Re: (RADIATOR) Failing AuthBy SQL - AuthSelect

Thu, 25 May 2000 22:16:36 -0700 


Hello Anton -

On Fri, 26 May 2000, Anton Sparrius wrote:
> Hi Everyone,
> 
> I was wondering what it is that I am missing
> 
> We are trying to Pre-Authenticate, based on DNIS, then verify uname/pword in
> a flat file, and then write out the stop record to an SQL database.
> However, something is not working properly
> 
> We've tried numerous combinations of AuthByPolicies and ordering of the
> <AUTHBY> clauses.  Basically its set up like this
> 
> <AuthBy GROUP>
>       AuthByPolicy ContinueUntilReject
>                 
>       <AuthBy PORTLIMITCHECK>
>               CountQuery select count(*) from sesscount where
> Client_Port_DNIS='%{Client-Port-DNIS}'
>               SessionLimit 1
>       </Authby>
> 
>       <AuthBy FILE>
>                Filename %D/users
>       </AuthBy>
> 
>       <AuthBy SQL>
>               AuthSelect
>               ....
>       </AuthBy>
> </AuthBy>
> 
> The port limit works ok, but then we had to add the DNIS phone number into
> the users file, to force the nas to request the username/password.
> 
> 88xxxxxx Password="Ascend-DNIS"
>          Ascend-Require-Auth=Require-Auth
> 
> That seems to work ok, but the problem occurs when it gets to the SQL
> AuthBy.
> 
> INFO: Access rejected for 88xxxxxx: Authentication disabled
> 
> But, isnt that the point of the AuthSelect being empty, that it will not try
> to authenticate from the <AuthBy SQL>. ?
> 

Yes, but that doesn't mean you want it to just Accept everything.

In general you are better off using seperate Handlers for accounting in cases
like this - something along these lines:

# set up a special Handler for Accounting

<Handler Request-Type = Accounting-Request>
        <AuthBy SQL>
                .....
        </AuthBy>
</Handler>

The usual caveats apply regarding the ordering of your Handlers (more specific
before the more general) and not mixing Realms and Handlers (change Realms to
Handlers like this: <Realm xxxx> -> <Handler Realm = xxxx>).

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to