Mike,
Thanks for the response. However, that would only work if I could
specify a different SessionDatabase per AuthBy clause within the same
Realm. But you can't. For example, it would work if I could do the
following:
<Realm>
AuthByPolicy ContinueUntilAccept
<AuthBy SQL>
SessionDatabase SDB1
DBSource dbi:mysql:dom1
DBUsername username
DBAuth xxxxx
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME='%n'
</AuthBy>
<AuthBy SQL>
SessionDatabase SDB2
DBSource dbi:mysql:dom2
DBUsername username
DBAuth xxxxxx
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS where USERNAME='%n'
</AuthBy>
</Realm>
But if I try this it errors out saying Unknown keyword
'SessionDatabase'. If I move the session database above the AuthBy
statement then it works.
Regards,
Kevin Fowler <[EMAIL PROTECTED]>
System Administrator
Raex Internet
On Wed, 3 Nov 1999, Mike McCauley wrote:
> Hi Kevin,
>
> The default behaviour for the session databases is to log the _original_
> username prior to any RewriteUsername
>
> In that case of SQL SessionDatabase, it is easy to alter the configuration so
> it uses whatever you want as the username. You would probably want to change
> AddQuery and CountQuery. The default uses %u to get the original unrewritten
> username. You caould chabge this as you see fit.
>
> Hope that helps.
> Cheers.
>
>
>
> On Nov 2, 1:49pm, Kevin Fowler wrote:
> > Subject: (RADIATOR) SessionDatabase Question
> > Hello,
> > We have multiple groups of customers authenticating out of multiple
> > databases with some of the usernames being the same. They need to be
> > able to authenticate with realms and without realms. The problem is with
> > the SessionDatabase. All of the following example username and password
> > pairs need to work correctly from the same radius server:
> >
> > [EMAIL PROTECTED]
> > password1
> >
> > user1
> > password1
> >
> > [EMAIL PROTECTED]
> > password2
> >
> > user1
> > password2
> >
> > I accomplished this by setting up a realm for dom1.com and
> > dom2.com. They each use a different database of users. If no realm is
> > specified then I have two AuthBy clauses to attempt to authenticate off of
> > each of the two databases. The AuthByPolicy is set to
> > ContinueUntilAccept. So the same username could log on with different
> > passwords depending on what database they are in.
> > The authentication works great the problem is with the
> > SessionDatabase. If they authenticated with the dom1.com realm then it
> > sends [EMAIL PROTECTED] to the RADONLINE table. If they authenticate without
> > a realm then it just send user1 to the table. This stops the other user1
> > from being able to log on. What I would prefer is a way to append
> > @dom1.com to the username if they are in the first database and @dom2.com
> > to the username if they are in the second database. We tried the
> > RewriteUsername method but it will not work because you can't rewrite the
> > username within each AuthBy clause. We also tried having different
> > SessionDatabases but again you can't specify a different SessionDatabase
> > per AuthBy clause only per Realm.
> > Let me know if anyone has an idea of a better way to do this or if
> > anyone had a solution to the way I am trying to do it. Thanks in advance
> > for any help. At the bottom I have included an example of my config file.
> >
> > Regards,
> > Kevin Fowler <[EMAIL PROTECTED]>
> > System Administrator
> > Raex Internet
> >
> > --------------- sample radus.cfg file -------------------
> >
> > <Realm>
> > AuthByPolicy ContinueUntilAccept
> > SessionDatabase SDB1
> >
> > <AuthBy SQL>
> > DBSource dbi:mysql:dom1
> > DBUsername username
> > DBAuth xxxxx
> > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > from SUBSCRIBERS where USERNAME='%n'
> > </AuthBy>
> >
> > <AuthBy SQL>
> > DBSource dbi:mysql:dom2
> > DBUsername username
> > DBAuth xxxxxx
> > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > from SUBSCRIBERS where USERNAME='%n'
> > </AuthBy>
> > </Realm>
> >
> > <Realm dom1.com>
> > AuthByPolicy ContinueUntilAccept
> > SessionDatabase SDB1
> > RewriteUsername s/^([^@]+).*/$1/
> > <AuthBy SQL>
> > DBSource dbi:mysql:dom1
> > DBUsername username
> > DBAuth xxxxxxx
> > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > from SUBSCRIBERS where USERNAME='%n'
> > </AuthBy>
> > </Realm>
> >
> > <Realm dom2.com>
> > AuthByPolicy ContinueUntilAccept
> > SessionDatabase SDB1
> > RewriteUsername s/^([^@]+).*/$1/
> > <AuthBy SQL>
> > DBSource dbi:mysql:dom2
> > DBUsername username
> > DBAuth xxxxx
> > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> > from SUBSCRIBERS where USERNAME='%n'
> > </AuthBy>
> > </Realm>
> >
> > <SessionDatabase SQL>
> > DBSource dbi:mysql:sessiondb:machine
> > DBUsername username
> > DBAuth xxxx
> > Identifier SDB1
> > </SessionDatabase>
> >
> >
> >
> >
> > ===
> > Archive at http://www.thesite.com.au/~radiator/
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >-- End of excerpt from Kevin Fowler
>
>
>
> --
> Mike McCauley [EMAIL PROTECTED]
> Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
> Phone +61 3 9598-0985 Fax +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.