It worked !! Thx Hugh !!
Warmest regards
ddn
From: Hugh Irvine <[EMAIL PROTECTED]> To: "deden purnamahadi" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) Postgres acct server Date: Wed, 29 Oct 2003 20:54:16 +1100
Hello Deden -
Here is another copy of an example showing how to do this.
You will need two AuthBy clauses.
You *must* use an AuthByPolicy of ContinueAlways and the authentication *must* be done by the second AuthBy clause.
# configuration for LDAP and SQL
<Realm ....> AuthByPolicy ContinueAlways <AuthBy SQL> # do accounting AuthSelect AccountingTable ACCOUNTING AcctColumnDef ...... ..... </AuthBy> <AuthBy LDAP2> # do authentication ...... </AuthBy> ..... </Realm>
As mentioned in my previous mail this topic has been discussed numerous times on the mailing list:
www.open.com.au/archives/radiator
regards
Hugh
On 29/10/2003, at 8:10 PM, deden purnamahadi wrote:
dear all,
here's my radius.cfg
------------
Foreground LogStdout LogDir /usr/local/src/Radiator-3.7/log DbDir . #DbDir /usr/local/srd/Radiator-3.7/raddb Trace 4
# You will probably want to add other Clients to suit your site. <Client DEFAULT> Secret mysecret DupInterval 0 </Client>
<Realm DEFAULT> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ # AcctLogFileName %L/details
<AuthBy LDAP2> # NoDefault Version 3 Host mail Port 389 AuthDN cn=root,o=adadeh,c=ID AuthPassword secret BaseDN o=adedeh,c=ID UsernameAttr uid PasswordAttr userPassword #AuthAttrDef servicetype,Service-Type,check #AuthAttrDef address,Frame-IP-Address,reply AddToReply Framed-Protocol = PPP,\ Framed-IP-Netmask = 255.255.255.255,\ Framed-Routing = None,\ Framed-MTU = 1500,\ Framed-Compression = Van-Jacobson-TCP-IP </AuthBy>
<AuthBy SQL> #do the accounting but not authentication AuthSelect DBSource dbi:Pg:dbname=radiator DBUsername post DBAuth post AccountingTable accounting AcctColumnDef username,User-Name AcctColumnDef time_stamp,Timestamp,integer AcctColumnDef acctstatustype,Acct-Status-Type AcctColumnDef acctdelaytime,Acct-Delay-Time,integer AcctColumnDef acctinputoctets,Acct-Input-Octets,integer AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer AcctColumnDef acctsessionid,Acct-Session-Id AcctColumnDef acctsessiontime,Acct-Session-Time,integer AcctColumnDef acctterminatecause,Acct-Terminate-Cause AcctColumnDef nasidentifier,NAS-Identifier AcctColumnDef nasport,NAS-Port,integer AcctColumnDef frameipaddress,Framed-IP-Address
# You can arrange to log accounting to a file if the # SQL insert fails with AcctFailedLogFileName # That way you could recover from a broken SQL # server
AcctFailedLogFileName %D/missedaccounting
#Check and reply items should be in LDAP ??
</AuthBy>
</Realm>
--- here is the log file :
Wed Oct 29 16:03:28 2003: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Wed Oct 29 16:03:28 2003: DEBUG: Rewrote user name to soleh
Wed Oct 29 16:03:28 2003: DEBUG: Deleting session for soleh, 203.63.154.1, 1234
Wed Oct 29 16:03:28 2003: DEBUG: Handling with Radius::AuthLDAP2:
Wed Oct 29 16:03:28 2003: INFO: Connecting to mail, port 389
Wed Oct 29 16:03:28 2003: INFO: Attempting to bind to LDAP server mail:389)
Wed Oct 29 16:03:28 2003: DEBUG: LDAP got result for uid=soleh,ou=isp,o=tot,c
=IX
Wed Oct 29 16:03:28 2003: DEBUG: LDAP got userPassword: test
Wed Oct 29 16:03:28 2003: DEBUG: Radius::AuthLDAP2 looks for match with soleh
Wed Oct 29 16:03:28 2003: DEBUG: Radius::AuthLDAP2 ACCEPT:
Wed Oct 29 16:03:28 2003: ERR: Bad attribute=value pair: Framed-Protocol = PPP,F
ramed-IP-Netmask = 255.255.255.255,Framed-Routing = None,Framed-MTU = 1500,Frame
d-Compression = Van-Jacobson-TCP-IP
Wed Oct 29 16:03:28 2003: DEBUG: Access accepted for soleh
Wed Oct 29 16:03:28 2003: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 33006 ....
Code: Access-Accept
Identifier: 192
Authentic: 1234567890123456
Attributes:
Wed Oct 29 16:03:28 2003: DEBUG: Packet dump: *** Received from 127.0.0.1 port 33006 .... Code: Accounting-Request Identifier: 193 Authentic: <186><17><214><240>=<200>v3-<149>6:<208><223>M<15> Attributes: User-Name = "soleh" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "00001234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "98..................
-------
The acct is not written to Postgresql.
Anyone could help ?
Warmest regards
ddn
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
_________________________________________________________________
Cheer a special someone with a fun Halloween eCard from American Greetings! Go to http://www.msn.americangreetings.com/index_msn.pd?source=msne134
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
