Re: [RADIATOR] AuthBy SQL and database connections
On 01/15/2014 10:00 AM, Vangelis Kyriakakis wrote: > If we have an AuthBy SQL clause and a SessionDatabase SQL one, both > connecting to the same database with the same DBUsername, will Radiator > create two separate connections (one for each clause) or just one for > both clauses? Hello Vangelis, if DBSource, DBUsername and DBAuth (after expanding any % specials) are the same, then the connection should be the same. By 'should' I mean that Radiator calls DBI's connect() which hides the actual workings of the underlying layers. If you do for example, 'sudo netstat -t -p -n' you can check the TCP connections and the processes that use them. Thanks, Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL - multiple rows/attributes
you could use GENERIC like how Heikki suggested but still have separate rows in your sql and use SQL to join all the results, and apply the attribute names. For MySQL, group_concat: mysql> select * from temp; +++-+ | id | Server | Password| +++-+ | 5 | 172.16.1.1 | tunnelpass1 | | 6 | 172.16.1.2 | tunnelpass2 | | 7 | 172.16.1.3 | tunnelpass3 | +++-+ 3 rows in set (0.00 sec) mysql> select GROUP_CONCAT( CONCAT('Tunnel-Server-Endpoint=',Server )) AS Servers, GROUP_CONCAT( CONCAT('Tunnel-Server-Endpoint=', Password)) AS Passwords from temp order by id; +---+--+ | Servers | Passwords | +---+--+ | Tunnel-Server-Endpoint=172.16.1.1,Tunnel-Server-Endpoint=172.16.1.2,Tunnel-Server-Endpoint=172.16.1.3 | Tunnel-Server-Endpoint=tunnelpass1,Tunnel-Server-Endpoint=tunnelpass2,Tunnel-Server-Endpoint=tunnelpass3 | +---+--+ 1 row in set (0.00 sec) Michael On 12-06-26 07:33 AM, Heikki Vatiainen wrote: > On 06/26/2012 12:28 PM, Jim Tyrrell wrote: >> At the moment I just have a single very simple table that I am testing >> with, 2 columns 'Endpoint'& 'Password' with 2 rows in the table for 2 >> different Tunnel endpoints. > > How about changing the config to use GENERIC: > > AuthColumnDef 0,GENERIC,reply > AuthColumnDef 1,GENERIC,reply > > The DB would then have Endpoint and Password columns with values like these: > > Endpoint column for row n: > Tunnel-Server-Endpoint=172.16.1.1,Tunnel-Server-Endpoint=172.16.1.2 > Password column for row n: > Tunnel-Password="tunnelpass1",Tunnel-Password="tunnelpass2" > > With GENERIC you could actually put all reply attributes into the same > column but that would likely make maintaining the values harder. > > With Hugh's solution you could get rid of repeating the attribute names > and storing just the values. > > Heikki > > >> I could have multiple columns for the multiple tunnels, but then if I >> wanted to add or remove tunnels I would need to update the Radiator >> query each time to add/remove the extra AuthAttrDefs, but I'd like the >> flexibility to just add/remove entries to the SQL table without having >> to change the Radiator config. >> >> ie - if I have one tunnel in the table then the handler needs to return: >> >> Code: Access-Accept >> Tunnel-Server-Endpoint = 172.16.1.1 >> Tunnel-Password = "tunnelpass" >> >> And if an extra entry is added to the table then return the following >> format: >> >> Code: Access-Accept >> Tunnel-Server-Endpoint = 172.16.1.1 >> Tunnel-Password = "tunnelpass" >> Tunnel-Server-Endpoint = 172.16.1.2 >> Tunnel-Password = "tunnelpass2" >> >> >> If I was able to use LDAP I could just have an object such as: >> >> uid=TunnelEndPoints >> tunnelip=172.16.0.1 >> tunnelip=172.16.0.2 >> tunnelpass=blah1 >> tunnelpass=blah2 >> >> And then use an AuthBy LDAP including the following: >> >> AuthAttrDef tunnelip,Tunnel-Server-Endpoint,reply >> AuthAttrDef tunnelpass,Tunnel-Password,reply >> >> >> Is there not an equivalent of this for MySQL authentication? How do >> people store multiple attributes such as Framed-Route in MySQL and then >> return multiple instances of this when they exist? (The examples above >> would actually be returned as tagged attributes but I can worry about >> that later). >> >> Thanks. >> >> Jim. >> >> >> On 25/06/2012 18:05, Michael wrote: >>> >>> I seem to remember reading somewhere in the Radiator manual that it >>> will only process the first sql row received therefore I don't think >>> it will process multiple row results. I can't seem to find in the >>> manual where i read that though. On the other hand, you could have all >>> reply values on the same row in the table, or create an sql statement >>> that returns them all on one row. >>> >>> What is your sql table structure? multiple tables? >>> >>> mike >>> >>> >>> On 12-06-25 08:52 AM, Jim Tyrrell wrote: Hi, Is it possible for AuthBy SQL to return multiple attributes if the query returns multiple rows?
Re: [RADIATOR] AuthBy SQL - multiple rows/attributes
On 06/26/2012 12:28 PM, Jim Tyrrell wrote: > At the moment I just have a single very simple table that I am testing > with, 2 columns 'Endpoint' & 'Password' with 2 rows in the table for 2 > different Tunnel endpoints. How about changing the config to use GENERIC: AuthColumnDef 0,GENERIC,reply AuthColumnDef 1,GENERIC,reply The DB would then have Endpoint and Password columns with values like these: Endpoint column for row n: Tunnel-Server-Endpoint=172.16.1.1,Tunnel-Server-Endpoint=172.16.1.2 Password column for row n: Tunnel-Password="tunnelpass1",Tunnel-Password="tunnelpass2" With GENERIC you could actually put all reply attributes into the same column but that would likely make maintaining the values harder. With Hugh's solution you could get rid of repeating the attribute names and storing just the values. Heikki > I could have multiple columns for the multiple tunnels, but then if I > wanted to add or remove tunnels I would need to update the Radiator > query each time to add/remove the extra AuthAttrDefs, but I'd like the > flexibility to just add/remove entries to the SQL table without having > to change the Radiator config. > > ie - if I have one tunnel in the table then the handler needs to return: > > Code: Access-Accept >Tunnel-Server-Endpoint = 172.16.1.1 >Tunnel-Password = "tunnelpass" > > And if an extra entry is added to the table then return the following > format: > > Code: Access-Accept >Tunnel-Server-Endpoint = 172.16.1.1 >Tunnel-Password = "tunnelpass" >Tunnel-Server-Endpoint = 172.16.1.2 >Tunnel-Password = "tunnelpass2" > > > If I was able to use LDAP I could just have an object such as: > > uid=TunnelEndPoints > tunnelip=172.16.0.1 > tunnelip=172.16.0.2 > tunnelpass=blah1 > tunnelpass=blah2 > > And then use an AuthBy LDAP including the following: > > AuthAttrDef tunnelip,Tunnel-Server-Endpoint,reply > AuthAttrDef tunnelpass,Tunnel-Password,reply > > > Is there not an equivalent of this for MySQL authentication? How do > people store multiple attributes such as Framed-Route in MySQL and then > return multiple instances of this when they exist? (The examples above > would actually be returned as tagged attributes but I can worry about > that later). > > Thanks. > > Jim. > > > On 25/06/2012 18:05, Michael wrote: >> >> I seem to remember reading somewhere in the Radiator manual that it >> will only process the first sql row received therefore I don't think >> it will process multiple row results. I can't seem to find in the >> manual where i read that though. On the other hand, you could have all >> reply values on the same row in the table, or create an sql statement >> that returns them all on one row. >> >> What is your sql table structure? multiple tables? >> >> mike >> >> >> On 12-06-25 08:52 AM, Jim Tyrrell wrote: >>> Hi, >>> >>> Is it possible for AuthBy SQL to return multiple attributes if the query >>> returns multiple rows? >>> >>> I am currently using AuthBy SQL to return a Tunnel-Endpoint to a LAC >>> with the following simplified config: >>> >>> >>> DBSourcedbi:mysql:databasename:192.168.10.3 >>> DBUsername DBuser >>> DBAuth DBPass >>> AuthSelect SELECT Endpoint, Password FROM endpoints >>> AuthColumnDef 0,Tunnel-Server-Endpoint,reply >>> AuthColumnDef 1,Tunnel-Password,reply >>> >>> >>> This works fine at the moment as I only have 1 row in the table which >>> represents 1 endpoint. But I now want to return multiple endpoints so >>> the Access-Accept would be something along the lines of: >>> >>> Code: Access-Accept >>> Attributes: >>> Tunnel-Server-Endpoint = 172.16.1.1 >>> Tunnel-Password = "tunnelpass" >>> Tunnel-Server-Endpoint = 172.16.1.2 >>> Tunnel-Password = "tunnelpass2" >>> >>> I had hoped to just add a 2nd row to the table, but the handler just >>> returns the values from the 1st row of the result. I'd like to be able >>> to return additional attributes for each row returned so I can easily >>> add/remove more endpoints to the table as and when I need to. >>> >>> Thanks. >>> >>> Jim. >>> ___ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> > > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solari
Re: [RADIATOR] AuthBy SQL - multiple rows/attributes
Hello Jim - I generally do this sort of thing in a hook, using a "dummy" AuthBy SQL clause to operate against. Doing it this way allows to you use all of the normal Radiator code to do most of the heavy lifting. There are a number of examples doing similar things in "goodies/hooks.txt" that should give you the general idea. regards Hugh On 26 Jun 2012, at 19:28, Jim Tyrrell wrote: > At the moment I just have a single very simple table that I am testing > with, 2 columns 'Endpoint' & 'Password' with 2 rows in the table for 2 > different Tunnel endpoints. > > I could have multiple columns for the multiple tunnels, but then if I > wanted to add or remove tunnels I would need to update the Radiator > query each time to add/remove the extra AuthAttrDefs, but I'd like the > flexibility to just add/remove entries to the SQL table without having > to change the Radiator config. > > ie - if I have one tunnel in the table then the handler needs to return: > > Code: Access-Accept > Tunnel-Server-Endpoint = 172.16.1.1 > Tunnel-Password = "tunnelpass" > > And if an extra entry is added to the table then return the following > format: > > Code: Access-Accept > Tunnel-Server-Endpoint = 172.16.1.1 > Tunnel-Password = "tunnelpass" > Tunnel-Server-Endpoint = 172.16.1.2 > Tunnel-Password = "tunnelpass2" > > > If I was able to use LDAP I could just have an object such as: > > uid=TunnelEndPoints > tunnelip=172.16.0.1 > tunnelip=172.16.0.2 > tunnelpass=blah1 > tunnelpass=blah2 > > And then use an AuthBy LDAP including the following: > > AuthAttrDef tunnelip,Tunnel-Server-Endpoint,reply > AuthAttrDef tunnelpass,Tunnel-Password,reply > > > Is there not an equivalent of this for MySQL authentication? How do > people store multiple attributes such as Framed-Route in MySQL and then > return multiple instances of this when they exist? (The examples above > would actually be returned as tagged attributes but I can worry about > that later). > > Thanks. > > Jim. > > > On 25/06/2012 18:05, Michael wrote: >> >> I seem to remember reading somewhere in the Radiator manual that it >> will only process the first sql row received therefore I don't think >> it will process multiple row results. I can't seem to find in the >> manual where i read that though. On the other hand, you could have all >> reply values on the same row in the table, or create an sql statement >> that returns them all on one row. >> >> What is your sql table structure? multiple tables? >> >> mike >> >> >> On 12-06-25 08:52 AM, Jim Tyrrell wrote: >>> Hi, >>> >>> Is it possible for AuthBy SQL to return multiple attributes if the query >>> returns multiple rows? >>> >>> I am currently using AuthBy SQL to return a Tunnel-Endpoint to a LAC >>> with the following simplified config: >>> >>> >>> DBSourcedbi:mysql:databasename:192.168.10.3 >>> DBUsername DBuser >>> DBAuth DBPass >>> AuthSelect SELECT Endpoint, Password FROM endpoints >>> AuthColumnDef 0,Tunnel-Server-Endpoint,reply >>> AuthColumnDef 1,Tunnel-Password,reply >>> >>> >>> This works fine at the moment as I only have 1 row in the table which >>> represents 1 endpoint. But I now want to return multiple endpoints so >>> the Access-Accept would be something along the lines of: >>> >>> Code: Access-Accept >>> Attributes: >>> Tunnel-Server-Endpoint = 172.16.1.1 >>> Tunnel-Password = "tunnelpass" >>> Tunnel-Server-Endpoint = 172.16.1.2 >>> Tunnel-Password = "tunnelpass2" >>> >>> I had hoped to just add a 2nd row to the table, but the handler just >>> returns the values from the 1st row of the result. I'd like to be able >>> to return additional attributes for each row returned so I can easily >>> add/remove more endpoints to the table as and when I need to. >>> >>> Thanks. >>> >>> Jim. >>> ___ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >>> >>> > > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL - multiple rows/attributes
At the moment I just have a single very simple table that I am testing with, 2 columns 'Endpoint' & 'Password' with 2 rows in the table for 2 different Tunnel endpoints. I could have multiple columns for the multiple tunnels, but then if I wanted to add or remove tunnels I would need to update the Radiator query each time to add/remove the extra AuthAttrDefs, but I'd like the flexibility to just add/remove entries to the SQL table without having to change the Radiator config. ie - if I have one tunnel in the table then the handler needs to return: Code: Access-Accept Tunnel-Server-Endpoint = 172.16.1.1 Tunnel-Password = "tunnelpass" And if an extra entry is added to the table then return the following format: Code: Access-Accept Tunnel-Server-Endpoint = 172.16.1.1 Tunnel-Password = "tunnelpass" Tunnel-Server-Endpoint = 172.16.1.2 Tunnel-Password = "tunnelpass2" If I was able to use LDAP I could just have an object such as: uid=TunnelEndPoints tunnelip=172.16.0.1 tunnelip=172.16.0.2 tunnelpass=blah1 tunnelpass=blah2 And then use an AuthBy LDAP including the following: AuthAttrDef tunnelip,Tunnel-Server-Endpoint,reply AuthAttrDef tunnelpass,Tunnel-Password,reply Is there not an equivalent of this for MySQL authentication? How do people store multiple attributes such as Framed-Route in MySQL and then return multiple instances of this when they exist? (The examples above would actually be returned as tagged attributes but I can worry about that later). Thanks. Jim. On 25/06/2012 18:05, Michael wrote: > > I seem to remember reading somewhere in the Radiator manual that it > will only process the first sql row received therefore I don't think > it will process multiple row results. I can't seem to find in the > manual where i read that though. On the other hand, you could have all > reply values on the same row in the table, or create an sql statement > that returns them all on one row. > > What is your sql table structure? multiple tables? > > mike > > > On 12-06-25 08:52 AM, Jim Tyrrell wrote: >> Hi, >> >> Is it possible for AuthBy SQL to return multiple attributes if the query >> returns multiple rows? >> >> I am currently using AuthBy SQL to return a Tunnel-Endpoint to a LAC >> with the following simplified config: >> >> >> DBSourcedbi:mysql:databasename:192.168.10.3 >> DBUsername DBuser >> DBAuth DBPass >> AuthSelect SELECT Endpoint, Password FROM endpoints >> AuthColumnDef 0,Tunnel-Server-Endpoint,reply >> AuthColumnDef 1,Tunnel-Password,reply >> >> >> This works fine at the moment as I only have 1 row in the table which >> represents 1 endpoint. But I now want to return multiple endpoints so >> the Access-Accept would be something along the lines of: >> >> Code: Access-Accept >> Attributes: >> Tunnel-Server-Endpoint = 172.16.1.1 >> Tunnel-Password = "tunnelpass" >> Tunnel-Server-Endpoint = 172.16.1.2 >> Tunnel-Password = "tunnelpass2" >> >> I had hoped to just add a 2nd row to the table, but the handler just >> returns the values from the 1st row of the result. I'd like to be able >> to return additional attributes for each row returned so I can easily >> add/remove more endpoints to the table as and when I need to. >> >> Thanks. >> >> Jim. >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> >> ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL - multiple rows/attributes
