Hi Mike,
I have spent most of my Christmas break working on Radmin/Radiator and making
sure that my /etc/passwd file and Radmin MySQL database exactly mirror each
other.
I would like to be able to control customer access to my ISP via Radmin. I
have added an extra field SERVICESTATE to the Radmin Database. When
SERVICESTATE is set to SUSPENDED I want to prevent that customer from logging
in. The behaviour I want to get from Radiator is as follows:
If the MySQL Database is running then
If Customer Login Id is NOT SUSPENDED then
Authenticate customer for login
Else if MySQL is not running/working
Authenticate customer from the passwd file
If the customer is set to suspended the AuthBy Radmin will fail and will drop
through and authenticate from the password file.
What do I need to do to not let the customer login if he is suspended, but
still allow authentication from the passwd file is MySQL is not running?
Regards. Paul
My Radmin config is as follows:
Trace 4
DbDir /etc/raddb
LogDir /var/log/radacct
DictionaryFile /etc/raddb/dictionary
RewriteUsername s/^.*\\|@.*$|^\s+|\s+$//g
# This clause defines a single client to listen to
# You will probably want to change localhost and mysecret
# to suit your site.
<Client dm1>
Secret XXXX
</Client>
<Client pm1>
Secret XXXX
</Client>
# This clause means we will handle any real that arrives
<Realm DEFAULT>
AuthByPolicy ContinueWhileReject
<AuthBy RADMIN>
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in <SessionDatabse SQL> below
# so its the same
DBSource dbi:mysql:radmin
DBUsername XXXX
DBAuth XXXX
#
# Set the Idle Timeout using the Radmin database
#
AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT,
MAXLOGINS, MAXIDLETIME, FRAMED_FILTER_ID, FRAMED_NETMASK from RADUSERS where
USERNAME='%n' and SERVICESTATE != 'SUSPENDED'
AuthColumnDef 0,Idle-Timeout,reply
AuthColumnDef 1,Filter-Id,reply
AuthColumnDef 2,Framed-IP-Netmask,reply
# You can add to or change these if you want, but you
# will probably want to change the databse schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
#
# This updates the time and octets left for this user
#
AcctSQLStatement update RADUSERS set
TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
#
# #
# # These are the classic things to add to each users
# # reply to allow a PPP dialup session. It may be
# # different for your NAS. This will add some
# # reply items to everyone's reply
# #
#
AddToReply Framed-Protocol = PPP,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Acc-Callback-CBCP-Type = CBCP-None,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
<AuthBy FILE>
Filename /etc/raddb/users
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName /var/log/radacct/dm1/detail
</Realm>
<SessionDatabase SQL>
# This database spec usually should be exactly the same
# as in <AuthBy RADMIN> above
DBSource dbi:mysql:radmin
DBUsername XXXX
DBAuth XXXX
</SessionDatabase>
# This clause defines an authorisation method that will be used
# by any users in the database with Auth-Type="System". It will
# match the "Identifier System"
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
</AuthBy>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
