Hi Heikki,
Thanks for your answer!
I've tried your suggestion and I managed to get some variables dynamically from
an SQL database.
When I try AuthColumnDef twice in two different AuthBy SQL's it doesn't seem to
work though. The 'AUTH_BACKEND' and 'CONNECTION_ID' are working properly. When
Radiator reaches the AuthBy LDAP2 it tries to connect with LDAP to
'LDAP_SERVER'. The value of this attribute isn't set and therefore Radiator is
unable to authenticate against the Active Directory. The query in AuthSelect is
returning correct values though.
Is it not possible to use AuthColumnDef twice or something? I tried different
configurations with the Authby's outside an Handler as well.
The current configuration is as follows:
---
LogDir C:\Program Files\Radiator\logs
LogFile %L\%Y%m%d-%H00-radius.log
DbDir C:\Progam Files\Radiator
DictionaryFile C:\Program Files\Radiator\dictionary
Trace 5
<Client DEFAULT>
Secret mysecret
DupInterval 0
</Client>
<AuthBy SQL>
Identifier DETERMINE_AUTH_BACKEND
DBSource dbi:ODBC:DRIVER={SQL
Server};SERVER={localhost};DATABASE=dbPMS
DBUsername sa_pmsuser
DBAuth 123pms
AuthSelect EXEC spGetAuthenticationSource %0,
%{Quote:%{NAS-Port-Type}}, %{Quote:%{Service-Type}}, %{Quote:%{Acct-Sess-ID}}
AuthColumnDef 0, AUTH_BACKEND, request
AuthColumnDef 1, CONNECTION_ID, request
</AuthBy>
<Handler>
AuthByPolicy ContinueWhileAccept
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
AuthBy DETERMINE_AUTH_BACKEND
</AuthBy>
<AuthBy HANDLER>
HandlerId AUTH_USER_%{AUTH_BACKEND}
</AuthBy>
#AuthBy sql-add-reply-attributes
</Handler>
<Handler>
Identifier AUTH_USER_realmLDAP
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
DBSource dbi:ODBC:DRIVER={SQL
Server};SERVER={localhost};DATABASE=dbPMS
DBUsername sa_pmsuser
DBAuth 123pms
AuthSelect EXEC spLDAPGetProperties %0, %{CONNECTION_ID}
AuthColumnDef 0, LDAP_SERVER, request
AuthColumnDef 1, LDAP_AUTHDN, request
AuthColumnDef 2, LDAP_AUTHPASSWORD, request
AuthColumnDef 3, LDAP_BASEDN, request
AuthColumnDef 4, LDAP_SEARCH_FILTER, request
</AuthBy>
<AuthBy LDAP2>
Host %{LDAP_SERVER}
AuthDN %{LDAP_AUTHDN}
AuthPassword %{LDAP_AUTHPASSWORD}
BaseDN %{LDAP_BASEDN}
SearchFilter
(&(userPrincipalName=%1)(memberOf=%{LDAP_SEARCH_FILTER}))
ServerChecksPassword
HoldServerConnection
#Debug 255
Timeout 10
FailureBackoffTime 1
Version 3
</AuthBy>
</Handler>
---
Logging:
---
Code: Access-Request
Identifier: 71
Authentic: <245><135><138>2<21><143>'<136><169><201><134>}<251><24>@<246>
Attributes:
User-Name = "rvannoorl...@proxsys.net"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <158><252>xt"cP<217><217><197><4><229><208>-<6>;
Mon Apr 11 10:02:41 2011: DEBUG: Handling request with Handler '', Identifier ''
Mon Apr 11 10:02:41 2011: DEBUG: Deleting session for
rvannoorl...@proxsys.net, 203.63.154.1, 1234
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthGROUP:
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL:
DETERMINE_AUTH_BACKEND
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL:
DETERMINE_AUTH_BACKEND
Mon Apr 11 10:02:41 2011: DEBUG: Query is: 'EXEC spGetAuthenticationSource
'rvannoorl...@proxsys.net', 'Async', 'Framed-User', ''':
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL looks for match with
rvannoorl...@proxsys.net [rvannoorl...@proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL ACCEPT: :
rvannoorl...@proxsys.net [rvannoorl...@proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthGROUP: DETERMINE_AUTH_BACKEND
result: ACCEPT,
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy GROUP result: ACCEPT,
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthHANDLER:
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy HANDLER is redirecting to Handler
'AUTH_USER_realmLDAP'
Mon Apr 11 10:02:41 2011: DEBUG: Handling request with Handler '', Identifier
'AUTH_USER_realmLDAP'
Mon Apr 11 10:02:41 2011: DEBUG: Deleting session for
rvannoorl...@proxsys.net, 203.63.154.1, 1234
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL:
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthSQL:
Mon Apr 11 10:02:41 2011: DEBUG: Query is: 'EXEC spLDAPGetProperties
'rvannoorl...@proxsys.net', 369':
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL looks for match with
rvannoorl...@proxsys.net [rvannoorl...@proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: Radius::AuthSQL ACCEPT: :
rvannoorl...@proxsys.net [rvannoorl...@proxsys.net]
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy SQL result: ACCEPT,
Mon Apr 11 10:02:41 2011: DEBUG: Handling with Radius::AuthLDAP2:
Mon Apr 11 10:02:41 2011: INFO: Connecting to :389
Mon Apr 11 10:02:41 2011: ERR: Could not open LDAP connection to :389. Backing
off for 1 seconds.
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy LDAP2 result: IGNORE, User database
access error
Mon Apr 11 10:02:41 2011: DEBUG: AuthBy HANDLER result: IGNORE, User database
access error
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
