Hello Ron -
On Tue, 10 Oct 2000, Ron Hensley wrote:
> I need 2 AuthBy's, but only the first one, AuthBy RADIUS, does the pass
> checking, (Proxy to third party radius server), but then a second AuthBy SQL
> gets entered which logs the Start-Stop records for accounting purposes. The
> users on those remote realms dont exist in my database however, so this
> second AuthBy cant do anything but log, as it would Reject the users
> name/pass if it tried.
>
> Here's a Realm statement from my radius.cfg with the passes removed.
> Seems I need a second <AuthBy SQL></AuthBy> with the appropriate connection
> string, username, password
> so it can talk to the SQL server. However how to just accept whats there and
> log it to ACCOUNTING.
>
You would do something like this:
# configure AuthBy SQL for accounting only
# note empty AuthSelect
# Identifier will be used later
<AuthBy SQL>
Identifier SQLAccountingOnly
DBSource ....
DBUsername ....
DBAuth .....
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef ....
.....
</AuthBy>
# configure AuthBy RADIUS
# Identifier will be used later
<AuthBy RADIUS>
Identifier CheckRADIUS
Host remote.server.net
Secret password
LocalAddress 216.240.X.X
AddToReply Port-Limit=1
</AuthBy>
# configure Realm with AuthByPolicy
# AuthBy CheckRADIUS is last, as it forks and doesn't return
<Realm realm.net>
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy ContinueAlways
AuthBy SQLAccountingOnly
AuthBy CheckRADIUS
</Realm>
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
