TechLibrary

[+] Expand All

[-] Collapse All

Steel-Belted Radius Carrier 8.4.1 Reference Guide
- Copyright and Trademark Information
- Table of Contents
- List of Figures
- List of Tables
- About This Guide
- Introduction
  - Introduction to Configuration Files
    - Configuration Files
    - Tips for Editing Configuration Files
- Steel-Belted Radius Carrier Core and Radius Front-End Files
  - Operations Files
    - access.ini File
      - [Settings] Section
      - [Users] and [Groups] Sections
    - admin.ini File
      - [AccessLevel] Section
      - [SNMPAgent] Section
    - events.ini File
      - [EventDilutions] Section
        Example
      - [Suppress] Section
        Example
      - [Thresholds] Section
        Example
    - events.xml File
    - radius.ini File
      - [Addresses] Section
        Example 1
        Example 2
      - [AuditLog] Section
      - [AuthRejectLog] Section
      - [Configuration] Section
      - [CurrentSessions] Section
      - [DynAuthProxy]
      - [LatencyLog]
      - [EmbedInClass] Section
      - [HiddenEAPIdentity] Section
      - [IPPoolSuffixes] Section
      - [IPv6] Section
      - [JavaScript] Section
      - [LDAP] Section
      - [LDAPAddresses] Section
      - [Logging] Section
        Log File Naming Conventions and Log Rollover
        Thread Identifiers
        Session Identifiers
        Example
        Enhanced Proxy Logging
      - [MsChapNameStripping] Section
      - [PurgeThreadLogging] Section
      - [Ports] Section
      - [Self] Section
      - [StaticAcctProxy] Section
      - [Status] Section
      - [Strip] Section
      - [StripPrefix] Section
      - [StripSuffix] Section
      - [UserNameTransform] Section
        Example
      - [ValidateAuth] and [ValidateAcct] Sections
    - sbrd.conf File
    - services File
    - servtype.ini File
    - update.ini File
      - [HUP] and [USR2] Sections
        Example
    - Auto-Restart Files
      - Perl SNMP Support
      - Perl System Log Support
      - sbrd.conf File
      - radiusd.conf File
        radiusd.conf Configuration File
  - Authentication Configuration Files
    - authlog.ini File
    - authReport.ini File
    - authReportAccept.ini File
      - [Attributes] Section
      - [Settings] Section
    - authReportBadSharedSecret.ini File
      - [Attributes] Section
      - [Settings] Section
    - authReportReject.ini File
      - [Attributes] Section
      - [Settings] Section
    - authReportUnknownClient.ini File
      - [Attributes] Section
      - [Settings] Section
    - blacklist.ini File
    - lockout.ini File
      - [ClientExclusionList] Section
      - [UserExclusionList] Section
    - redirect.ini File
      - [Settings] Section
      - [ClientExclusionList] Section
    - statlog.ini File
      - [Settings] Section
      - [Statistics] Section
  - Attribute Processing Files
    - Dictionary Files
      - .dct Files
        .dct File Location
        .dct File Records
        Editing .dct Dictionary Files
        Include Records
        Master Dictionary for .dct Files
        ATTRIBUTE Records
        Attribute Name and Identifier
        Syntax Type Identifier
        Compound Syntax Types
        Flag Characters
        VALUE Records
        Macro Records
        OPTION Records
      - .dic Files
        .dic File Location
        <?dict> Element
        <vendor> Element
        <attribute> Element
        Editing .dic Dictionary Files
    - Structured Attributes
      - Structured Attribute Dictionary Definitions
        XML Format of Dictionary Files
        <dictionary> Element
        <attribute> Element
        Subattribute Elements
        <constant>
      - Functional Areas That Use Subattributes
        Packet Parsing and Formatting
        Features that Support the Use of Structured and Subattributes
        Single Subattribute Insertion
        Attribute Filtering
        Proxy Attribute Mapping
        Structured Attributes in Return Lists and Check Lists
        Using Web GUI to Configure Subattributes in Return Lists and Checklists
        Using the LCI to Define Subattributes in Return Lists and Check Lists
        Javascript
        Converting Previous Attribute Flatteners with Subattributes
        Plug-in Attribute Access
      - Example of Configuration and Usage of a Structured Attribute
        3GPP2 Data Definition
        SBR Carrier XML Dictionary Definition
        Example Data
        LCI Encoding
    - classmap.ini File
      - [AttributeName] Section
    - filter.ini File
      - Filter Rules
      - Order of Filter Rules
        Examples
