Hugh, What about my dynamic users ? Dialup and ADSL share the same realm. If i have a realm with only AuthBY SQL in it, how exactly will they interact with ldap ? I'm sure you're right, i am just curious as to how that works.
Thanks, Al On Thu, 4 Sep 2003, Hugh Irvine wrote: > > Hello Al - > > As I can't find your name or email address in our database, I wonder > whether you could tell me the name of the company that has purchased > this copy of Radiator? Please reply to me directly. > > I understand what you are trying to do, but your configuration file is > not correct. > > The Auth-Type = CheckLDAP check item in your SQL database will cause > Radiator to send the authentication to LDAP. Therefore you only need > the AuthBy SQL clause in the Realm (you can think of it like a > subroutine call). > > <Realm DEFAULT> > # the AuthBy LDAP2 clause will be called from the AuthBy SQL clause > <AuthBy SQL> > ..... > </AuthBy> > ..... > </Realm> > > regards > > Hugh > > > On Wednesday, Sep 3, 2003, at 22:59 Australia/Melbourne, Charles > Alexander McCain wrote: > > > Hugh, > > > > We store our static ip customers in the users file, dynamic customers > > auth > > by ldap. The static customers also auth by ldap, but get their > > appropriate > > attributes from the users file. Currently, we are using the users file > > to > > store static information, but i am trying to put it all in mysql > > (hoping > > for easier automation). Our current setup works perfectly this way, > > but it > > doesn't seem to work with the mysql database. It appears as if the > > configuration from the old to the new is somewhat similiar. > > So basically, I want a customer to dial in, if he is dynamic, > > authenticate > > him by ldap, if he is static, get his attributes from the database and > > auth him with ldap. > > > > Am I making any sense? > > > > Thanks, > > Al > > > > > > On Wed, 3 Sep 2003, Hugh Irvine wrote: > > > >> > >> Hello AL - > >> > >> Thanks for the information. > >> > >> I must confess I am a bit confused about exactly how you want your > >> setup to operate. I can see the Auth-Type = LDAP below, and I can see > >> multiple AuthBy clauses in your Realm clause. Can you explain to me in > >> detail your requirements? > >> > >> regards > >> > >> Hugh > >> > >> > >> On Tuesday, Sep 2, 2003, at 23:02 Australia/Melbourne, Charles > >> Alexander McCain wrote: > >> > >>> Hugh, > >>> > >>> The users file entry looks something like this. I know i'm using > >>> mysql > >>> to > >>> house the users file, but i just took this entry from the file. It > >>> looks > >>> like this in the database. If you need my actual database entry, > >>> please > >>> let me know. > >>> > >>> > >>> user Auth-Type = LDAP, NAS-IP-Address = 1.2.3.5 > >>> Service-Type = Framed-User, > >>> Framed-Protocol = PPP, > >>> Framed-IP-Address = 1.2.3.4, > >>> Framed-IP-Netmask = 255.255.255.255, > >>> Idle-Timeout = 0, > >>> Session-Timeout = 0 > >>> > >>> And, I was wondering why i'm only seeing service type, and framed > >>> protocol > >>> ? > >>> > >>> Thanks, > >>> AL > >>> > >>> On Sat, 30 Aug 2003, Hugh Irvine wrote: > >>> > >>>> > >>>> Hello AL - > >>>> > >>>> This is what your configuration file is set up to return to the NAS: > >>>> > >>>> > >>>>> *** Sending to 64.91.105.5 port 1812 .... > >>>>> Code: Access-Accept > >>>>> Identifier: 107 > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d > >>>>> Attributes: > >>>>> Service-Type = Framed-User > >>>>> Framed-Protocol = PPP > >>>> > >>>> What other attributes do you want to send? And how do you want to > >>>> manage those attributes? > >>>> > >>>> regards > >>>> > >>>> Hugh > >>>> > >>>> > >>>> On Saturday, Aug 30, 2003, at 06:06 Australia/Melbourne, Charles > >>>> Alexander McCain wrote: > >>>> > >>>>> Hello, > >>>>> > >>>>> I'm having an issue with my redbacks. They cannot allocate ip > >>>>> addresses. > >>>>> In my trace 4, i notice that the user is not getting the attributes > >>>>> they > >>>>> need. > >>>>> How can this be fixed? > >>>>> > >>>>> Here is my config and trace4 > >>>>> > >>>>> Thanks, > >>>>> AL > >>>>> > >>>>> --------- > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump: > >>>>> *** Received from 1.2.3.4 port 1812 .... > >>>>> Code: Access-Request > >>>>> Identifier: 