Hello Craig -
You should reverse the order of your AuthBy clauses and use an AuthByPolicy ContinueAlways.
# define Realm # result of second AuthBy will be the overall result
<Realm oneweek.sunbeach.net>
#Will log Authentication failures to SQL table.
AuthLog AuthSQLLogger RewriteUsername s/^(.*)\\(.*)/[EMAIL PROTECTED]/
RewriteUsername s/^([EMAIL PROTECTED]).*/$1/#Continue to use AuthBy clauses if AccessAccept to get IP Address assigned
AuthByPolicy ContinueAlways
#Show Reject Reason From SQL Authenticate SP Query
RejectHasReason <AuthBy SQL>
DBSource dbi:ODBC:x
DBUsername xx
DBAuth xx FailureBackoffTime 30
NoDefault
IgnoreAuthentication
IgnoreAccounting AuthSQLStatement \
update Login \
set Expiry_Date = getdate() + 7, First_Use =
getdate() \
where Login_name = %U and \
First_Use is NULL</AuthBy SQL>
<AuthBy SQL>
DBSource dbi:ODBC:xx
DBUsername xx
DBAuth xx FailureBackoffTime 30
NoDefault
AddToReply Service-Type=Framed-User
#DefaultSimultaneousUse 1
CaseInsensitivePasswords
RejectEmptyPassword # Accounting
AccountingTable CallAccounting
....blah
# Authentication query - calls function Authenticate. AuthSelect \ select \ Blah blah blah
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,GENERIC,check
AuthColumnDef 2,GENERIC,reply</AuthBy SQL>
</Realm oneweek.sunbeach.net>
regards
Hugh
On 28/11/2003, at 8:55 AM, Craig Gittens wrote:
Ok, thanks to Toomas I have come up with this solution but it doesn't work
unless I comment out the second AuthBy...it does do an ACCEPT for the first
AuthBy but doesn't work for some reason unless I comment out the second
AuthBy. Log below. It doesn't send a reply unless I comment out the second
AuthBy.
Thanks for your help guys.
Craig.
<Realm oneweek.sunbeach.net>
#Will log Authentication failures to SQL table. AuthLog AuthSQLLogger
RewriteUsername s/^(.*)\\(.*)/[EMAIL PROTECTED]/ RewriteUsername s/^([EMAIL PROTECTED]).*/$1/
#Continue to use AuthBy clauses if AccessAccept to get IP Address assigned
AuthByPolicy ContinueUntilReject
#Show Reject Reason From SQL Authenticate SP Query
RejectHasReason
<AuthBy SQL> DBSource dbi:ODBC:xx DBUsername xx DBAuth xx
FailureBackoffTime 30 NoDefault AddToReply Service-Type=Framed-User #DefaultSimultaneousUse 1 CaseInsensitivePasswords RejectEmptyPassword
# Accounting AccountingTable CallAccounting ....blah
# Authentication query - calls function Authenticate. AuthSelect \ select \ Blah blah blah
AuthColumnDef 0,User-Password,check AuthColumnDef 1,GENERIC,check AuthColumnDef 2,GENERIC,reply
</AuthBy SQL>
<AuthBy SQL> DBSource dbi:ODBC:x DBUsername xx DBAuth xx
FailureBackoffTime 30 NoDefault IgnoreAuthentication IgnoreAccounting
AuthSQLStatement \ update Login \ set Expiry_Date = getdate() + 7, First_Use = getdate() \ where Login_name = %U and \ First_Use is NULL
</AuthBy SQL>
</Realm oneweek.sunbeach.net>
Thu Nov 27 17:36:01 2003: DEBUG: Packet dump:
*** Received from 196.3.210.94 port 2048 ....
Code: Access-Request
Identifier: 209
Authentic: <23>_$<28>T<148>9<194><26>?<206><229>)s<207>%
Attributes:
User-Password = "n)|<220><137>?<2><161><185><241><152><223><29>/<239><141>"
NAS-Identifier = "5"
User-Name = "[EMAIL PROTECTED]"
Acct-Session-Id = "000032E9"
Called-Station-Id = "2929700"
Calling-Station-Id = "2462280430"
NAS-Port = 1288
NAS-Port-Type = Async
Framed-Protocol = PPP
Service-Type = Framed-User
Thu Nov 27 17:36:01 2003: DEBUG: Handling request with Handler
'Realm=oneweek.sunbeach.net'
Thu Nov 27 17:36:01 2003: DEBUG: Rewrote user name to
[EMAIL PROTECTED]
Thu Nov 27 17:36:01 2003: DEBUG: Rewrote user name to sunweek0
Thu Nov 27 17:36:01 2003: DEBUG: Deleting session for
[EMAIL PROTECTED], 196.3.210.94, 1288
Thu Nov 27 17:36:01 2003: DEBUG: do query is: 'delete from RADONLINE where
NASIDENTIFIER = '196.3.210.94' and NASPORT = 1288':
Thu Nov 27 17:36:01 2003: DEBUG: Handling with Radius::AuthSQL
Thu Nov 27 17:36:01 2003: DEBUG: Handling with Radius::AuthSQL:
Thu Nov 27 17:36:01 2003: DEBUG: Query is: 'select LoginPassword, CheckAttr,
ReplyAttr from Authenticate('sunweek0', '2462280430', '11/27/2003 17:36:01',
'Async')':
Thu Nov 27 17:36:01 2003: DEBUG: Radius::AuthSQL looks for match with sunweek0 Thu Nov 27 17:36:01 2003: DEBUG: Radius::AuthSQL ACCEPT: Thu Nov 27 17:36:01 2003: DEBUG: Handling with Radius::AuthSQL
Thu Nov 27 17:36:03 2003: DEBUG: Packet dump:
*** Received from 196.3.210.94 port 2048 ....
Code: Access-Request
Identifier: 209
Authentic: <23>_$<28>T<148>9<194><26>?<206><229>)s<207>%
Attributes:
User-Password = "n)|<220><137>?<2><161><185><241><152><223><29>/<239><141>"
NAS-Identifier = "5"
User-Name = "[EMAIL PROTECTED]"
Acct-Session-Id = "000032E9"
Called-Station-Id = "2929700"
Calling-Station-Id = "2462280430"
NAS-Port = 1288
NAS-Port-Type = Async
Framed-Protocol = PPP
Service-Type = Framed-User
Thu Nov 27 17:36:03 2003: INFO: Duplicate request id 209 received from 196.3.210.94(2048): ignored
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
