... well, after much testing I've deemed that radiator startup time is too
slow for a large password or shadow file.    Stepping back it may be a
better scheme to auth out of an sql database - so I've reset my configs to
auth and things appear to be just about OK (and the more I think about our
situation, the more I like using the db for authing).  Anyways, one
"problem" with my configs.  I'm attempting to apply the same
check-attributes to everyone except a few. So I've done the following in
my radius.cfg:


<Realm DEFAULT>
        AuthByPolicy ContinueWhileAccept
        <AuthBy SQL>
                DBSource dbi:Pg:dbname=xxxxx
                DBUsername xxxx
                DBAuth xxxx
                AuthSelect select ENCRYPTEDPASSWORD from SUBSCRIBERS where
                                                                USERNAME = '%n'
                EncryptedPassword
                DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
        </AuthBy>
        <AuthBy FILE>
                Filename /etc/raddb/users
        </AuthBy>
        AcctLogFileName %L/%C/detail
</Realm>


That works.  However, I'm trying to set a per-user Simultaneous-Use check
in my users file:

aholtz  Simultaneous-Use = 1
        Framed-Protocol = PPP,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = None,
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT Simultaneous-Use = 3
        Framed-Protocol = PPP,
        Framed-IP-Netmask = 255.255.255.0,
        Framed-Routing = None,
        Framed-MTU = 1500,
        Framed-Compression = Van-Jacobson-TCP-IP


What I'm getting in my logfile is the following:


Tue Feb 23 16:34:19 1999: DEBUG: Checking if user is still online:
                        unknown, aholtz,xxxxxx, 1231, 00001234
Tue Feb 23 16:34:19 1999: DEBUG: Radius::AuthFILE REJECT: Simultaneous-Use
                                of 1 exceeded
Tue Feb 23 16:34:19 1999: DEBUG: Radius::AuthFILE looks for match with
                                DEFAULT
Tue Feb 23 16:34:19 1999: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
                        ACCTSESSIONID from RADONLINE where USERNAME='aholtz'

Tue Feb 23 16:34:19 1999: DEBUG: Radius::AuthFILE ACCEPT: 
Tue Feb 23 16:34:19 1999: DEBUG: Access accepted for aholtz
Tue Feb 23 16:34:19 1999: DEBUG: Packet dump:


I see what is happening but I'm unsure how to rearrange things to work
correctly (tried putting aholtz after DEFAULT with no luck either.)  I'm
not sure if the problem is with the .cfg file or the users file.  It does
follow the DEFAULT of limiting usage to 3 connects in testing, so I know
that part is working.  

One other question - now that I'm using a db, is there a way to setup a
user profile (in the users file) to check other items in my db?
Going back to my age old example, I'd like to have a DEFAULT user profile
that would apply to anyone with a specific number in a field of my db.
I could update the query in radius.cfg to get it out, I'm just unsure how
to tell radiator that you need to check against that value and what to do
if you make a match.


--------------------------------------------------------------------------
Aaron Holtz
ComNet Inc.
Manager, Unix Systems Administration
Email:  [EMAIL PROTECTED]
"It's not broken, it just lacks duct tape."
--------------------------------------------------------------------------




===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to