I seem to remember reading somewhere in the Radiator manual that it will only process the first sql row received therefore I don't think it will process multiple row results. I can't seem to find in the manual where i read that though. On the other hand, you could have all reply values on the same row in the table, or create an sql statement that returns them all on one row. What is your sql table structure? multiple tables? mike On 12-06-25 08:52 AM, Jim Tyrrell wrote: > Hi, > > Is it possible for AuthBy SQL to return multiple attributes if the query > returns multiple rows? > > I am currently using AuthBy SQL to return a Tunnel-Endpoint to a LAC > with the following simplified config: > > > DBSourcedbi:mysql:databasename:192.168.10.3 > DBUsername DBuser > DBAuth DBPass > AuthSelect SELECT Endpoint, Password FROM endpoints > AuthColumnDef 0,Tunnel-Server-Endpoint,reply > AuthColumnDef 1,Tunnel-Password,reply > > > This works fine at the moment as I only have 1 row in the table which > represents 1 endpoint. But I now want to return multiple endpoints so > the Access-Accept would be something along the lines of: > > Code: Access-Accept > Attributes: > Tunnel-Server-Endpoint = 172.16.1.1 > Tunnel-Password = "tunnelpass" > Tunnel-Server-Endpoint = 172.16.1.2 > Tunnel-Password = "tunnelpass2" > > I had hoped to just add a 2nd row to the table, but the handler just > returns the values from the 1st row of the result. I'd like to be able > to return additional attributes for each row returned so I can easily > add/remove more endpoints to the table as and when I need to. > > Thanks. > > Jim. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL Reject or Accept in the SQL results
On 02/09/2012 01:43 PM, Michael wrote: > I use a reject column in my user database, and SELECT it like this: > SELECT username, crypt, CONCAT('Reject:',reject), > > and: > AuthColumnDef 2, Auth-Type, check Yes, this is a very good method to do it. > so, if the reject column is NULL, CONCAT returns NULL and it passed, but if > the reject column has text in it, CONCAT returns 'Reject:reject reason', and > the user is rejected. Also, if SQL call returns 'Accept', the password check must still be successful. So Auth-Type by itself does not accept the user if the password is wrong. A slight difference between this method and using hooks is the returned Reply-Message with bad password. The above method returns Bad password while with hooks it's possible to return message from SQL call. Thanks! Heikki > > > On 12-02-08 12:40 PM, Lee Solway wrote: >> Is there a way I can set an access Accept or Reject in the MySQL results >> generated by AuthBy SQL? >> >> Currently I have a stored procedure that I call in the following.. I >> would like the SP to be able to reject the Access-Request with an error >> message also if possible.. >> >> AuthSelectCALL get_reply_attr('%U') >> AuthColumnDef 0, GENERIC, reply >> AuthColumnDef 1, User-Password, check >> >> Thanks, >> Lee >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> >> > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL Reject or Accept in the SQL results
I use a reject column in my user database, and SELECT it like this: SELECT username, crypt, CONCAT('Reject:',reject), and: AuthColumnDef 2, Auth-Type, check so, if the reject column is NULL, CONCAT returns NULL and it passed, but if the reject column has text in it, CONCAT returns 'Reject:reject reason', and the user is rejected. On 12-02-08 12:40 PM, Lee Solway wrote: > Is there a way I can set an access Accept or Reject in the MySQL results > generated by AuthBy SQL? > > Currently I have a stored procedure that I call in the following.. I > would like the SP to be able to reject the Access-Request with an error > message also if possible.. > > AuthSelectCALL get_reply_attr('%U') > AuthColumnDef 0, GENERIC, reply > AuthColumnDef 1, User-Password, check > > Thanks, > Lee > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator > > ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL Reject or Accept in the SQL results
On 02/08/2012 07:40 PM, Lee Solway wrote: Hello Lee, > Is there a way I can set an access Accept or Reject in the MySQL results > generated by AuthBy SQL? Please see below for one method. > Currently I have a stored procedure that I call in the following.. I > would like the SP to be able to reject the Access-Request with an error > message also if possible.. > > AuthSelectCALL get_reply_attr('%U') > AuthColumnDef 0, GENERIC, reply > AuthColumnDef 1, User-Password, check You could do both (control accept/reject and return reason) with something like this. First change get_reply_attr to return 'true' or 'false' to control Accept or Reject. Also add another return value which is the Reply-Message that is returned with Access-Reject. AuthColumnDef 2,X-Accepted-By-Sql,check AuthColumnDef 3,X-Reject-Msg,request In the Handler or Realm clause prime X-Accepted-By-Sql like this: AddToRequest X-Accepted-By-Sql=true In the same Handler or Realm add RejectHasReason and a PostAuthHook to replace reason with the value from SQL call. RejectHasReason. PostAuthHook sub { my $p = ${$_[0]}; my $rp = ${$_[1]}; \ my $result = $_[2]; my $reason = $_[3]; \ return unless $$result == $main::REJECT; \ $$reason = $p->get_attr('X-Reject-Msg'); \ } Putting this together, if the third value returned by SQL call is something else than 'true' the request will be rejected. The hook will then set the returned Reply-Message based on X-Reject-Msg which comes from SQL call. For more about the hook parameters, please see the reference manual. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL results
On 03/03/2011 04:49 PM, Vangelis Kyriakakis wrote: > I would like to know what happens when AuthSelect query in AuthBy > SQL returns two or more rows. Which one is used? The first or the last? > Example: > > Username | Reply_item > --- > user | reply1 > user | reply2 > > AuthSelect select Reply_item from table where Username='user' > AuthColumnDef 0,GENERIC,reply > > Which reply_item is going to be used? Hello Vangelis, the answer is reply1. Even if the select returns multiple rows, only the first row is used. The rest of the rows are not saved or used later. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] AuthBy SQL result: IGNORE, User database access error
Hello Adam - The -I parameter to perl indicates where to find the Radiator modules. Here is the help for perl: Radiator-4.6 hugh$ perl -h Usage: perl [switches] [--] [programfile] [arguments] -0[octal] specify record separator (\0, if no argument) -aautosplit mode with -n or -p (splits $_ into @F) -C[number/list] enables the listed Unicode features -ccheck syntax only (runs BEGIN and CHECK blocks) -d[:debugger] run program under debugger -D[number/list] set debugging flags (argument is a bit mask or alphabets) -e programone line of program (several -e's allowed, omit programfile) -E programlike -e, but enables all optional features -fdon't do $sitelib/sitecustomize.pl at startup -F/pattern/ split() pattern for -a switch (//'s are optional) -i[extension] edit <> files in place (makes backup if extension supplied) -Idirectory specify @INC/#include directory (several -I's allowed) -l[octal] enable line ending processing, specifies line terminator -[mM][-]moduleexecute "use/no module..." before executing program -nassume "while (<>) { ... }" loop around program -passume loop like -n but print line also, like sed -Prun program through C preprocessor before compilation -senable rudimentary parsing for switches after programfile -Slook for programfile using PATH environment variable -tenable tainting warnings -Tenable tainting checks -udump core after parsing program -Uallow unsafe operations -vprint version, subversion (includes VERY IMPORTANT perl info) -V[:variable] print configuration summary (or a single Config.pm variable) -wenable many useful warnings (RECOMMENDED) -Wenable all warnings -x[directory] strip off text before #!perl line and perhaps cd to directory -Xdisable all warnings regards Hugh On 26 Jun 2010, at 00:16, Adam Gerson wrote: > That worked. Thank you. What did -i do? > > Adam > > > -- > Adam Gerson > Assistant Director of Technology > Columbia Grammar and Prep School > phone. 212-749-6200 ex. 321 > fax. 212-428-6806 > ager...@cgps.org > http://www.cgps.org > > On 6/24/10 5:10 AM, Hugh Irvine wrote: >> >> Hello Adam - >> >> Try this: >> >> >> /opt/local/bin/perl -I /usr/local/src/Radiator/Radiator-Locked-4.6 >> /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file >> /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid >> >> >> regards >> >> Hugh >> >> >> On 24 Jun 2010, at 03:46, Adam Gerson wrote: >> >>> I have figured out that MacPorts installs its own copy of perl into >>> /opt/local/bin >>> >>> I need to use that perl, which includes the mysql packages. When I call >>> that perl explicitly I get this error: >>> >>> sidekick:~ sadmin$ /opt/local/bin/perl >>> /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file >>> /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid >>> >>> Can't locate Radius/ServerConfig.pm in @INC (@INC contains: . >>> /opt/local/lib/perl5/site_perl/5.8.9/darwin-2level >>> /opt/local/lib/perl5/site_perl/5.8.9 /opt/local/lib/perl5/site_perl >>> /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-2level >>> /opt/local/lib/perl5/vendor_perl/5.8.9 /opt/local/lib/perl5/vendor_perl >>> /opt/local/lib/perl5/5.8.9/darwin-2level /opt/local/lib/perl5/5.8.9 .) at >>> (eval 8) line 20,<_> line 575. >>> BEGIN failed--compilation aborted at (eval 8) line 20,<_> line 575. >>> ...caught at /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd line >>> 2,<_> line 575. >>> >>> >>> >>> >>> -- >>> Adam Gerson >>> Assistant Director of Technology >>> Columbia Grammar and Prep School >>> phone. 212-749-6200 ex. 321 >>> fax. 212-428-6806 >>> ager...@cgps.org >>> http://www.cgps.org >>> >>> On 6/22/10 3:21 PM, Hugh Irvine wrote: Hello Adam - The error message you show below indicates your database is not running (or is unreachable for some reason). regards Hugh On 22 Jun 2010, at 15:03, Adam Gerson wrote: > Well, nothing has changed in my config file and my database is still up > and working. I have not used Radiator for a week or two. I started it > today to test it and now it cannot contact the database. I got an email > saying my trail had experienced, but at startup Radiator reports its > good until 2011 or 1000 connections. > > > > > > Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file > '/etc/radiator/radius.cfg' > This Radiator license will expire on 2011-02-01 > This Radiator license will stop operating after 1000 requests > To purchase an unlimited full source version of R
Re: [RADIATOR] AuthBy SQL result: IGNORE, User database access error
That worked. Thank you. What did -i do? Adam -- Adam Gerson Assistant Director of Technology Columbia Grammar and Prep School phone. 212-749-6200 ex. 321 fax. 212-428-6806 ager...@cgps.org http://www.cgps.org On 6/24/10 5:10 AM, Hugh Irvine wrote: > > Hello Adam - > > Try this: > > > /opt/local/bin/perl -I /usr/local/src/Radiator/Radiator-Locked-4.6 > /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file > /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid > > > regards > > Hugh > > > On 24 Jun 2010, at 03:46, Adam Gerson wrote: > >> I have figured out that MacPorts installs its own copy of perl into >> /opt/local/bin >> >> I need to use that perl, which includes the mysql packages. When I call that >> perl explicitly I get this error: >> >> sidekick:~ sadmin$ /opt/local/bin/perl >> /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file >> /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid >> >> Can't locate Radius/ServerConfig.pm in @INC (@INC contains: . >> /opt/local/lib/perl5/site_perl/5.8.9/darwin-2level >> /opt/local/lib/perl5/site_perl/5.8.9 /opt/local/lib/perl5/site_perl >> /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-2level >> /opt/local/lib/perl5/vendor_perl/5.8.9 /opt/local/lib/perl5/vendor_perl >> /opt/local/lib/perl5/5.8.9/darwin-2level /opt/local/lib/perl5/5.8.9 .) at >> (eval 8) line 20,<_> line 575. >> BEGIN failed--compilation aborted at (eval 8) line 20,<_> line 575. >> ...caught at /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd line >> 2,<_> line 575. >> >> >> >> >> -- >> Adam Gerson >> Assistant Director of Technology >> Columbia Grammar and Prep School >> phone. 212-749-6200 ex. 321 >> fax. 212-428-6806 >> ager...@cgps.org >> http://www.cgps.org >> >> On 6/22/10 3:21 PM, Hugh Irvine wrote: >>> >>> Hello Adam - >>> >>> The error message you show below indicates your database is not running (or >>> is unreachable for some reason). >>> >>> regards >>> >>> Hugh >>> >>> >>> On 22 Jun 2010, at 15:03, Adam Gerson wrote: >>> Well, nothing has changed in my config file and my database is still up and working. I have not used Radiator for a week or two. I started it today to test it and now it cannot contact the database. I got an email saying my trail had experienced, but at startup Radiator reports its good until 2011 or 1000 connections. Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file '/etc/radiator/radius.cfg' This Radiator license will expire on 2011-02-01 This Radiator license will stop operating after 1000 requests To purchase an unlimited full source version of Radiator, see http://www.open.com.au/ordering.html To extend your license period, contact ad...@open.com.au Tue Jun 22 14:59:47 2010: DEBUG: Reading dictionary file '/etc/radiator/dictionary' Tue Jun 22 14:59:47 2010: DEBUG: Creating authentication port 0.0.0.0:1645 Tue Jun 22 14:59:47 2010: DEBUG: Creating accounting port 0.0.0.0:1646 Tue Jun 22 14:59:47 2010: NOTICE: Server started: Radiator 4.6 on sidekick.cgps.org (LOCKED) Tue Jun 22 14:59:54 2010: DEBUG: Packet dump: *** Received from 192.168.1.92 port 52380 Code: Access-Request Identifier: 144 Authentic: -e<204><0><155>W<174><163>g<227><181><149><134>sP<148> Attributes: User-Name = "adam" User-Password =<175><244>t<214>bP0<25>+6c?<237><196><137>K NAS-IP-Address = 192.168.1.92 Service-Type = Login-User Framed-IP-Address = 10.93.3.23 Called-Station-Id = "00:19:92:02:B4:3A" Calling-Station-Id = "" NAS-Identifier = "Bluesocket" Acct-Session-Id = "00:19:92:02:B4:3A:1277233194" NAS-Port-Type = Wireless-IEEE-802-11 Tue Jun 22 14:59:54 2010: DEBUG: Handling request with Handler 'Realm=DEFAULT' Tue Jun 22 14:59:54 2010: DEBUG: Deleting session for adam, 192.168.1.92, Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User database access error Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE,
