Hello Skeeve -
There is no difference using Handlers.
I am not sure I understand your question - could you give me a bit more detail please?
regards
Hugh
On Tuesday, November 5, 2002, at 07:54 PM, Skeeve Stevens wrote:
NB: I am travelling this week, so there may be delays in our correspondence.
Is there much difference because we use Handlers?
I am not sure how you would integrate the Proxy radius for .... say
user@customer to be checked before being allowed to continue.
...Skeeve
example client:
<Client 203.194.28.131>
Secret m0d3m5
NasType Ascend
Identifier Comindico
</Client>
Session & Address:
<SessionDatabase SQL>
Identifier SDB1
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
AddQuery insert into online
(acct_handle,nas_id,online_nasport,online_sessionid,online_date,online_ i
paddress,online_servicetype,online_calling_station,online_called_statio n
,online_key,online_group) values
('%n','%N','%{NAS-Port}','%{Acct-Session- Id}',from_unixtime(%{Timestamp}
),'%{Framed-IP-Address}','%{Service-Type}','%{Calling-Station- Id}','%{Ca
lled-Station-Id}','%{Ascend-Session-Svr-Key}','%{Client:X-GroupName}')
DeleteQuery delete from online where acct_handle = '%n' and
nas_id = '%N' and online_nasport = %{NAS-Port}
ClearNasQuery delete from online where nas_id = '%N'
CountQuery select nas_id,online_nasport,online_sessionid from
online where acct_handle = '%n'
</SessionDatabase>
<AddressAllocator SQL>
Identifier SDB1
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER from
RADPOOL where POOL='%0' and STATE=0 order by TIME_STAMP
AllocateQuery update RADPOOL set STATE=1,TIME_STAMP=%0,
EXPIRY=%1, USERNAME=%2, NAS='%{Calling-Station-Id}' where YIADDR='%3'
and TIME_STAMP %4
AddAddressQuery insert into RADPOOL (STATE, TIME_STAMP, POOL,
YIADDR, SUBNETMASK, DNSSERVER, USERNAME, NAS) values (0, %t, '%0', '%1',
'%2', '%3', '%n', '%{Calling-Station-Id}')
<AddressPool pool1>
Subnetmask 255.255.255.255
DNSServer 203.24.66.204
Range 203.222.150.192/26
</AddressPool>
</AddressAllocator>
The Handler:
<Handler Client-Identifier = Comindico>
#<Realm DEFAULT>
#AuthByPolicy ContinueWhileIgnore#
AuthByPolicy ContinueWhileAccept
RewriteUsername tr/A-Z/a-z/
SessionDatabase SDB1
<AuthBy SQL>
Identifier SDB1
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
AuthSelect select auth_upass_crypt,((auth_max_sessions)*2) as
auth_max_sessions,auth_idle_timeout,auth_subnet,auth_netmask,auth_reply p
airs,auth_dc_time,auth_group from auth where auth_uname='%n' and
auth_stat_id = 1 and curdate() < auth_expire && auth_server != 1
RejectEmptyPassword
EncryptedPassword
AddToReply Ascend-Client-Primary-DNS=203.24.66.204,
Ascend-Client-Secondary-DNS=203.24.66.193, Ascend-Client-Assign-DNS =
DNS-Assign-Yes, Framed-Protocol = PPP, Service-Type = Framed-User
AccountingTable detail
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, Simultaneous-Use, check
AuthColumnDef 2, Idle-Timeout, reply
AuthColumnDef 3, Framed-IP-Address, reply
AuthColumnDef 4, Framed-IP-Netmask, reply
AuthColumnDef 5, Framed-Route, reply
AuthColumnDef 6, Session-Timeout, reply
AuthColumnDef 7, X-GroupName, reply
AcctColumnDef detail_acct_handle,User-Name
AcctColumnDef detail_nas_id,NAS-IP-Address
AcctColumnDef
detail_date,Timestamp,formatted-date,from_unixtime(%s)
AcctColumnDef detail_type,Acct-Status-Type
AcctColumnDef detail_delay,Acct-Delay-Time,integer
AcctColumnDef detail_called_station,Called-Station-Id
AcctColumnDef detail_calling_station,Calling-Station-Id
AcctColumnDef detail_inbytes,Acct-Input-Octets,integer
AcctColumnDef detail_outbytes,Acct-Output-Octets,integer
AcctColumnDef detail_sessionid,Acct-Session-Id
AcctColumnDef detail_sessiontime,Acct-Session-Time,integer
AcctColumnDef detail_termcause,Acct_Terminate-Cause
AcctColumnDef detail_termcause,Ascend-Disconnect-Cause
AcctColumnDef detail_nasport,NAS-Port,integer
AcctColumnDef detail_ipaddress,Framed-IP-Address
</AuthBy>
<AuthBy DYNADDRESS>
Allocator SDB1
PoolHint pool1
MapAttribute yiaddr, Framed-IP-Address
MapAttribute subnetmask, Framed-IP-Netmask
</AuthBy>
<AuthLog SQL>
DBSource dbi:mysql:xxx:xxx
DBUsername root
DBAuth tekflex
Table RADAUTHLOG
LogSuccess 0
LogFailure 1
FailureQuery INSERT INTO authlog
(username,timestamp,priority,message,password) VALUES ('%n', %t, %0,
%1%r%r, '%P')
</AuthLog>
<Log SQL>
DBSource dbi:mysql:xxx:xxx
DBUsername xxx
DBAuth xxx
Table radlog
</Log>
</Handler>
-----Original Message----- From: [EMAIL PROTECTED] [mailto:owner-radiator@;open.com.au] On Behalf Of Hugh Irvine Sent: Monday, November 04, 2002 2:22 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Best Way to do this proxyHello Skeeve - You should use two AuthBy clauses under the control of an AuthByPolicy, something like this: # define AuthBy clauses (FILE/SQL/whatever) <AuthBy FILE> Identifier CheckLocal ..... </AuthBy> <AuthBy RADIUS> Identifier CheckRemote .... </AuthBy> <Realm customer> AuthByPolicy ContinueWhileAccept AuthBy CheckLocal AuthBy CheckRemote ..... </Realm> regards Hugh On Saturday, November 2, 2002, at 09:53 PM, Skeeve Stevens wrote:Question... I have a customer who wants to do their own Radiusauthentication.....but... I don't want this customer to be able to createtheir own useraccounts and so on. I want them to call us, get the account put in our radiusserver and wewould provide at the first level: - port usage limit check (for that customer) - see if account exists - see if account is active - then check REMOTE customer radius server for authentication - the password - if success, pass back details of IP and such from ourmaster radiusserver. In essence... giving the customer the ability to changepasswords andlock accounts of their users. Can anyone suggest a good way to implement this? or is there any existing hooks which can do a local verification checkbefore passingon the request to another radius server.. Users would use 'username@customer' ...Skeeve _______________________________________________________ Skeeve Stevens, RHCE Email: [EMAIL PROTECTED] Website: www.skeeve.org - Telephone: (0414) 753 383 Address: P.O Box 1035, Epping, NSW, 1710, Australia eIntellego - [EMAIL PROTECTED] - www.eintellego.net _______________________________________________________ Si vis pacem, para bellum === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
