Hello Elisangela,
Hugh is on leave right now, so I will try to help you:
I gather that you have the same user names in userz as in userw? and that
although Radiator correctly rejects from userz due to time restrictions, it
continues on and finds the user in userw, or one of the later ones and lets
them in?
Perhaps you can try something like this. I have written it in a kind of
shrothand so you can see whats going on. You will have to transcribe it. Note
that it has two nested <AuthBy GROUP> clauses
<Realm>
AuthByPolicy ContinueAlways
<AuthBy SQL>
#.....
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy FILE>
Filename userw
</AuthBy>
<AuthBy GROUP>
# USer can be in any of these files
ContinueUntilAccept
<AuthBy FILE>
Filename userx
</AuthBy>
</AuthBy>
<AuthBy FILE>
Filename userz
<AuthBy>
</AuthBy>
</AuthBy>
</Realm>
Hope that helps.
Cheers.
On Dec 23, 9:51am, Malbanet ISP wrote:
> Subject: Re: Re: (RADIATOR) Restricting Access by Time
> Hi Hugh
>
> Well OK, I noticed there was a lack of info on my e-mail, here goes
> some new stuff.
> Cool, here we go ...
>
> In my config file I receive authentication \ accounting request and
> info from 4 different NAS servers. We have 4 types of authentication
> cause were are and ISP and we give our users different access methods
> some can only have 1 simultaneous connection, some can have 2 and some
> 5, I even have some users that only want to access the internet on
> working hours and that's not working (before all of that radiator logs
> some info to an DataBase that my users use for getting accounting
> info). I have checked the log files and what happens is that radiator
> checks that the user can't connect at that time but goes on trying
> other authentications giving him access and that's why I talked about
> the AuthByPolicy. Bellow comented are what each "AythBy File" must do:
>
> ############## config.cfg ################
>
> Foreground
> LogStdout
> Trace 4
> LogDir c:\radiator\malbanet\log
> LogFile %L\%Y%m%d.log
> DbDir c:\radiator
> DictionaryFile %D\dictionary.nt
>
> <Client localhost>
> Secret mysecret
> </Client>
> <Client x.z.y.w>
> Secret mysecret
> </Client>
> <Client x.z.y.w>
> Secret mysecret
> </Client>
> <Client x.z.y.w>
> Secret mysecret
> </Client>
>
> <Realm DEFAULT>
> RewriteUsername tr/[A-Z]/[a-z]/
> # !! Is this correct, should he continue trying until
> # the user is Accepted.
> AuthByPolicy ContinueUntilAccept
>
> <AuthBy SQL>
> AuthSelect
> DBSource dbi:ODBC:myodbc
> AccountingTable mytable
> AcctColumnDef SessionID,Acct-Session-Id
> AcctColumnDef StatusType,Acct-Status-Type
> AcctColumnDef UserName,User-Name
> AcctColumnDef SessionTime,Acct-Session-Time,integer
> AcctColumnDef InPackets,Acct-Input-Packets
> AcctColumnDef OutPackets,Acct-Output-Packets
> AcctColumnDef FoneID,Calling-Station-Id
> AcctColumnDef IpAddress,Framed-IP-Address
> AcctColumnDef TIME_STAMP,Timestamp,formatted-date,('%e %m %Y %
> H:%M:%S')
> </AuthBy>
>
> <AuthBy FILE>
> # File that contains time limitations
> DefaultSimultaneousUse 1
> Filename %D/userz
> </AuthBy>
>
> <AuthBy FILE>
> # File that contains the users that can have 2 simultaneous
> # connections
> DefaultSimultaneousUse 2
> Filename %D/userw
> </AuthBy>
>
> <AuthBy FILE>
> # File that contains the users that can have 5 simultaneous
> # connections
> DefaultSimultaneousUse 5
> Filename %D/userx
> </AuthBy>
>
> <AuthBy FILE>
> # File that sends users authentication request to hit against
> # AuthBy NT bellow
> DefaultSimultaneousUse 1
> Filename %D/usery
> </AuthBy>
>
> # 1 Log accounting to the detail file in LogDir
> AcctLogFileName %L\%Y%m.act
>
> # 2 Log accounting to the detail file in LogDir
> AcctLogFileName %L\%Y%m%d.act
>
> </Realm>
>
> <AuthBy NT>
> DefaultSimultaneousUse 1
> Identifier nt
> </AuthBy>
>
>
> #####################################3
>
> If there is something else I can send you to help
> you better understand my problem let me know.
>
> Best Regards
> Elisangela
>
>
> -----Original Message-----
> From: Hugh Irvine <[EMAIL PROTECTED]>
> Date: Thu, 23 Dec 1999 12:32:29 +1100
> Subject: Re: (RADIATOR) Restricting Access by Time
>
> >
> > Hello Elisangela -
> >
> > On Wed, 22 Dec 1999, Malbanet ISP wrote:
> > > Hello Hugh,
> > >
> > > Can I use more than one AuthByPolicy parameter in the same Realm?
> >
> > No. Only one AuthByPolicy is supported.
> >
> > > Because I tried what you asked me to in your reply to my message
> > and it
> > > didn�t work.
> >
> > What exactly didn't work? What configuration were you using and what
> > did a
> > trace 4 debug show happening?
> >
> > > Bellow follows a copy of my radiator config file I think it will
> > help
> > > you better understand what I�m trying to do.
> > >
> >
> > The configuration file shows that you will step through a number of
> > AuthBy FILE
> > clauses for authentication, each one of which has a different
> > DefaultSimultaneousUse. This will work if it matches your
> > requirements.
> >
> > Perhaps you could explain your requirements in more detail so I can
> > help you
> > find the best solution.
> >
> > regards
> >
> > Hugh
> >
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> > NT, Rhapsody
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Malbanet ISP
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
�
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
