Hello,
With the flexibility of radiator, I wanted to know if you
suggested a method of implementing different session characteristics for
different unix group members. I know we have to use 'check items' but I
am unsure of how to insert them in the cfg file.
For example, we would like to use the 'maxsessions 1' for the
'nodup' unix group, while everyone else coming in should be set to
'maxsessions 5'. I am hoping to implement this in the radius.cfg file
using something like a <Handler> tag. I am just unsure as to where this
info should go in the the actual file.
I have attached part of my current (rudimentary) radius.cfg file.
The way we are setup is to have all accounting go to mySQL and
authentication first goes off of a UNIX master.passwd file and then to a
users file. Ipass will be a future consideration.
Thanks for your help.
Oliver Stockhammer
Systems
Internet Channel
LogStdout
PidFile /var/log/radius/radiator.pid
LogDir /var/log/radius
DbDir /usr/local/etc/radiusDB
#SnmpgetProg /usr/bin/snmpget
# This clause defines a single client to listen to
<Client ancillary.inch.com>
Secret XXXXXXXX
NasType TotalControl
</Client>
# This is on of the USR racks at oldslip for accting only.
<Client 207.240.212.131>
Secret XXXXXXXX
NasType TotalControl
</Client>
<Client 207.240.142.3>
Secret XXXXXXXX
NasType TotalControl
</Client>
<Client 207.240.142.5>
Secret XXXXXXXX
NasType TotalControl
</Client>
<Client 207.240.142.7>
Secret XXXXXXXX
NasType TotalControl
</Client>
<Client 207.240.142.9>
Secret XXXXXXXX
NasType TotalControl
</Client>
<Client 207.240.142.11>
Secret XXXXXXXX
NasType TotalControl
</Client>
<Client 207.240.140.6>
Secret XXXXXXXX
IgnoreAcctSignature
NasType TotalControl
</Client>
# For testing: this allows us to honour requests from radpwtst
# on the same host.
<Client localhost>
Secret mysecret
DupInterval 0
</Client>
<Realm DEFAULT>
RewriteUsername s/^([^@]+).*/$1/
AcctLogFileName %L/detail
AuthByPolicy ContinueUntilAccept
<AuthBy SQL>
DBSource dbi:mysql:Radiator
DBUsername root
DBAuth XXXXXXXX
# an empty AuthSelect turns off auth
AuthSelect
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef CLIENT_ID,Client-Id
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACTUAL_TIME,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NAS_IDENTIFIER,Client-Id
AcctColumnDef NAS_IP_ADDRESS,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef NAS_PORT_TYPE,NAS-Port-Type
AcctColumnDef ACCTAUTHENTIC,Acct-Authentic
AcctColumnDef SERVICE_TYPE,Service-Type
AcctColumnDef USR_MODEM_TIME,USR-Modem-Training-Time,integer
AcctColumnDef USR_INTERFACE,USR-Interface-Index,integer
AcctColumnDef USR_CHASSIS_SLOT,Chassis-Call-Slot,integer
AcctColumnDef USR_CHASSIS_SPAN,Chassis-Call-Span,integer
AcctColumnDef USR_CHASSIS_CHANNEL,Chassis-Call-Channel,integer
AcctColumnDef USR_UNAUTH_TIME,Unauthenticated-Time,integer
AcctColumnDef CALLING_STATION_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION_ID,Called-Station-Id
AcctColumnDef USR_MODULATION_TYPE,Modulation-Type
AcctColumnDef USR_SMNP_LEVELS,Simplified-MNP-Levels
AcctColumnDef USR_SimplifiedV42BIS_USAGE,Simplified-V42bis-Usage
AcctColumnDef USR_CONNECT_SPEED,Connect-Speed
AcctColumnDef FRAMED_PROTOCOL,Framed-Protocol
AcctColumnDef FRAMED_IP_ADDRESS,Framed-IP-Address
AcctColumnDef USR_MP_MRRU,MP-MRRU,integer
AcctColumnDef ACCTLINKCOUNT,Acct-Link-Count,integer
AcctColumnDef ACCTMULTISESSION_ID,Acct-Multi-Session-Id
</AuthBy>
<AuthBy UNIX>
Identifier System
Filename /usr/local/etc/radiusDB/master.passwd
Match ^([^:]*):([^:]*)
GroupFilename /usr/local/etc/radiusDB/group
</AuthBy UNIX>
<AuthBy FILE>
# The filename defaults to %D/users
Filename %D/users
</AuthBy>
<AuthBy FILE>
Filename %D/users1
</AuthBy>
# <AuthBy IPASS>
# Debug
# Config /usr/local/ipass/ipass.cfg
# Trace /var/log/radius/iprd.trace
# Home /usr/local/ipass
# </AuthBy>
</Realm>
<SessionDatabase SQL>
DBSource dbi:mysql:Radiator
DBUsername root
DBAuth XXXXXXXX
AddQuery insert into RADONLINE (USERNAME, NAS_IDENTIFIER, NAS_PORT,
ACCTSESSIONID, TIME_STAMP, FRAMED_IP_ADDRESS, NAS_PORT_TYPE, SERVICE_TYPE) values
('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', %{Timestamp}, '%{Framed-IP-Address}',
'%{NAS-Port-Type}', '%{Service-Type}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and
NAS_IDENTIFIER='%N' and NAS_PORT=%{NAS-Port}
ClearNasQuery delete from RADONLINE where NAS_IDENTIFIER='%N'
CountQuery select NAS_IDENTIFIER, NAS_PORT, ACCTSESSIONID from
RADONLINE where USERNAME='%n'
</SessionDatabase>
<Log SQL>
DBSource dbi:mysql:Radiator
DBUsername root
DBAuth XXXXXXXX
Trace 3
</Log>
