Hi guys, a clarification of my problems trying to set time limits.

I've been playing around with the AuthByPolicy attributes.

I've been trying to make it so I can auth by a unix password file, but
need the SQL accounting.  So, my radius.cfg file looks somewhat like this:

Basically, the disabled AuthSelect seems to return a REJECT, and not an
as I would expect.

So, pretty much all my login attempts get blocked at the AuthSelect (even
tho it is disabled).

I need it to  pass through the authselect to check my individual user
specifications in my users record.

If I change the AuthByPolicy to ContinueUntilIgnore,
it attempts to block access based on indivudual user settings, sees the
specific requirements,
but allows the connect even if they should be blocked because of my DEFAULT

Should a disabled AuthSelect return a reject?  doesn't seem like it should
to me... Thoughts?

The below information is placed into my logfiles when a user tries to

Mon Mar 15 08:12:43 1999: DEBUG: Handling request with Handler
Mon Mar 15 08:12:43 1999: DEBUG: Rewrote user name to Pshampton
Mon Mar 15 08:12:43 1999: DEBUG: Handling with Radius::AuthGROUP
Mon Mar 15 08:12:43 1999: DEBUG: Handling with Radius::AuthSQL
Mon Mar 15 08:12:43 1999: INFO: Access rejected for Pshampton:
Authentication disabled

And then authentication dies from there...


       RewriteFunction  sub { my($username) = shift; if
(substr($username,0,1) ne 'P') { $username ="InvalidU$
       <AuthBy GROUP>

        AuthByPolicy ContinueUntilReject

          <AuthBy SQL>
                DBSource  dbi:mysql:radius
                DBUsername  dbuser
                DBAuth dbpass
                # This disables SQL auth

                # This enables SQL accounting
                AccountingTable ACCOUNTING

                AcctColumnDef    USERNAME,User-Name
                AcctColumnDef    TIME_STAMP,Timestamp,integer
                AcctColumnDef    ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef    ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef    ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef    ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef    ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef    ACCTTERMINATECAUSE,Acct_Terminate-Cause
                AcctColumnDef    NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   FRAMEDIP,Framed-IP-Address

        <AuthBy FILE>
                # The filename defaults to %D/users

        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail

<Realm dummyrealmforholdingauthbyunix>
        <AuthBy UNIX>
                Identifier System
                Filename /etc/master.passwd

To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to