Hello Tariq -
On Sat, 05 Aug 2000, Mohammad Tariq wrote:
>
> I'm using radiator 2.14.1 with LDAP 4.11. I have some users who are
allowed two concurrent logins but the others are allowed only one login at a
time. The ones who are allowed to have two logins, I have put them in a file
named doubleusers (so they are in the file as well as in the LDAP). After using
the following ldap.cfg, all the users can login as many times as they want. Any
help will be highly appreciate.
> Also, I have some users who are only allowed to use the email accounts and
want have a zero logins for them( I have not implemented this in the ldap.cfg
below). Any hints on that will be gladly taken. > >
>
I would suggest you restructure your configuration file like this:
# Foreground
# LogStdout
LogDir /var/adm
LogFile %L/radius.log
DbDir /usr/local/etc
Trace 3
#
<Client DEFAULT>
Secret xxxxx
DupInterval 2
DefaultRealm xxxxxx
</Client>
<AuthBy SQL>
Identifier SQL_Accounting_Ony
DBSource dbi:mysql:database=xxxx;host=xxxxx
DBUsername radius
DBAuth xxxxx
Timeout 30
# don't identify, accounting only
AuthSelect
AccountingTable accounting
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef ACCTCHARGE,Acct-Charge
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port, integer
AcctColumnDef DNIS,Called-Station-Id
</AuthBy>
<AuthBy FILE>
Identifier Check_FILE
Filename %D/doublusers
DefaultSimultaneousUse 1
</AuthBy>
<AuthBy LDAP2>
Check_LDAP
# Tell Radiator how to talk to the LDAP server
Host ldap-lh.arabcircle.net.sa
Port 389
AuthDN uid=radius,ou=xxx,o=xxx
AuthPassword xxxxx
BaseDN o=arabcircle.net.sa
UsernameAttr uid
PasswordAttr userpassword
</AuthBy>
<Realm xxxxxx>
RewriteUsername tr/-.A-Za-z0-9_@//cd
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/[A-Z]/[a-z]/
PasswordLogFileName %L/radpwd.log
AuthByPolicy ContinueAlways
AuthBy SQL_Accounting_Only
AuthBy Check_FILE
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
DefaultReply Service-Type = Framed-User,\
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.128,\
Framed-IP-Address = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 600,\
Framed-Compression = Van-Jacobson-TCP-IP,\
Session-Timeout = 1200
</AuthBy>
#
# MaxSessions 2
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
</Realm>
This is what you should have in your file (user1, user2, etc. will be the
actual user names from your LDAP database):
# This is the list of users who are allowed more than one connection.
# All other users (DEFAULT) are allowed only one connection.
DEFAULT Auth-Type = Check_LDAP
user1 Simultaneous-Use = 2, Auth-Type = Check_LDAP
user2 Simultaneous-Use = 2, Auth-Type = Check_LDAP
user3 Simultaneous-Use = 2, Auth-Type = Check_LDAP
.....
If you have any questions, please ask.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
