---------- Forwarded Message ----------
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [Aaron
Collins <[EMAIL PROTECTED]>]
Date: Thu, 26 Sep 2002 14:25:27 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
>From [EMAIL PROTECTED] Thu Sep 26 14:25:27 2002
Received: from home.gtctelecom.net (home.gtctelecom.net [65.171.24.6])
by server1.open.com.au (8.11.0/8.11.0) with SMTP id g8QJPQC20618
for <[EMAIL PROTECTED]>; Thu, 26 Sep 2002 14:25:26 -0500
Received: (qmail 28969 invoked by uid 508); 26 Sep 2002 23:27:55 -0000
Received: from johnknol.gtctelecom.net (HELO sv00-1005.teamgtc.com)
(10.0.0.40) by 0 with SMTP; 26 Sep 2002 23:27:53 -0000
Received: from teamgtc.com (osp.gtctelecom.net [10.0.0.34]) by
sv00-1005.teamgtc.com with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.2653.13) id TCJM5SJD; Thu, 26 Sep 2002 17:27:13 -0700
Sender: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 26 Sep 2002 17:21:05 -0700
From: Aaron Collins <[EMAIL PROTECTED]>
X-Mailer: Mozilla 4.7 [en] (X11; I; Linux 2.4.12 ppc)
X-Accept-Language: en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: auth ldap acct sql
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by AMaViS perl-11
Hello all, I would like to be able to auth from LDAP, and accounting to
SQL, I thought I setup my config right, and it authenticates properly,
but it doesn't log accounting packets right, here is my config, and
below is the trace 4. The odd part is it looks like it trys to handel
the accounting packet via the authby ldap BTW i'm running Radiator 3.1
<AuthBy LDAP2>
Identifier LDAPAuthentication
Host sv00-1028.gtcinternet.net
Port 389
AuthDN cn=admin, dc=domain, dc=com
AuthPassword secret
BaseDN ou=dialup, ou=example .com, dc=domain, dc=com
Scope one
UsernameAttr uid
PasswordAttr userPassword
HoldServerConnection
DefaultReply Framed-IP-Address = 255.255.255.254,\
Session-Timeout = 14400,\
Idle-Timeout = 1200,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Service-Type = Framed-User,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Protocol = PPP,\
Ascend-Data-Filter = ip in forward tcp est,\
Ascend-Data-Filter = ip in forward dstip x.x.x.0/24,\
Ascend-Data-Filter = ip in forward dstip x.x.x.0/24,\
Ascend-Data-Filter = ip in drop tcp dstport = 25,\
Ascend-Data-Filter = ip in forward
</AuthBy>
<AuthBy SQL>
Identifier SQLAccounting
AuthSelect
DBSource dbi:Sybase:server=hostname
DBUsername username
DBAuth secret
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
Description Dialup Users
Identifier Example.com Users
</AuthBy>
<AuthBy GROUP>
Identifier LDAPandMSSQL
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy LDAPAuthentication
</AuthBy>
<Realm example.com>
RewriteUsername s/\@.*//
AcctLogFileName /var/log/radius/example.com/detail
PasswordLogFileName /var/log/radius/example.com/Bad-passwd
AuthBy LDAPandMSSQL
</Ream>
And here, is the trace
Thu Sep 26 16:51:57 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32867 ....
