Hello Anton -
On Fri, 26 May 2000, Anton Sparrius wrote:
> Hi Everyone,
>
> I was wondering what it is that I am missing
>
> We are trying to Pre-Authenticate, based on DNIS, then verify uname/pword in
> a flat file, and then write out the stop record to an SQL database.
> However, something is not working properly
>
> We've tried numerous combinations of AuthByPolicies and ordering of the
> <AUTHBY> clauses. Basically its set up like this
>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilReject
>
> <AuthBy PORTLIMITCHECK>
> CountQuery select count(*) from sesscount where
> Client_Port_DNIS='%{Client-Port-DNIS}'
> SessionLimit 1
> </Authby>
>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
>
> <AuthBy SQL>
> AuthSelect
> ....
> </AuthBy>
> </AuthBy>
>
> The port limit works ok, but then we had to add the DNIS phone number into
> the users file, to force the nas to request the username/password.
>
> 88xxxxxx Password="Ascend-DNIS"
> Ascend-Require-Auth=Require-Auth
>
> That seems to work ok, but the problem occurs when it gets to the SQL
> AuthBy.
>
> INFO: Access rejected for 88xxxxxx: Authentication disabled
>
> But, isnt that the point of the AuthSelect being empty, that it will not try
> to authenticate from the <AuthBy SQL>. ?
>
Yes, but that doesn't mean you want it to just Accept everything.
In general you are better off using seperate Handlers for accounting in cases
like this - something along these lines:
# set up a special Handler for Accounting
<Handler Request-Type = Accounting-Request>
<AuthBy SQL>
.....
</AuthBy>
</Handler>
The usual caveats apply regarding the ordering of your Handlers (more specific
before the more general) and not mixing Realms and Handlers (change Realms to
Handlers like this: <Realm xxxx> -> <Handler Realm = xxxx>).
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.