Guilherme,
I've brought this issue up before, but in regards to moving from a
backup sql server back to the primary. But I think the same principals
hold true between your setup and mine. The rule is that once radiator
moves to a backup/secondary means of authentication, that it will only
move on (or back to the original) if the secondary method times out or
stops responding. I had suggested a timer that locks down the "bad" means
of authentication when a backup is used. After the timer expires the
primary means should be retried to see if it is responding - then the
whole process starts over or the secondary is continued to be used
and the timer is reset. I'm not sure how feasible this idea is, but
it sure would make using backup means of authentication much easier to
use. Often times my primary means of authentication is down for a few
minutes during the off hours for cleanup of the database - using a backup
would be great during that time. But I don't want that backup used for
too long - hence my reason for a timer to lock out the primary method.
--------------------------------------------------------------------------
Aaron Holtz
ComNet Inc.
UNIX Systems Administration/Network Operations
"It's not broken, it just lacks duct tape."
--------------------------------------------------------------------------
On Nov 25, Guilherme Maranhão molded the electrons to say....
>Hi,
>
>I restart my server with the new radius.cfg, but I'm still having one
>problem.
>When the SQL server is out, everything works fine. The Radiator does not
>stop authenticate my users anymore, but when my SQL server is online
>again, i need to stop and restart the radius server to make it restart
>sending the accounting packets to the SQL Server. Is this right? I think
>the radius server should automaticly detect that the SQL Server is
>online again and restart to send the accounting packets without any
>manual intervention.
>
>Regards, Guilherme.
>
>> -----Mensagem original-----
>> De: Hugh Irvine [SMTP:[EMAIL PROTECTED]]
>> Enviada em: Terça-feira, 23 de Novembro de 1999 20:32
>> Para: Guilherme Maranhão; [EMAIL PROTECTED]
>> Assunto: Re: (RADIATOR) Problems with authentication
>> using <auth by sql>
>>
>>
>> Hello Guilherme -
>>
>> On Wed, 24 Nov 1999, Guilherme Maranhão wrote:
>> > Hi,
>> >
>> > I'm using the following radius.cfg.
>> > When a user request an authentication, the radiator make this
>> > authentication properly and write the accounting information on a
>> SQL
>> > Server located in another machine. If SQL Server is down, the
>> radiator
>> > try to authenticate the user by SQL and do nothing. But I'm use auth
>> by
>> > sql only for accounting and auth by file for authentication.
>> > I think radiator would try with sql and if the server is down, try
>> the
>> > file.
>> > After the radius.cfg i send the log file to show my problem.
>> >
>>
>> Yes. The problem is that AuthSQL.pm verifies its connection to the
>> database
>> before it does anything else, so it gets stuck at that point.
>>
>> I think it might be useful to rewrite your configuration file along
>> these lines:
>>
>> # radius.cfg
>> #
>> # Configuration file for radius server
>> #
>> # Author: Mike McCauley ([EMAIL PROTECTED])
>> # Copyright (C) 1997 Open System Consultants
>> # $Id: radius2.cfg,v 1.4 1998/03/06 04:43:37 mikem Exp $
>> #
>> #Foreground
>> #LogStdout
>>
>> # I'm not sure about Trace 9....
>>
>> Trace 9
>>
>> AuthPort 1645
>> AcctPort 1646
>> LogDir /var/log/radius
>> DbDir /etc/radiator
>> LogFile %L/logfile
>> DictionaryFile %D/dictionary
>>
>> <Client muda.rio.com.br>
>> Secret **OMITTED**
>> DefaultRealm rio.com.br
>> IdenticalClients ilha.rio.com.br
>> IdenticalClients alto.rio.com.br
>> </Client>
>>
>> <AuthBy UNIX>
>> Identifier System
>> Filename %D/www.passwd
>> GroupFilename /etc/group
>> </AuthBy>
>>
>> <Handler Request-Type = Accounting-Request>
>> RewriteUsername s/^([^@]+).*/$1/
>> <AuthBy SQL>
>> DBSource dbi:ODBC:SQL_RECREIO
>> DBUsername radiator
>> DBAuth radiator
>> AuthSelect
>> AccountingTable accounting
>> AcctColumnDef
>> stoptime,Timestamp,formatted-date,'%m/%e/%Y %H:%M:%S'
>> AcctColumnDef username,User-Name
>> AcctColumnDef acctsessionid,Acct-Session-Id
>> AcctColumnDef
>> acctstatustype,Acct-Status-Type,integer
>> AcctColumnDef nasipaddress,NAS-IP-Address
>> AcctColumnDef nasport,NAS-Port,integer
>> AcctColumnDef servicetype,Service-Type,integer
>> AcctColumnDef nasporttype,NAS-Port-Type,integer
>> AcctColumnDef
>> framedprotocol,Framed-Protocol,integer
>> AcctColumnDef framedipaddress,Framed-IP-Address
>> AcctColumnDef timestamp,Timestamp,integer
>> AcctColumnDef
>> acctsessiontime,Acct-Session-Time,integer
>> AcctColumnDef
>> callingstationid,Calling-Station-Id
>> AcctColumnDef
>> acctterminatcause,Acct-Terminat-Cause,integer
>> AcctColumnDef
>> usrmodulationtype,USR-Modulation-Type,integer
>> AcctColumnDef
>> usrconnectspeed,USR-Connect-Speed,integer
>> AcctColumnDef
>> usrsimplifiedmnplevels,USR-Simplified-MNP-Levels,integer
>> AcctColumnDef
>> acctinputoctets,Acct-Input-Octets,integer
>> AcctColumnDef
>> acctoutputoctets,Acct-Output-Octets,integer
>> AcctColumnDef
>> acctinputpackets,Acct-Input-Packets,integer
>> AcctColumnDef
>> acctoutputpackets,Acct-Output-Packets,integer
>> Timeout 10
>> </AuthBy>
>> </Handler>
>>
>> <Handler Realm = mlppp>
>> RewriteUsername s/^([^@]+).*/$1/
>> <AuthBy FILE>
>> Filename %D/users
>> </AuthBy>
>> MaxSessions 2
>> </Handler>
>>
>> <Handler Realm = DEFAULT>
>> RewriteUsername s/^([^@]+).*/$1/
>> <AuthBy FILE>
>> Filename %D/users
>> </AuthBy>
>> MaxSessions 1
>> AcctLogFileName %L/%Y%m/detail-%d
>> </Handler>
>>
>> I have moved the logging of accounting packets to a separate Handler,
>> so as not
>> to affect the authentication process.
>>
>> Note that the support for the Request-Type check item is in the
>> Radiator 2.14.1
>> patches (http://www.open.com.au/radiator/downloads/patches-2.14.1/) in
>> AuthGeneric.pm.
>>
>> If you have any questions I'll be happy to help.
>>
>> hth
>>
>> Hugh
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>> NT, Rhapsody
>>
>> ===
>> Archive at http://www.thesite.com.au/~radiator/
>> To unsubscribe, email '[EMAIL PROTECTED]' with
>> 'unsubscribe radiator' in the body of the message.
>
>=Archive at http://www.thesite.com.au/~radiator/
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
>
ÿ
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
