Hello Janet -
I think you will have to define a second AuthBy SQL clause with just
the AcctSQLStatement in it (and remove it from the existing one) and
use a different Identifier of course. You will also have to add
another AuthBy FILE, similar to the existing check-sql that uses the
above AuthBy SQL. Finally you would chain the two AuthBy's in your
accounting Handler.
Thanks for sending the information below, but I am a bit confused by
the AuthBy Identifiers not matching the Auth-Type check items - is
this operating correctly?
regards
Hugh
At 9:48 +1000 18/8/00, Janet N del Mundo wrote:
>Hi Hugh,
>
>Yes, my AuthBy SQL is being called for authentication and then for
>accounting. However, I do not use RewriteUsername. I use AuthBy SYSTEM
>to check the user's UNIX password and AuthBy FILE to check his group and
>suffix.
>
>-------------------------------
><AuthBy SQL>
> Identifier GCCSQL
>
> DBSource ...
> DBUsername ...
> DBAuth ...
>
> AuthSelect select Password, Expiration, SimUse, \
> IdleTime, SessionTime, StaticIP \
> from USERS where IDENTIFIER = '%n' AND STATUS != 'C' \
> AND SESSIONTIME > 0
>
> AuthColumnDef 1, Expiration, check
> AuthColumnDef 2, Simultaneous-Use, check
> AuthColumnDef 3, Idle-Timeout, reply
> AuthColumnDef 4, Session-Timeout, reply
> AuthColumnDef 5, Framed-IP-Address, reply
>
> AccountingTable ACCOUNTING
> AccountingStopsOnly
>
> AcctColumnDef IDENTIFIER,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,formatted-date,'%m-%d-%Y
>%H:%M:%S'
> AcctColumnDef DURATION,Acct-Session-Time,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef CONNECTSPEED,Connect-Info
> AcctColumnDef CONNECTSPEED,USR-Connect-Speed
> AcctColumnDef CALLERID,Calling-Station-Id
> AcctColumnDef POPID,Called-Station-Id
> AcctSQLStatement update USERS set SESSIONTIME = (SESSIONTIME -
>0%{Acct-Session-Time}) \
>where IDENTIFIER = '%n'
></AuthBy>
>
><Handler Request-Type = Accounting-Request, Class = GCCSQL>
> AuthByPolicy ContinueAlways
> AuthBy GCCSQL
></Handler>
>
><Handler>
> AuthByPolicy ContinueWhileAccept
>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
> AuthBy check-statics
> AuthBy check-gcc
> AuthBy check-default
> </AuthBy>
> <AuthBy FILE>
> Filename %D/users-sql
> AddToReplyIfNotExist Framed-Protocol = PPP,\
> Service-Type = Framed-User,\
> Framed-MTU = 1500,\
> Framed-IP-Address = 255.255.255.254
> </AuthBy>
></Handler>
>-------------------------------
>
>users-gcc file:
>-------------------------------
>DEFAULT Auth-Type = System, Group = "gcc"
> Filter-Id = "pcitest"
>
>DEFAULT Suffix = "+ppp", Auth-Type = System, Group = "gcc"
> Class = GCCSQL,
> Framed-Protocol = PPP,
> Service-Type = Framed-User,
> Framed-MTU = 1500
>-------------------------------
>
>users-sql file:
>-------------------------------
>DEFAULT Suffix = "\+ppp", Auth-Type = SQL
>
>DEFAULT Suffix = "\+static", Auth-Type = SQL
>
>DEFAULT Suffix = "\+netcom", Auth-Type = SQL
>
>DEFAULT Suffix = "\+uunet", Auth-Type = SQL
>
>DEFAULT Auth-Type = SQL
>-------------------------------
>
>How can I rewrite the username (no suffixes) for the AcctSQLStatement
>without affecting the accounting table (username with suffixes)?
>
>Thanks,
>Janet
>
>
>Hugh Irvine wrote:
>>
>> Hello Janet -
>>
>> Is your AuthBy SQL clause being called from two different places? One
>> for authentication with rewriteUsername and the other for accounting?
>> Somehow the processing for the two packets is different.
>>
>> hth
>>
>> Hugh
>>
>> At 17:47 +1000 17/8/00, Janet N del Mundo wrote:
>> >Hi,
>> >
>> >I was wondering how Radiator can capture a username without the suffix
>> >when it's writing the AcctSQLStatement in accounting. I want the
>> >AcctSQLStatement to update the SQL users table, but it's grabbing
>> >username with the suffix ('mikesanlite+ppp' instead of just
>> >'mikesanlite').
>> >
>> >It's writing to the accounting table correctly, with suffixes and
>> >realms. However, when it does the AcctSQLStatement, it cannot update
>> >the SQL users table because of the suffix.
>> >
>> >How can this be done? Any clues?
>> >
>> >Trace 4 log:
>> >-------------------------------
>> >
>> >Thu Aug 17 16:47:37 2000: DEBUG: Query is: select Password, Expiration,
>> >SimUse, IdleTime, SessionTime, StaticIP from USERS where IDENTIFIER =
>> >'mikesanlite' AND STATUS != 'C' AND SESSIONTIME > 0
>> >.
>> >.
>> >.
>> >Thu Aug 17 16:47:38 2000: DEBUG: do query is: update USERS set
>> >SESSIONTIME = (SESSIONTIME - 01000) where IDENTIFIER = 'mikesanlite+ppp'
>> >-------------------------------
>> >
>> >Config file:
>> >-------------------------------
>> ><AuthBy SQL>
>> > .
>> > .
>> > .
>> > AuthSelect select Password, Expiration, SimUse, \
>> > IdleTime, SessionTime, StaticIP \
>> > from USERS where IDENTIFIER = '%n' AND STATUS != 'C' \
>> > AND SESSIONTIME > 0
>> >
>> > AuthColumnDef 1, Expiration, check
>> > AuthColumnDef 2, Simultaneous-Use, check
>> > AuthColumnDef 3, Idle-Timeout, reply
>> > AuthColumnDef 4, Session-Timeout, reply
>> > AuthColumnDef 5, Framed-IP-Address, reply
>> >
>> > AccountingTable ACCOUNTING
>> > AccountingStopsOnly
>> >
>> > .
>> > .
>> > .
>> > AcctSQLStatement update USERS set SESSIONTIME = (SESSIONTIME -
>> >0%{Acct-Session-Time}) \
>> >where IDENTIFIER = '%n'
>> >
>> ></AuthBy>
>> >-------------------------------
>> >
>> >
>> >Thank you,
>> >Janet
>> >
>> >===
>> >Archive at http://www.starport.net/~radiator/
>> >Announcements on [EMAIL PROTECTED]
>> >To unsubscribe, email '[EMAIL PROTECTED]' with
>> >'unsubscribe radiator' in the body of the message.
>>
>> --
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
>> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>>
>> ===
>> Archive at http://www.starport.net/~radiator/
>> Announcements on [EMAIL PROTECTED]
>> To unsubscribe, email '[EMAIL PROTECTED]' with
>> 'unsubscribe radiator' in the body of the message.
--
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
