Hi Kevin,
The default behaviour for the session databases is to log the _original_
username prior to any RewriteUsername
In that case of SQL SessionDatabase, it is easy to alter the configuration so
it uses whatever you want as the username. You would probably want to change
AddQuery and CountQuery. The default uses %u to get the original unrewritten
username. You caould chabge this as you see fit.
Hope that helps.
Cheers.
On Nov 2, 1:49pm, Kevin Fowler wrote:
> Subject: (RADIATOR) SessionDatabase Question
> Hello,
> We have multiple groups of customers authenticating out of multiple
> databases with some of the usernames being the same. They need to be
> able to authenticate with realms and without realms. The problem is with
> the SessionDatabase. All of the following example username and password
> pairs need to work correctly from the same radius server:
>
> [EMAIL PROTECTED]
> password1
>
> user1
> password1
>
> [EMAIL PROTECTED]
> password2
>
> user1
> password2
>
> I accomplished this by setting up a realm for dom1.com and
> dom2.com. They each use a different database of users. If no realm is
> specified then I have two AuthBy clauses to attempt to authenticate off of
> each of the two databases. The AuthByPolicy is set to
> ContinueUntilAccept. So the same username could log on with different
> passwords depending on what database they are in.
> The authentication works great the problem is with the
> SessionDatabase. If they authenticated with the dom1.com realm then it
> sends [EMAIL PROTECTED] to the RADONLINE table. If they authenticate without
> a realm then it just send user1 to the table. This stops the other user1
> from being able to log on. What I would prefer is a way to append
> @dom1.com to the username if they are in the first database and @dom2.com
> to the username if they are in the second database. We tried the
> RewriteUsername method but it will not work because you can't rewrite the
> username within each AuthBy clause. We also tried having different
> SessionDatabases but again you can't specify a different SessionDatabase
> per AuthBy clause only per Realm.
> Let me know if anyone has an idea of a better way to do this or if
> anyone had a solution to the way I am trying to do it. Thanks in advance
> for any help. At the bottom I have included an example of my config file.
>
> Regards,
> Kevin Fowler <[EMAIL PROTECTED]>
> System Administrator
> Raex Internet
>
> --------------- sample radus.cfg file -------------------
>
> <Realm>
> AuthByPolicy ContinueUntilAccept
> SessionDatabase SDB1
>
> <AuthBy SQL>
> DBSource dbi:mysql:dom1
> DBUsername username
> DBAuth xxxxx
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> from SUBSCRIBERS where USERNAME='%n'
> </AuthBy>
>
> <AuthBy SQL>
> DBSource dbi:mysql:dom2
> DBUsername username
> DBAuth xxxxxx
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> from SUBSCRIBERS where USERNAME='%n'
> </AuthBy>
> </Realm>
>
> <Realm dom1.com>
> AuthByPolicy ContinueUntilAccept
> SessionDatabase SDB1
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy SQL>
> DBSource dbi:mysql:dom1
> DBUsername username
> DBAuth xxxxxxx
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> from SUBSCRIBERS where USERNAME='%n'
> </AuthBy>
> </Realm>
>
> <Realm dom2.com>
> AuthByPolicy ContinueUntilAccept
> SessionDatabase SDB1
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy SQL>
> DBSource dbi:mysql:dom2
> DBUsername username
> DBAuth xxxxx
> AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
> from SUBSCRIBERS where USERNAME='%n'
> </AuthBy>
> </Realm>
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:sessiondb:machine
> DBUsername username
> DBAuth xxxx
> Identifier SDB1
> </SessionDatabase>
>
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Kevin Fowler
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
