Hello John -
On Mon, 01 Nov 1999, John Vorstermans wrote:
> >if they try to authenticate with TimLeft less than 0, I would expect to see
> >thme rejected with a DEBUG message like:
> >
> >User $name has no more time left
> >
> >Is that what you are seeing?
>
> No, sadly not. :-(
>
> They get logged off when timeleft goes below the Zero minutes but then they
> can login again.
>
> Here is the logfile at Trace 4.
>
> Mon Nov 1 14:39:13 1999: DEBUG: Packet dump:
> *** Received from 203.96.58.18 port 32812 ....
> Code: Access-Request
> Identifier: 194
> Authentic: <3>\8<213>b<2><188><186><246><29><168>9<206><229>3<128>
> Attributes:
> User-Name = "jjcv2"
> CHAP-Password = "<1>t<197>j<144><<253><194><127>Fv`<147><145><30>PK"
> NAS-IP-Address = 203.96.58.17
> NAS-Port = 2095
> NAS-Port-Type = Async
> State = ""
> Called-Station-Id = "78686"
> Acct-Session-Id = "298128151"
> Ascend-Data-Rate = 28800
> Ascend-Xmit-Rate = 45333
>
> Mon Nov 1 14:39:13 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
> Mon Nov 1 14:39:13 1999: DEBUG: Deleting session for jjcv2, 203.96.58.17,
> 2095
> Mon Nov 1 14:39:13 1999: DEBUG: do query is: delete from RADONLINE where
> NASIDENTIFIER='203.96.58.17' and NASPORT=2095
>
> Mon Nov 1 14:39:13 1999: DEBUG: Handling with Radius::AuthEMERALD
> Mon Nov 1 14:39:13 1999: DEBUG: Handling with Radius::AuthEMERALD
> Mon Nov 1 14:39:13 1999: DEBUG: Query is: select DateAdd(Day,
> ma.extension, maExpireDate),
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
> from masteraccounts ma, subaccounts sa
> where (sa.login = 'jjcv2' or sa.shell = 'jjcv2')
> and ma.customerid = sa.customerid
> and sa.active <> 0 and ma.active <> 0
>
> Mon Nov 1 14:39:13 1999: DEBUG: Select results: Dec 31 1999 12:00AM, Dec
> 31 1999 12:00AM, 7714, PPP, xxxxxx, jjcv2, , -20, 1
> Mon Nov 1 14:39:13 1999: DEBUG: User jjcv2 has no more time left
Here is where the user is found to have no more time left.
> Mon Nov 1 14:39:13 1999: DEBUG: Radius::AuthEMERALD looks for match with jjcv2
> Mon Nov 1 14:39:13 1999: DEBUG: Query is: select DateAdd(Day,
> ma.extension, maExpireDate),
> DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
> sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
> from masteraccounts ma, subaccounts sa
> where (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> and ma.customerid = sa.customerid
> and sa.active <> 0 and ma.active <> 0
>
Radiator then goes on to check for a DEFAULT user.
> Mon Nov 1 14:39:13 1999: DEBUG: Handling with Radius::AuthFILE
> Mon Nov 1 14:39:13 1999: DEBUG: Radius::AuthFILE looks for match with jjcv2
> Mon Nov 1 14:39:13 1999: DEBUG: Radius::AuthFILE ACCEPT:
> Mon Nov 1 14:39:13 1999: DEBUG: Access accepted for jjcv2
And then you have a following AuthBy FILE that accepts jjcv2.
So I think that Emerald is doing the right thing, but your configuration file
isn't.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