      - Values in Filter Rules
      - Referencing Attribute Filters
    - sample.rr File
    - spi.ini File
      - [Keys] Section
      - [Hosts] Section
    - vendor.ini File
      - [Vendor-Product Identification] Section
      - Product-Scan Settings
    - Adding NAS Location Information to Access-Request Messages
      - Location-Specific Configuration Files
      - locspec.ctrl File
        Example
        Example
        Example
        Example
      - proxy.ini File
        Example
      - realm.pro File
        Example realm.pro file:
      - Example Configuration for Adding NAS Location Attributes to Access-Request
        Example Overview
        Example Configuration
  - Address Assignment Files
    - dhcp.ini File
      - [Settings] Section
      - [Pools] Section
    - pool.dhc Files
  - Accounting Configuration Files
    - account.ini File
    - acctReport.ini File
    - sessionTable.ini File
      - [Settings] Section
  - Realm Configuration Files
    - Proxy Realm Configuration Files
    - Directed Realm Configuration Files
      - Sample proxy.ini File
      - Sample Directed Realm (.dir) File
    - proxy.ini File
    - Proxyrl.ini File
    - Proxy RADIUS Configuration (.pro) File
      - [Auth] Section
      - [Acct] Section
      - [AutoStop] Section
      - [Called-Station-ID] Section
      - [DynAuth] Section
      - Target Selection Rules
        Round-Robin Load Balancing
        Selecting a Backup Server
        Realm Retry Policy
      - [FastFail] Section
      - [ModifyUser] Section
      - [SpooledAccounting] Section
        Retry Sequence
    - Directed Realm Configuration (.dir) File
    - radius.ini Realm Settings
  - EAP Configuration Files
    - eap.ini File
    - peapauth.aut File
      - [Bootstrap] Section
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [Inner_Authentication] Section
      - [Request Filters] Section
      - [Response Filters] Section
      - [Session_Resumption] Section
    - tlsauth.aut File
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [CRL_Checking] Section
      - [Session_Resumption] Section
      - Sample tlsauth.aut File
    - tlsauth.eap File
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [Secondary_Authorization] Section
      - [CRL_Checking] Section
      - [Session_Resumption] Section
      - Sample tlsauth.eap File
      - Configuring Secondary Authorization
        SQL Authentication
        LDAP Authentication
    - ttlsauth.aut File
      - [Bootstrap] Section
      - [Server_Settings] Section
        Cipher_Suites Parameter
        Example 1
        Example 2
      - [Inner_Authentication] Section
      - [Request_Filters] Section
      - [Response_Filters] Section
      - [CRL_Checking] Section
      - [Session_Resumption] Section
      - Sample ttlsauth.aut File
  - Session State Register (SSR) Configuration Files
    - Configuring the config.ini File
    - Configuring the dbclusterndb.gen File
      - [Bootstrap] Section
      - [NDB] Section
        [Database] Section
      - [IpAddressPools] Section
      - [IpAddressPools:PoolName] Section
    - Using the georedSess.ses File to Configure the Geo-Redundancy Feature
  - Local CST Configuration Files
    - dbclusterRPC.gen File
    - cstserver.ini File
      - [Configuration] Section
      - [HA-Settings] Section
- Back-End Authentication and Accounting
  - SQL Plug-Ins
    - Common Configuration Items
      - [Bootstrap] Section
      - [Settings] Section
        Limitations of Underlying Database APIs
        SQL Parameter
        ErrorMap
        mssql.ini File
        [SoftErrors] Section
        mysql.ini File
        [SoftErrors] Section
        oracle.ini File
        [SoftErrors] Section
        LogLevel
      - [Server] Section
      - [Server/name] Sections
        Last Resort Server
      - Load Balancing Example
      - JDBC Plug-ins
    - SQL Authentication
      - [Settings] Section
        PasswordFormat
        ClearTextBinary
        DefaultResults
        SuccessResult
        UpperCaseName
      - [Results] Section
        Default [Results] Parameters
      - [FailedSuccessResultAttributes] Section
      - [Failure] Section
      - [Strip] Sections
      - Example: SQL Authentication Configuration File
    - SQL Accounting
    - SQL Accessors
    - Detailed Use Cases
      - Working with Stored Procedures
      - SQL Database Data Retrieval Methods
        SQL=SELECT Method for Data Retrieval from SQL Databases
        SQL=SELECT Method: SELECT Statement
        SQL=SELECT Method: [Results] Section
        SQL=SELECT Method: Section Correlations Illustrated
