(RADIATOR) Authenticating From Radmin

Paul Black Mon, 2 Aug 1999 02:32:17 -0700

I've now got Radmin installed and I'm very pleased with the user interface and
capabilities. Now I'm trying to get my radius.cfg setup to allow
authentication of a test user and still allowing fallback to authenticating
from the shadow password file for my existing customers. I've attached my
radius.cfg file and the trace logfile output. When I ran the attached config
none of my existing customers could login.

Can anyone tell me how to correct this problem?

Regards.  Paul

# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of 
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $

#Foreground
#LogStdout
Trace   4

DbDir           /etc/raddb
LogDir          /var/log/radacct
DictionaryFile  /etc/raddb/dictionary

# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
<Client xenon>
        Secret   XXX
</Client>
<Client dm1>
        Secret   XXX
</Client>
<Client pm1>
        Secret   XXX
</Client>

# This clause means we will handle any real that arrives
<Realm DEFAULT>
        <AuthBy RADMIN>
                # Change DBSource, DBUsername, DBAuth for your database
                # See the reference manual. You will also have to 
                # change the one in <SessionDatabse SQL> below
                # so its the same
                DBSource        dbi:mysql:radmin
                DBUsername      radmin
                DBAuth          XXX

                # You can add to or change these if you want, but you
                # will probably want to change the databse schema first
                AccountingTable RADUSAGE
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   DNIS,Called-Station-Id

                #
                # This updates the time and octets left for this user
                #

                AcctSQLStatement update RADUSERS set 
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, 
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

                #
                # These are the classic things to add to each users 
                # reply to allow a PPP dialup session. It may be 
                # different for your NAS. This will add some 
                # reply items to everyone's reply
                #

                AddToReply Framed-Protocol = PPP,\
                        Framed-IP-Netmask = 255.255.255.255,\
                        Framed-Routing = None,\
                        Framed-MTU = 1500,\
                        Framed-Compression = Van-Jacobson-TCP-IP
        </AuthBy>

        <AuthBy FILE>
                Filename /etc/raddb/users
        </AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName /var/log/radacct/dm1/detail
</Realm>

# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
<AuthBy UNIX>
        Identifier System
        Filename /etc/shadow
</AuthBy>

# livingCompat.cfg
#
# This is a simple Radiator config file that allows you
# to continue using a bog standard Livingston or
# similar users file with Radiator, It implements the
# Auth-Type="System" check item by using AuthBy UNIX
#
# You will probably want to change the definitions of 
# DbDir, LogDir and the Filename parameters
#
# Author: Mike McCauley ([EMAIL PROTECTED])
# Copyright (C) 1997 Open System Consultants
# $Id: livingCompat.cfg,v 1.3 1999/07/12 02:01:35 mikem Exp $

#Foreground
#LogStdout
Trace   4

DbDir           /etc/raddb
LogDir          /var/log/radacct
DictionaryFile  /etc/raddb/dictionary

# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
<Client xenon>
        Secret   XXX
</Client>
<Client dm1>
        Secret   XXX
</Client>
<Client pm1>
        Secret   XXX
</Client>

# This clause means we will handle any real that arrives
<Realm DEFAULT>
        <AuthBy RADMIN>
                # Change DBSource, DBUsername, DBAuth for your database
                # See the reference manual. You will also have to 
                # change the one in <SessionDatabse SQL> below
                # so its the same
                DBSource        dbi:mysql:radmin
                DBUsername      radmin
                DBAuth          XXX

                # You can add to or change these if you want, but you
                # will probably want to change the databse schema first
                AccountingTable RADUSAGE
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   DNIS,Called-Station-Id

                #
                # This updates the time and octets left for this user
                #

                AcctSQLStatement update RADUSERS set 
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, 
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, 
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

                #
                # These are the classic things to add to each users 
                # reply to allow a PPP dialup session. It may be 
                # different for your NAS. This will add some 
                # reply items to everyone's reply
                #

                AddToReply Framed-Protocol = PPP,\
                        Framed-IP-Netmask = 255.255.255.255,\
                        Framed-Routing = None,\
                        Framed-MTU = 1500,\
                        Framed-Compression = Van-Jacobson-TCP-IP
        </AuthBy>

        <AuthBy FILE>
                Filename /etc/raddb/users
        </AuthBy>
        # Log accounting to the detail file in LogDir
        AcctLogFileName /var/log/radacct/dm1/detail
</Realm>

# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
<AuthBy UNIX>
        Identifier System
        Filename /etc/shadow
</AuthBy>

(RADIATOR) Authenticating From Radmin

Reply via email to