Re: [RADIATOR] AuthBy SQL result: IGNORE, User database access error
Hello Adam - Try this: /opt/local/bin/perl -I /usr/local/src/Radiator/Radiator-Locked-4.6 /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid regards Hugh On 24 Jun 2010, at 03:46, Adam Gerson wrote: > I have figured out that MacPorts installs its own copy of perl into > /opt/local/bin > > I need to use that perl, which includes the mysql packages. When I call that > perl explicitly I get this error: > > sidekick:~ sadmin$ /opt/local/bin/perl > /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file > /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid > > Can't locate Radius/ServerConfig.pm in @INC (@INC contains: . > /opt/local/lib/perl5/site_perl/5.8.9/darwin-2level > /opt/local/lib/perl5/site_perl/5.8.9 /opt/local/lib/perl5/site_perl > /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-2level > /opt/local/lib/perl5/vendor_perl/5.8.9 /opt/local/lib/perl5/vendor_perl > /opt/local/lib/perl5/5.8.9/darwin-2level /opt/local/lib/perl5/5.8.9 .) at > (eval 8) line 20, <_> line 575. > BEGIN failed--compilation aborted at (eval 8) line 20, <_> line 575. > ...caught at /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd line > 2, <_> line 575. > > > > > -- > Adam Gerson > Assistant Director of Technology > Columbia Grammar and Prep School > phone. 212-749-6200 ex. 321 > fax. 212-428-6806 > ager...@cgps.org > http://www.cgps.org > > On 6/22/10 3:21 PM, Hugh Irvine wrote: >> >> Hello Adam - >> >> The error message you show below indicates your database is not running (or >> is unreachable for some reason). >> >> regards >> >> Hugh >> >> >> On 22 Jun 2010, at 15:03, Adam Gerson wrote: >> >>> Well, nothing has changed in my config file and my database is still up >>> and working. I have not used Radiator for a week or two. I started it >>> today to test it and now it cannot contact the database. I got an email >>> saying my trail had experienced, but at startup Radiator reports its >>> good until 2011 or 1000 connections. >>> >>> >>> >>> >>> >>> Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file >>> '/etc/radiator/radius.cfg' >>> This Radiator license will expire on 2011-02-01 >>> This Radiator license will stop operating after 1000 requests >>> To purchase an unlimited full source version of Radiator, see >>> http://www.open.com.au/ordering.html >>> To extend your license period, contact ad...@open.com.au >>> >>> Tue Jun 22 14:59:47 2010: DEBUG: Reading dictionary file >>> '/etc/radiator/dictionary' >>> Tue Jun 22 14:59:47 2010: DEBUG: Creating authentication port 0.0.0.0:1645 >>> Tue Jun 22 14:59:47 2010: DEBUG: Creating accounting port 0.0.0.0:1646 >>> Tue Jun 22 14:59:47 2010: NOTICE: Server started: Radiator 4.6 on >>> sidekick.cgps.org (LOCKED) >>> Tue Jun 22 14:59:54 2010: DEBUG: Packet dump: >>> *** Received from 192.168.1.92 port 52380 >>> Code: Access-Request >>> Identifier: 144 >>> Authentic: -e<204><0><155>W<174><163>g<227><181><149><134>sP<148> >>> Attributes: >>> User-Name = "adam" >>> User-Password =<175><244>t<214>bP0<25>+6c?<237><196><137>K >>> NAS-IP-Address = 192.168.1.92 >>> Service-Type = Login-User >>> Framed-IP-Address = 10.93.3.23 >>> Called-Station-Id = "00:19:92:02:B4:3A" >>> Calling-Station-Id = "" >>> NAS-Identifier = "Bluesocket" >>> Acct-Session-Id = "00:19:92:02:B4:3A:1277233194" >>> NAS-Port-Type = Wireless-IEEE-802-11 >>> >>> Tue Jun 22 14:59:54 2010: DEBUG: Handling request with Handler >>> 'Realm=DEFAULT' >>> Tue Jun 22 14:59:54 2010: DEBUG: Deleting session for adam, 192.168.1.92, >>> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >>> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >>> Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with >>> DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: >>> Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. >>> Request is ignored. Backing off for 600 seconds >>> Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User >>> database access error >>> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >>> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >>> Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with >>> DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: >>> Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. >>> Request is ignored. Backing off for 600 seconds >>> Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User >>> database access error >>> ^C >>> >>> -- >>> Adam Gerson >>> Assistant Director of Technology >>> Columbia Grammar and Prep School >>> phone. 212-749-6200 ex. 321 >>> fax. 212-428-6806 >>> ager...@cgps.org >>> http://www.cgps.org >>> >>> ___ >>> radiator mailing list >>> radiator@open.com.au >>
Re: [RADIATOR] AuthBy SQL result: IGNORE, User database access error
I have figured out that MacPorts installs its own copy of perl into /opt/local/bin I need to use that perl, which includes the mysql packages. When I call that perl explicitly I get this error: sidekick:~ sadmin$ /opt/local/bin/perl /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd -config_file /etc/radiator/radius.cfg -pid_file /var/run/radiusd.pid Can't locate Radius/ServerConfig.pm in @INC (@INC contains: . /opt/local/lib/perl5/site_perl/5.8.9/darwin-2level /opt/local/lib/perl5/site_perl/5.8.9 /opt/local/lib/perl5/site_perl /opt/local/lib/perl5/vendor_perl/5.8.9/darwin-2level /opt/local/lib/perl5/vendor_perl/5.8.9 /opt/local/lib/perl5/vendor_perl /opt/local/lib/perl5/5.8.9/darwin-2level /opt/local/lib/perl5/5.8.9 .) at (eval 8) line 20, <_> line 575. BEGIN failed--compilation aborted at (eval 8) line 20, <_> line 575. ...caught at /usr/local/src/Radiator/Radiator-Locked-4.6/radiusd line 2, <_> line 575. -- Adam Gerson Assistant Director of Technology Columbia Grammar and Prep School phone. 212-749-6200 ex. 321 fax. 212-428-6806 ager...@cgps.org http://www.cgps.org On 6/22/10 3:21 PM, Hugh Irvine wrote: > > Hello Adam - > > The error message you show below indicates your database is not running (or > is unreachable for some reason). > > regards > > Hugh > > > On 22 Jun 2010, at 15:03, Adam Gerson wrote: > >> Well, nothing has changed in my config file and my database is still up >> and working. I have not used Radiator for a week or two. I started it >> today to test it and now it cannot contact the database. I got an email >> saying my trail had experienced, but at startup Radiator reports its >> good until 2011 or 1000 connections. >> >> >> >> >> >> Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file >> '/etc/radiator/radius.cfg' >> This Radiator license will expire on 2011-02-01 >> This Radiator license will stop operating after 1000 requests >> To purchase an unlimited full source version of Radiator, see >> http://www.open.com.au/ordering.html >> To extend your license period, contact ad...@open.com.au >> >> Tue Jun 22 14:59:47 2010: DEBUG: Reading dictionary file >> '/etc/radiator/dictionary' >> Tue Jun 22 14:59:47 2010: DEBUG: Creating authentication port 0.0.0.0:1645 >> Tue Jun 22 14:59:47 2010: DEBUG: Creating accounting port 0.0.0.0:1646 >> Tue Jun 22 14:59:47 2010: NOTICE: Server started: Radiator 4.6 on >> sidekick.cgps.org (LOCKED) >> Tue Jun 22 14:59:54 2010: DEBUG: Packet dump: >> *** Received from 192.168.1.92 port 52380 >> Code: Access-Request >> Identifier: 144 >> Authentic: -e<204><0><155>W<174><163>g<227><181><149><134>sP<148> >> Attributes: >> User-Name = "adam" >> User-Password =<175><244>t<214>bP0<25>+6c?<237><196><137>K >> NAS-IP-Address = 192.168.1.92 >> Service-Type = Login-User >> Framed-IP-Address = 10.93.3.23 >> Called-Station-Id = "00:19:92:02:B4:3A" >> Calling-Station-Id = "" >> NAS-Identifier = "Bluesocket" >> Acct-Session-Id = "00:19:92:02:B4:3A:1277233194" >> NAS-Port-Type = Wireless-IEEE-802-11 >> >> Tue Jun 22 14:59:54 2010: DEBUG: Handling request with Handler >> 'Realm=DEFAULT' >> Tue Jun 22 14:59:54 2010: DEBUG: Deleting session for adam, 192.168.1.92, >> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >> Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with >> DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: >> Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. >> Request is ignored. Backing off for 600 seconds >> Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User >> database access error >> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >> Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: >> Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with >> DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: >> Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. >> Request is ignored. Backing off for 600 seconds >> Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User >> database access error >> ^C >> >> -- >> Adam Gerson >> Assistant Director of Technology >> Columbia Grammar and Prep School >> phone. 212-749-6200 ex. 321 >> fax. 212-428-6806 >> ager...@cgps.org >> http://www.cgps.org >> >> ___ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > > NB: > > Have you read the reference manual ("doc/ref.html")? > Have you searched the mailing list archive > (www.open.com.au/archives/radiator)? > Have you had a quick look on Google (www.google.com)? > Have you included a copy of your configuration file (no secrets), > together with a trace 4 debug showing what is happening? > ___ radiator m
Re: [RADIATOR] AuthBy SQL result: IGNORE, User database access error
Hello Adam - The error message you show below indicates your database is not running (or is unreachable for some reason). regards Hugh On 22 Jun 2010, at 15:03, Adam Gerson wrote: > Well, nothing has changed in my config file and my database is still up > and working. I have not used Radiator for a week or two. I started it > today to test it and now it cannot contact the database. I got an email > saying my trail had experienced, but at startup Radiator reports its > good until 2011 or 1000 connections. > > > > > > Tue Jun 22 14:59:47 2010: DEBUG: Finished reading configuration file > '/etc/radiator/radius.cfg' > This Radiator license will expire on 2011-02-01 > This Radiator license will stop operating after 1000 requests > To purchase an unlimited full source version of Radiator, see > http://www.open.com.au/ordering.html > To extend your license period, contact ad...@open.com.au > > Tue Jun 22 14:59:47 2010: DEBUG: Reading dictionary file > '/etc/radiator/dictionary' > Tue Jun 22 14:59:47 2010: DEBUG: Creating authentication port 0.0.0.0:1645 > Tue Jun 22 14:59:47 2010: DEBUG: Creating accounting port 0.0.0.0:1646 > Tue Jun 22 14:59:47 2010: NOTICE: Server started: Radiator 4.6 on > sidekick.cgps.org (LOCKED) > Tue Jun 22 14:59:54 2010: DEBUG: Packet dump: > *** Received from 192.168.1.92 port 52380 > Code: Access-Request > Identifier: 144 > Authentic: -e<204><0><155>W<174><163>g<227><181><149><134>sP<148> > Attributes: > User-Name = "adam" > User-Password = <175><244>t<214>bP0<25>+6c?<237><196><137>K > NAS-IP-Address = 192.168.1.92 > Service-Type = Login-User > Framed-IP-Address = 10.93.3.23 > Called-Station-Id = "00:19:92:02:B4:3A" > Calling-Station-Id = "" > NAS-Identifier = "Bluesocket" > Acct-Session-Id = "00:19:92:02:B4:3A:1277233194" > NAS-Port-Type = Wireless-IEEE-802-11 > > Tue Jun 22 14:59:54 2010: DEBUG: Handling request with Handler > 'Realm=DEFAULT' > Tue Jun 22 14:59:54 2010: DEBUG: Deleting session for adam, 192.168.1.92, > Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: > Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: > Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with > DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: > Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. > Request is ignored. Backing off for 600 seconds > Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User > database access error > Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: > Tue Jun 22 14:59:54 2010: DEBUG: Handling with Radius::AuthSQL: > Tue Jun 22 14:59:54 2010: ERR: Could not connect to SQL database with > DBI->connect dbi:mysql:jamfsoftware:127.0.0.1, jamfsoftware, ***: > Tue Jun 22 14:59:54 2010: ERR: Could not connect to any SQL database. > Request is ignored. Backing off for 600 seconds > Tue Jun 22 14:59:54 2010: DEBUG: AuthBy SQL result: IGNORE, User > database access error > ^C > > -- > Adam Gerson > Assistant Director of Technology > Columbia Grammar and Prep School > phone. 212-749-6200 ex. 321 > fax. 212-428-6806 > ager...@cgps.org > http://www.cgps.org > > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator NB: Have you read the reference manual ("doc/ref.html")? Have you searched the mailing list archive (www.open.com.au/archives/radiator)? Have you had a quick look on Google (www.google.com)? Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: (RADIATOR) AuthBy SQL problem
Hello Adam - All you really need to do is use a RewriteUsername and a CaseInsensitivePasswords with a single AuthBy SQL. regards Hugh On Thursday, Oct 16, 2003, at 00:27 Australia/Melbourne, Adam Pogorzelski wrote: Hello, I have such a problem. I have users in mysql database, and few so called multilogin users. These multilogins have simple passwords created by username, for example ppp/ppp. Problem is, that i need to authenticate these combination as the same user: ppp/ppp, PPP/PPP, ppp/PPP, PPP/ppp. For now i am including to one Handler two authby's config files, one with normal AuthSelect, and second with Authselect 'select ucase(PASSWORD)'. Because i have many Handlers, and for each Handler is two configs, i want to minimize all configuration. So my question is: is it possible to put in AuthBy clause two AuthSelect's ? Similiar to AuthByPolicy ? Btw, for each failed Radius::AuthSQL i have one insert to database with info about it, and if i have four login/pass combination, i can have three inserts to database with fail info. ps. I may be wrong, but does Radiator isn't sql injection aware ? Sat Oct 11 06:51:57 2003: ERR: do failed for 'insert into radauthlog values (1065847917,'~}#','[EMAIL PROTECTED]'} }4',1,'No such user','DNIS','CLID')': You have an error in your SQL syntax near '} }4',1,'No such user','DNIS','CLID')' at line 1 S -- "For proper viewing, take red pill now" Futurama AdamP. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL problem
