---------- Forwarded Message ----------
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from ["Robert
Blayzor" <[EMAIL PROTECTED]>]
Date: Fri, 1 Feb 2002 21:59:11 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
>From [EMAIL PROTECTED] Fri Feb 1 21:59:11 2002
Received: from mx0.inoc.net (mx0.inoc.net [64.246.130.30])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g123xB316745;
Fri, 1 Feb 2002 21:59:11 -0600
Received: from nimbus (cm-24-161-15-249.nycap.rr.com [24.161.15.249]) by
mx0.inoc.net (Vircom SMTPRS 5.1.202) with ESMTP id
<[EMAIL PROTECTED]>;
Sat, 2 Feb 2002 00:33:59 -0500
Reply-To: <[EMAIL PROTECTED]>
From: "Robert Blayzor" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Subject: AuthBy SQL and AuthLog
Date: Sat, 2 Feb 2002 00:33:19 -0500
Organization: INOC, LLC
Message-ID: <000201c1abab$36445610$[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3416
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Importance: Normal
See sample entries in my config file below.
We do backend RADIUS auth for several realms in our databases. The
problem is the customer does not always log in fully realmed. SO we
pass our SQL extra information so the database stored proceedure can
figure out the realm. The problem is that Radiator doesn't always know
what the realm is... And therefore, does not have a decorated username
attribute.
The problem with this is the AuthLog file. While this works good, if
user "joe" has been attempting the wrong password, we may not really
know which ISP "joe" is from. So we fully decorate the names on the
backend if they are not (or even if they are) and send them back as
"user@realm" in the RADIUS "Class" attribute. This works extremely well
except for the fact that when I try to AuthLog store what I return back
to Radiator from my AuthBy, the field comes up blank, even though I know
I'm returning something. It's like if the access request fails, that
those attributes don't get populated, therefore they show as NULL or
empty in my AuthLog.
Is there a way I can return a column back from the SQL server and have
AuthLog show that value? Regardless of success or failure.
#
# Setup a default AuthLog
#
<AuthLog FILE>
Identifier Auth-Log-General
Filename %L/password.log
LogSuccess 0
LogFailure 1
FailureFormat %m/%d/%Y %H:%M:%S Failed login: %{Class} PW: %P
%{Calling-Station-Id}
</AuthLog>
<AuthBy SQL>
Identifier Auth-NAS
DBSource dbi:Sybase:server=mysql
DBUsername xxx
DBAuth xxx
AuthSelect EXEC sp_RadiusLookup '%n',
'%{Called-Station-Id}', '%N'
AuthColumnDef 0, Class, reply
AuthColumnDef 1, User-Password, check
AuthColumnDef 2, GENERIC, check
AuthColumnDef 3, GENERIC, reply
</AuthBy>
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
Calculating in binary code is as easy as 01,10,11.
-------------------------------------------------------
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
