Section 3.44. <AuthBy RADMIN>

3.44. <AuthBy RADMIN>

<AuthBy RADMIN> provides authentication and accounting using the RAdmin User Administration package from Radiator Software website

. RAdmin is a complete web-based package that allows you to maintain your RADIUS user and accounting details in an SQL database. You can add, change and delete users, examine connection history, control simultaneous login, get reports on modem usage and many other functions. The combination of Radiator and RAdmin provides a complete solution to your RADIUS user administration requirements.

Tip

RAdmin is not a billing or invoicing system.

During authentication, Radiator checks the password in the RAdmin “RADUSERS” table. Accounting details are added to the RADUSAGE table.

There is an example Radiator configuration file for RAdmin in goodies/radmin.cfg.

<AuthBy RADMIN> understands also the same parameters as <AuthBy SQL>. For more information, see Section 3.41. <AuthBy SQL>.

3.44.1. AuthSelect

This SQL query is used to select details of users who are attempting to log in. %0 is replaced by the quoted and (possibly rewritten) User-Name. Other special formatting characters may be used.

Defaults to

select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, \
SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from RADUSERS \
where USERNAME=%0

Tip

You can force AuthBy RADMIN to honour additional fields in your AuthSelect statement by using AuthColumnDef. For example, you might add 3 new columns to your RADUSERS table and wish to use them as reply items. You could do that something like this:

# Honour FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME too
AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
                  MAXLOGINS,SERVICENAME, BADLOGINS, VALIDFROM, \
                  VALIDTO, FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
           from RADUSERS where USERNAME=%0
AuthColumnDef 0,Framed-IP-Netmask,reply
AuthColumnDef 1,Filter-Id,reply
AuthColumnDef 2,Idle-Timeout,reply

Note that the numbering of AuthColumnDef 0 starts with the field following the first 8 minimum and required fields.

3.44.2. LogQuery

This optional parameter allows you to control the SQL query that is used to insert log messages into the database.

The default is:

insert into RADMESSAGES (TIME_STAMP, TYPE, MESSAGE) 
values (%t, %0, %1)

Where %t is translated as a special character to the current time, %0 is converted to the message priority (in integer in the range 0 to 4 inclusive), and %1 is converted to the log message, quoted and escaped. MESSAGE will be truncated to MaxMessageLength characters prior to insertion.

3.44.3. MaxMessageLength

The optional parameter sets the maximum length of message that will be inserted by LogQuery. All messages longer than MaxMessageLength characters will be truncated to MaxMessageLength. Defaults to 200, which is the default size of the MESSAGE column in the RADMIN.RADMESSAGES table.

3.44.4. UserAttrQuery

This optional parameter allows you to control the query used to get user-specific RADIUS check and reply items. %0 is replaced by the (possibly rewritten) User-Name. Other special formatting characters may be used.

Defaults to

select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE \
from RADCONFIG where NAME=%0 order by ITEM_TYPE

3.44.5. ServiceAttrQuery

This optional parameter allows you to control the query used to get service-specific RADIUS check and reply items. %0 is replaced by the Service Profile name from the SERVICENAME column in the user's database record. Other special formatting characters may be used. ServiceAttrQuery will be run after UserAttrQuery if ServiceAttrQuery is non-empty, and if a non-empty servicename was found in the 5th field returned from AuthSelect.

Defaults to

select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE \
from RADSTCONFIG where NAME=%0 order by ITEM_TYPE

3.44.6. AttrQueryParam

This optional parameter enables the use of bound variables (where supported by the SQL server) and query caching in the UserAttrQuery and ServiceAttrQuery strings. If you specify one or more AttrQueryParam parameters, they will be used in order to replace parameters named with a question mark (“?”) in the UserAttrQuery and Service- AttrQuery queries, and the query will be cached for future reuse by the SQL server. %0 is replaced by the appropriate user name or service name. For more information, see Section 3.8.1. SQL bind variables.

3.44.7. IncrementBadloginsQuery

This optional parameter specifies the SQL query to issue if AuthBy RADMIN detects a bad password. It is intended to increment a count of the number of bad logins, which can then be checked during authentication. %0 is replaced with the name of the user being authenticated. Other special formatting characters may be used.

Defaults to:

update RADUSERS set BADLOGINS=BADLOGINS+1 where USERNAME=%0

3.44.8. ClearBadloginsQuery

This optional parameter specifies the SQL query to issue if AuthBy RADMIN detects a good password. It is intended to clear a count of the number of bad logins, which can then be checked during authentication. %0 is replaced with the name of the user being authenticated. Other special formatting characters may be used.

Defaults to:

update RADUSERS set BADLOGINS=0 where USERNAME=%0

3.44.9. MaxBadLogins

AuthBy RADMIN compares the bad login count in the RAdmin database with Max- BadLogins. If it is exceeded, it is assumed that password guessing has been attempted and the user will be disabled until their bad login count is reset. Defaults to 5. If set to 0, the bad login count is ignored.