Hello All.
We have completed some detailed testing with BillMax 1.5.4 on RedHat Linux
7.1 against Radiator 2.18.4.
Our conclusion is that BillMax is a very full featured web-based Unix ISP
billing package that installs in RH7.1 very easily, and is very easy to use,
with an extensive web interface. It uses Apache and mysql. It comes with its
own optional radius server (a Merit variant) and works (through file
importing and exporting) with any radius server, but we have been exploring
how to make Radiator interface directly.
This integration was very successful, and allows you much greater
configurability and flexibility than the built in server. With the attached
config file, Radiator authenticates directly from the BillMax mysql database,
and inserts accounting directly into it.
I have attached a config file and some explanatory text, which will both be
included in the next release 2.19 of Radiator.
We dont have any commercial interest in BillMax: this is for general interest
of the community.
Feedback, problems and suggestions to me directly, please.
Cheers.
# billmax.cfg
#
# Example Radiator configuration file that allows you to
# authenticate from a BillMax MySQL database.
# With Radiator you can interface with almost any database schema,
# and there are many more configurable parameters that allow you
# to control database fallback, select statements, column names
# and arrangements etc etc etc.
#
# This config will work with the basic BillMax setup where
# the dialup service has resource number 1.
#
# See the reference manual for more details.
# This is a very simple exmaple to get you started.
#
# You should consider this file to be a starting point only
# $Id: sql.cfg,v 1.5 2000/11/07 21:18:05 mikem Exp $
Foreground
LogStdout
LogDir .
DbDir .
