Hello Le Anh Tuan -
On Wed, 14 Jun 2000, Le Anh Tuan wrote:
>
> Hello,
> We had a problem with Dynamic address allocator configuration. Our part of
> configuration file is below:
> ------------------------------------------
> # Accounting for Intranet User
> <Realm /intranet/i>
> AuthByPolicy ContinueWhileAccept
> #Authenticate only, accounting on another table
> <AuthBy SQL>
> DBSource DBI:ODBC:ispdb
> DBUsername radius
> DBAuth ********
> Timeout 20
> AuthSelect select password,checkattr,replyattr from view_users_radius
> where username='%n'
> </AuthBy>
>
> #Accounting in another table
> <AuthBy SQL>
> DBSource DBI:ODBC:intranetdb
> DBUsername radius
> DBAuth ********
> Timeout 20
> AuthSelect
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,formatted-date,convert
> (datetime,'%e/%m/%Y %H:%M:%S', 103)
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> ..................... Some other AcctColumnDefs
> </AuthBy>
> # AuthBy DYNADDRESS
> <AuthBy DYNADDRESS>
> Allocator NetnamPool
> PoolHint %{Reply:PoolHint}
> StripFromReply PoolHint,Framed-IP-Netmask
> </AuthBy>
> </Realm>
>
> ------------ End of configuration
>
> When someone dialup, he was rejected by Radiator. I looked through log file
> and saw that:
> - Radiator handled first AuthBy clause (athenticate only) with accept,
> - But when it handled with second AuthBy clause (accounting only), it
> rejected with message : " Access rejected, Authenticate disabled"
> Then I have to change AuthByPolicy= ContinueWhileAlways to make it work.
>
> So any one can help me solve this problem?
> Thanks very much
>
In this sort of situation you are usually better off using Handlers and dealing
with the accounting as a seperate exercise. Something like this:
#Authenticate only, accounting on another table
<AuthBy SQL>
Identifier AuthenticateOnly
DBSource DBI:ODBC:ispdb
DBUsername radius
DBAuth ********
Timeout 20
AuthSelect select password,checkattr,replyattr from view_users_radius \
where username='%n'
AuthColumnDef .....
AuthColumnDef, .....
AuthColumnDef .....
</AuthBy>
#Accounting in another table
<AuthBy SQL>
Identifier AccountingOnly
DBSource DBI:ODBC:intranetdb
DBUsername radius
DBAuth ********
Timeout 20
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,formatted-date,convert
(datetime,'%e/%m/%Y %H:%M:%S', 103)
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
.. .................... Some other AcctColumnDefs
</AuthBy>
# AuthBy DYNADDRESS
<AuthBy DYNADDRESS>
Identifier AllocateIPAddress
Allocator NetnamPool
PoolHint %{Reply:PoolHint}
StripFromReply PoolHint,Framed-IP-Netmask
</AuthBy>
# Handler for accounting
<Handler Request-Type = Accounting-Request>
AuthBy AccountingOnly
</Handler>
# Accounting for Intranet User
<Handler Realm = /intranet/i>
AuthByPolicy ContinueWhileAccept
AuthBy AuthenticateOnly
AuthBy AllocateIPAddress
</Handler>
The usual caveats apply regarding not mixing Realms and Handlers in the same
configuration file, and ordering the Handlers from more specific to more
general.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