        Stored Procedure Method for Data Retrieval from SQL Databases
        Stored Procedure Method: BEGIN Statement of sqlaccessor.gen
        Stored Procedure Method: [Results] Section of sqlaccessor.gen
        Stored Procedure Method: Database Schema
        Stored Procedure Method: Data Retrieval
        Stored Procedure Method: Example
  - LDAP Plug-Ins
    - Overview
    - Common Configurations
    - LDAP Authentication
    - LDAP Accessor Files
  - CDR Accounting Plug-Ins
    - CDR Process Overview
    - Types of Call Detail Records
    - Configuring Accounting Options with cdracct.acc
      - [Bootstrap] Section of cdracct.acc
        Example
      - [Settings] Section of cdracct.acc
        Example
    - Displaying CDR Information
    - CDR Fields
    - CDR Field Formats for Binary and ASN.1 CDR Files
      - Field Formats for Binary Version 1 and Binary Version 2 CDR Files
- SIM Authentication Module
  - Common Configurations
    - ss7db.gen File
      - [Bootstrap] Section
      - [Settings] Section
    - gsmmap.gen File
      - [Bootstrap] Section
      - [Settings] Section
      - [Realms] Section
      - Configuring Each Realm Section
        Example
        Relationship Between Sections
      - Network Equipment and Data Needed for Processing Access-Requests
        Example: Authorization String
        Disabling Authorization from EAP-SIM
      - Target Module Section
        Target Module Fields (General Case)
        MAP Gateway Target Module Fields
        Example of MAP Gateway Target Module Fields
        SQL Database Target Module Fields
        Example of SQL Database Target Module
        LDAP Database Target Module Fields
        Example of LDAP Database Target Module
    - Signalware MML Commands
  - SIM/AKA Authentication
    - Overview
    - Configuring the simauth.aut File
    - Authentication Gateway
      - Configuring the ulcmmg.conf File
      - Configuring the GWrelay.conf File
      - Starting and Stopping the GWrelay Process
      - Configuring the authGateway.conf File
        [Routing-Configuration] Section
        Authorization Options
        Example 1—authGateway.conf file [Routing-Configuration] Section
        Example 2—authGateway.conf file [Routing-Configuration] Section
        [Supported-MAP-Messages] Section
        [Common-AGW-Configurations] Section
        [Process<name>] Section
        Example
      - Configuring the authGateway Startup with MML Commands
        Example—Creating and Starting the authGateway Process
- Optional Mobility Module Configuration Files
  - WiMAX Mobility Module Configuration File
    - wimax.ini File
- SNMP Configuration Files
  - SNMP Configuration Overview
  - SNMP Traps and Statistics Overview
- Appendixes
  - Authentication Protocols
  - Vendor-Specific Attributes
  - Configuration Examples
    - Steel-Belted Radius Carrier: 3G-to-Wi-Fi Offload Solution Using the SBR MAP Gateway with EAP-SIM or EAP-AKA
  - Detailed Use Cases
    - Using SQL Accessors
      - Configuring gsmmap.gen for Key Field Identification
        Examples
      - Configuring sqlaccessor.gen or sqlaccessor_jdbc.gen for Key Field Identification
        Examples
    - Using LDAP Accessors
      - Configuring ldapaccessor.gen for Key Field Identification
    - Assigning IP Addresses Based on APN
    - Adding Attributes to an Access-Accept
      - Overview
      - Data Flow
      - Configuration Tasks
      - Configuring Files for Adding Attributes to Access-Accept
      - Example Configuration for Adding Attributes to Access-Accept
        Example Overview
        Example Notes
        Access-Request
        SIMAuth
        Radsql.aut
        Eap.ini
        SQL Database Table 1
        Access-Accept
      - Activate the Authentication Method
    - Interfacing with a Kineto IP Network Controller
      - Attribute Handling Methods
      - Access-Request Conversion
      - Access-Accept Conversion
      - Access-Reject Conversion
      - Configuring the SIM Authentication Module for Handling Kineto Attributes
        Configuring the kinetoUMAAttrHandler.ctrl File
        Example kinetoUMAAttrHandler.ctrl file
        Configuring the controlpoints.ini File
        Configuring Kineto Attribute Recognition
        Activating the Authentication Method
        Developing Applications for the S1 Interface
    - Using Managed IPv6 Address Pools
  - SIR.conf File
  - Glossary
    - Numerics
    - A
    - B
    - C
    - D
    - E
    - F
    - G
    - H
    - I
    - J
    - L
    - M
    - N
    - O
    - P
    - Q
    - R
    - S
    - T
    - U
    - V
    - W