On 10/15/03 10:27 AM, "Adam Pogorzelski" <[EMAIL PROTECTED]> wrote: > I have such a problem. I have users in mysql database, and few so called > multilogin users. These multilogins have simple passwords created by > username, for example ppp/ppp. Problem is, that i need to authenticate > these combination as the same user: > ppp/ppp, PPP/PPP, ppp/PPP, PPP/ppp. > For now i am including to one Handler two authby's config files, > one with normal AuthSelect, and second with Authselect 'select > ucase(PASSWORD)'. Seems like it's more work than it's worth. You have some options... Add the directive in Radiator to ignore the case of passwords. So that "PaSSwoRD" would match "PASSWORD". You can also rewrite the username with a regex to force the username to lowercase before handling it in an authby.. > Because i have many Handlers, and for each Handler is two configs, i want > to minimize all configuration. > So my question is: is it possible to put in AuthBy clause two AuthSelect's ? > Similiar to AuthByPolicy ? For what reason if you just "IgnoreCase" on the password... ? > ps. I may be wrong, but does Radiator isn't sql injection aware ? > Sat Oct 11 06:51:57 2003: ERR: do failed for 'insert into radauthlog > values (1065847917,'~}#','[EMAIL PROTECTED]'} }4',1,'No such > user','DNIS','CLID')': You have an error in your SQL syntax near '} > }4',1,'No such user','DNIS','CLID')' at line 1 > S Tell Radiator what characters are valid in Usernames and you won't see this... ie: UsernameCharset [EMAIL PROTECTED] Or you could do something like: RewriteUsername s/[EMAIL PROTECTED]/\?/g Which strips out any bogus characters we don't except and replaces they with a "?" Which should be SQL friendly... -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = A445 7D1E 3D4F A4EF 6875 21BB 1BAA 10FE 5748 CFE9 Mac OS X. Because making Unix user-friendly is easier than debugging Windows. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) AuthBy SQL help- Resolved
Hi Hugh et al Thank you for forcing me to run radiator in the foreground. >From the errors generated I managed to fix both problems. They were both problem with the attributes assigned to particular column's in the database. In my first configuration I couldn't insert 'start' records as the table expected non-null values for fields such as 'Acct-Session-Time, Acct-Input-Octets and Acct-Output-Octetes' which were always going to be null for a 'start' record! So, I had to change one column's modifier from 'not-null=true' to 'not-null=false' to fix it. The other configuration had a similar problem which prevented the 'stop' records being inserted. I am only new to radiator and I am sure I will have some more questions Regards, Greg === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL help
Hello Greg - I will need to see a complete copy of your configuration file, together with a trace 4 debug from Radiator showing what is happening. regards Hugh On Saturday, September 28, 2002, at 10:58 AM, Greg 'Rafiq' Clarkson wrote: > Hi everybody, > > I need some clarification for setting up . I am using > Radiator-3.3.1. and any help will be greatly appreciated. > > I am experimenting with different accounting tables with different > AcctColumnDef. > > The problem is that one configuration only writes records where > "Acct-Status-Type = Start" and the other configuration only writes > records > where "Acct-Status-Type = Stop"! > > All other records are written to the FailedLog. > > My question is: > Do I need to define *all* fields sent from the NAS for both Start and > Stop > records in the one table to successfully write the record to SQL? > > I thought if I didn't define the field it would drop that particular > field > but insert all the other fields. > > For example one of my configurations uses the default setup as detailed > below: > > > IdentifierLocalDbAuth > IgnoreAuthentication > DBSource %{GlobalVar:dbSpec} > DBUsername%{GlobalVar:dbUser} > DBAuth%{GlobalVar:dbPass} > #AccountingStartsOnly > #AccountingStopsOnly > HandleAcctStatusTypes Start,Stop > DateFormat%Y-%m-%d %H:%M:%S > > AccountingTable accounting > AcctColumnDef username,User-Name > AcctColumnDef time_stamp,Timestamp,integer > AcctColumnDef acctstatustype,Acct-Status-Type > AcctColumnDef acctdelaytime,Acct-Delay-Time,integer > AcctColumnDef acctinputoctets,Acct-Input-Octets,integer > AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer > AcctColumnDef acctsessionid,Acct-Session-Id > AcctColumnDef acctsessiontime,Acct-Session-Time,integer > AcctColumnDef acctterminatecause,Acct-Terminate-Cause > AcctColumnDef nasidentifier,NAS-Identifier > AcctColumnDef nasport,NAS-Port,integer > AcctColumnDef framedipaddress,Framed-IP-Address > > AcctFailedLogFileName %L/detail.newdb > > > Only "Start" records are written. And this is the record written to the > FailedLog: > > > root@echelon:radius: # head -50 detail.newdb > Fri Sep 27 12:33:21 2002 > Acct-Session-Id = "0002BA2F" > Framed-Protocol = PPP > Framed-IP-Address = 203.220.179.32 > Acct-Terminate-Cause = Lost-Carrier > Ascend-Disconnect-Cause = 816 > Ascend-Connect-Progress = prLanSessionUp > Ascend-PreSession-Time = 21 > Ascend-Xmit-Rate = 26400 > Ascend-Data-Rate = 26400 > Acct-Session-Time = 334 > Connect-Info = "26400 V34/V42bis/LAPM (28800)" > Acct-Input-Octets = 75662 > Acct-Output-Octets = 305795 > Ascend-Pre-Input-Octets = 118 > Ascend-Pre-Output-Octets = 114 > Acct-Input-Packets = 465 > Acct-Output-Packets = 397 > Ascend-Pre-Input-Packets = 5 > Ascend-Pre-Output-Packets = 5 > Acct-Authentic = RADIUS > Acct-Status-Type = Stop > NAS-Port = 7315 > Called-Station-Id = "142320198333015" > Calling-Station-Id = "357213687" > NAS-Port-Type = Async > Service-Type = Framed-User > NAS-IP-Address = 203.220.246.113 > Event-Timestamp = 1033093991 > Acct-Delay-Time = 10 > User-Name = "kph" > Proxy-State = > BSP2ims01-syd/ > FEDEB6CC27A3A223FA1BF8E5C5231E60B56504FF7E0D088FB185BF15044FE4 > EA88F6C7EF7E0D08AC7A5949EC0221F87B432A74AF7E1F0BF280F6CBF26276B02ECFC7B > 4FB11 > 6B31BAE6C2D4ED6C > Timestamp = 1033093991 > > > > Whereas in a more complex setup: > > > IdentifierOldDbAuth > IgnoreAuthentication > DBSource %{GlobalVar:dbSpec} > DBUsername%{GlobalVar:dbUser} > DBAuth%{GlobalVar:dbPass} > #AccountingStartsOnly > #AccountingStopsOnly > HandleAcctStatusTypes Start,Stop > DateFormat%Y-%m-%d %H:%M:%S > > AccountingTable sessions > AcctColumnDef username,User-Name > AcctColumnDef time,Timestamp,integer-date > AcctColumnDef calledstation,Called-Station-Id > AcctColumnDef callingstation,Calling-Station-Id > AcctColumnDef nas,NAS-IP-Address > AcctColumnDef port,NAS-Port,integer > AcctColumnDef sessionid,Acct-Session-Id > AcctColumnDef ipaddress,Framed-IP-Address > AcctColumnDef duration,Acct-Session-Time,integer > AcctColumnDef upload,Acct-Input-Octets,integer > AcctColumnDef download,Acct-Output-Octets,integer > AcctColumnDef rx,Ascend-Xmit-Rate,integer > AcctColumnDef tx,Ascend-Data-Rate,integer > AcctColumnDef terminatecause,Ascend-Disconnect-Cause > AcctColumnDef
RE: (RADIATOR) AuthBy SQL and / or AuthLog SQL
AuthLog SQL records access-requests to a database. AuthBy SQL w /an empty AuthSelect records accounting-requests to a database. -Frank -Original Message- From: radiator [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 14, 2002 12:06 AM To: '[EMAIL PROTECTED]' Subject: (RADIATOR) AuthBy SQL and / or AuthLog SQL What's the difference between AuthBy SQL w/ and empty AuthSelect and AuthLog SQL?? Regards, Virgil -- WebCentral Pty Ltd Australia's #1 Internet Web Hosting Company Level 5, 100 Wickham St. Network Operations - Systems Engineer PO Box 930, Fortitude Valley.email: [EMAIL PROTECTED] Queensland, Australia 4006. phone: +61 7 3230 7176 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby SQL checking multi-value attributes
Hello Julio - You should use regular expressions to check multiple values: NASPORTYPE = "NAS-Port-type = '/Sync|Async/'" regards Hugh On Thu, 7 Mar 2002 22:27, [EMAIL PROTECTED] wrote: > hi all, > > I'm using Radiator 2.18.1 with AuthbySQL over MySQL. > > I've defined several fields in SUBSCRIBERS table to check them. > > I'm interested in checking NAS-Port-Type in a multi-value way, so for > example, > > user1@domain > > will be accepted if its NAS-Port-Type matches 'Sync' or 'Async' values, so > in case this user sends 'ISDN-Sync' nasport-type, he will be rejected. > > As a workaround I try to define a column NASPORTTYPE char(200) in > SUBSCRIBERS table in that way: > > NASPORTYPE = "NAS-Port-type = 'Sync',NAS-Port-type = 'Async'" > > and in Authby SQL > > AuthColumnDef N GENERIC, check > > but this idea does not work because it only checks first item. > > Any workaround about checking multivalue attributes with AuthSQL? > > thanks, > jules > > > Si quiere más información de BT puede solicitarla en nuestra revista online > http://www.ignite.com/realise > > ** > Noticia legal > Este mensaje electrónico contiene información de BT Ignite España S.A.U. > que es privada y confidencial, siendo para el uso exclusivo de la persona > (s) o entidades arriba mencionadas. Si usted no es el destinatario > señalado, le informamos que cualquier divulgación, copia, distribución o > uso de los contenidos está prohibida. Si usted ha recibido este mensaje por > error, por favor borre su contenido lo antes posible. > Gracias. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL and PostgreSQL
Hello Hugh, I had compiled the DBD and DBI from source, I have used the FreeBSD ports collection and now it works fine. Well, can't figure out why, but it works Thanks TDN - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> To: tdn <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, February 06, 2002 2:31 AM Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL > > Hello - > > Could you please send me a copy of your configuration file (no secrets) > together with a trace 4 debug from Radiator showing what is happening. > > thanks > > Hugh > > > On Tue, 5 Feb 2002 19:53, tdn wrote: > > Hi Hugh > > > > > The correct syntax for the DBSource line is this: > > > > > > DBSourcedbi:Pg:dbname=radius > > > > I actually noticed that and rectified, however the problem still occurs > > when auth by SQL. > > Authenticating by flat file works OK. > > > > > And of course you must install the DBI and DBD modules first. > > > > I have pgsql_perl5-1.9.0 for the DBD and DBI-1.201 for the DBI > > > > > > > > Rgds > > TDN > > > > > > - Original Message - > > From: Hugh Irvine <[EMAIL PROTECTED]> > > To: tdn <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > > Sent: Tuesday, February 05, 2002 1:38 AM > > Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL > > > > > Hello TDN - > > > > > > > Hi, > > > > > > > > I'd like to have radiator authenticate users from a Postgres SQL > > > > database. > > > > > > I get the following error whenever I try to test it using radpwtst. > > > > > > > > Can't read $DBI::errstr, last handle unknown or destroyed at > > > > /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 136 > > > > > > > > Am running Radiator 2.19 and PostgreSQL 7.1 > > > > > > > > see part of my radius.cfg > > > > > > > > > > > > # > > > > # # The filename defaults to %D/users > > > > # > > > > # Log accounting to the detail file in LogDir > > > > # AcctLogFileName %L/detail/detail.%Y%m%d > > > > > > > > DBSourcedbi:pg:dbname=radius > > > > DBUsername xxx > > > > DBAuth xxx > > > > AuthSelect select CLEARTEXTPASSWORD from USERS where > > > > USERID='%n'; > > > > > > > > > > > > > > The correct syntax for the DBSource line is this: > > > > > > DBSourcedbi:Pg:dbname=radius > > > > > > And of course you must install the DBI and DBD modules first. > > > > > > regards > > > > > > Hugh > > > > > > -- > > > Radiator: the most portable, flexible and configurable RADIUS server > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > > - > > > Nets: internetwork inventory and management - graphical, extensible, > > > flexible with hardware, software, platform and database independence. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL and PostgreSQL
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["tdn" <[EMAIL PROTECTED]>] Date: Thu, 7 Feb 2002 02:48:30 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Thu Feb 7 02:48:30 2002 Received: from mx1.uunet.co.ke (mx1.uunet.co.ke [195.202.64.8]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g178mP311640; Thu, 7 Feb 2002 02:48:27 -0600 Received: from [195.202.85.31] (helo=spider) by mx1.uunet.co.ke with smtp (Exim 3.21 #2) id 16YmzV-0007ji-00; Thu, 07 Feb 2002 11:45:25 + Message-ID: <00dc01c1afb3$ce093040$[EMAIL PROTECTED]> From: "tdn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <014801c1ae22$976feb60$[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL Date: Thu, 7 Feb 2002 11:45:24 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Hello Hugh, > Could you please send me a copy of your configuration file (no secrets) > together with a trace 4 debug from Radiator showing what is happening. below find my radius.cfg and trace 4 debug output.. also note that i connect to the SQL database manually OK. radius=# select * from users; userid | cleartextpassword | encryptedpassword +---+--- dthaba | test | (1 row) Radius.cfg -- LogDir /usr/local/radiator DbDir /usr/local/radiator/raddb LogFile %L/logfile/logfile.%Y%m%d Trace 4 Secret xxx DupInterval 0 DBSourcedbi:Pg:dbname=radius DBUsername radius DBAuth xxx AuthSelect select CLEARTEXTPASSWORD from USERS where USERID='%n'; Trace 4 debug --- *** Received from 127.0.0.1 port 1046 Code: Access-Request Identifier: 67 Authentic: 1234567890123456 Attributes: User-Name = "dthaba" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "123456789" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "<141><238>,<217><150>e<4><246><188>8<9><160><216>}x<153>" Thu Feb 7 11:18:53 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Feb 7 11:18:53 2002: DEBUG: Deleting session for dthaba, 203.63.154.1, 1234 Thu Feb 7 11:18:53 2002: DEBUG: Handling with Radius::AuthSQL Thu Feb 7 11:18:53 2002: DEBUG: Handling with Radius::AuthSQL: Thu Feb 7 11:18:53 2002: ERR: Could not connect to SQL database with DBI->connect dbi:Pg:dbname=radius, radius, rad99: Thu Feb 7 11:18:53 2002: ERR: Could not connect to any SQL database. Request is ignored. Backing off for 600 seconds Thu Feb 7 11:18:58 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1046 Code: Accounting-Request Identifier: 68 Authentic: <235><6><132><205><27><219><224><1><3><1><149><134><215>#O<175> Attributes: User-Name = "dthaba" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 NAS-Port-Type = Async Acct-Session-Id = "1234" Acct-Status-Type = Start Called-Station-Id = "123456789" Calling-Station-Id = "987654321" Thu Feb 7 11:18:58 2002: DEBUG: Handling request with Handler 'Realm=DEFAULT' Thu Feb 7 11:18:58 2002: DEBUG: Adding session for dthaba, 203.63.154.1, 1234 Thu Feb 7 11:18:58 2002: DEBUG: Handling with Radius::AuthSQL Thu Feb 7 11:18:58 2002: DEBUG: Handling accounting with Radius::AuthSQL Thu Feb 7 11:18:58 2002: DEBUG: Accounting accepted Thu Feb 7 11:18:58 2002: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 1046 Code: Accounting-Response Identifier: 68 Authentic: <235><6><132><205><27><219><224><1><3><1><149><134><215>#O<175> Attributes: Thu Feb 7 11:18:58 2002: DEBUG: Packet dump: *** Received from 127.0.0.1 port 1046 Code: Accounting-Request Identifier: 69 Authentic: <212><234><11><131><216><236><180>]<1><147><148>~<27>X<148><194> Attributes: User-Name = "dthaba" Service-Type = Framed-User NAS-IP-Address
