Re: (RADIATOR) SQL Logging
Hello Shane - This is very easy to do with the AuthBy SQL clause. Have a look at section 6.28 in the Radiator 3.3.1 reference manual (doc/ref.html). The details will depend on the rest of your configuration. regards Hugh On Thursday, September 26, 2002, at 11:17 AM, Malden, Shane wrote: Hi. I would like to log all of our Accounting Data into a SQL Server DB. Is this possible, what commands do i need to enter? Regards, Shane Please note that neither the owner and operator of the e-mail system nor the sender of this e-mail accept any responsibility for any viruses that may be contained in this e-mail or its attachments. It is therefore your responsibility to ensure that your systems have adequate protection against virus infection. The information contained in this e-mail is intended only for the use of the intended recipient at the e-mail address to which it has been addressed. If the reader of this message is not an intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination or copying of the message or associated attachments is strictly prohibited. If you have received this e-mail in error please contact the sender by return e-mail or call +618 8248 and ask for the sender and then delete it immediately from your system. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SQL Logging
Hi. I would like to log all of our Accounting Data into a SQL Server DB. Is this possible, what commands do i need to enter? Regards, Shane Please note that neither the owner and operator of the e-mail system nor the sender of this e-mail accept any responsibility for any viruses that may be contained in this e-mail or its attachments. It is therefore your responsibility to ensure that your systems have adequate protection against virus infection. The information contained in this e-mail is intended only for the use of the intended recipient at the e-mail address to which it has been addressed. If the reader of this message is not an intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination or copying of the message or associated attachments is strictly prohibited. If you have received this e-mail in error please contact the sender by return e-mail or call +618 8248 and ask for the sender and then delete it immediately from your system. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) sql logging questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 is it possible to log access rejects to an sql database? i don't want to log access accepts, just the rejects. also is it possible to ignore certain requests for logging. in particular i have a client which is sending me requests with username as either access/user@realm or software/user@realm both of these requests need to authenticate, however i do not want to log any of the requests for software nor do i want correpsonding entries for those in my accounting tables. thanks, shon -BEGIN PGP SIGNATURE- Version: PGPfreeware 7.0.3 for non-commercial use http://www.pgp.com iQA/AwUBPSHd1RerBYVUKJeKEQIWKQCgwwxe5DQ/fVGkSuLvLYqgHXfj6BMAnjmU 5f13GqrhIqNEKaEGclmAmr7V =ZY/s -END PGP SIGNATURE- === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) sql logging questions - more
Hello Shon - You can log both accepts and failures. AuthLog SQL Identifier MyAuthLogger LogSuccess 1 LogFailure 1 ... /AuthLog Have a look at sections 6.48 and 6.50 in the Radiator 3.1 reference manual. (doc/ref.html). regards Hugh On Wed, 3 Jul 2002 03:04, Shon Stephens wrote: i really should read the manual more closely. i see that i can log only the auth rejects using AuthLog SQL. i still am curious how i might only log certain requests - see my previous post. thanks, shon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) sql logging questions
Hello Shon - You should probably be using Handlers for this sort of thing. # define Handlers Handler Username = /access\/user\@realm|software\/user\@realm/ # do whatever . /Handler Handler . /Handler .. Note that you should not mix realms and handlers in the same configuration file, so any realms should be converted like this: Realm foo.bar becomes Handler Realm = foo.bar Also note that Handlers are evaluted in the order they appear in the configuration file and the first match is the only match, therefore the more specific Handlers must appear before the more general. regards Hugh On Wed, 3 Jul 2002 03:01, Shon Stephens wrote: is it possible to log access rejects to an sql database? i don't want to log access accepts, just the rejects. also is it possible to ignore certain requests for logging. in particular i have a client which is sending me requests with username as either access/user@realm or software/user@realm both of these requests need to authenticate, however i do not want to log any of the requests for software nor do i want correpsonding entries for those in my accounting tables. thanks, shon === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) SQL Logging
I need 2 AuthBy's, but only the first one, AuthBy RADIUS, does the pass checking, (Proxy to third party radius server), but then a second AuthBy SQL gets entered which logs the Start-Stop records for accounting purposes. The users on those remote realms dont exist in my database however, so this second AuthBy cant do anything but log, as it would Reject the users name/pass if it tried. Here's a Realm statement from my radius.cfg with the passes removed. Seems I need a second AuthBy SQL/AuthBy with the appropriate connection string, username, password so it can talk to the SQL server. However how to just accept whats there and log it to ACCOUNTING. Realm realm.net RewriteUsername s/^([^@]+).*/$1/ AuthBy RADIUS Host remote.server.net Secret password LocalAddress 216.240.X.X AddToReply Port-Limit=1 /AuthBy /Realm === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Logging
