Re: (RADIATOR) Question about accounting
Hello John - On Wed, 29 Dec 1999, [EMAIL PROTECTED] wrote: > Hi; > > Our system is working just fine (authentication wise), but I need to be able to send accounting packets to two seperate locations for a particular realm. > > For example: > > Authentication packets for a certain realm are proxied (AuthBy Realm) to another Radius server which works fine. > Accounting packets should be sent there too, this seems to be happening as well (it is not our radius server so I don't know for sure). > I also want to be able to stuff the contents of the accounting packets into an SQL database, which I am currently doing for realms that authenticate of the same database. > You will want to do something like this: # note AuthByPolicy ContinueAlways # and empty AuthSelect to turn off authentication AuthByPolicy ContinueAlways RewriteUsername tr/A-Za-z0-9\-\_\&\.\@/ /cs RewriteUsername s/^([^@]+).*/$1/ Host Secret DBSourcedbi:mysql: DBUsername DBAuth AuthSelect AccountingStopsOnly AccountingTable ACCOUNTING_NATIONAL AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address,ipaddr # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail-%m%d%Y SessionDatabase SDB2 > > > PS Something else, with the sessiondatabase like it is, somethime the re-written user-name is inserted into the database sometimes the origional username is inserted this is just strange. Can you send me the complete configuration file and a trace 4 debug showing the session database inserts? thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about accounting
Hi; Our system is working just fine (authentication wise), but I need to be able to send accounting packets to two seperate locations for a particular realm. For example: Authentication packets for a certain realm are proxied (AuthBy Realm) to another Radius server which works fine. Accounting packets should be sent there too, this seems to be happening as well (it is not our radius server so I don't know for sure). I also want to be able to stuff the contents of the accounting packets into an SQL database, which I am currently doing for realms that authenticate of the same database. Here is my current config for the realm in question: AuthByPolicy ContinueWhileAccept #I was just guesing on this one RewriteUsername tr/A-Za-z0-9\-\_\&\.\@/ /cs RewriteUsername s/^([^@]+).*/$1/ Host Secret DBSourcedbi:mysql: DBUsername DBAuth AuthSelect SELECT DialupUsers.password FROM DialupUsers, DialupService WHERE DialupService.my_key = DialupUsers.my_key AND user_name = '%U' AND DialupService.realm = 'not_real' AND type='region' AND status='ACTIVE' DefaultReply User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = NoneFramed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP, Session-Timeout = 28800, Idle-Timeout = 1800 AuthColumnDef 0, User-Password, check AccountingStopsOnly AccountingTable ACCOUNTING_NATIONAL AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address,ipaddr # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail-%m%d%Y SessionDatabase SDB2 John D [EMAIL PROTECTED] PS Something else, with the SessionDatabase like it is, somethimes the re-written user-name is inserted into the database sometimes the origional username is inserted this is just strange. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Question about accounting
Hi; Our system is working just fine (authentication wise), but I need to be able to send accounting packets to two seperate locations for a particular realm. For example: Authentication packets for a certain realm are proxied (AuthBy Realm) to another Radius server which works fine. Accounting packets should be sent there too, this seems to be happening as well (it is not our radius server so I don't know for sure). I also want to be able to stuff the contents of the accounting packets into an SQL database, which I am currently doing for realms that authenticate of the same database. Here is my current config for the realm in question: AuthByPolicy ContinueWhileAccept #I was just guesing on this one RewriteUsername tr/A-Za-z0-9\-\_\&\.\@/ /cs RewriteUsername s/^([^@]+).*/$1/ Host Secret DBSourcedbi:mysql: DBUsername DBAuth AuthSelect SELECT DialupUsers.password FROM DialupUsers, DialupService WHERE DialupService.my_key = DialupUsers.my_key AND user_name = '%U' AND DialupService.realm = 'not_real' AND type='region' AND status='ACTIVE' DefaultReply User-Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = NoneFramed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP, Session-Timeout = 28800, Idle-Timeout = 1800 AuthColumnDef 0, User-Password, check AccountingStopsOnly AccountingTable ACCOUNTING_NATIONAL AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address,ipaddr # Log accounting to the detail file in LogDir MaxSessions 1 AcctLogFileName %L/detail-%m%d%Y SessionDatabase SDB2 John D [EMAIL PROTECTED] PS Something else, with the sessiondatabase like it is, somethime the re-written user-name is inserted into the database sometimes the origional username is inserted this is just strange. === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.