107 > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d > >>>>> Attributes: > >>>>> User-Name = "user" > >>>>> User-Password = > >>>>> "~~1<223><156><248><145><196><250><0>W<219><246><204><21>:" > >>>>> NAS-Identifier = "rb" > >>>>> NAS-IP-Address = 1.2.3.4 > >>>>> RB-NAS-Real-Port = 402850582 > >>>>> Service-Type = Framed-User > >>>>> Framed-Protocol = PPP > >>>>> NAS-Port = 3892318919 > >>>>> Connect-Info = "ubrc" > >>>>> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error while rewriting username user: > >>>>> syntax > >>>>> error at (eval 1787) line 2, at EOF > >>>>> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > >>>>> Fri Aug 29 14:08:30 2003: ERR: Error in PreHandlerHook(): Can't use > >>>>> string > >>>>> ("") as a subroutine ref while "strict refs" in use at > >>>>> /usr/local/lib/perl5/site_perl/5.6.1/Radius/Client.pm line 338. > >>>>> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling request with Handler > >>>>> 'Realm=DEFAULT' > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Rewrote user name to user > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: SQLS Deleting session for user, > >>>>> 1.2.3.4, > >>>>> 3892318919 > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: do query is: delete from RADONLINE > >>>>> where > >>>>> USERNAME = 'user' and NASIDENTIFIER='1.2.3.4' and > >>>>> NASPORT='3892318919' > >>>>> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Handling with Radius::AuthLDAP2 > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Attempting to bind with > >>>>> uid=searchuser,dc=domain,dc=net, password > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got result for > >>>>> uid=user,ou=People,dc=domain,dc=net > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got userPassword: > >>>>> {crypt}cgoHd/FmCIXh. > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: LDAP got gidNumber: 3010 > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 looks for match > >>>>> with > >>>>> user > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Query is: select NASIDENTIFIER, > >>>>> NASPORT, > >>>>> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='user' > >>>>> > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Radius::AuthLDAP2 ACCEPT: > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Access accepted for user > >>>>> Fri Aug 29 14:08:30 2003: DEBUG: Packet dump: > >>>>> *** Sending to 64.91.105.5 port 1812 .... > >>>>> Code: Access-Accept > >>>>> Identifier: 107 > >>>>> Authentic: mp}<198><236><229><167>/<153><179>m<189><149>z<31>d > >>>>> Attributes: > >>>>> Service-Type = Framed-User > >>>>> Framed-Protocol = PPP > >>>>> > >>>>> ------------------------------------------------------------------- > >>>>> -- > >>>>> -- > >>>>> ---- > >>>>> > >>>>> #Foreground > >>>>> #LogStdout > >>>>> LogDir /var/adm/radacct > >>>>> DbDir /etc/raddb > >>>>> PreHandlerHook file:"%D/prehook" > >>>>> > >>>>> SnmpgetProg /usr/local/bin/snmpget > >>>>> Trace 4 > >>>>> RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ > >>>>> RewriteUsername s/^([EMAIL PROTECTED])[EMAIL PROTECTED]/$1/ > >>>>> RewriteUsername s/\s+//g > >>>>> RewriteUsername tr/A-Z/a-z/ > >>>>> <Client DEFAULT> > >>>>> > >>>>> Secret ****** > >>>>> DupInterval 0 > >>>>> > >>>>> </Client> > >>>>> > >>>>> <SessionDatabase SQL> > >>>>> > >>>>> DBSource dbi:mysql:radius:host > >>>>> DBUsername radtest > >>>>> DBAuth ****** > >>>>> Identifier SQLS > >>>>> > >>>>> AddQuery insert into RADONLINE (USERNAME,\ > >>>>> NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP,\ > >>>>> FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE,DNIS) \ > >>>>> values ('%n', '%N',\ > >>>>> '%{NAS-Port}', '%{Acct-Session-Id}', '%o',\ > >>>>> '%{Framed-IP-Address}', '%{NAS-Port-Type}',\ > >>>>> '%{Service-Type}','%{Called-Station-Id}') > >>>>> > >>>>> > >>>>> DeleteQuery delete from RADONLINE where \ > >>>>> USERNAME = '%n' and NASIDENTIFIER='%N' \ > >>>>> and NASPORT='%{NAS-Port}' > >>>>> > >>>>> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N' > >>>>> > >>>>> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from > >>>>> RADONLINE > >>>>> \ > >>>>> where ACCTSESSIONID = '%{Acct-Session-Id}' > >>>>> > >>>>> > >>>>> </SessionDatabase> > >>>>> > >>>>> > >>>>> <ClientListSQL> > >>>>> > >>>>> DBSource