Hello Ron - On Tue, 10 Oct 2000, Ron Hensley wrote: I need 2 AuthBy's, but only the first one, AuthBy RADIUS, does the pass checking, (Proxy to third party radius server), but then a second AuthBy SQL gets entered which logs the Start-Stop records for accounting purposes. The users on those remote realms dont exist in my database however, so this second AuthBy cant do anything but log, as it would Reject the users name/pass if it tried. Here's a Realm statement from my radius.cfg with the passes removed. Seems I need a second AuthBy SQL/AuthBy with the appropriate connection string, username, password so it can talk to the SQL server. However how to just accept whats there and log it to ACCOUNTING. You would do something like this: # configure AuthBy SQL for accounting only # note empty AuthSelect # Identifier will be used later AuthBy SQL Identifier SQLAccountingOnly DBSource DBUsername DBAuth . AuthSelect AccountingTable ACCOUNTING AcctColumnDef . /AuthBy # configure AuthBy RADIUS # Identifier will be used later AuthBy RADIUS Identifier CheckRADIUS Host remote.server.net Secret password LocalAddress 216.240.X.X AddToReply Port-Limit=1 /AuthBy # configure Realm with AuthByPolicy # AuthBy CheckRADIUS is last, as it forks and doesn't return Realm realm.net RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueAlways AuthBy SQLAccountingOnly AuthBy CheckRADIUS /Realm hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Logging
This worked like a charm. Hugh. you are an amazing, workaholic individual. Thanks once again. - Original Message - From: "Hugh Irvine" [EMAIL PROTECTED] To: "Ron Hensley" [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, October 09, 2000 7:40 PM Subject: Re: (RADIATOR) SQL Logging Hello Ron - On Tue, 10 Oct 2000, Ron Hensley wrote: I need 2 AuthBy's, but only the first one, AuthBy RADIUS, does the pass checking, (Proxy to third party radius server), but then a second AuthBy SQL gets entered which logs the Start-Stop records for accounting purposes. The users on those remote realms dont exist in my database however, so this second AuthBy cant do anything but log, as it would Reject the users name/pass if it tried. Here's a Realm statement from my radius.cfg with the passes removed. Seems I need a second AuthBy SQL/AuthBy with the appropriate connection string, username, password so it can talk to the SQL server. However how to just accept whats there and log it to ACCOUNTING. You would do something like this: # configure AuthBy SQL for accounting only # note empty AuthSelect # Identifier will be used later AuthBy SQL Identifier SQLAccountingOnly DBSource DBUsername DBAuth . AuthSelect AccountingTable ACCOUNTING AcctColumnDef . /AuthBy # configure AuthBy RADIUS # Identifier will be used later AuthBy RADIUS Identifier CheckRADIUS Host remote.server.net Secret password LocalAddress 216.240.X.X AddToReply Port-Limit=1 /AuthBy # configure Realm with AuthByPolicy # AuthBy CheckRADIUS is last, as it forks and doesn't return Realm realm.net RewriteUsername s/^([^@]+).*/$1/ AuthByPolicy ContinueAlways AuthBy SQLAccountingOnly AuthBy CheckRADIUS /Realm hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) - SQL Logging of Accounting data (but no auth)
Hello Chris - On Tue, 08 Aug 2000, Chris M wrote: I'm implementing SQL accounting, here are my (stupid!) questions. 1. Is a "NULL string" for AuthSelect this: AuthSelect It is just AuthSelect as you have it above. or this?: AuthSelect "" 2. Also, why bother storing these in SQL accounting tables: # AcctColumnDef NASIDENTIFIER,NAS-Identifier # AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer Seems like you have the NAS IP addr already, so no need to store the identifier right? And what is acct delay time anyway? It always seems to be zero. So why store it? You are free to alter the accounting tables as you see fit, we have simply made some suggestions to get you started. Acct-Delay-Time is the time difference between the event happening and the accounting packet being sent. In normal operation it will always be zero, but if your NAS has to resend an accounting packet, Acct-Delay-Time will show the length of time that the packet has been waiting to be resent. Your billing process should really correct for this, as the wall time will appear to be longer than the actual session time in this case. 3. I don't want to do SQL authentication, I want to check the UNIX password file for that, just do SQL accounting here. Here is the portion of config.cfg, does this look sensible assuming I create the appropriate tables for the SQL values? The Check items come from a DBM file, the passwords from the UNIX password file, and then I hope to log to a flat file as well as SQL tables. Realm someplace.com # Make NAS'es like the PM3 happy with an acct. acknowledgement AccountingHandled # Strip leading white space RewriteUsername s/^\s+// # Strip trailin white space RewriteUsername s/\s+$// # turn into lowercase and chop domain RewriteUsername tr/A-Z/a-z/ RewriteUsername s/^([^@]+).*/$1/ # strip any leading characters if a \ is present RewriteUsername s/^.*\\(.