Sorry to jump in on this one, but are you possibly looking for the
"AuthByPolicy" keyword that is defined in a <Realm> or <Handler> clause?
See the Radiator Manual p. 35, 44-46.
However the default policy is to ContinueWhileIgnore which is (I believe)
what you'd want in this case. So you shouldn't have to use the
AuthByPolicy clause. And if the Radmin server is down it should be
ignored and not rejected. Therefore I would think that it's the default
policy as long as you define two different AuthBy clauses, one for Radmin
and one for the UNIX passwd file.
<AuthBy SQL>
#stuff in here
</AuthBy>
<AuthBy UNIX>
Filename /etc/passwd
</AuthBy>
Steve
p.s. if this is wrong, please don't flame me too hard! I've only been
using Radiator for two weeks. :)
------------------------------------------------------
Steve Suehring
Voyager.net Network Operations Systems Engineer
------------------------------------------------------
On Wed, 29 Dec 1999, Paul Black wrote:
> Hi Mike,
>
> I have spent most of my Christmas break working on Radmin/Radiator and making
> sure that my /etc/passwd file and Radmin MySQL database exactly mirror each
> other.
>
> I would like to be able to control customer access to my ISP via Radmin. I
> have added an extra field SERVICESTATE to the Radmin Database. When
> SERVICESTATE is set to SUSPENDED I want to prevent that customer from logging
> in. The behaviour I want to get from Radiator is as follows:
>
> If the MySQL Database is running then
> If Customer Login Id is NOT SUSPENDED then
> Authenticate customer for login
> Else if MySQL is not running/working
> Authenticate customer from the passwd file
>
> If the customer is set to suspended the AuthBy Radmin will fail and will drop
> through and authenticate from the password file.
>
> What do I need to do to not let the customer login if he is suspended, but
> still allow authentication from the passwd file is MySQL is not running?
>
> Regards. Paul
>
>
>
> My Radmin config is as follows:
>
> Trace 4
>
> DbDir /etc/raddb
> LogDir /var/log/radacct
> DictionaryFile /etc/raddb/dictionary
> RewriteUsername s/^.*\\|@.*$|^\s+|\s+$//g
>
> # This clause defines a single client to listen to
> # You will probably want to change localhost and mysecret
> # to suit your site.
> <Client dm1>
> Secret XXXX
> </Client>
> <Client pm1>
> Secret XXXX
> </Client>
>
> # This clause means we will handle any real that arrives
> <Realm DEFAULT>
> AuthByPolicy ContinueWhileReject
> <AuthBy RADMIN>
> # Change DBSource, DBUsername, DBAuth for your database
> # See the reference manual. You will also have to
> # change the one in <SessionDatabse SQL> below
> # so its the same
> DBSource dbi:mysql:radmin
> DBUsername XXXX
> DBAuth XXXX
>
> #
> # Set the Idle Timeout using the Radmin database
> #
> AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT,
> MAXLOGINS, MAXIDLETIME, FRAMED_FILTER_ID, FRAMED_NETMASK from RADUSERS where
> USERNAME='%n' and SERVICESTATE != 'SUSPENDED'
> AuthColumnDef 0,Idle-Timeout,reply
> AuthColumnDef 1,Filter-Id,reply
> AuthColumnDef 2,Framed-IP-Netmask,reply
>
> # You can add to or change these if you want, but you
> # will probably want to change the databse schema first
> AccountingTable RADUSAGE
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef DNIS,Called-Station-Id
>
> #
> # This updates the time and octets left for this user
> #
> AcctSQLStatement update RADUSERS set
> TIMELEFT=TIMELEFT-0%{Acct-Session-Time},
> OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets},
> OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'
> #
> # #
> # # These are the classic things to add to each users
> # # reply to allow a PPP dialup session. It may be
> # # different for your NAS. This will add some
> # # reply items to everyone's reply
> # #
> #
> AddToReply Framed-Protocol = PPP,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> Acc-Callback-CBCP-Type = CBCP-None,\
> Framed-Compression = Van-Jacobson-TCP-IP
> </AuthBy>
>
> <AuthBy FILE>
> Filename /etc/raddb/users
> </AuthBy>
>
> # Log accounting to the detail file in LogDir
> AcctLogFileName /var/log/radacct/dm1/detail
> </Realm>
>
> <SessionDatabase SQL>
> # This database spec usually should be exactly the same
> # as in <AuthBy RADMIN> above
> DBSource dbi:mysql:radmin
> DBUsername XXXX
> DBAuth XXXX
>
> </SessionDatabase>
>
>
> # This clause defines an authorisation method that will be used
> # by any users in the database with Auth-Type="System". It will
> # match the "Identifier System"
> <AuthBy UNIX>
> Identifier System
> Filename /etc/shadow
> </AuthBy>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