Re: (RADIATOR) AuthBy SQL and PostgreSQL
Hello - Could you please send me a copy of your configuration file (no secrets) together with a trace 4 debug from Radiator showing what is happening. thanks Hugh On Tue, 5 Feb 2002 19:53, tdn wrote: > Hi Hugh > > > The correct syntax for the DBSource line is this: > > > > DBSourcedbi:Pg:dbname=radius > > I actually noticed that and rectified, however the problem still occurs > when auth by SQL. > Authenticating by flat file works OK. > > > And of course you must install the DBI and DBD modules first. > > I have pgsql_perl5-1.9.0 for the DBD and DBI-1.201 for the DBI > > > > Rgds > TDN > > > - Original Message - > From: Hugh Irvine <[EMAIL PROTECTED]> > To: tdn <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> > Sent: Tuesday, February 05, 2002 1:38 AM > Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL > > > Hello TDN - > > > > > Hi, > > > > > > I'd like to have radiator authenticate users from a Postgres SQL > > database. > > > > I get the following error whenever I try to test it using radpwtst. > > > > > > Can't read $DBI::errstr, last handle unknown or destroyed at > > > /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 136 > > > > > > Am running Radiator 2.19 and PostgreSQL 7.1 > > > > > > see part of my radius.cfg > > > > > > > > > # > > > # # The filename defaults to %D/users > > > # > > > # Log accounting to the detail file in LogDir > > > # AcctLogFileName %L/detail/detail.%Y%m%d > > > > > > DBSourcedbi:pg:dbname=radius > > > DBUsername xxx > > > DBAuth xxx > > > AuthSelect select CLEARTEXTPASSWORD from USERS where > > > USERID='%n'; > > > > > > > > > > The correct syntax for the DBSource line is this: > > > > DBSourcedbi:Pg:dbname=radius > > > > And of course you must install the DBI and DBD modules first. > > > > regards > > > > Hugh > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL and PostgreSQL
-- Forwarded Message -- Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["tdn" <[EMAIL PROTECTED]>] Date: Tue, 5 Feb 2002 01:21:16 -0600 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] >From [EMAIL PROTECTED] Tue Feb 5 01:21:15 2002 Received: from mx1.uunet.co.ke (mx1.uunet.co.ke [195.202.64.8]) by server1.open.com.au (8.11.0/8.11.0) with ESMTP id g157Km302454; Tue, 5 Feb 2002 01:21:02 -0600 Received: from [195.202.85.31] (helo=spider) by mx1.uunet.co.ke with smtp (Exim 3.21 #2) id 16Y4A6-0001HF-00; Tue, 05 Feb 2002 11:53:22 + Message-ID: <014801c1ae22$976feb60$[EMAIL PROTECTED]> From: "tdn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> References: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL Date: Tue, 5 Feb 2002 11:53:33 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2615.200 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200 Hi Hugh > The correct syntax for the DBSource line is this: > > DBSourcedbi:Pg:dbname=radius I actually noticed that and rectified, however the problem still occurs when auth by SQL. Authenticating by flat file works OK. > And of course you must install the DBI and DBD modules first. I have pgsql_perl5-1.9.0 for the DBD and DBI-1.201 for the DBI Rgds TDN - Original Message - From: Hugh Irvine <[EMAIL PROTECTED]> To: tdn <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, February 05, 2002 1:38 AM Subject: Re: (RADIATOR) AuthBy SQL and PostgreSQL > Hello TDN - > > > Hi, > > > > I'd like to have radiator authenticate users from a Postgres SQL database. > > I get the following error whenever I try to test it using radpwtst. > > > > Can't read $DBI::errstr, last handle unknown or destroyed at > > /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 136 > > > > Am running Radiator 2.19 and PostgreSQL 7.1 > > > > see part of my radius.cfg > > > > > > # > > # # The filename defaults to %D/users > > # > > # Log accounting to the detail file in LogDir > > # AcctLogFileName %L/detail/detail.%Y%m%d > > > > DBSourcedbi:pg:dbname=radius > > DBUsername xxx > > DBAuth xxx > > AuthSelect select CLEARTEXTPASSWORD from USERS where > > USERID='%n'; > > > > > > The correct syntax for the DBSource line is this: > > DBSourcedbi:Pg:dbname=radius > > And of course you must install the DBI and DBD modules first. > > regards > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. --- -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL and PostgreSQL
Hello TDN - > > Hi, > > I'd like to have radiator authenticate users from a Postgres SQL database. > I get the following error whenever I try to test it using radpwtst. > > Can't read $DBI::errstr, last handle unknown or destroyed at > /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 136 > > Am running Radiator 2.19 and PostgreSQL 7.1 > > see part of my radius.cfg > > > # > # # The filename defaults to %D/users > # > # Log accounting to the detail file in LogDir > # AcctLogFileName %L/detail/detail.%Y%m%d > > DBSourcedbi:pg:dbname=radius > DBUsername xxx > DBAuth xxx > AuthSelect select CLEARTEXTPASSWORD from USERS where > USERID='%n'; > > > The correct syntax for the DBSource line is this: DBSourcedbi:Pg:dbname=radius And of course you must install the DBI and DBD modules first. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby SQL
Hello Aaron - On Thu, 24 Jan 2002 06:41, Aaron Collins wrote: > I'm using Authby SQL and to keep my user list current I recreat it every > 15 minutes through a script. This is to insure that I always have a > acurate list of active and unavtive users But It appears that when ever > I do this radiator hangs for about 5 minutes or so. My question is does > radiator cache part of the database, or is this just a wierd MySQL > problem? If you are using an SQL database, you should simply modify the user definitions directly in the database, not reload the entire database every 15 minutes. I suspect what is happening is that the database is unreachable during the time you reload it and Radiator marks the connection as down. Have a look at a trace 4 debug from Radiator to see what is going on. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL problem
Hello Sam - Just specify a suitable AuthSelect: AuthSelect select PASSWORD where USERNAME = '%n' and STATUS = 'T' AuthColumnDef 0, User-Password, check regards Hugh On Tue, 8 Jan 2002 12:09, Sam Cheung wrote: > Hi genius, > > I am using to authenticate users. However, I would like to > verifiy the user's username, password and status=T. So, How, can I > rewrite the statement in sq.cfg to make it works. > Thanks so much for paying attention. > > --- > Regards, > > Sam Cheung > E-mail: [EMAIL PROTECTED] > > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL and Passwords ..
Robert, Most likely. :) *Hits self upside head with large UNIX manual.* Sadly enough, I *did* search/look through the documentation in search of such, wondering WHY ON EARTH there was one for User-Name but not Password. Guess it was a bit too late in the evening to be trying to figure that out. But yep, that's what I needed. Thanks :) Unless the network is lying to me again, Robert Blayzor said: > > So I got the bright idea to add a "AND PASS='%{Password}'" to > > the AuthSelect line. But the query ends up AND PASS='' > > (nothing is put > > in there.) So, obviously RADIUS either 1) can't pass it like > > that or 2) > > can but I'm doing it wrong. > > > Perhaps you want "AND PASS='%P'" ??? > > -- > Robert Blayzor, BOFH > INOC, LLC > [EMAIL PROTECTED] > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) AuthBy SQL and Passwords ..
> So I got the bright idea to add a "AND PASS='%{Password}'" to > the AuthSelect line. But the query ends up AND PASS='' > (nothing is put > in there.) So, obviously RADIUS either 1) can't pass it like > that or 2) > can but I'm doing it wrong. Perhaps you want "AND PASS='%P'" ??? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) authby sql
Hello Rick - Your configuration file has a Realm clause for "xx.com" and another Realm clause for any other realm, however you don't have a clause to match just a username by itself. # define a Realm for username only . regards Hugh > > could someon tell me what I am missing here or doing wrong thanks > > > Sun Dec 23 19:20:28 2001: DEBUG: Rewrote user name to test > Sun Dec 23 19:20:28 2001: DEBUG: Check if Handler Realm=mynet.com should be > used to handle this request > Sun Dec 23 19:20:28 2001: WARNING: Could not find a handler for qwtest: > request is ignored > Sun Dec 23 19:20:30 2001: DEBUG: Packet dump: > *** Received from 0.0.0.0 port 58682 > Code: Access-Request > Identifier: 52 > Authentic: ka<197><219><24>@\Os<23>'<184>bs<253>z > Attributes: > User-Name = "test" > CHAP-Password = <1><130><199><195>P<13>(<209><130><223>zJ<242>zc<15><191> > NAS-IP-Address = 0.0.0.0 > NAS-Port = 7190 > Service-Type = Framed-User > Framed-Protocol = PPP > Cisco-NAS-Port = "Async4/43*Serial7/0:1:22" > Acct-Session-Id = "0A" > NAS-Port-Type = Async > > Sun Dec 23 19:20:30 2001: DEBUG: Rewrote user name to test > Sun Dec 23 19:20:30 2001: DEBUG: Check if Handler Realm=mynet.com should be > used to handle this request > Sun Dec 23 19:20:30 2001: WARNING: Could not find a handler for test: > request is ignored > Sun Dec 23 19:21:13 2001: DEBUG: Packet dump: > *** Received from 0.0.0.0 port 58684 > Code: Access-Request > Identifier: 53 > Authentic: <194>7<127>dZ>its<23>'<184><137>[r<254> > Attributes: > User-Name = "test" > CHAP-Password = <1><141>{<247><199><186>Q<130>#h#<31>a<228><150>IN > NAS-IP-Address = 0.0.0.0 > NAS-Port = 7190 > Service-Type = Framed-User > Framed-Protocol = PPP > Cisco-NAS-Port = "Async4/44*Serial7/0:1:22" > Acct-Session-Id = "0B" > NAS-Port-Type = Async > > Sun Dec 23 19:21:13 2001: DEBUG: Rewrote user name to test > Sun Dec 23 19:21:13 2001: DEBUG: Check if Handler Realm=mynet.com should be > used to handle this request > Sun Dec 23 19:21:13 2001: WARNING: Could not find a handler for test: > request is ignored > Sun Dec 23 19:21:15 2001: DEBUG: Packet dump: > *** Received from 0.0.0.0 port 58684 > Code: Access-Request > Identifier: 53 > Authentic: <194>7<127>dZ>its<23>'<184><137>[r<254> > Attributes: > User-Name = "test" > CHAP-Password = <1><141>{<247><199><186>Q<130>#h#<31>a<228><150>IN > NAS-IP-Address = 0.0.0.0 > NAS-Port = 7190 > Service-Type = Framed-User > Framed-Protocol = PPP > Cisco-NAS-Port = "Async4/44*Serial7/0:1:22" > Acct-Session-Id = "2B" > NAS-Port-Type = Async > > Sun Dec 23 19:21:15 2001: DEBUG: Rewrote user name to test > Sun Dec 23 19:21:15 2001: DEBUG: Check if Handler Realm=mynet.com should be > used to handle this request > Sun Dec 23 19:21:15 2001: WARNING: Could not find a handler for test: > request is ignored > > # Radiator configuration file. > # Produced by /cgi-bin/radconfig.cgi Sun Dec 23 16:57:37 2001 > #REMOTE_USER: , REMOTE_ADDR: > AcctPort 1646 > AuthPort 1645 > DbDir /usr/local/etc/raddb > DictionaryFile /usr/local/etc/raddb/dictionary > Foreground > LogDir /var/log/radius > LogFile %L/logfile > LogStdout > PidFile /var/run/radiusd.pid > Trace 4 > > > AccountingStartsOnly > AccountingStopsOnly > AccountingTable radius.ACCOUNTING > AcctColumnDef USERNAME, '%{User-Name}' > AcctColumnDef TIME_STAMP, %{Timestamp}, integer > AcctColumnDef ACCTSTATUSTYPE, '%{Acct-Status-Type}' > AcctColumnDef ACCTDELAYTIME, %{Acct-Delay-Time} > AcctColumnDef ACCTINPUTOCTETS, %{Acct-Input-Octets}, integer > AcctColumnDef ACCTOUTPUTOCTETS, %{Acct-Output-Octets}, integer > AcctColumnDef ACCTSESSIONID, '%{Acct-Session-Id}' > AcctColumnDef ACCTSESSIONTIME, %{Acct-Session-Time}, integer > AcctColumnDef ACCTTERMINATECAUSE, %{Acct-Terminate-Cause} > AcctColumnDef NASIDENTIFIER, '%{NAS-Identifier}' > AcctColumnDef NASPORT, %{NAS-Port}, integer > AcctColumnDef FRAMEDIPADDRESS, '%{Framed-IP-Address}' > AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n' > DBAuth xx > DBSource dbi:mysql:radius > DBUsername > DefaultSimultaneousUse 1 > Description global access > Identifier auth_0 > > > > Description testing > DupInterval 2 > IdenticalClients > IgnoreAcctSignature > NasType Livingston > Secret > > > > AccountingHandled > AcctLogFileName /var/log/radius/accounting > AuthBy auth_0 > AuthByPolicy ContinueUntilAccept > Description Global Dial > RejectHasReason > RewriteUsername s/^([^@]+).*/$1/ > RewriteUsername tr/[A-Z]/[a-z]/ > SessionDatabase intdb > > > > > AccountingHandled > AcctLogFileName /var/log/radius/accounting > AuthBy auth_0 > AuthByPolicy ContinueUntilAccept > RejectHasReason > RewriteUsername s/^([^@]+).*/$1/ > SessionDatabase intdb > > > > Description dont know > Identifier intdb > > >
Re: (RADIATOR) AuthBy SQL
Hello Quintin - My first question is what is Radiator meant to do with authentication requests? The answer will determine what the best approach will be in the configuration file. Please give me a clear explanation of what you are trying to achieve and I will suggest a suitable means to configure it. regards Hugh On Monday 24 September 2001 21:25, Quintin wrote: > > Hi, > > I have a problem on AuthBy SQL, I don't want to be authenticated using SQL > Database but I just want to insert a value into another self-defined > database when the Radiator receives the accouting start. > > Trace result > --- > Mon Sep 24 19:07:54 2001: DEBUG: Handling with Radius::AuthSQL > Mon Sep 24 19:07:54 2001: INFO: Access rejected for wtlam: Authentication > disabled Mon Sep 24 19:07:54 2001: DEBUG: Packet dump: > *** Sending to 127.0.0.1 port 37203 > Code: Access-Reject > Identifier: 9 > Authentic: 1234567890123456 > Attributes: > > Configuration > > > Identifier MarkAlert > DBSource DBI:mysql:radius > DBUsername xx > DBAuth xx > FailureBackoffTime 60 > AuthSelect > AcctSQLStatement insert into RADALERT (USERNAME) values ('%u') > > > > In the configuration above, I have put the empty string at AuthSelect cause > but I don't know why the Radiator rejected my request. > > Please help. > > Thanks! > > Quintin Content-Type: text/html; charset="big5"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description: -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby Sql
Hi again, We worked it out. Thanks for the support. But that thing works fine with both AuthColumnDef 0, Encrypted-Password, check& AuthColumnDef 0, User-Password, check Thanks Ujwol ManandharMercantile CommunicationsP.O.Box 876DurbarMarg Kathmandu, NepalTel : +977-1-240920Fax :+977-1-225407 - Original Message - From: Hugh Irvine To: Ujwol ; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, March 16, 2001 5:06 AM Subject: Re: (RADIATOR) Authby Sql Hello Ujwol -Please say hello to everyone at MOS for me, and please tell Sanjib that I am planning on coming to visit Nepal in October this year.On Thursday 15 March 2001 23:21, Ujwol wrote:> > Hi,> We're trying to use Authby Sql, after converting linux 6.2 shadow> password file into MSSQL table by buildsql. But the problem is, we couldn't> get the users authenticated with this Linux MD5 password encryption. We get> bad encrypted password result. But it works fine with Standard Unix crypt> format. Here is the authby clause.>> > Identifier SQL> DBSource dbi:Sybase:RADIATOR> DBUsername abc> DBAuth pwd> AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0> AuthColumnDef 0, Encrypted-Password, check> FailureBackoffTime 10> The above will not work because you are not using a Unix crypt password with the "Encrypted-Password" directive.As long as the Linux MD5 password has the standard prefix ("$1$"), you should just use the following: AuthColumnDef 0, User-Password, checkRadiator understands all the standard prefixes for passwords.Have a look at section 13.1.1 in the Radiator 2.18 reference manual.regardsHugh-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.===Archive at http://www.starport.net/~radiator/Announcements on [EMAIL PROTECTED]To unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby Sql