dbi:mysql:radius > >>>>> DBUsername radtest > >>>>> DBAuth ****** > >>>>> > >>>>> select > >>>>> NASIDENTIFIER,SECRET,IGNOREACCTSIGNATURE,DUPINTERVAL, > >>>>> \ > >>>>> DEFAULTREALM,NASTYPE,SNMPCOMMUNITY,LIVINGSTONOFFS, \ > >>>>> LIVINGSTONHOLE,FRAMEDGROUPBASEADDRESS, \ > >>>>> FRAMEDGROUPMAXPORTSPERCLASSC,REWRITEUSERNAME, \ > >>>>> NOIGNOREDUPLICATES from RADCLIENTLIST > >>>>> > >>>>> > >>>>> </ClientListSQL> > >>>>> <AuthBy UNIX> > >>>>> > >>>>> DefaultSimultaneousUse 1 > >>>>> Identifier System > >>>>> Filename /etc/shadow > >>>>> > >>>>> </AuthBy> > >>>>> > >>>>> <AuthBy LDAP2> > >>>>> DefaultSimultaneousUse 1 > >>>>> Identifier LDAP > >>>>> Host 127.0.0.1 > >>>>> Port 389 > >>>>> AuthDN uid=searchuser,dc=domain,dc=net > >>>>> AuthPassword ***** > >>>>> BaseDN %0=%1,ou=people,dc=domain,dc=net > >>>>> Scope base > >>>>> UsernameAttr uid > >>>>> PasswordAttr userPassword > >>>>> HoldServerConnection > >>>>> SearchFilter (&(gecos=active)(uid=%1)) > >>>>> AuthAttrDef gidNumber, gid-attr, request > >>>>> DefaultReply > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP > >>>>> </AuthBy> > >>>>> <AuthBy SQL> > >>>>> NoDefault > >>>>> DefaultSimultaneousUse 1 > >>>>> Identifier CheckSQL > >>>>> > >>>>> DBSource dbi:mysql:radius:domain > >>>>> DBUsername radtest > >>>>> DBAuth ******* > >>>>> > >>>>> > >>>>> AccountingTable ACCOUNTING > >>>>> AcctColumnDef USERNAME,User-Name > >>>>> AcctColumnDef TIME_STAMP,Timestamp,integer > >>>>> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type > >>>>> AcctColumnDef > >>>>> ACCTDELAYTIME,Acct-Delay-Time,integer > >>>>> AcctColumnDef > >>>>> ACCTINPUTOCTETS,Acct-Input-Octets,integer > >>>>> AcctColumnDef > >>>>> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > >>>>> AcctColumnDef ACCTSESSIONID,Acct-Session-Id > >>>>> AcctColumnDef > >>>>> ACCTSESSIONTIME,Acct-Session-Time,integer > >>>>> AcctColumnDef > >>>>> ACCTTERMINATECAUSE,Acct-Terminate-Cause > >>>>> AcctColumnDef NASIDENTIFIER,NAS-Identifier > >>>>> AcctColumnDef NASPORT,NAS-Port,integer > >>>>> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address > >>>>> > >>>>> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ > >>>>> from SUBSCRIBERS \ > >>>>> where USERNAME=%0 > >>>>> > >>>>> AuthColumnDef 0, User-Password, check > >>>>> AuthColumnDef 1, GENERIC, check > >>>>> AuthColumnDef 2, GENERIC, reply > >>>>> DefaultReply > >>>>> Service-Type=Framed-User,Framed-Protocol=PPP > >>>>> > >>>>> > >>>>> </AuthBy> > >>>>> <Realm DEFAULT> > >>>>> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/ > >>>>> > >>>>> > >>>>> PostAuthHook file:"%D/postHook" > >>>>> AcctLogFileName %L/%N/detail > >>>>> > >>>>> > >>>>> > >>>>> #AuthByPolicy ContinueWhileReject > >>>>> AuthByPolicy ContinueUntilAccept > >>>>> AuthBy LDAP > >>>>> AuthBy CheckSQL > >>>>> AuthBy System > >>>>> > >>>>> > >>>>> </Realm> > >>>>> > >>>>> === > >>>>> Archive at http://www.open.com.au/archives/radiator/ > >>>>> Announcements on [EMAIL PROTECTED] > >>>>> To unsubscribe, email '[EMAIL PROTECTED]' with > >>>>> 'unsubscribe radiator' in the body of the message. > >>>>> > >>>>> > >>>> > >>>> NB: have you included a copy of your configuration file (no > >>>> secrets), > >>>> together with a trace 4 debug showing what is happening? > >>>> > >>>> -- > >>>> Radiator: the most portable, flexible and configurable RADIUS server > >>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X. > >>>> - > >>>> Nets: internetwork inventory and management - graphical, extensible, > >>>> flexible with hardware, software, platform and database > >>>> independence. > >>>> > >>>> > >>> > >>> > >> > >> NB: have you included a copy of your configuration file (no secrets), > >> together with a trace 4 debug showing what is happening? > >> > >> -- > >> Radiator: the most portable, flexible and configurable RADIUS server > >> anywhere. Available on *NIX, *BSD, Windows, MacOS X. > >> - > >> Nets: internetwork inventory and management - graphical, extensible, > >> flexible with hardware, software, platform and database independence. > >> > >> > > > > > > NB: have you included a copy of your configuration file (no secrets), > together with a trace 4 debug showing what is happening? > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.