, CALLINGSTATIONID, \
>         CONNECTINFO, NASPORTTYPE, \
>         SERVICETYPE) values ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}',
> \
>         %{Timestamp}, '%{Framed-IP-Address}','%{Calling-Station-Id}', \
>         '%{Connect-Info}', \
>         '%{NAS-Port-Type}', '%{Service-Type}')
> </SessionDatabase SQL>
>
>
>
>
> ----------------------
> also, my user file looks like this:
>
> mike    Password = "fred"
> jack    Password = "benimble"
> jill    Password = "doe"
>
> .....etc....
>
>
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Derek Sanderson



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to