Hello,
We have multiple groups of customers authenticating out of multiple
databases with some of the usernames being the same. They need to be
able to authenticate with realms and without realms. The problem is with
the SessionDatabase. All of the following example username and password
pairs need to work correctly from the same radius server:
[EMAIL PROTECTED]
password1
user1
password1
[EMAIL PROTECTED]
password2
user1
password2
I accomplished this by setting up a realm for dom1.com and
dom2.com. They each use a different database of users. If no realm is
specified then I have two AuthBy clauses to attempt to authenticate off of
each of the two databases. The AuthByPolicy is set to
ContinueUntilAccept. So the same username could log on with different
passwords depending on what database they are in.
The authentication works great the problem is with the
SessionDatabase. If they authenticated with the dom1.com realm then it
sends [EMAIL PROTECTED] to the RADONLINE table. If they authenticate without
a realm then it just send user1 to the table. This stops the other user1
from being able to log on. What I would prefer is a way to append
@dom1.com to the username if they are in the first database and @dom2.com
to the username if they are in the second database. We tried the
RewriteUsername method but it will not work because you can't rewrite the
username within each AuthBy clause. We also tried having different
SessionDatabases but again you can't specify a different SessionDatabase
per AuthBy clause only per Realm.
Let me know if anyone has an idea of a better way to do this or if
anyone had a solution to the way I am trying to do it. Thanks in advance
for any help. At the bottom I have included an example of my config file.
Regards,
Kevin Fowler <[EMAIL PROTECTED]>
System Administrator
Raex Internet
--------------- sample radus.cfg file -------------------
<Realm>
AuthByPolicy ContinueUntilAccept
SessionDatabase SDB1
<AuthBy SQL>
DBSource dbi:mysql:dom1
DBUsername username
DBAuth xxxxx
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME='%n'
</AuthBy>
<AuthBy SQL>
DBSource dbi:mysql:dom2
DBUsername username
DBAuth xxxxxx
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME='%n'
</AuthBy>
</Realm>
<Realm dom1.com>
AuthByPolicy ContinueUntilAccept
SessionDatabase SDB1
RewriteUsername s/^([^@]+).*/$1/
<AuthBy SQL>
DBSource dbi:mysql:dom1
DBUsername username
DBAuth xxxxxxx
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME='%n'
</AuthBy>
</Realm>
<Realm dom2.com>
AuthByPolicy ContinueUntilAccept
SessionDatabase SDB1
RewriteUsername s/^([^@]+).*/$1/
<AuthBy SQL>
DBSource dbi:mysql:dom2
DBUsername username
DBAuth xxxxx
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME='%n'
</AuthBy>
</Realm>
<SessionDatabase SQL>
DBSource dbi:mysql:sessiondb:machine
DBUsername username
DBAuth xxxx
Identifier SDB1
</SessionDatabase>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