Hi Hugh, Nice to hear from you. Please let us know the exact date, when you'll be visiting Nepal. We're gald to welcome you in Nepal. About the Authby Sql thing, we still couldn't work it out. Authby Clause Identifier SQL DBSource dbi:Sybase:RADIATOR DBUsernameaaa DBAuth pwd AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME="%n" AuthColumnDef 0, User-Password, check FailureBackoffTime 10 The username and password in sql table is in this format ujwol $1$isuP4v7R$dAFqUFLqhdg0iQ7OQa And the trace4 debug Fri Mar 16 09:47:28 2001: INFO: Server started: Radiator 2.18 onchautari.mos.com.npFri Mar 16 09:47:36 2001: DEBUG: Packet dump:*** Received from 127.0.0.1 port 1037 Code: Access-RequestIdentifier: 212Authentic: 1234567890123456Attributes:User-Name = "ujwol"Service-Type = Framed-UserNAS-IP-Address = 203.63.154.1NAS-Port = 1234Called-Station-Id = "123456789"Calling-Station-Id = "987654321"NAS-Port-Type = AsyncUser-Password ="<140><225>(<194><195>\<4><246><188>8<9><160><216>}x<153>"Fri Mar 16 09:47:36 2001: DEBUG: Handling request with Handler 'Realm='Fri Mar 16 09:47:36 2001: DEBUG: Deleting session for ujwol,203.63.154.1, 1234Fri Mar 16 09:47:36 2001: DEBUG: Handling with Radius::AuthSQLFri Mar 16 09:47:36 2001: DEBUG: Handling with Radius::AuthSQLFri Mar 16 09:47:36 2001: DEBUG: Query is: select PASSWORD fromSUBSCRIBERS where USERNAME="ujwol"Fri Mar 16 09:47:36 2001: DEBUG: Radius::AuthSQL looks for match withujwolFri Mar 16 09:47:37 2001: DEBUG: Radius::AuthSQL REJECT: Bad PasswordFri Mar 16 09:47:37 2001: DEBUG: Query is: select PASSWORD fromSUBSCRIBERS where USERNAME="DEFAULT"Fri Mar 16 09:47:37 2001: INFO: Access rejected for ujwol: Bad PasswordFri Mar 16 09:47:37 2001: DEBUG: Packet dump:*** Sending to 127.0.0.1 port 1037 Code: Access-RejectIdentifier: 212Authentic: 1234567890123456Attributes:Reply-Message = "Request Denied"Regards Ujwol ManandharMercantile CommunicationsP.O.Box 876DurbarMarg Kathmandu, NepalTel : +977-1-240920Fax :+977-1-225407 - Original Message - From: Hugh Irvine To: Ujwol ; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, March 16, 2001 5:06 AM Subject: Re: (RADIATOR) Authby Sql Hello Ujwol -Please say hello to everyone at MOS for me, and please tell Sanjib that I am planning on coming to visit Nepal in October this year.On Thursday 15 March 2001 23:21, Ujwol wrote:> > Hi,> We're trying to use Authby Sql, after converting linux 6.2 shadow> password file into MSSQL table by buildsql. But the problem is, we couldn't> get the users authenticated with this Linux MD5 password encryption. We get> bad encrypted password result. But it works fine with Standard Unix crypt> format. Here is the authby clause.>> > Identifier SQL> DBSource dbi:Sybase:RADIATOR> DBUsername abc> DBAuth pwd> AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0> AuthColumnDef 0, Encrypted-Password, check> FailureBackoffTime 10> The above will not work because you are not using a Unix crypt password with the "Encrypted-Password" directive.As long as the Linux MD5 password has the standard prefix ("$1$"), you should just use the following: AuthColumnDef 0, User-Password, checkRadiator understands all the standard prefixes for passwords.Have a look at section 13.1.1 in the Radiator 2.18 reference manual.regardsHugh-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.-Nets: internetwork inventory and management - graphical, extensible,flexible with hardware, software, platform and database independence.===Archive at http://www.starport.net/~radiator/Announcements on [EMAIL PROTECTED]To unsubscribe, email '[EMAIL PROTECTED]' with'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby Sql
Hello Ujwol - Please say hello to everyone at MOS for me, and please tell Sanjib that I am planning on coming to visit Nepal in October this year. On Thursday 15 March 2001 23:21, Ujwol wrote: > > Hi, > We're trying to use Authby Sql, after converting linux 6.2 shadow > password file into MSSQL table by buildsql. But the problem is, we couldn't > get the users authenticated with this Linux MD5 password encryption. We get > bad encrypted password result. But it works fine with Standard Unix crypt > format. Here is the authby clause. > > > Identifier SQL > DBSourcedbi:Sybase:RADIATOR > DBUsername abc > DBAuth pwd > AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME=%0 > AuthColumnDef 0, Encrypted-Password, check > FailureBackoffTime 10 > The above will not work because you are not using a Unix crypt password with the "Encrypted-Password" directive. As long as the Linux MD5 password has the standard prefix ("$1$"), you should just use the following: AuthColumnDef 0, User-Password, check Radiator understands all the standard prefixes for passwords. Have a look at section 13.1.1 in the Radiator 2.18 reference manual. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) authby sql and changing passwords
Hello Elliot - On Monday 08 January 2001 10:34, Elliot Finley wrote: > On Sun, 7 Jan 2001 12:05:24 +1100, Hugh Irvine wrote: > >On Sunday 07 January 2001 06:09, Elliot Finley wrote: > >> Hello fellow radiator users, > >> I'm in the process of consolidating 4 ISPs into one. I'm setting > >> up AuthBy SQL to handle this. We don't have the passwords to all of > >> the users, so I'm trying to set up the following. If the user has a > >> NULL password in the database, then they can get in using _any_ > >> password. This should work according to TFM. The thing that I want > >> to do that I'm not sure how to do is; if they have a NULL password in > >> the database, it'll let them in, then it will update the database with > >> the password that they used. > > > >You will need to write a PreAuthHook to do this. There are some example > > hooks in the Radiator 2.17.1 distribution in the file > > "goodies/hooks.txt". > > > >> If anyone knows how to do this using AuthBy SQL, I would > >> appreciate a hint. If this is not possible, I guess I'll be writing a > >> new AuthBy module. > > > >No need for a complete AuthBy module - just a hook will do fine. > > I don't see a way inside of a PreAuthHook to use the existing database > handle. Do I need to re-connect to the database each time? As mentioned previously, there is some example code in the file "goodies/hooks.txt", however here it is again: . # Get the Identifier for this Realm/Handler my $identifier = Radius::Util::format_special('%{Handler:Identifier}', $p, $rp); &main::log($main::LOG_DEBUG, "Using Identifier $identifier"); # Now find the AuthBy clause with the same Identifier # and call its handle_request function. # Set the correct reply code in the reply packet # or if the AuthBy is not found set to Access-Reject. my $authby; if ($authby = Radius::AuthGeneric::find($identifier)) { &main::log($main::LOG_DEBUG, "Found AuthBy with Identifier $identifier"); $authby->. . This code is based on having the same Identifier in both the AuthBy clause and in the Realm or Handler (which allows you to use the same hook in multiple places in the configuration file). It is used like this: # configure AuthBy clause with Identifier Identifier CheckSQL . # configure Realm(s) or Handler(s) Identifier CheckSQL PreAuthHook file:"%D/YourHook" . As shown in the hook code above, once you have the reference to the AuthBy ($authby), you can use it to call any of the functions in AuthSQL.pm or any of the routines that it inherits. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) authby sql and changing passwords
Hello Elliot - Just for my records, who is the registered Radiator user that you are representing? On Sunday 07 January 2001 06:09, Elliot Finley wrote: > Hello fellow radiator users, > I'm in the process of consolidating 4 ISPs into one. I'm setting > up AuthBy SQL to handle this. We don't have the passwords to all of > the users, so I'm trying to set up the following. If the user has a > NULL password in the database, then they can get in using _any_ > password. This should work according to TFM. The thing that I want > to do that I'm not sure how to do is; if they have a NULL password in > the database, it'll let them in, then it will update the database with > the password that they used. > You will need to write a PreAuthHook to do this. There are some example hooks in the Radiator 2.17.1 distribution in the file "goodies/hooks.txt". > If anyone knows how to do this using AuthBy SQL, I would > appreciate a hint. If this is not possible, I guess I'll be writing a > new AuthBy module. > No need for a complete AuthBy module - just a hook will do fine. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL
Hi Lachlan, you can use PostAuthHook which allows you to do anything you wish with reply, strip Framed-Ip-Address attribute for example. hooks.txt file contains full information how to do it. MM> --- Forwarded mail from [EMAIL PROTECTED] MM> Date: Thu, 28 Dec 2000 17:40:13 +1100 (EST) MM> From: [EMAIL PROTECTED] MM> To: [EMAIL PROTECTED] MM> Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from ["Lachlan MM> Fletcher" <[EMAIL PROTECTED]>] >>From mikem Thu Dec 28 17:40:09 2000 MM> Received: by oscar.open.com.au (8.9.0/8.9.0) id RAA10847 MM> for [EMAIL PROTECTED]; Thu, 28 Dec 2000 17:40:09 +1100 (EST) >>Received: from mail.ausisp.com (mail.ausisp.com [203.2.239.72]) by MM> perki.connect.com.au with ESMTP id RAA07567 MM> (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 28 Dec 2000 17:19:33 +1100 MM> (EST) MM> Received: from mail.ausisp.com (mail.ausisp.com [203.2.239.72]) by MM> perki.connect.com.au with ESMTP id RAA07567 MM> (8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 28 Dec 2000 17:19:33 +1100 MM> (EST) MM> Received: from lfletcher (nm1.geko.net.au [203.2.239.20]) MM> by mail.ausisp.com (8.9.3/8.9.3) with SMTP id RAA25385 MM> for <[EMAIL PROTECTED]>; Thu, 28 Dec 2000 17:19:32 +1100 (EST) MM> envelope-from <[EMAIL PROTECTED]> MM> From: "Lachlan Fletcher" <[EMAIL PROTECTED]> MM> To: <[EMAIL PROTECTED]> MM> Subject: AuthBy SQL MM> Date: Thu, 28 Dec 2000 17:21:30 +1100 MM> Message-ID: <[EMAIL PROTECTED]> MM> MIME-Version: 1.0 MM> Content-Transfer-Encoding: 7bit MM> X-Priority: 3 (Normal) MM> X-MSMail-Priority: Normal MM> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) MM> In-Reply-To:MM> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 MM> Importance: Normal MM> Content-Type: text/plain; MM> charset="iso-8859-1" MM> Hi, MM> I was wondering if anyone may be able to help here. MM> I want to use "AuthColumnDef" option with "AuthSelect" in "AuthBy SQL". MM> My problem is with reply items. Some users need more reply items than MM> others. MM> For example, our permanent modem customers get given a single fixed IP MM> address of their own, where our standard dial-up customers do not, and the MM> NAS server assigns them one from it's own IP range. MM> So, we have a field in our database call "IPADDRESS" and every customer has MM> this field. Normally, the customer does not have an IP, and their field is MM> NULL, however those with fixed IP's will have a value in this field. MM> How can we tell radiator to send the reply item ONLY if the field is not MM> null, and ignore it otherwise? Sending the reply item with no value just MM> causes a dialup error. MM> We have several other options like this that we have to use. MM> Does anyone have any suggestions? MM> Kind Regards, MM> Lachlan. >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On >> Behalf Of Hugh Irvine >> Sent: Thursday, 28 December 2000 10:36 >> To: Bryn Wm. Moslow; [EMAIL PROTECTED] >> Subject: Re: (RADIATOR) UNIX groups and NAS restrictions >> >> >> >> Hello Bryn - >> >> At 15:55 -0800 00/12/21, Bryn Wm. Moslow wrote: >> >I could swear up and down that I once saw an example of this >> either in the >> >Radiator reference or the FAQ but I can no longer dig it up: >> > >> >I need to refuse logins on certain NAS's for explicit UNIX >> groups. For the >> >sake of precision I'll also describe it this way: I need to >> allow users in >> >certain UNIX groups to ONLY log in to certain NAS's. Either way works for >> >me. >> > >> >I got the impression that this may be possible using >> NAS-Address-Port-List >> >in a creative way but I remember seeing a really simple, direct way of >> >doing it. Suggestions or directional assistance? >> > >> >> Probably the simplest way to do this is with an AuthBy FILE: >> >> # configuration to check NAS and UNIX groups >> >> >> Identifier >> . >> >> >> >> Identifier CheckUnix >> . >> >> >> >> Identifier CheckUsers >> Filename %D/users >> >> >> >> >> >> AuthBy CheckUsers >> >> >> >> >> And in the users file: >> >> # %D/users >> >> someuser NAS-Identifier = , Auth-Type = CheckUnix, Group = . >> >> .. >> >> >> If you have any questions please ask. >> >> hth >> >> Hugh >> >> >> >> >> >> -- >> >> NB: I am travelling this week, so there may be delays in our >> correspondence. >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. >> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. >> >> === >> Archive at http://www.starport.net/~radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >> MM> --
Re: (RADIATOR) AuthBy SQL
Hello Lachlan - > > I was wondering if anyone may be able to help here. > > I want to use "AuthColumnDef" option with "AuthSelect" in "AuthBy SQL". > > My problem is with reply items. Some users need more reply items than > others. > > For example, our permanent modem customers get given a single fixed IP > address of their own, where our standard dial-up customers do not, and the > NAS server assigns them one from it's own IP range. > > So, we have a field in our database call "IPADDRESS" and every customer has > this field. Normally, the customer does not have an IP, and their field is > NULL, however those with fixed IP's will have a value in this field. > > How can we tell radiator to send the reply item ONLY if the field is not > null, and ignore it otherwise? Sending the reply item with no value just > causes a dialup error. > > We have several other options like this that we have to use. > > Does anyone have any suggestions? > I would suggest you use an SQL field like "REPLYATTR" in which you put all for the reply items for each user in the form: "Framed-IP-Address=x.x.x.x, Framed-IP-Netmask=y.y.y.y, ." and use the following AuthAttrDef: AuthColumnDef n, GENERIC, reply Where "n" is the position descriptor for the AuthSelect. Have a look at section 6.26.7 in the Radiator 2.17.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL doesn't work ?
