Re: (RADIATOR) username case

Hugh Irvine Thu, 21 Sep 2000 17:16:05 -0700

Hello Gordon -

On Fri, 22 Sep 2000, Gordon L. Foster wrote:
> 
> Well I seem to be having a problem with maxsessions again. I have implement
> rewriteusername so that it is lower case. I am still having the same
> problem. It appears that if they logon with a username in caps radiator sees
> it as a different user than in lower case. Here is my running config.
> 

Well, this is a somewhat thorny issue, due to two conflicting requirements.
Radiator can be configured to enforce strict session limit checking by querying
the NAS directly to verify the presence of user sessions. To be able to do
this, the session database(s) store the original usernames as entered by the
user, as that is what is stored by the NAS in its internal table.

Probably the best way at present to deal with your problem is to use a
SessionDatabase SQL and supply modified queries like this:

# SessionDatabase SQL to use '%n' (rewritten username)
# NOTE: the use of NasType in Client clauses is not supported
# with this session database configuration

<SessionDatabase SQL>

        DBSource ....
        DBUsername ....
        DBAuth ....

        AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
        ACCTSESSIONID, TIME_STAMP, FRAMEDADDRESS, PORTTYPE, \
        SERVICETYPE) values ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', \
        %{Timestamp}, '%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')

        DeleteQuery delete from RADONLINE where USERNAME='%n' and \
        NASIDENTIFIER='%N' and NASPORT=%{NAS-Port}

        CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE \
        where USERNAME='%n'

</SessionDatabase>

Note that the current manual incorrectly indicates that this is already the
default. The code actually uses '%u', the original username, as described
above. The manual will be fixed for the next release.

hth

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) username case

Reply via email to