Code: Access-Request
Identifier: 134
Authentic: <250>nB<196><167>Z<183><5><221>%<173>O<143><180><170>/
Attributes:
Service-Type = Framed-User
User-Name = "[EMAIL PROTECTED]"
User-Password = "K+
2<222><227>i<196><175><2><171><18>(<5>q<158>"
NAS-IP-Address = 10.0.64.14
NAS-Port = 0
Thu Sep 26 16:51:57 2002: DEBUG: Handling request with Handler
'Realm=example.com'
Thu Sep 26 16:51:57 2002: DEBUG: Rewrote user name to username
Thu Sep 26 16:51:57 2002: DEBUG: Deleting session for
[EMAIL PROTECTED], 10.0.0.10, 0
Thu Sep 26 16:51:57 2002: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 26 16:51:57 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAPAuthentication
Thu Sep 26 16:51:57 2002: DEBUG: LDAP got result for cn=username,
ou=dialup,ou=example.com,dc=domain, dc=com
Thu Sep 26 16:51:57 2002: DEBUG: LDAP got userPassword:
{crypt}sad4X522Vs1L1
Thu Sep 26 16:51:57 2002: DEBUG: Radius::AuthLDAP2 looks for match with
username
Thu Sep 26 16:51:57 2002: DEBUG: Radius::AuthLDAP2 ACCEPT:
Thu Sep 26 16:51:57 2002: DEBUG: Access accepted for username
Thu Sep 26 16:51:57 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32867 ....
Code: Access-Accept
Identifier: 134
Authentic: <250>nB<196><167>Z<183><5><221>%<173>O<143><180><170>/
Attributes:
Framed-IP-Address = 255.255.255.254
Session-Timeout = 14400
Idle-Timeout = 1200
Framed-Compression = Van-Jacobson-TCP-IP
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255
Framed-Protocol = PPP
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip x.x.x.0/24
Ascend-Data-Filter = ip in forward dstip x.x.x.0/24
Ascend-Data-Filter = ip in drop tcp dstport = 25
Ascend-Data-Filter = ip in forward
*** Received from 127.0.0.1 port 32870 ....
Code: Accounting-Request
Identifier: 141
Authentic: <220>jK6<240>LI<15>_<2>6<21>_<228><133><150>
Attributes:
Acct-Session-Id = "80801033084587"
User-Name = "[EMAIL PROTECTED]"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Login-Service = Telnet
Acct-Session-Time = 123
NAS-IP-Address = 10.0.0.10
NAS-Port = 0
Acct-Delay-Time = 0
Thu Sep 26 16:56:27 2002: DEBUG: Handling request with Handler
'Realm=example.com'
Thu Sep 26 16:56:27 2002: DEBUG: Rewrote user name to username
Thu Sep 26 16:56:27 2002: DEBUG: Deleting session for
[EMAIL PROTECTED], 10.0.0.10, 0
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAPAuthentication
Thu Sep 26 16:56:27 2002: DEBUG: Accounting accepted
Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32870 ....
Code: Accounting-Response
Identifier: 141
Authentic: <220>jK6<240>LI<15>_<2>6<21>_<228><133><150>
Attributes:
Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 32870 ....
Code: Accounting-Request
Identifier: 142
Authentic: z<28>B<167><205><175>6yd<189><197><20><252><236><1>1
Attributes:
Acct-Session-Id = "80801033084587"
User-Name = "[EMAIL PROTECTED]"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = Framed-User
Login-Service = Telnet
Acct-Session-Time = 123
NAS-IP-Address = 10.0.0.10
NAS-Port = 0
Acct-Delay-Time = 0
Thu Sep 26 16:56:27 2002: DEBUG: Handling request with Handler
'Realm=example.com'
Thu Sep 26 16:56:27 2002: DEBUG: Rewrote user name to username
Thu Sep 26 16:56:27 2002: DEBUG: Deleting session for
[EMAIL PROTECTED], 10.0.0.10, 0
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthGROUP
Thu Sep 26 16:56:27 2002: DEBUG: Handling with Radius::AuthLDAP2:
LDAPAuthentication
Thu Sep 26 16:56:27 2002: DEBUG: Accounting accepted
Thu Sep 26 16:56:27 2002: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 32870 ....
Code: Accounting-Response
Identifier: 142
Authentic: z<28>B<167><205><175>6yd<189><197><20><252><236><1>1
Attributes:
--
Signed,
Aaron Collins
Lead Internet Infrastructure Engineer
[EMAIL PROTECTED]
-------------------------------------------------------
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.