# You will probably want to change this to suit your site.
# You should prpobably create a Client clause for each NAS in your
# Network.
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
# This will authenticate from the BillMax tables.
<Realm DEFAULT>
<AuthBy SQL>
# Adjust DBSource, DBUsername, DBAuth to suit your DB
# The standard BillMax database, username and password are fixed
# This DBSource will work fine when Radiator and BillMax are on
# the same machine. You will need to change it and set up permissions
# in the MySQL access control tables if you ewant to connect from
# a remote host.
DBSource dbi:mysql:database=flcdba;mysql_socket=/tmp/mysql.sock
DBUsername flcdba
DBAuth flcdba
# This AuthSelct is suitable for BillMax systems that do not have
# Terminal Servers configured.
# It selects users with services with resource number 1 enabled
# You should make sure that the users to be permitted to dial
# in have a service with Resource number 1 enabled. If its not
# resource 1, then you will need to change the number that
# service.resources is masked with to 2**(n-1)
AuthSelect select service.d02, service.number \
from service, user, account \
where service.d01=%0 \
and (service.resources & 1) != 0 \
and service.user = user.number \
and user.account = account.number \
and account.state = 0 \
and user.state = 0 \
and service.state = 0
# This AuthSelect is suitable for BillMax systems
# That have Terminal Servers configured and used to define
# which users have access to which terminal server
# AuthSelect select service.d02, service.number \
# FROM service,termservers WHERE service.d01=%0 AND \
# service.state=0 AND service.resources&termservers.resources \
# AND termservers.ipnum='%N' ORDER BY number
# This tells Radiator what to do with the columns we get back
# from AuthSelect. We use the Class to remember which Service
# we authenticated.
AuthColumnDef 0,Encrypted-Password,check
AuthColumnDef 1,Class,reply
# We only store the stops at the end of a session
AccountingStopsOnly
# Note: this does not set enddate or endtime
AccountingTable datacall
AcctColumnDef username,User-Name
AcctColumnDef callnum,Acct-Session-Id
AcctColumnDef service,Class,integer
AcctColumnDef termip,NAS-Identifier
AcctColumnDef startdate,Timestamp,integer-date,%Y-%m-%e
AcctColumnDef starttime,Timestamp,integer-date,%T
AcctColumnDef length,Acct-Session-Time,integer
AcctColumnDef progress,Ascend-Connect-Progress
AcctColumnDef disconnect,Acct-Terminate-Cause
AcctColumnDef userip,Framed-IP-Address
AcctColumnDef dnis,Called-Station-Id
AcctColumnDef protocol,Framed-Protocol
AcctColumnDef baudup,Ascend-Data-Rate
AcctColumnDef bauddown,Ascend-Xmit-Rate
AcctColumnDef bytesin,Acct-Input-Octets
AcctColumnDef bytesout,Acct-Output-Octets
AcctColumnDef pktin,Acct-Input-Packets
AcctColumnDef pktout,Acct-Output-Packets
AcctColumnDef port,Ascend-Modem-PortNo
AcctColumnDef slot,Ascend-Modem-SlotNo
AcctColumnDef shelf,Ascend-Modem-ShelfNo
AcctColumnDef mlid,Ascend-Multilink-ID
AcctColumnDef mlnum,Ascend-Num-In-Multilink
AcctColumnDef callerid,Calling-Station-Id
# You can arrange to log accounting to a file if the
# SQL insert fails with AcctFailedLogFileName
# That way you could recover from a broken SQL
# server by using the BillMax radius accounting importing
# utility
#AcctFailedLogFileName %D/missedaccounting
</AuthBy>
</Realm>
Radiator works fine with BillMax, and can be configured to work
either directly or indirectly with BillMax.
Indirect:
Radiator works with users files exported from BillMax with the gen_radius
program (see the BillMax docs for more details), and with accounting
detail files imported into BillMax with radparse.
Radiator can also be configured to proxy to the BillMax Radius server.
Direct:
Radiator can be used to integrate directly with BillMax. This means that
Radiator will query directly to the BillMax MySQL database. You would
do this if you wanted to use Radiator instead of the radius server
provided with BillMax. You might want to use Radiator instead of the
BillMax radius server becasue Radiator provides many more and more
sophisticated features than their Merit variant.
When you use Radiator directly with BillMax, you can run Radiator either
on the same host as BillMax, or on one or more other hosts.
In either case, you need to install perl, DBI and DBD-mysql on the
Radiator host, followed by Radiator.
Hint: If you install DBD-myql from RedHat rpms, you may also
have to install the mysql rpms. If you do that you _must_ remove the
/etc/my.cnf that is installed by the mysql rpm. If you dont you will be
_unable_ to start the BillMax MySQL server, eg:
rpm -Uvh mysql-3.23.36-1.i386.rpm
rpm -Uvh mysql-devel-3.23.36-1.i386.rpm
rpm -Uvh perl-DBD-MySQL-1.2215-1.i386.rpm
rm -f /etc/my.cnf
Hint:
The BillMax MySQL server is configured to use /tmp/mysql.sock as its Unix
socket.
There is an example Radiator configuration file billmax.cfg that
will work with BillMax on the same host as Radiator:
perl radiusd -config_file goodies/billmax.cfg trace 4
This config file assumes that you have not defined any Termianl Servers,
but rather that you have defined Resource 1 to
represent dialup permission, and that the dialup Service has that Resource
enabled, and that all your dialup users have the dialup Service.
So to test with BillMax, you need to:
1. Install BillMax.
2. Start BillMax,
3. Using the BillMax web interface, Settings menu, create a Resource
number 1.
4. Under Settings menu, create a Service Definition, with the Resouce
you created above.
5. Create an Account with a User, who has the Service you created above.
If you are using a different Resource numbr for dialup, or if you
have different resource numbers for different types of Radius
controlled services, you can change the AuthSelect in billmax.cfg to suit.
A Resource is basically a bit in the service.resources bitmask, where resource
1 is the least significant bit, resource 2 is bit 2 etc.
For example, if you want to permit users only if they have a service with
Resource 3, you would need to change your AuthSelect to something like:
AuthSelect select d02 from service, user, account \
where service.d01=%0 \
and (service.resources & 8) != 0 \
and service.user = user.number \
and user.account = account.number \
and account.state = 0 \
and user.state = 0 \
and service.state = 0
If you wish to use the configured Terminal Server entries to define
what services to use, you could use an AuthSelect like this:
AuthSelect service.d02, service.number \
FROM service,termservers WHERE service.d01=%0 AND \
service.state=0 AND service.resources&termservers.resources \
AND termservers.ipnum='%N' ORDER BY number
