Hello William -
You can do it either way - I just try to do as much as possible with the
configuration file rather than writing code.
cheers
Hugh
On Friday 27 April 2001 05:59, William Hernandez wrote:
> Interesting. Basically, you included the AuthBy SQL logic right
> into the hook.
>
> Did you decide on this solution because the AuthBy SQL clause in
> radius.cfg didn't work as expected?
>
> Thanks for your help,
> William
>
> -----Original Message-----
> From: ganbold [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, April 25, 2001 9:25 PM
> To: William Hernandez
> Cc: [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Important - How to do Block Time users
>
>
> Hi,
>
> I solved it in following way. Below is PostAuthHook script.
>
> # CheckBlockTimeLeft
> #
> # PostAuthHook to check time left for a block user
> # by verifying the Session-Timeout attribute
> #
>
> sub
> {
>
> my $p = ${$_[0]};
> my $rp = ${$_[1]};
> my $result = ${$_[2]};
>
> my $name = $p->get_attr('User-Name');
> my $timeoutxx = 0;
>
> use DBI;
>
> my ($dsn)="DBI:mysql:radius:localhost";
> my ($namex)="xxx";
> #my ($password11)="xxx";
> my ($dbh,$sth);
> my (@ary);
>
> $dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
>
> my ($sth)=$dbh->prepare (qq{
>
> SELECT USERNAME,TIMELEFT FROM SUBSCRIBERS
> WHERE USERNAME='$name'
> });
> $sth->execute();
>
> while(my $hash_ref=$sth->fetchrow_hashref())
> {
> print join ("\t",$hash_ref->{USERNAME},$hash_ref->{TIMELEFT}).
> "\n";
> $timeoutxx = $hash_ref->{TIMELEFT};
> }
> $sth->finish();
>
> $dbh->disconnect();
>
>
> if (($result == $main::ACCEPT) && ($timeoutxx <= 0))
> {
> &main::log($main::LOG_DEBUG, "User $name has no time
> left");
>
> if($timeoutxx<0){
> $dbh=DBI->connect($dsn,$namex,"xxx",{RaiseError=>1});
> my ($sth)=$dbh->prepare (qq{
>
> UPDATE SUBSCRIBERS SET TIMELEFT=0 WHERE USERNAME='$name'
> });
> $sth->execute();
> $sth->finish();
>
> $dbh->disconnect();
> }
>
> # ${$_[2]} = $main::REJECT;
> if($p->code eq 'Access-Request'){
> $rp->delete_attr('Filter-Id');
> $rp->delete_attr('Session-Timeout');
> $rp->delete_attr('Framed-Protocol');
> $rp->delete_attr('Service-Type');
> $rp->delete_attr('Framed-MTU');
> $rp->delete_attr('Framed-Compression');
> $rp->set_code('Access-Reject');
> $rp->change_attr('Reply-Message','Prepaid time limit
> reached!');
> $p->{Client}->replyTo($rp,$p);
> }
> if($p->code eq 'Accounting-Request'){
> $rp->set_code('Accounting-Response');
> $p->{Client}->replyTo($rp,$p);
> }
> }
> return;
> }
> #####################################################
>
> HTH,
>
> Ganbold Ts.
>
> ----- Original Message -----
> From: "William Hernandez" <[EMAIL PROTECTED]>
> To: "Radiator" <[EMAIL PROTECTED]>
> Sent: Wednesday, April 25, 2001 11:25 PM
> Subject: RE: (RADIATOR) Important - How to do Block Time users
>
> > Hello everyone,
> >
> > I'm trying to follow Hugh's tips, but I'm doing something
>
> wrong.
>
> > In my radius.cfg I have:
> >
> > <AuthBy SQL>
> > Identifier TimeBlock-SQL
> > DBSource *
> > DBUsername *
> > DBAuth *
> > AuthSelect select TIMEBLOCK from XSTOP where
> > USERNAME='%n'
> > AuthColumnDef 0, Time, check
> > </AuthBy>
> > <Realm DEFAULT>
> > AuthBy Check-FILE
> > AuthBy System
> > # This AuthBy will check the Time check-item
> > AuthBy TimeBlock-SQL
> > # This hook calculates the session-timeout
> > PostAuthHook file:"/etc/raddb/setSessionTimeout"
> > AcctLogFileName /var/log/radacct/detail
> > PasswordLogFileName /var/log/radius.log
> > ExcludeFromPasswordLog root
> > </Realm>
> >
> > In my PostAuthHook I have:
> > my $timeblock=$p->get_attr('Time');
> >
> > The problem is $timeblock is coming back an empty string. I
>
> can't
>
> > get the value to the PostAuthHook.
> > The "ERR: Invalid timeblock for user whr" in the radius.log
>
> comes
>
> > from the PostAuthHook.
> >
> > A Trace 4 radius.log shows:
> > Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> > *** Received from 208.249.78.6 port 4319 ....
> > Code: Access-Request
> > Identifier: 196
> > Authentic: 1234567890123456
> > Attributes:
> > User-Name = "whr"
> > Service-Type = Framed-User
> > NAS-IP-Address = 203.63.154.1
> > NAS-Port = 1234
> > NAS-Port-Type = Async
> > User-Password =
> > "<146><208><238><158><247><22><144><5><164><133><228><17
> > 4><1>H<30>x"
> >
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling request with Handler
> > 'Realm=DEFAULT'
> > Wed Apr 25 11:05:31 2001: DEBUG: Deleting session for whr,
> > 203.63.154.1, 1234
> > Wed Apr 25 11:05:31 2001: DEBUG: do query is: delete from
> > RADONLINE where NASIDE
> > NTIFIER='203.63.154.1' and NASPORT=01234
> >
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthFILE
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
>
> match
>
> > with whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE looks for
>
> match
>
> > with DEFAULT
> > Wed Apr 25 11:05:31 2001: DEBUG: Handling with Radius::AuthUNIX
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX looks for
>
> match
>
> > with whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Query is: select
>
> NASIDENTIFIER,
>
> > NASPORT, ACCTSE
> > SSIONID from RADONLINE where USERNAME='whr'
> >
> > Wed Apr 25 11:05:31 2001: Login OK: [whr] (home)
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthUNIX ACCEPT:
> > Wed Apr 25 11:05:31 2001: DEBUG: Radius::AuthFILE ACCEPT:
> > Wed Apr 25 11:05:31 2001: ERR: Invalid timeblock for user whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Access accepted for whr
> > Wed Apr 25 11:05:31 2001: DEBUG: Packet dump:
> > *** Sending to 208.249.78.6 port 4319 ....
> > Code: Access-Accept
> > Identifier: 196
> > Authentic: 1234567890123456
> > Attributes:
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Netmask = 255.255.255.255
> > Framed-Compression = Van-Jacobson-TCP-IP
> > Ascend-Idle-Limit = 900
> >
> >
> > Any help would be appreciated.
> > Thanks in advance,
> > William
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