Salut Gildas - On Sat, 09 Sep 2000, Gildas PERROT wrote: > Hi, > > I have a problem with that authentification. > > Here is my configuration : > > Foreground > Trace 4 > AuthPort1645 > AcctPort1646 > LogDir /var/log/radiator > DbDir /usr/local/etc/radiator > LogFile %L//%Y%m/radiator-%Y%m%d > DictionaryFile %D/dictionary > PidFile /tmp/radiator.pid > > > Secret fxwap > FramedGroupBaseAddress 10.69.1.30 > > > > AcctLogFileName %L/%Y%m/6642account-%Y%m%d > > DBSource dbi:mysql:radius > DBUsername * > DBAuth ** > > > > and the log file says : > > Fri Sep 8 16:05:17 2000: DEBUG: Packet dump: > *** Received from 10.69.1.1 port 1645 > > Code: Access-Request > Identifier: 164 > Authentic: <155>1<29><187>I<135><252><7><192>F<129><134>]<159><16>I > Attributes: > NAS-IP-Address = 10.69.1.1 > NAS-Port = 43 > NAS-Port-Type = Async > User-Name = "fluxus" > Called-Station-Id = "6642" > Calling-Station-Id = "672085196" > CHAP-Password = > "<3><189><1><235>Vm#<238>J<204><242><180>@<0><=<203>" > Service-Type = Framed-User > Framed-Protocol = PPP > > Fri Sep 8 16:05:17 2000: DEBUG: Check if Handler Called-Station-Id = 6642 > should be used to handle this request > Fri Sep 8 16:05:17 2000: DEBUG: Handling request with Handler > 'Called-Station-Id = 6642' > Fri Sep 8 16:05:17 2000: DEBUG: Deleting session for fluxus, 10.69.1.1, 43 > Fri Sep 8 16:05:17 2000: DEBUG: Handling with Radius::AuthSQL > Fri Sep 8 16:05:17 2000: DEBUG: Handling with Radius::AuthSQL > Fri Sep 8 16:05:17 2000: DEBUG: Query is: select PASSWORD from SUBSCRIBERS > where USERNAME='fluxus' > > Fri Sep 8 16:05:17 2000: DEBUG: Radius::AuthSQL looks for match with fluxus > Fri Sep 8 16:05:17 2000: DEBUG: Radius::AuthSQL ACCEPT: > Fri Sep 8 16:05:17 2000: DEBUG: Access accepted for fluxus > Fri Sep 8 16:05:17 2000: DEBUG: Packet dump: > *** Sending to 10.69.1.1 port 1645 > Code: Access-Accept > Identifier: 164 > Authentic: <155>1<29><187>I<135><252><7><192>F<129><134>]<159><16>I > Attributes: > > In the mySQL SUBSCRIBERS, I have : > > mysql> select * from SUBSCRIBERS > -> ; > +--+--+---++ > > --+ > | USERNAME | PASSWORD | ENCRYPTEDPASSWORD | CHECKATTR | > REPLYATTR > | > +--+--+---++ > > --+ > | mikem| fred | 1xMKc0GIVUNbE | Service-Type = Framed-User | > Framed-Protocol = PPP,Framed-IP-Netmask = 255.255.255.0,cisco-avpair = > "testing testing" | > | fluxus | fred | 1xMKc0GIVUNbE | Service-Type = Framed-User | > Framed-Protocol = PPP,Framed-IP-Netmask = 255.255.255.0,Framed-Group=0 > | > +--+--+---++ > > --+ > > The Reply attibutes should be OK since that worked if defined in a flat > file. > > Any idea about that problem ? > Please have a look at section 6.26 in the reference manual to find out about all the options available with AuthBy SQL. In this case, you are seeing the default behaviour, and if you want to include check item and reply item handling you will have to change the AuthSelect and AuthColumnDef parameters to suit. You can find the details in Example 2 in section 6.26.7 of the Radiator 2.16.3 manual. Note that you will also have to make some changes for SQL accounting. > Other questions : > > - is the accounting table RADUSAGE%Y%m%d created automatically ? I want to > use daily accounting table since I need to do daily statistics. Is it a good > idea in terms of SQL database behaviour to have one table per day ? The SQL tables are not created automatically. And keeping the table sizes relatively small is a good idea - you could also consider weekly or monthly. > - how could i get the number of max simultaneous PPP sessions per user and > for all users with SQL accounting ? You will need to create SQL queries to post-process your accounting logs. > - how could i get the number of sessions per user in radacct.cgi ? You will see the session details, but radaact.cgi is not a reporting tool. > - how could I export the table of radacct.cgi to CVS table to be emailed ? You will need to create an external SQL report (or use something like Crystal Reports). > - I would like to find a simple Web interface to the administration of > SUBSCRIBERS table (Freeside administration is too complicate). Does anyone > know one ? > You could have a look at our RAdmin product for use
Re: (RADIATOR) AuthBy SQL question
Hello Froilan - On Sat, 10 Jun 2000, Froilan Mendoza wrote: > Hello Hugh, > > Thanks for responding ... > > On Sat, 10 Jun 2000, Hugh Irvine wrote: > > > I notice that your Postgress table definitions are in lower case, and your > > AuthSelect is in upper case. Is this correct? > > Postgres is not case-sensitive. > > radiator=> select PASSWORD from SUBSCRIBERS where USERNAME = 'mikem'; > password > > fred > (1 row) > > > > Also, if you want to use the > > "checkattr" and "replyattr" fields, you will need to modify your AuthSelect > > statement together with the corresponding AuthColumnDef's. > > Of course. Only I would like to do the most simple auth method first > before complicating things for me :) > > > > And does the inbound test packet in fact contain a password of "fred"? > > Of course. I even tried NULLING the password in the postgres database (as > it said in the docs that if the password is NULL, it would accept ANY > password), to no avail. > > > You might try something like this: > > > > > > RewriteUsername s/^([^@]+).*/$1/ > > > > DBSourcedbi:Pg:dbname=radiator > > DBUsername postgres > > DBAuth MYPOSTGRESPASSWORD > > > > AuthSelect select password from subscribers where \ > > username='%n' > > AuthColumnDef 0, User-Password, check > > > > AccountingTable accounting > > AcctColumnDef USERNAME,User-Name > > AcctColumnDef TIME_STAMP,Timestamp,integer > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > > AcctColumnDef NASIDENTIFIER,NAS-Identifier > > AcctColumnDef NASIDENTIFIER,NAS-IP-Address > > AcctColumnDef NASPORT,NAS-Port,integer > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > > > > > > > > > > > If the field names are indeed case-sensitive, you will have to change the > > AcctColumnDef's as well. > > > I did, however, still tried your config above, changing the case of the > letters. I still get this: > > Sat Jun 10 10:44:37 2000: DEBUG: Handling request with Handler > 'Realm=testroy' > Sat Jun 10 10:44:37 2000: DEBUG: Rewrote user name to mikem > Sat Jun 10 10:44:37 2000: DEBUG: Deleting session for mikem@testroy, > 208.155.152.42, 1025 > Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL > Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL > Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from > subscribers where username='mikem' > > Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL looks for match with > mikem > Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password > Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from > subscribers where username='DEFAULT' > > Sat Jun 10 10:44:37 2000: INFO: Access rejected for mikem: Bad Password > Sat Jun 10 10:44:37 2000: DEBUG: Packet dump: > *** Sending to 208.155.152.42 port 1645 > > > Additional question -- Why do I get Query is: select password from > subscribers where username='DEFAULT'. This might be the cause ... > Well, the only other thing I can think of is that you are getting the encrypted password instead of the plaintext password for some reason. You could try: > > AuthSelect select password from subscribers where \ > > username='%n' > > AuthColumnDef 0, Encrypted-Password, check Just to see what happens. Radiator will always look for a DEFAULT user unless you disable that feature. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL question
Hello Hugh, Thanks for responding ... On Sat, 10 Jun 2000, Hugh Irvine wrote: > I notice that your Postgress table definitions are in lower case, and your > AuthSelect is in upper case. Is this correct? Postgres is not case-sensitive. radiator=> select PASSWORD from SUBSCRIBERS where USERNAME = 'mikem'; password fred (1 row) > Also, if you want to use the > "checkattr" and "replyattr" fields, you will need to modify your AuthSelect > statement together with the corresponding AuthColumnDef's. Of course. Only I would like to do the most simple auth method first before complicating things for me :) > And does the inbound test packet in fact contain a password of "fred"? Of course. I even tried NULLING the password in the postgres database (as it said in the docs that if the password is NULL, it would accept ANY password), to no avail. > You might try something like this: > > > RewriteUsername s/^([^@]+).*/$1/ > > DBSourcedbi:Pg:dbname=radiator > DBUsername postgres > DBAuth MYPOSTGRESPASSWORD > > AuthSelect select password from subscribers where \ > username='%n' > AuthColumnDef 0, User-Password, check > > AccountingTable accounting > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > AcctColumnDef NASIDENTIFIER,NAS-Identifier > AcctColumnDef NASIDENTIFIER,NAS-IP-Address > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > > > > > If the field names are indeed case-sensitive, you will have to change the > AcctColumnDef's as well. I did, however, still tried your config above, changing the case of the letters. I still get this: Sat Jun 10 10:44:37 2000: DEBUG: Handling request with Handler 'Realm=testroy' Sat Jun 10 10:44:37 2000: DEBUG: Rewrote user name to mikem Sat Jun 10 10:44:37 2000: DEBUG: Deleting session for mikem@testroy, 208.155.152.42, 1025 Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL Sat Jun 10 10:44:37 2000: DEBUG: Handling with Radius::AuthSQL Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from subscribers where username='mikem' Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL looks for match with mikem Sat Jun 10 10:44:37 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password Sat Jun 10 10:44:37 2000: DEBUG: Query is: select password from subscribers where username='DEFAULT' Sat Jun 10 10:44:37 2000: INFO: Access rejected for mikem: Bad Password Sat Jun 10 10:44:37 2000: DEBUG: Packet dump: *** Sending to 208.155.152.42 port 1645 Additional question -- Why do I get Query is: select password from subscribers where username='DEFAULT'. This might be the cause ... Hoping for your continued support ... Thanks. Sincerely, Froilan C. Mendoza Manager - Systems Management Tridel Technologies, Inc. http://www.tridel.net === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL question
Hello Froilan - On Fri, 09 Jun 2000, Froilan Mendoza wrote: > Hello. > > I am curious with AuthBy SQL and decided to try it out. After a few > tries, however, I can't get logged in, using the most basic AuthSelect and > the tables/data contained in goodies/postgresCreate.sql. I get this > error complaining about incorrect password: > > > Fri Jun 9 20:42:02 2000: DEBUG: Handling request with Handler > 'Realm=testroy' > Fri Jun 9 20:42:02 2000: DEBUG: Rewrote user name to mikem > Fri Jun 9 20:42:02 2000: DEBUG: Deleting session for mikem@testroy, > 208.155.152.42, 1025 > Fri Jun 9 20:42:02 2000: DEBUG: Handling with Radius::AuthSQL > Fri Jun 9 20:42:02 2000: DEBUG: Handling with Radius::AuthSQL > Fri Jun 9 20:42:02 2000: DEBUG: Query is: select PASSWORD from > SUBSCRIBERS where USERNAME='mikem' > > Fri Jun 9 20:42:02 2000: DEBUG: Radius::AuthSQL looks for match with > mikem > Fri Jun 9 20:42:02 2000: DEBUG: Radius::AuthSQL REJECT: Bad Password > Fri Jun 9 20:42:02 2000: DEBUG: Query is: select PASSWORD from > SUBSCRIBERS where USERNAME='DEFAULT' > > > Here's my AuthBy SQL config: > > > RewriteUsername s/^([^@]+).*/$1/ > > DBSourcedbi:Pg:dbname=radiator > DBUsername postgres > DBAuth MYPOSTGRESPASSWORD > AccountingTable accounting > AuthSelect select PASSWORD from SUBSCRIBERS where > USERNAME='%n' > AuthColumnDef 0, User-Password, check >AcctColumnDef USERNAME,User-Name >AcctColumnDef TIME_STAMP,Timestamp,integer >AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type >AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer >AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer >AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer >AcctColumnDef ACCTSESSIONID,Acct-Session-Id >AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer >AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause >AcctColumnDef NASIDENTIFIER,NAS-Identifier >AcctColumnDef NASIDENTIFIER,NAS-IP-Address >AcctColumnDef NASPORT,NAS-Port,integer >AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > > > > > My subscribers table (from the goodies directory): > > radiator=> select * from subscribers; > username|password|encryptedpassword|checkattr |replyattr > > >++-+--+ > mikem |fred|1xMKc0GIVUNbE|Service-Type = Framed-User|Framed-Protocol = >PPP,Framed-IP-Netmask = 255.255.255.0,cisco-avpair = "testing testing" (1 row) > > > What am I missing? > I notice that your Postgress table definitions are in lower case, and your AuthSelect is in upper case. Is this correct? Also, if you want to use the "checkattr" and "replyattr" fields, you will need to modify your AuthSelect statement together with the corresponding AuthColumnDef's. And does the inbound test packet in fact contain a password of "fred"? You might try something like this: RewriteUsername s/^([^@]+).*/$1/ DBSourcedbi:Pg:dbname=radiator DBUsername postgres DBAuth MYPOSTGRESPASSWORD AuthSelect select password from subscribers where \ username='%n' AuthColumnDef 0, User-Password, check AccountingTable accounting AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASIDENTIFIER,NAS-IP-Address AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address If the field names are indeed case-sensitive, you will have to change the AcctColumnDef's as well. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external,
Re: (RADIATOR) AuthBY SQL, performance tuning, and system load.