Download This Guide

Download this guide: Steel-Belted Radius Carrier 8.4.1 Reference Guide

SQL Authentication

This section describes the configuration file that controls SQL authentication in Steel-Belted Radius Carrier. The configuration file resides in the radiusdir directory.

The format of a configuration file is comparable to that of a Windows INI file: composed of several sections; section names are enclosed in brackets; each section may contain multiple parameter/value pairs.

Table 152: SQL Authentication Configuration File

File	Function
radsql.aut	Configures Oracle SQL authentication for Steel-Belted Radius Carrier.
radsqljdbc.aut	Configures JDBC SQL authentication for Steel-Belted Radius Carrier.

[Settings] Section

The [Settings] section of the SQL authentication configuration file defines parameters that control the database connection.

PasswordFormat

If set to 0, Steel-Belted Radius Carrier tries to determine password format automatically.
If set to 3, Steel-Belted Radius Carrier expects the password value encrypted with UNIXcrypt.

By default, the PasswordFormat parameter is in radsql.aut and radsqljdbc.aut.

ClearTextBinary

Specifies whether cleartext binary passwords are allowed. Setting this parameter to a non-zero value allows you to use cleartext binary passwords.

This parameter must be set to the length of the binary passwords in operation.

Note: In parameters that specify the SQL statement to be executed, cleartext binary passwords must be passed using binary compatible data types, for example, VARBINARY in the case of Oracle.

DefaultResults

If set to 0, no default values are assumed and the user must explicitly enter all result items (if you are not calling a stored procedure).
If set to 1, the default values for Results are used. This is the backward-compatibility setting and the setting if no value is specified in the file. In this case, each Result item must be explicitly specified.

SuccessResult

Specifies the string that is the expected result of a successful authentication, to be compared to the %result parameter.

If a value is specified for this field, it is used in the following manner upon execution of the SQL statement: if the value of %result is not equal to the value given for this field, the user is rejected. The test for textual equality is not case sensitive.

No such test, or rejection, is performed if no value is specified for this field.

This is a useful technique for coordinating with the custom functionality of stored procedures.

UpperCaseName

Specifies whether the user's login name is converted to uppercase characters before using it in the SQL statement execution.

0—Use the name exactly as received.
1—Convert the name to uppercase.

[Results] Section

The [Results] section (Table 153) of the SQL authentication configuration file maps the columns named in its SELECT query to the type of data that Steel-Belted Radius Carrier expects these columns to contain.

[Results]
Password=1/48
Profile=2/48

The following parameters (Table 153) may be present in a [Results] section. Each parameter represents a type of data required to authenticate an Access-Request, and if desired, apply authorization information as well.

Note: The Profile option and the Alias option cannot be used together. Read the following descriptions and choose the one that suits your needs.

