Hello Chris -
On Tue, 08 Aug 2000, Chris M wrote:
> I'm implementing SQL accounting, here are my (stupid!) questions.
>
> 1. Is a "NULL string" for AuthSelect this:
>
> AuthSelect
>
It is just AuthSelect as you have it above.
> or this?:
>
> AuthSelect ""
>
> 2. Also, why bother storing these in SQL accounting tables:
>
> # AcctColumnDef NASIDENTIFIER,NAS-Identifier
> # AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
>
> Seems like you have the NAS IP addr already, so no need to store the
> identifier right? And what is acct delay time anyway? It always seems to
> be zero. So why store it?
>
You are free to alter the accounting tables as you see fit, we have simply made
some suggestions to get you started.
Acct-Delay-Time is the time difference between the event happening and the
accounting packet being sent. In normal operation it will always be zero, but
if your NAS has to resend an accounting packet, Acct-Delay-Time will show the
length of time that the packet has been waiting to be resent. Your billing
process should really correct for this, as the wall time will appear to be
longer than the actual session time in this case.
> 3. I don't want to do SQL authentication, I want to check the UNIX password
> file for that, just do SQL accounting here. Here is the portion of
> config.cfg, does this look sensible assuming I create the appropriate tables
> for the SQL values? The Check items come from a DBM file, the passwords from
> the UNIX password file, and then I hope to log to a flat file as well as SQL
> tables.
>
>
> <Realm someplace.com>
> # Make NAS'es like the PM3 happy with an acct. acknowledgement
> AccountingHandled
> # Strip leading white space
> RewriteUsername s/^\s+//
> # Strip trailin white space
> RewriteUsername s/\s+$//
> # turn into lowercase and chop domain
> RewriteUsername tr/A-Z/a-z/
> RewriteUsername s/^([^@]+).*/$1/
> # strip any leading characters if a \ is present
> RewriteUsername s/^.*\\(.*)/$1/
>
> <AuthBy DBFILE>
> Filename %D/users
> </AuthBy>
>
> # Log accounting to the detail file in LogDir
> AcctLogFileName %L/detail
>
> <AuthBy SQL>
>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>
> DBSource dbi:mysql:radius_chaf
> DBUsername bob
> DBAuth somepassword
>
> Timeout 60
> FailureBackoffTime 600
> AuthSelect
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef PORTTYPE,NAS-Port-Type
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASIP,NAS-IP-Address
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef CONNECTINFO,Connect-Info
> AcctColumnDef CALLINGSTATION,Calling-Station-Id
> AcctColumnDef CALLEDSTATION,Called-Station-Id
> AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer
> AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer
> AcctColumnDef ASCENDDISCONNECT,Ascend-Disconnect-Cause
> AcctColumnDef USERREALM,User-Realm
> AcctColumnDef LIVINGSTON,Livingston
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> # AcctColumnDef NASIDENTIFIER,NAS-Identifier
> # AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> </AuthBy>
> </Realm>
>
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
>
You should specify an AuthByPolicy ContinueAlways in your Realm, and put the
AuthBy DBM last in the Realm (after the AuthBy SQL). Otherwise, the AuthBy SQL
will reject the Access-Requests.
And I take it that your DBM file does an Auth-Type = System to check the
passwords?
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