*)/$1/ AuthBy DBFILE Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSource dbi:mysql:radius_chaf DBUsername bob DBAuth somepassword Timeout 60 FailureBackoffTime 600 AuthSelect AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef PORTTYPE,NAS-Port-Type AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASIP,NAS-IP-Address AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CONNECTINFO,Connect-Info AcctColumnDef CALLINGSTATION,Calling-Station-Id AcctColumnDef CALLEDSTATION,Called-Station-Id AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer AcctColumnDef ASCENDDISCONNECT,Ascend-Disconnect-Cause AcctColumnDef USERREALM,User-Realm AcctColumnDef LIVINGSTON,Livingston AcctColumnDef ACCTSESSIONID,Acct-Session-Id # AcctColumnDef NASIDENTIFIER,NAS-Identifier # AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer /AuthBy /Realm AuthBy UNIX Identifier System Filename /etc/shadow /AuthBy You should specify an AuthByPolicy ContinueAlways in your Realm, and put the AuthBy DBM last in the Realm (after the AuthBy SQL). Otherwise, the AuthBy SQL will reject the Access-Requests. And I take it that your DBM file does an Auth-Type = System to check the passwords? regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body
(RADIATOR) - SQL Logging of Accounting data (but no auth)
I'm implementing SQL accounting, here are my (stupid!) questions. 1. Is a "NULL string" for AuthSelect this: AuthSelect or this?: AuthSelect "" 2. Also, why bother storing these in SQL accounting tables: # AcctColumnDef NASIDENTIFIER,NAS-Identifier # AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer Seems like you have the NAS IP addr already, so no need to store the identifier right? And what is acct delay time anyway? It always seems to be zero. So why store it? 3. I don't want to do SQL authentication, I want to check the UNIX password file for that, just do SQL accounting here. Here is the portion of config.cfg, does this look sensible assuming I create the appropriate tables for the SQL values? The Check items come from a DBM file, the passwords from the UNIX password file, and then I hope to log to a flat file as well as SQL tables. Realm someplace.com # Make NAS'es like the PM3 happy with an acct. acknowledgement AccountingHandled # Strip leading white space RewriteUsername s/^\s+// # Strip trailin white space RewriteUsername s/\s+$// # turn into lowercase and chop domain RewriteUsername tr/A-Z/a-z/ RewriteUsername s/^([^@]+).*/$1/ # strip any leading characters if a \ is present RewriteUsername s/^.*\\(.*)/$1/ AuthBy DBFILE Filename %D/users /AuthBy # Log accounting to the detail file in LogDir AcctLogFileName %L/detail AuthBy SQL # Adjust DBSource, DBUsername, DBAuth to suit your DB DBSource dbi:mysql:radius_chaf DBUsername bob DBAuth somepassword Timeout 60 FailureBackoffTime 600 AuthSelect AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef PORTTYPE,NAS-Port-Type AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef NASIP,NAS-IP-Address AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address AcctColumnDef CONNECTINFO,Connect-Info AcctColumnDef CALLINGSTATION,Calling-Station-Id AcctColumnDef CALLEDSTATION,Called-Station-Id AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,integer AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,integer AcctColumnDef ASCENDDISCONNECT,Ascend-Disconnect-Cause AcctColumnDef USERREALM,User-Realm AcctColumnDef LIVINGSTON,Livingston AcctColumnDef ACCTSESSIONID,Acct-Session-Id # AcctColumnDef NASIDENTIFIER,NAS-Identifier # AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer /AuthBy /Realm AuthBy UNIX Identifier System Filename /etc/shadow /AuthBy Thanks, Chris === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Logging
Hi John, I dont think there are any patches relevent to your previous question, but you may want to check for yourself at http://www.open.com.au/radiator/downloads/patches-2.13.1/README Cheers. On Jun 16, 9:56pm, John Abbott wrote: Subject: (RADIATOR) SQL Logging Hi Mike, I will get some loggs to you if my next move doesn't solve it. Can you let me know if any updates/patches should be applied, I am using 2.13 out of the box(so to speek :-) regs John Abbott === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- End of excerpt from John Abbott -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) SQL Logging
Hi John, On Jun 13, 4:00pm, John Abbott wrote: Subject: (RADIATOR) SQL Logging Hi, I have a small query, mainly I think its my understanding of the logging/duplication of loggs by radiator. I have setup my radius server to duplicate every 12 hours and to record stops only so I can get a 12 hour update in permanent connections. However for some reason the logiing update doesn;t seem to represent the total traffic of the permanent link. So my question is does the duplicate log show the difference in octets from the last log dup or is it cumulative octets since the session began(ie, this logupdate superseeds the previous logging The octet counts in accounting stops are always the total octets since the beginning of the session. Also I am using stored procedures with radius and it works very well thanks to mike for the pointer but occaisionally the radius server will report an incomplete record with either username missing, NAS ip missing or somthing missiong which causes the logging to freak out after a while. I am using rad 2.13 if this helps does anyone now why this is? I have seen that sort of thing with some types of NAS, notable Cisco. Sometimes they just dont report what they should. Do you have any level 4 logs that might help see whether that was the problem? Hope that helps. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
