Hello Aaron,
Thanks for this interesting problem.
The problem is that if SQL fails to authenticate a user, it will try to
authenticate for DEFAULT, DEFAULT1, DEFAULT2 etc until one of them fails to
return any rows. (you can alter this behaviour with NoDefaultIfFound)
IN your example, you have a hardwired AuthSelect statement in your second Auth
SQL. It is alwys finding a user, albeit with a bad password.
If you change your AuthSelect in your second SQL clause to depend on %n, I
think you will find that it will work.
BTW, in your example, the AuthBy GROUP is completely unnecessary. You cold have
it like this:
<Realm>
AuthByPolicy ...
<AuthBy>
...
</AuthBy>
<AuthBy>
...
</AuthBy>
</Realm>
Hope that helps.
Cheers.
On Jul 19, 12:40pm, Aaron Miles wrote:
> Subject: (RADIATOR) Looping problem
> Howdy People,
> Heres my problem. We use a Virtual ISP program, in
> which case I cannot and do not have access to any NAS's or Check / Reply
> items :-(. I need two auth by sections in my config as for two different
> types of users. One being paying users who can go over their alloted time
> (as we bill them for it) and one group who get 10 hours for free, but I wish
> to restrict them to 10 hours (which is done through a usage table). The
> problem is that I cannot get Radiator to process both Auth-By clauses, then
> quit, it likes to loop over and over, hence hanging the box :(. Any
> thoughts would be appreciated. I am going to try and combine the AuthSelect
> statements into one, now and see how that goes, but I'd much rather do it
> this way. My configs and logfile are shown below.
>
> CONFIG:
> Foreground
> LogStdout
> LogDir .
> DbDir .
> Trace 4
>
> <Client DEFAULT>
> Secret secret
> </Client>
>
> <Realm impactcreativity.com.au>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileReject
>
> <AuthBy SQL>
> DBSource dbi:ODBC:abill
> DBUsername username
> DBAuth password
> AuthSelect select password from userbase where userbase.username = '%n'
> AccountingTable usage
> AccountingStopsOnly
> AcctColumnDef date,Timestamp,formatted-date,'%Y/%m/%e %H:%M:%S'
> AcctColumnDef username,User-Name
> AcctColumnDef octetsin,Acct-Input-Octets,integer
> AcctColumnDef octetsout,Acct-Output-Octets,integer
> AcctColumnDef sessiontime,Acct-Session-Time,integer
> </AuthBy>
>
> <AuthBy SQL>
> DBSource dbi:ODBC:abill
> DBUsername username
> DBAuth password
> AuthSelect select password from skillsnet where skillsnet.username = 'joe'
> and ((select sum(usage.sessiontime/3600) from usage where username = 'joe')
> <= skillsnet.hours)
> </AuthBy>
> </AuthBy>
> </Realm>
>
> LOGFILE:
> Mon Jul 19 12:34:28 1999: INFO: Server started
> Mon Jul 19 12:34:34 1999: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 4483 ....
> Code: Access-Request
> Identifier: 19
> Authentic: 1234567890123456
> Attributes:
> User-Name = "[EMAIL PROTECTED]"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> User-Password =
> "YW<228><197><158>7<0><127><215><228><202><135>z<170><147><185>"
>
> Mon Jul 19 12:34:34 1999: DEBUG: Handling request with Handler
> 'Realm=impactcreativity.com.au'
> Mon Jul 19 12:34:34 1999: DEBUG: Rewrote user name to john
> Mon Jul 19 12:34:34 1999: DEBUG: Deleting session for
> [EMAIL PROTECTED], 203.63.154.1, 1234
> Mon Jul 19 12:34:34 1999: DEBUG: Handling with Radius::AuthGROUP
> Mon Jul 19 12:34:34 1999: DEBUG: Handling with Radius::AuthSQL
> Mon Jul 19 12:34:34 1999: DEBUG: Handling with Radius::AuthSQL
> Mon Jul 19 12:34:34 1999: DEBUG: Query is: select password from userbase
> where userbase.username = 'john'
>
> Mon Jul 19 12:34:34 1999: DEBUG: Radius::AuthSQL looks for match with john
> Mon Jul 19 12:34:34 1999: DEBUG: Query is: select password from userbase
> where userbase.username = 'DEFAULT'
>
> Mon Jul 19 12:34:34 1999: DEBUG: Handling with Radius::AuthSQL
> Mon Jul 19 12:34:34 1999: DEBUG: Handling with Radius::AuthSQL
> Mon Jul 19 12:34:34 1999: DEBUG: Query is: select password from skillsnet
> where skillsnet.username = 'joe' and ((select sum(usage.sessiontime/3600)
> from usage where username = 'joe') <= skillsnet.hours)
>
> Mon Jul 19 12:34:34 1999: DEBUG: Radius::AuthSQL looks for match with john
> Mon Jul 19 12:34:34 1999: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Mon Jul 19 12:34:34 1999: DEBUG: Query is: select password from skillsnet
> where skillsnet.username = 'joe' and ((select sum(usage.sessiontime/3600)
> from usage where username = 'joe') <= skillsnet.hours)
>
> Mon Jul 19 12:34:34 1999: DEBUG: Radius::AuthSQL looks for match with
> DEFAULT
> Mon Jul 19 12:34:34 1999: DEBUG: Radius::AuthSQL REJECT: Bad Password
> Mon Jul 19 12:34:34 1999: DEBUG: Query is: select password from skillsnet
> where skillsnet.username = 'joe' and ((select sum(usage.sessiontime/3600)
> from usage where username = 'joe') <= skillsnet.hours)
>
>
>
> -- Aaron Miles ([EMAIL PROTECTED])
> -- System Administrator - Impact Creativity Centre.
> -- HAVE: 1988 BMW 325i Executive.
> -- NEED: 321Bhp E36 M3 / E39 M5 - whatever comes first :-)
>
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Aaron Miles
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
