Hello Andreas -
Have you got the correct AuthByPolicy set (as shown in my example)? It should be AuthByPolicy ContinueAlways. The trace file would seem to indicate that you are using the default, which is continue until accept or reject. Either that or you have the AuthBy clauses in the wrong order - the AuthBy SQL that does the accounting must be before the AuthBy clause that actually does the authentication, so the result of the last AuthBy is the result of the authentication (again as shown in my example). regards Hugh On Friday 05 October 2001 18:12, Andreas Häggander wrote: > Hi again ! > > >This is fairly straightforward to implement. > > > >Here is how to do it: > > I thought so to, but it still dont work. > > I used the config file you sent but i got: > > # Fri Oct 5 10:10:31 2001: DEBUG: Packet dump: > *** Received from 212.73.0.14 port 49152 .... > Code: Access-Request > Identifier: 76 > Authentic: <0><0><12><133><0><0><20>~<0><0>i<9><0><0><2><220> > Attributes: > User-Name = "[EMAIL PROTECTED]" > User-Password = > "-T<206>_<241><222><29>R<10><194>v<190>i<17><196>3" Acct-Session-Id = > "9800004c" > NAS-IP-Address = 212.73.0.14 > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0" > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Port = 123965696 > > Fri Oct 5 10:10:31 2001: DEBUG: Handling request with Handler > 'Realm=DEFAULT' Fri Oct 5 10:10:31 2001: DEBUG: SQLSDB Deleting session > for [EMAIL PROTECTED], 212.73.0.14, 123965696 > Fri Oct 5 10:10:31 2001: DEBUG: do query is: delete from RADONLINE where > NASIDENTIFIER='212.73.0.14' and NASPORT=0123965696 > > Fri Oct 5 10:10:31 2001: DEBUG: Handling with Radius::AuthFILE: CheckFILE > Fri Oct 5 10:10:31 2001: DEBUG: Radius::AuthFILE looks for match with > [EMAIL PROTECTED] > Fri Oct 5 10:10:31 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT, > ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where > USERNAME='[EMAIL PROTECTED]' > > Fri Oct 5 10:10:31 2001: DEBUG: Radius::AuthFILE ACCEPT: > Fri Oct 5 10:10:31 2001: DEBUG: Handling with Radius::AuthSQL > Fri Oct 5 10:10:31 2001: INFO: Access rejected for mike@test: > Authentication disabled > Fri Oct 5 10:10:31 2001: DEBUG: Packet dump: > *** Sending to 212.73.0.14 port 49152 .... > Code: Access-Reject > Identifier: 76 > Authentic: <0><0><12><133><0><0><20>~<0><0>i<9><0><0><2><220> > Attributes: > Framed-IP-Address = 0.0.0.0 > Framed-IP-Netmask = 0.0.0.0 > Reply-Message = "Request Denied" > > > I dont want to hold the user-table in mysql. > > /Andreas > > At 09:02 2001-10-05 +1000, Hugh Irvine wrote: > >Hello Andreas - > > > >This is fairly straightforward to implement. > > > >Here is how to do it: > > > ># radius.cfg > > > >AuthPort 1645 > >AcctPort 1646 > > > ># define Client(s) > > > ><Client x.x.x.x> > > Secret mysecret > > DupInterval 0 > ></Client> > > > ># define AuthBy(s) > > > ><AuthBy FILE> > > Identifier CheckFILE > > Filename /usr/local/etc/users > > DefaultSimultaneousUse 1 > > AcctLogFileName /usr/local/etc/detail > ></AuthFile> > > > ><AuthBy LDAP2> > > Identifier CheckLDAP > > ...... > ></AuthBy> > > > ><AuthBy SQL> > > Identifier AcctSQL > > DBSource dbi:mysql:radius > > DBUsername root > > DBAuth hegge74 > > AuthSelect > > AccountingTable ACCOUNTING > > AcctColumnDef USERNAME,User-Name > > AcctColumnDef TIME_STAMP,Timestamp,integer > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > > AcctColumnDef NASIDENTIFIER,NAS-Identifier > > AcctColumnDef NASPORT,NAS-Port,integer > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > ></AuthBy> > > > ># define SessionDatabase > > > ><SessionDatabase SQL> > > Identifier SQLSDB > > DBSource dbi:mysql:radius:localhost > > DBUsername mysqluser > > DBAuth mysqlpasswd > ></SessionDatabase> > > > ># define Realm(s) > > > ><Realm DEFAULT> > > AuthByPolicy ContinueAlways > > AuthBy AcctSQL > > AuthBy CheckLDAP > > SessionDatabase SQLSDB > ></Realm> > > > > > >If you have any other questions, please ask. > > > >regards > > > >Hugh > > > >On Thursday 04 October 2001 22:36, Andreas Häggander wrote: > > > Hi ! > > > > > > I want use LDAP for Authentucation and store the Accounting in a MySQL > > > database. At the same time i want to use a MySQL database for a session > > > database. > > > > > > Is this possible ? > > > > > > I have tried this (AUTH by FILE and not LDAP for so long) , see below, > > > but i can´t get it working with the SessionDB and the Accunting. > > > A > > > > > > > > > radius.cfg > > > > > > AuthPort 1645 > > > AcctPort 1646 > > > > > > <Client x.x.x.x> > > > Secret mysecret > > > DupInterval 0 > > > </Client> > > > > > > <Realm DEFAULT> > > > > > > <AuthBy FILE> > > > Filename /usr/local/etc/users > > > DefaultSimultaneousUse 1 > > > AcctLogFileName /usr/local/etc/detail > > > </AuthFile> > > > > > > <AuthBy SQL> > > > > > > DBSource dbi:mysql:radius > > > DBUsername root > > > DBAuth hegge74 > > > > > > AccountingTable ACCOUNTING > > > AcctColumnDef USERNAME,User-Name > > > AcctColumnDef TIME_STAMP,Timestamp,integer > > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > > > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > > > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause > > > AcctColumnDef NASIDENTIFIER,NAS-Identifier > > > AcctColumnDef NASPORT,NAS-Port,integer > > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > > > > > > </AuthBy> > > > </Realm> > > > > > > <SessionDatabase SQL> > > > > > > DBSource dbi:mysql:radius:localhost > > > DBUsername mysqluser > > > DBAuth mysqlpasswd > > > > > > </SessionDatabase> > > > > > > > > > > > > Code: Access-Request > > > Identifier: 62 > > > Authentic: <0><0>b<25><0><0>:<129><0><0>w<19><0><0>HS > > > Attributes: > > > User-Name = "[EMAIL PROTECTED]" > > > User-Password = > > > "<4><255>i<14><204>Ol<177><242>h<207><127><168><180><247><194>" > > > Acct-Session-Id = "9800003e" > > > NAS-IP-Address = x.x.x.x > > > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0" > > > Service-Type = Framed-User > > > Framed-Protocol = PPP > > > NAS-Port = 123965696 > > > > > > Thu Oct 4 14:12:11 2001: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' Thu Oct 4 14:12:11 2001: DEBUG: Deleting session for > > > [EMAIL PROTECTED], x.x.x.x, 123965696 > > > Thu Oct 4 14:12:11 2001: DEBUG: Handling with Radius::AuthFILE: > > > Thu Oct 4 14:12:11 2001: DEBUG: Radius::AuthFILE looks for match with > > > [EMAIL PROTECTED] > > > Thu Oct 4 14:12:11 2001: DEBUG: Radius::AuthFILE ACCEPT: > > > Thu Oct 4 14:12:11 2001: DEBUG: Access accepted for [EMAIL PROTECTED] > > > Thu Oct 4 14:12:11 2001: DEBUG: Packet dump: > > > *** Sending to 212.73.0.14 port 49152 .... > > > Code: Access-Accept > > > Identifier: 