On Sep 23, 11:34am, tom minchin wrote: > Subject: Re: (RADIATOR) AuthBY SQL, performance tuning, and system load. > On Wed, Sep 22, 1999 at 04:42:33PM -0600, Bill wrote: > > > > I'm running 2.14 on a Sun Sparc20 that normally has a load between 2 and 3, > > AuthBy SQL'ing from a seperate machine who's load is usually less > > than 0.5. I've been doing some primative stress testing with > > radpwtest and requests start timing out at about 6-9 requests per > > second (2-3 sets of auth/start/stop). > > > > Fwiw, merit radius kept up with ~20+ request per second. > > > > Was Merit using SQL as well? > > One option is to run multiple Radiators on different ports (or same ports > and multiple interfaces). > > However, perl will not be as fast as C - you have to pay for flexibility at > some stage. Fair comment, but I would seriously expect to get much better performance than 6-9 per sec on a Sun 20. Bill, check out the performance tips in the reference manual. Make sure you are not actually measuring the performance of radpwtst, rather than Radiator (ie run radpwtst on another, faster host). I suspect that the most common cause poor performance when authenticating from SQL is due to incorrect table design, especially with respect to indexes. A large subscribers table without an index, or a large accounting table with a too-restrictive index will slow the SQL queries down by orders of magnitude. I would have a close look at that and see if its not your SQL query performance thats the rate-determining step. A look at a radiator log file at trace level 4 while you are hammering it will help to spot where the holdup is. Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBY SQL, performance tuning, and system load.
I've got Radiator running on two Sun Netra T1125s (ultra 300Mhz processors) using AuthBy File and a Unix-style password file. Radiator takes a *minimal* system load and handled hundreds of requests per second (I've got over 60 terminal servers distributed across two Radiator servers on two different machines). You're probably being bogged down by the SQL overhead -- the Perl DBD/DBI interface isn't the fastest piece of code. Is it possible for you to convert to a Unix style file? The reason I mention it is that Radiator caches the UNIX file in memory, meaning it can quickly retrieve information and reply to queries. I know it's a stretch to move from SQL to a flat file... but if performance is what you're after, that's the way to go. John At 11:34 AM 9/23/99 +1000, tom minchin wrote: >On Wed, Sep 22, 1999 at 04:42:33PM -0600, Bill wrote: >> >> I'm running 2.14 on a Sun Sparc20 that normally has a load between 2 and 3, >> AuthBy SQL'ing from a seperate machine who's load is usually less >> than 0.5. I've been doing some primative stress testing with >> radpwtest and requests start timing out at about 6-9 requests per >> second (2-3 sets of auth/start/stop). >> >> Fwiw, merit radius kept up with ~20+ request per second. >> > >Was Merit using SQL as well? > >One option is to run multiple Radiators on different ports (or same ports >and multiple interfaces). > >However, perl will not be as fast as C - you have to pay for flexibility at >some stage. > >[EMAIL PROTECTED] > >=== >Archive at http://www.thesite.com.au/~radiator/ >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBY SQL, performance tuning, and system load.
On Wed, Sep 22, 1999 at 04:42:33PM -0600, Bill wrote: > > I'm running 2.14 on a Sun Sparc20 that normally has a load between 2 and 3, > AuthBy SQL'ing from a seperate machine who's load is usually less > than 0.5. I've been doing some primative stress testing with > radpwtest and requests start timing out at about 6-9 requests per > second (2-3 sets of auth/start/stop). > > Fwiw, merit radius kept up with ~20+ request per second. > Was Merit using SQL as well? One option is to run multiple Radiators on different ports (or same ports and multiple interfaces). However, perl will not be as fast as C - you have to pay for flexibility at some stage. [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL Accting Tables. (fwd)
Hugh, here are the ACCOUNTING logs for two identical logins and the corresponding (by timestamp) RADLOG entries. One successfully updated and one did not. There were no error logs corresponding in the text logfile. My only guess is that perhaps mysql failed to input the entry, although there is not any sign of that either. The PreAuthHook directive worked quite well, and is serving us quite well. We will be using that solution. Thanks for your help. Cheers- Oliver On Fri, 13 Aug 1999, Hugh Irvine wrote: > > Hi Oliver - > > On Fri, 13 Aug 1999, O Stockhammer wrote: > > Hugh, > > Is there anyway to actually have Radiator append info to the > > incoming data, so that it only uses on query per request? > > I have created an AcctSQLStatement, but it seems because it is an > > additional query that it doesn't update the row of data in mysql every > > time (It misses a few Acct submissions here and there). Here is what I am > > using: > > > > AcctSQLStatementUpdate ACCOUNTING set ORIGIN ='Auth-2: > > local' where TIME_STAMP = %{Timestamp} and NAS_IDENTIFIER = '%N' and > > NAS_PORT= '%{NAS-Port}' > > > > The purpose of the query is to ID the realm and radiator server > > which is doing the Authentication(The value of ORIGIN changes for each > > Realm) . It there anyway to have radiator include this data in the > > original ACCTING queries, so that it is all in one, so to speak? Perhaps > > there is an easy way to modify AcctColumnDef to have a fourth field which > > is the actual value for the column. > > > > Hmmm. I am perplexed to imagine how your configuration could miss any updates, > given that the insert and the update are executed sequentially with the same > packet. It would be most enlightening to see a debug at trace level 4 to see > what is going on. > > But to answer your question, yes you can set up a PreAuthHook to insert a > pseudo-attribute into the packet and you can even use the special formatting > character "%h" to set it to the Radiator hostname. Then you can use the > standard AcctColumnDef to insert the value directly into the original > accounting record. This is probably a better solution in any case. > > There is an example PreAuthHook in Section 6.13.10 of the Radiator 2.14.1 > reference manual. > > hth > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > kaligula 934495962 Aug 12, 1999 18:12 Start 1.2.34.5 1234 Auth-2: @inch.com kaligula 934495962 Aug 12, 1999 18:12 Stop 1.2.34.5 1234 kaligula 934495972 Aug 12, 1999 18:12 Start 1.2.34.5 1234 kaligula 934495973 Aug 12, 1999 18:12 Stop 1.2.34.5 1234 934495962 4 Handling request with Handler 'Realm=inch.com' 934495962 4 Rewrote user name to kaligula 934495962 4 Handling with Radius::AuthSQL 934495962 4 Handling with Radius::AuthFILE 934495962 4 Radius::AuthFILE looks for match with kaligula 934495962 4 Handling with Radius::AuthUNIX 934495962 4 Radius::AuthUNIX looks for match with kaligula 934495962 4Radius::AuthUNIX ACCEPT: 934495962 4Radius::AuthFILE ACCEPT: 934495962 4Access accepted for kaligula 934495962 4 Handling request with Handler 'Realm=inch.com' 934495962 4 Rewrote user name to kaligula 934495962 4 Handling with Radius::AuthSQL 934495962 4Handling accounting with Radius::AuthSQL 934495962 4 do query is: Update ACCOUNTING set ORIGIN = 'Auth-2: @inch.com' where TIME_STAMP = 934495962 and NAS_IDENTIFIER = '1.2.34.5' and NAS_PORT= '1234' 934495962 4 do query is: insert into ACCOUNTING (USERNAME, NAS_PORT_TYPE, SERVICE_TYPE, ACCTSTATUSTYPE, NAS_IDENTIFIER, NAS_PORT, ACTUAL_TIME, CLIENT_ID, ACCTSESSIONID, TIME_STAMP) values ('kaligula', 'As 934495962 4 Adding session for kaligula, 1.2.34.5, 1234 934495962 4 do query is: delete from RADONLINE where USERNAME='kaligula' and NAS_IDENTIFIER='1.2.34.5' and NAS_PORT=1234 934495962 4 do query is: insert into RADONLINE (USERNAME, NAS_IDENTIFIER, NAS_PORT, ACCTSESSIONID, TIME_STAMP, FRAMED_IP_ADDRESS, NAS_PORT_TYPE, SERVICE_TYPE,USR_MODULATION_TYPE ,USR_CONNECT_SPEED) values ('kalig 934495962 4 Accounting accepted 934495962 4 Handling request with Handler 'Realm=inch.com' 934495962 4 Rewrote user name to kaligula 934495973 4 Handling request with Handler 'Realm=' 934495973 4
Re: (RADIATOR) AuthBy SQL Accting Tables.
Hi Oliver - On Fri, 13 Aug 1999, O Stockhammer wrote: > Hugh, > Is there anyway to actually have Radiator append info to the > incoming data, so that it only uses on query per request? > I have created an AcctSQLStatement, but it seems because it is an > additional query that it doesn't update the row of data in mysql every > time (It misses a few Acct submissions here and there). Here is what I am > using: > > AcctSQLStatementUpdate ACCOUNTING set ORIGIN ='Auth-2: > local' where TIME_STAMP = %{Timestamp} and NAS_IDENTIFIER = '%N' and > NAS_PORT= '%{NAS-Port}' > > The purpose of the query is to ID the realm and radiator server > which is doing the Authentication(The value of ORIGIN changes for each > Realm) . It there anyway to have radiator include this data in the > original ACCTING queries, so that it is all in one, so to speak? Perhaps > there is an easy way to modify AcctColumnDef to have a fourth field which > is the actual value for the column. > Hmmm. I am perplexed to imagine how your configuration could miss any updates, given that the insert and the update are executed sequentially with the same packet. It would be most enlightening to see a debug at trace level 4 to see what is going on. But to answer your question, yes you can set up a PreAuthHook to insert a pseudo-attribute into the packet and you can even use the special formatting character "%h" to set it to the Radiator hostname. Then you can use the standard AcctColumnDef to insert the value directly into the original accounting record. This is probably a better solution in any case. There is an example PreAuthHook in Section 6.13.10 of the Radiator 2.14.1 reference manual. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL Accting Tables.
Hugh, Is there anyway to actually have Radiator append info to the incoming data, so that it only uses on query per request? I have created an AcctSQLStatement, but it seems because it is an additional query that it doesn't update the row of data in mysql every time (It misses a few Acct submissions here and there). Here is what I am using: AcctSQLStatementUpdate ACCOUNTING set ORIGIN ='Auth-2: local' where TIME_STAMP = %{Timestamp} and NAS_IDENTIFIER = '%N' and NAS_PORT= '%{NAS-Port}' The purpose of the query is to ID the realm and radiator server which is doing the Authentication(The value of ORIGIN changes for each Realm) . It there anyway to have radiator include this data in the original ACCTING queries, so that it is all in one, so to speak? Perhaps there is an easy way to modify AcctColumnDef to have a fourth field which is the actual value for the column. Thanks, Oliver Stockhammer Sys Admin Internet Channel On Thu, 12 Aug 1999, Hugh Irvine wrote: > > Hello Oliver - > > On Thu, 12 Aug 1999, O Stockhammer wrote: > > Hi, > > We were wondering if the AuthBy SQL accting tables and > > "AcctColumnDef" specifically can be configured to send a line of text > > specified in the radius.cfg file. > > Because we have a backup server and a main auth server, we want to > > set up radiator to send an additional accting line which specifies which > > radius the request came through. We will be using a centralized db for > > all the accting info and so it is important that we can tell which > > radiator the requests are coming from. Is there any directive that will > > do this? > > Yes there is. > > Have a look at AcctSQLStatement (Section 6.24.11 in the Radiator > 2.14.1 reference manual). AcctSQLStatement allows you to define one or more > SQL statements to be executed for every accounting request, so you should be > able to do what you require. > > > Also, we will need to get a second license from you folks for the > > backup radiator server. > > > > I've asked Joanne to take care of this. > > cheers > > Hugh > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, > NT, Rhapsody > === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) AuthBy SQL Accting Tables.
Hello Oliver - On Thu, 12 Aug 1999, O Stockhammer wrote: > Hi, > We were wondering if the AuthBy SQL accting tables and > "AcctColumnDef" specifically can be configured to send a line of text > specified in the radius.cfg file. > Because we have a backup server and a main auth server, we want to > set up radiator to send an additional accting line which specifies which > radius the request came through. We will be using a centralized db for > all the accting info and so it is important that we can tell which > radiator the requests are coming from. Is there any directive that will > do this? Yes there is. Have a look at AcctSQLStatement (Section 6.24.11 in the Radiator 2.14.1 reference manual). AcctSQLStatement allows you to define one or more SQL statements to be executed for every accounting request, so you should be able to do what you require. > Also, we will need to get a second license from you folks for the > backup radiator server. > I've asked Joanne to take care of this. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Authby SQL
On Sat, 31 Jul 1999, Josh Bressers wrote: > I remeber posting a while back about sending only logging to another > radius server. Right now the problem I have is I need to have an sql > database only log. The problem I'm running into then is that the sql > database entry will deny every time since I don't have any passwords in > it. The reason this is so screwy is that I have two files that are > searched for various bits of information, so I need it to > ContinueUntilReject, which fails miserably when it hits mysql. Anyone > have any ideas? > >From the FAQ at http://www.open.com.au/radiator/faq.html#42. Use something like this: AuthByPolicy ContinueAlways DBSourcedbi:??? DBUsername userfordb1 DBAuth authfordb1 # an empty AuthSelect turns off auth AuthSelect AccountingTable whatever etc, etc, etc. DBSourcedbi:??? DBUsername userfordb2 DBAuth authfordb2 # an empty AccountingTable turns off accounting hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.