On Aug 2, 9:43am, Paul Black wrote:
> Subject: (RADIATOR) Authenticating From Radmin
>
> I've now got Radmin installed and I'm very pleased with the user interface
and
> capabilities. Now I'm trying to get my radius.cfg setup to allow
> authentication of a test user and still allowing fallback to authenticating
> from the shadow password file for my existing customers. I've attached my
> radius.cfg file and the trace logfile output. When I ran the attached config
> none of my existing customers could login.
>
> Can anyone tell me how to correct this problem?
You would set up an AuthBy RADMIN followed by an AuthBy UNIX. The AuthByPolicy
would be ContinueWhileReject. Therefore Radiator will first try RADMIN. If that
fails it wil try your shadow file. Acounting will always go to RADMIN:
<Realm whatever>
AuthByPolicy ContinueWhileReject
<AuthBy RADMIN>
# As you have it now
</AuthBy>
# Fall through to here if rejected by RADMIN
<AuthBy UNIX>
Filename /etc/shadow
</AuthBy>
</Realm>
In fact, the only change from the config you sent is the AuthByPolicy, I think
Hope that helps.
Cheers.
>
> Regards. Paul
>
>
>
>
> [ text/plain ] :
>
> # livingCompat.cfg
> #
> # This is a simple Radiator config file that allows you
> # to continue using a bog standard Livingston or
> # similar users file with Radiator, It implements the
> # Auth-Type="System" check item by using AuthBy UNIX
> #
> # You will probably want to change the definitions of
> # DbDir, LogDir and the Filename parameters
> #
> # Author: Mike McCauley ([EMAIL PROTECTED])
> # Copyright (C) 1997 Open System Consultants
> # $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
>
> #Foreground
> #LogStdout
> Trace 4
>
> DbDir /etc/raddb
> LogDir /var/log/radacct
> DictionaryFile /etc/raddb/dictionary
>
> # This clause defines a single client to listen to
> # You will probably want to change localhost and mysecret
> # to suit your site.
> <Client xenon>
> Secret XXX
> </Client>
> <Client dm1>
> Secret XXX
> </Client>
> <Client pm1>
> Secret XXX
> </Client>
>
> # This clause means we will handle any real that arrives
> <Realm DEFAULT>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin
> DBUsername radmin
> DBAuth XXX
>
> # You can add to or change these if you want, but you
> # will probably want to change the databse schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> #
> # This updates the time and octets left for this user
> #
>
> AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> #
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> #
>
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
>
> <AuthBy FILE>
> Filename /etc/raddb/users
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName /var/log/radacct/dm1/detail
> </Realm>
>
> # This clause defines an authorisation method that will be used
> # by any users in the database with Auth-Type="System". It will
> # match the "Identifier System"
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
>
>
>
> [ text/plain ] :
>
> # livingCompat.cfg
> #
> # This is a simple Radiator config file that allows you
> # to continue using a bog standard Livingston or
> # similar users file with Radiator, It implements the
> # Auth-Type="System" check item by using AuthBy UNIX
> #
> # You will probably want to change the definitions of
> # DbDir, LogDir and the Filename parameters
> #
> # Author: Mike McCauley ([EMAIL PROTECTED])
> # Copyright (C) 1997 Open System Consultants
> # $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $
>
> #Foreground
> #LogStdout
> Trace 4
>
> DbDir /etc/raddb
> LogDir /var/log/radacct
> DictionaryFile /etc/raddb/dictionary
>
> # This clause defines a single client to listen to
> # You will probably want to change localhost and mysecret
> # to suit your site.
> <Client xenon>
> Secret XXX
> </Client>
> <Client dm1>
> Secret XXX
> </Client>
> <Client pm1>
> Secret XXX
> </Client>
>
> # This clause means we will handle any real that arrives
> <Realm DEFAULT>
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin
> DBUsername radmin
> DBAuth XXX
>
> # You can add to or change these if you want, but you
> # will probably want to change the databse schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> #
> # This updates the time and octets left for this user
> #
>
> AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
>
> #
> # These are the classic things to add to each users
> # reply to allow a PPP dialup session. It may be
> # different for your NAS. This will add some
> # reply items to everyone's reply
> #
>
> AddToReply Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
>
> <AuthBy FILE>
> Filename /etc/raddb/users
> </AuthBy>
> # Log accounting to the detail file in LogDir
> AcctLogFileName /var/log/radacct/dm1/detail
> </Realm>
>
> # This clause defines an authorisation method that will be used
> # by any users in the database with Auth-Type="System". It will
> # match the "Identifier System"
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
>
>
>-- End of excerpt from Paul Black
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