Table 153: *.aut [Results] Syntax

Parameter	Function
%LoginLimit	Specifies the name of the variable identifying the Maximum Concurrent Connection limits.
%Password	The value returned from this column is understood to be the user's password. The value returned by the SQL query is then matched with the user's password received in the Access-Request. By default, Steel-Belted Radius Carrier expects the user's password to be stored in the SQL table in clear-text format. If you want to configure Steel-Belted Radius Carrier to expect that the password value is encrypted with UNIXcrypt, then set PasswordFormat to 3 in the [Settings] section of the SQL authentication configuration file.
%Profile	The value returned from this column is interpreted as the name of the profile to associate with the user. The value returned by the SQL query is matched with an existing Profile entry of the same name. If the value is prof1, and a Profile called prof1 exists in the Steel-Belted Radius Carrier database, any return list or check list attributes in prof1 are applied to the user's connection. If the value cannot be matched with an existing Profile in the Steel-Belted Radius Carrier database, the user is rejected due to “Insufficient Resources.”
%ProxyRealm	Specifies the realm to which the authentication must be proxied. If ProxyRealm is not set, Routed Proxy does not occur.
%ProxyUserName	Specifies the User-Name attribute, which must be sent in the proxy request. If ProxyUserName is not set, the User-Name from the original request packet is used. Note: Enter the value for %ProxyUserName in capital letters.
%Alias	Specifies the value returned from this column that is matched with an existing Steel-Belted Radius Carrier Native User entry of the same name. For example, if the value is max1, and a native user called max1 exists in the Steel-Belted Radius Carrier database, then any return list or check list attributes, as well as any concurrent connection limit configured for max1, are applied to the user's connection. If you want to apply concurrent connection limits to users who are being authenticated by means of SQL, you must set up a Native User entry with no password. Note: Use of %Alias is not recommended. Instead, use %Profile. The %LoginLimit value lets you implement the concurrent connection limits previously available through %Alias. Generally, even if a very large number of users resides in the SQL database, you need to add only one or two Native User entries to the Steel-Belted Radius Carrier database. The concurrent connection limit associated with a single Native User entry may be applied to any number of users in the SQL database. Often a Native User entry with a connection limit of 1, and a second Native User entry with a connection limit of 2, is sufficient for an entire SQL database. For example, analog users may be allowed a connection limit of 1, while ISDN users are allowed a connection limit of 2. Note: The Native User authentication method displayed in the Authentication Methods page does not need to be activated for the %Alias feature to work.
%FullName	The value returned from this column is interpreted as the full name of the user. This feature is often used to distinguish the user's full name from the actual User-Name sent in the Access-Request.
RADIUS attributes	Any RADIUS attribute (preceded by an @) can be returned from the database and mapped into the [Results] section. Use attribute names as they appear in the appropriate .dct or .jdict (subattributes) files.

Consider the following SELECT statement:

SELECT user_pwd, attribs, fullname FROM rasusers WHERE user_id = %name

where user_pwd, attribs, fullname, and user_id are the names of columns in the SQL table, and rasusers is the name of the SQL table itself. The [Results] section of this configuration file must map the SQL table columns user_pwd, attribs, and fullname to authentication or authorization data types, or both; for example.

[Results]
Password=1
Profile=2
FullName=3

Columns in the SQL query are identified in the [Results] section by number; 1 represents the first column in the SELECT query (from left to right), and if other columns are also referenced, 2 represents the second, and 3 the third.

Along with a number representing the column order, each entry in the [Results] section also specifies the storage format of the column in the SQL table, using the same slash (/), length, and type conventions as the SQL query.

Default [Results] Parameters

The DefaultResults flag in the [Settings] section of radsql.auth_ora.so specifies whether default values for Password, Profile, Alias, and FullName are automatically bound to the returned SQL data. The default radsql.auth_ora.so file sets it to 0.

With DefaultResults=0, the results list is no longer automatically bound, and only explicit columns in the [Results] section, or embedded Parameters to a stored procedure, are used. This is the recommended setting.

The DefaultResults=1 option remains only for backward-compatibility with old .aut files that rely on the default results behavior to ensure that the set of default columns are automatically bound.

[FailedSuccessResultAttributes] Section

The [FailedSuccessResultAttributes] section (Table 154) of the SQL authentication configuration file can be used to map any RADIUS attribute returned from the database. Attributes can be specified in two ways:

Attributes can be specified with a literal value enclosed in single quotes. Values must be enclosed with single quotes, even when they represent numeric values.
Attributes can be specified with a numeric value that corresponds to the ordering of values returned from the SQL select statement.

Precede attribute names with @ and enter them as they appear in the dictionary (.dct) files, or the subattribute dictionary (.jdict) files. Enclose attribute values (including integers and IP addresses) in single quotes. For example:

[FailedSuccessResultAttributes]
@Reply-Message = ‘Please re-enter your password.’
@Filter-Id = ‘3’

[Failure] Section

The [Failure] section of the SQL authentication configuration file can be used to determine the result of the authentication process (accept or reject) when connectivity to all of the configured SQL databases has failed. For example:

[Failure]
Accept = 1
Profile = XYZ
FullName = Unauthenticated!

