Hi Roy (and Tom) -
On Mon, 29 Nov 1999, Roy Hooper wrote:
> >
> > If they're using something that's always the same, then create a Handler
> > that matches and ignores these packets (although you may want to log
> > them to make sure they're doing their job etc).
>
> I'm already doing this (here's my Session config & my Accounting
> handler(s)):
> I *MUST* respond to the NAS to indicate that I got the packets, so
> discarding outright doesn't help. The best approach that I found to what I
> want to do was the AuthBy TEST module :) If I'm wrong, someone, please
> correct me! :)
>
There is a rather obscure way of dealing with your problem, and that is by
defining two session databases, one for your default entries and the second for
the entries you really want to see. Something like this:
# This is your first session database definition
<SessionDatabase SQL>
DBSource dbi:mysql:radius
DBUsername XXX
DBAuth XXX
AddQuery insert into RADONLINE \
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \
FRAMEDADDRESS, PORTTYPE, SERVICETYPE) values ('%n', '%N', \
'%{NAS-Port}', '%{Acct-Session-Id}', %{Timestamp}, \
'%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and
NASIDENTIFIER
='%N' and NASPORT='%{NAS-Port}'
</SessionDatabase>
# This is your second session database definition
# note the use of Identifier for reference (and a second table)
<SessionDatabase SQL>
Identifier SDB2
DBSource dbi:mysql:radius
DBUsername XXX
DBAuth XXX
AddQuery insert into RADONLINE2 \
(USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, \
FRAMEDADDRESS, PORTTYPE, SERVICETYPE) values ('%n', '%N', \
'%{NAS-Port}', '%{Acct-Session-Id}', %{Timestamp}, \
'%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')
DeleteQuery delete from RADONLINE2 where USERNAME='%n' and
NASIDENTIFIER
='%N' and NASPORT='%{NAS-Port}'
</SessionDatabase>
# Accounting handlers
#
# Log details for @eisa.com users only from @eisa.com to file from
# border1.cyberus.ca 209.195.69.147
<Handler Acct-Status-Type =
/Start|Stop/,NAS-IP-Address=209.195.69.147,User-Name
=/.*\@eisa.com/>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy TEST>
</AuthBy>
AcctLogFileName %L/acct/eisa.com/%C/detail
</Handler>
# Accept the rest of the entries from 209.195.69.147, but don't log them
<Handler Acct-Status-Type = /Start|Stop/,NAS-IP-Address=209.195.69.147>
# RewriteUsername s/^([^@]+).*/$1/
<AuthBy TEST>
</AuthBy>
# AcctLogFileName %L/acct/eisa.com/7552-details
</Handler>
# Ignore UUnet test packets
<Handler User-Name = "RejectMePls", Acct-Status-Type = Start,
Acct-Session-Id =
"dontTryMacth">
<AuthBy TEST>
</AuthBy>
</Handler>
# Accept start and stop for the rest.
<Handler Acct-Status-Type = /Start|Stop/>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy TEST>
</AuthBy>
AcctLogFileName %L/acct/eisa.com/%C/detail
SessionDatabase SDB2
</Handler>
Your final Handler will use the session database defined by SDB2, while the
others will continue to use the first one (which is the default).
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