62 > > > Authentic: <0><0>b<25><0><0>:<129><0><0>w<19><0><0>HS > > > > > > Attributes: > > > Framed-IP-Address = 0.0.0.0 > > > Framed-IP-Netmask = 0.0.0.0 > > > > > > > > > Thu Oct 4 14:12:11 2001: DEBUG: Packet dump: > > > *** Received from x.x.x.x port 49153 .... > > > Code: Accounting-Request > > > Identifier: 89 > > > Authentic: <227>O<zl<146>#qn<4>9<238><209>3<253><138> > > > Attributes: > > > Acct-Status-Type = Start > > > User-Name = "[EMAIL PROTECTED]" > > > Event-Timestamp = 1002204666 > > > Service-Type = Annex-Framed-Tunnel > > > NAS-IP-Address = x.x.x.x > > > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0" > > > NAS-Port = 180 > > > Acct-Session-Id = "9800003e" > > > Acct-Authentic = RADIUS > > > Framed-IP-Address = 10.75.0.222 > > > Framed-IP-Netmask = 255.255.255.255 > > > > > > Thu Oct 4 14:12:11 2001: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' Thu Oct 4 14:12:11 2001: DEBUG: Adding session for > > > [EMAIL PROTECTED], x.x.x.x, 180 > > > Thu Oct 4 14:12:11 2001: DEBUG: Handling with Radius::AuthFILE: > > > Thu Oct 4 14:12:11 2001: DEBUG: Accounting accepted > > > Thu Oct 4 14:12:11 2001: DEBUG: Packet dump: > > > *** Sending to 212.73.0.14 port 49153 .... > > > Code: Accounting-Response > > > Identifier: 89 > > > Authentic: <227>O<zl<146>#qn<4>9<238><209>3<253><138> > > > Attributes: > > > > > > Thu Oct 4 14:14:49 2001: DEBUG: Packet dump: > > > *** Received from x.x.x.x port 49153 .... > > > Code: Accounting-Request > > > Identifier: 90 > > > Authentic: <196><132><231>`<7><1><155><198>MGZ<173><31><25>Wn > > > Attributes: > > > Acct-Status-Type = Stop > > > User-Name = "[EMAIL PROTECTED]" > > > Event-Timestamp = 1002204823 > > > Service-Type = Annex-Framed-Tunnel > > > NAS-IP-Address = x.x.x.x > > > Shasta-SGROUP = "Shasta 5000: iSOS (tm), 2.5.3.0" > > > NAS-Port = 180 > > > Acct-Session-Id = "9800003e" > > > Acct-Authentic = RADIUS > > > Framed-IP-Address = 10.75.0.222 > > > Framed-IP-Netmask = 255.255.255.255 > > > Acct-Input-Octets = 10224 > > > Acct-Output-Octets = 46328 > > > Acct-Input-Packets = 92 > > > Acct-Output-Packets = 95 > > > Acct-Terminate-Cause = Lost-Carrier > > > Acct-Session-Time = 157 > > > > > > Thu Oct 4 14:14:49 2001: DEBUG: Handling request with Handler > > > 'Realm=DEFAULT' Thu Oct 4 14:14:49 2001: DEBUG: Deleting session for > > > [EMAIL PROTECTED], x.x.x.x, 180 > > > Thu Oct 4 14:14:49 2001: DEBUG: Handling with Radius::AuthFILE: > > > Thu Oct 4 14:14:49 2001: DEBUG: Accounting accepted > > > Thu Oct 4 14:14:49 2001: DEBUG: Packet dump: > > > *** Sending to 212.73.0.14 port 49153 .... > > > Code: Accounting-Response > > > Identifier: 90 > > > Authentic: <196><132><231>`<7><1><155><198>MGZ<173><31><25>Wn > > > Attributes: > > > > > > > > > mysql> select * from ACCOUNTING; > > > Empty set (0.00 sec) > > > > > > mysql> select * from RADONLINE; > > > Empty set (0.00 sec) > > > > > > > > > > > > Cheers > > > > > > /Andreas > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > >-- > >Radiator: the most portable, flexible and configurable RADIUS server > >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > >- > >Nets: internetwork inventory and management - graphical, extensible, > >flexible with hardware, software, platform and database independence === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.