Hello David -
On Thu, 22 Jun 2000, David Rigby wrote:
> Hi Hugh
>
> Cheers. I'm trying to do essentially three type of authentication. If the user
> matches any of them, let them in
>
> 1. Check the Called-Station-ID, and the time of day/dat of week. If that alone
> matches an entry, then Accept the user (no username /password verification).
>
> 2. Standard Username / password authentication, but also check that the Called
> Number is correct. Ig matches an entry, then let the user in.
>
> 3. Dynamic IP Address alllocation. Do a check _similar_ to the prevois one, but
> from a different table. If a match is found, then accept, and allocate an IP from
> Radiator. (the other two authentication types leave the IP address allocatipon to
> the NAS).
>
> It all seems to work Ok apart from teh Dynamid IP allocation.
>
As mentioned previously, it is because your Accounting is not being handled
properly - the first AuthBy is catching all the accounting data. Not what you
want I suspect.
I would do something like this:
# define number 1. as above
<AuthBy SQL>
Identifier CheckNumberTimeDay
.....
AddToReply Class = CheckNumberTimeDay
</AuthBy>
# define number 2. as above
<AuthBy SQL>
Identifier CheckNameNumber
.....
AddToReply Class = CheckNameNumber
</AuthBy>
# define number 3. as above
<AuthBy SQL>
Identifier CheckName
.....
</AuthBy>
# define IP address allocation from Radiator
<AuthBy DYNADDRESS>
Identifier AllocateIPAddress
.....
</AuthBy>
# define Group for IP address from Radiator
<AuthBy GROUP>
Identifier IPAddressFromRadiator
AuthByPolicy ContinueAlways
AuthBy CheckName
AuthBy AllocateIPAddress
AddToReply Class = IPAddressFromRadiator
</AuthBy>
# define Handler for number 1. accounting
<Handler Request-Type = Accounting-Request, Class = CheckNumberTimeDay>
AuthBy CheckNumberTimeDay
</Handler>
# define Handler for number 2. accounting
<Handler Request-Type = Accounting-Request, Class = CheckNameNumber>
AuthBy CheckNameNumber
</Handler>
# define Handler for accounting for IPAddressFromRadiator
<Handler Request-Type = Accounting-Request, Class = IPAddressFromRadiator>
AuthBy IPAddressFromRadiator
</Handler>
# define Handler for Authentication
<Handler>
AuthByPolicy ContinueUntilAccept
AuthBy CheckNumberTimeDay
AuthBy CheckNameNumber
AuthBy IPAddressFromRadiator
</Handler>
As you can see from the above, Accounting is handled correctly and the data is
posted to the correct database table. The IP addresses will also be handled
correctly when sessions terminate.
If you have any questions please ask.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
