Hello Andy -
I usually suggest to people that they add a column to the session database
table to store the rewritten username too and then specify the corresponding
queries to do "the right thing" (tm).
The reason the session database uses the original username is because that is
what must be queried on the NAS if you are doing strict limit checking.
regards
Hugh
On Wed, 19 Dec 2001 03:55, Andy Dills wrote:
> Sorry about the blank email. I had tried to cancel the email, as I had
> thought I had figured out the problem, but had accidently sent it instead
> of cancelling (cntrl-x being right next to cntrl-c).
>
> Anyways, the problem is this: I use the standard realm stripping
> RewriteUsername s/^([^@]+).*/$1/ in my <Realm...> clauses. However, the
> full [EMAIL PROTECTED] is being injected into the session db. This isn't
> good, because I have some NASes that send plain usernames with no realms,
> which get routed with a DefaultRealm statement. These logins do not have
> the realm attached when injected into the session db.
>
> As a result, simultaneous use doesn't work properly, as
> [EMAIL PROTECTED] != andy
>
> Any ideas on how to fix this? My initial thought was a RewriteUsername
> clause inside of the <SessionDatabase SQL> statement. That, of course,
> isn't kosher.
>
> Thanks!
> Andy
>
>
>
> Here's some trace 4:
>
> First, when the realm is specified:
>
> Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
> 'Realm=xecu.net'
> Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
> Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Deleting session for
> [EMAIL PROTECTED], 203.63.154.1, 1234
> Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='203.63.154.1' and NASPORT=01234
>
> Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
> Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
> Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL:
> Tue Dec 18 05:24:21 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
>
> Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL looks for match with
> xandy
> Tue Dec 18 05:24:21 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='[EMAIL PROTECTED]'
>
> Tue Dec 18 05:24:21 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Tue Dec 18 05:24:21 2001: DEBUG: Access accepted for xandy
> Tue Dec 18 05:24:21 2001: DEBUG: Handling request with Handler
> 'Realm=xecu.net'
> Tue Dec 18 05:24:21 2001: DEBUG: Rewrote user name to xandy
> Tue Dec 18 05:24:21 2001: DEBUG: xecu.net Adding session for
> [EMAIL PROTECTED], 203.63.154.1, 1234
> Tue Dec 18 05:24:21 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='203.63.154.1' and NASPORT=01234
>
> Tue Dec 18 05:24:21 2001: DEBUG: do query is: insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
> IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
> ('[EMAIL PROTECTED]', '203.63.154.1', 01234, '00001234', 1008653061, '',
> 'Async', 'Framed-User')
>
> Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthGROUP
> Tue Dec 18 05:24:21 2001: DEBUG: Handling with Radius::AuthSQL
> Tue Dec 18 05:24:21 2001: DEBUG: Handling accounting with Radius::AuthSQL
> Tue Dec 18 05:24:21 2001: DEBUG: Accounting accepted
>
>
>
> And now when the realm is not specified:
>
>
>
> Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
> 'Realm=xecu.net'
> Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
> Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Deleting session for xandy,
> 203.63.154.1, 1234
> Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='203.63.154.1' and NASPORT=01234
>
> Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP
> Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL
> Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL:
> Tue Dec 18 16:29:20 2001: DEBUG: Query is: select ENCRYPTEDPASSWORD,
> CHECKATTR, REPLYATTR from SUBSCRIBERS where USERNAME='xandy'
>
> Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL looks for match with
> xandy
> Tue Dec 18 16:29:20 2001: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='xandy'
>
> Tue Dec 18 16:29:20 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Tue Dec 18 16:29:20 2001: DEBUG: Access accepted for xandy
> Tue Dec 18 16:29:20 2001: DEBUG: Handling request with Handler
> 'Realm=xecu.net'
> Tue Dec 18 16:29:20 2001: DEBUG: Rewrote user name to xandy
> Tue Dec 18 16:29:20 2001: DEBUG: xecu.net Adding session for xandy,
> 203.63.154.1, 1234
> Tue Dec 18 16:29:20 2001: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='203.63.154.1' and NASPORT=01234
>
> Tue Dec 18 16:29:20 2001: DEBUG: do query is: insert into RADONLINE
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESS
> IONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values
> ('xandy', '203.63.154.1', 01234, '00001234', 1008692960, '', 'Async',
> 'Framed-User')
>
> Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthGROUP
> Tue Dec 18 16:29:20 2001: DEBUG: Handling with Radius::AuthSQL
> Tue Dec 18 16:29:20 2001: DEBUG: Handling accounting with Radius::AuthSQL
> Tue Dec 18 16:29:20 2001: DEBUG: Accounting accepted
>
>
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Andy Dills 301-682-9972
> Xecunet, LLC www.xecu.net
> xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Dialup * Webhosting * E-Commerce * High-Speed Access
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