Note: The Profile option and the Alias option cannot be used together. Read the following descriptions and choose the one that suits your needs.

Table 154: *.aut [Failure] Syntax

Parameter	Function
Accept	If set to 1, Steel-Belted Radius Carrier returns an Access-Accept packet with the Profile and any combination of the FullName and Alias attributes specified in the corresponding [Failure] section parameters. If set to 0, the user is rejected.
Profile	Specifies the name of a Steel-Belted Radius Carrier profile whose check list and return list attributes are applied to the user's connection.
FullName	By indicating a FullName, Steel-Belted Radius Carrier returns a value in the class attribute, allowing for all [Failure] connections to be accounted.

[Strip] Sections

The [Strip] sections (Table 155) of the SQL authentication configuration file (Table 155) allow User-Name stripping to occur. These sections enable Steel-Belted Radius Carrier to identify the username that the SQL database expects by stripping the incoming User-Name attribute value of realm names and other “decorations.”

You may or may not need to employ User-Name stripping for SQL authentication. Your need for this feature depends upon the naming conventions that you employ on your network and in your SQL database entries. The SBR Carrier usual name parsing features work independently of this feature.

The following [Strip] syntax is available to enable and configure User-Name stripping for SQL authentication:

[Strip]
Authentication=Yes

[StripPrefix]
String
String
.
.
.
[StripSuffix]
String
String
.
.
.

Table 155: *.aut [Strip] Syntax

Parameter	Function
Authentication	If set to No, prefix and suffix stripping is disabled for authentication. If set to Yes, prefix and suffix stripping is enabled for authentication packets. When an authentication packet comes into the Steel-Belted Radius Carrier server and a SQL authentication method is active, stripping of the incoming UserName attribute value occurs before SQL authentication: Prefixes listed in the [StripPrefix] section are stripped from the incoming UserName attribute value. Suffixes listed in [StripSuffix] are stripped. Any other name processing that is appropriate at this point (for example, tunnel or proxy name parsing) is performed. The fully stripped name is authenticated against the SQL database.
[StripPrefix]	Lists strings that are to be stripped from the beginning of the UserName value. The strings are listed in order of priority. A string that appears earlier in the list takes precedence over later strings. In the following example, if the incoming UserName is seattleUser201, the stripped name is User201. If the incoming UserName is seatac2000, the stripped name is tac2000: [StripPrefix] seattle sea
String	Each String that you provide in a [Strip] section may be a character string, or a regular expression according to the following rules: ? is a wildcard character. A dash (-) indicates a range of alphanumeric characters; brackets must enclose lists of characters or ranges. For example, [A-Za-z] means any letter and [0-9.,] means any number, including decimal points and commas. A backslash (\) followed by a non-alphanumeric character indicates that character literally, for example \’ indicates the question mark. \ is also used as an escape character: \a bell (7) \b backspace (8) \t tab (9) \n newline (10) \v vertical tab (11) \f formfeed (12) \r return (13) \xnn hex value, where nn are 2 hex digits \nnn decimal value, where nnn are 3 decimal digits
[StripSuffix]	Lists strings that are to be stripped from the end of the User-Name value. Conventions are the same as for [StripPrefix].

Example: SQL Authentication Configuration File

This section provides an example of an Oracle radsql.aut configuration file.

[Bootstrap]
Enable=0
LibraryName=radsql_auth_ora.so
InitializationString=SQL-ORACLE

[Settings]
Connect=dBusername/dBpassword
SQL=SELECT password, profile FROM userlist WHERE name = %name/40
ParameterMarker=?
MaxConcurrent=1
ConcurrentTimeout=30
WaitReconnect=2
MaxWaitReconnect=360
PasswordFormat = 0
DefaultResults = 0
;ShutdownTimeout=360
ErrorMap=oracle.ini
LogLevel=0

[Server]
s1=2
s2=2

[Server/s1]
Connect=db_admin1/db_password1

[Server/s2]
Connect=db_admin2/db_password2

[Results]
Password=1/48
Profile=2/48
Alias=2/48

[Failure]
Accept=0
Profile=xyz
FullName=Remote User