Thanks! That worked well.
Is there any way to just discard instead of using two (or 3) session
databases?
What would happen if I told it to use a different SessionDatabase that I had
not previously defined? :)
--
Roy Hooper ([EMAIL PROTECTED])
Sr. Systems Administrator
Network Operations
Cyberus Online Inc, an eisa.com company
> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Monday, November 29, 1999 12:05 AM
> To: Roy Hooper; tom minchin
> Cc: [EMAIL PROTECTED]; Roy Hooper
> Subject: RE: (RADIATOR) Session Database
>
>
>
> Hi Roy (and Tom) -
>
> On Mon, 29 Nov 1999, Roy Hooper wrote:
> > >
> > > If they're using something that's always the same, then
> create a Handler
> > > that matches and ignores these packets (although you may want to log
> > > them to make sure they're doing their job etc).
> >
> > I'm already doing this (here's my Session config & my Accounting
> > handler(s)):
> > I *MUST* respond to the NAS to indicate that I got the packets, so
> > discarding outright doesn't help. The best approach that I
> found to what I
> > want to do was the AuthBy TEST module :) If I'm wrong, someone, please
> > correct me! :)
> >
>
> There is a rather obscure way of dealing with your problem, and that is by
> defining two session databases, one for your default entries and
> the second for
> the entries you really want to see. Something like this:
>
> # This is your first session database definition
>
> <SessionDatabase SQL>
> DBSource dbi:mysql:radius
> DBUsername XXX
> DBAuth XXX
>
> AddQuery insert into RADONLINE \
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> TIME_STAMP, \
> FRAMEDADDRESS, PORTTYPE, SERVICETYPE) values ('%n', '%N', \
> '%{NAS-Port}', '%{Acct-Session-Id}', %{Timestamp}, \
> '%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')
>
> DeleteQuery delete from RADONLINE where USERNAME='%n' and
> NASIDENTIFIER
> ='%N' and NASPORT='%{NAS-Port}'
> </SessionDatabase>
>
> # This is your second session database definition
> # note the use of Identifier for reference (and a second table)
>
> <SessionDatabase SQL>
> Identifier SDB2
> DBSource dbi:mysql:radius
> DBUsername XXX
> DBAuth XXX
>
> AddQuery insert into RADONLINE2 \
> (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID,
> TIME_STAMP, \
> FRAMEDADDRESS, PORTTYPE, SERVICETYPE) values ('%n', '%N', \
> '%{NAS-Port}', '%{Acct-Session-Id}', %{Timestamp}, \
> '%{Framed-IP-Address}', '%{Port-Type}', '%{Service-Type}')
>
> DeleteQuery delete from RADONLINE2 where USERNAME='%n' and
> NASIDENTIFIER
> ='%N' and NASPORT='%{NAS-Port}'
> </SessionDatabase>
>
> # Accounting handlers
> #
> # Log details for @eisa.com users only from @eisa.com to file from
> # border1.cyberus.ca 209.195.69.147
> <Handler Acct-Status-Type =
> /Start|Stop/,NAS-IP-Address=209.195.69.147,User-Name
> =/.*\@eisa.com/>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy TEST>
> </AuthBy>
> AcctLogFileName %L/acct/eisa.com/%C/detail
> </Handler>
>
> # Accept the rest of the entries from 209.195.69.147, but don't log them
> <Handler Acct-Status-Type = /Start|Stop/,NAS-IP-Address=209.195.69.147>
> # RewriteUsername s/^([^@]+).*/$1/
> <AuthBy TEST>
> </AuthBy>
> # AcctLogFileName %L/acct/eisa.com/7552-details
> </Handler>
>
> # Ignore UUnet test packets
> <Handler User-Name = "RejectMePls", Acct-Status-Type = Start,
> Acct-Session-Id =
> "dontTryMacth">
> <AuthBy TEST>
> </AuthBy>
> </Handler>
>
> # Accept start and stop for the rest.
> <Handler Acct-Status-Type = /Start|Stop/>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy TEST>
> </AuthBy>
> AcctLogFileName %L/acct/eisa.com/%C/detail
> SessionDatabase SDB2
> </Handler>
>
> Your final Handler will use the session database defined by SDB2,
> while the
> others will continue to use the first one (which is the default).
>
> hth
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
