Hello Darwin -
At 11:09 +0800 01/11/29, Darwin A. Bawasanta wrote: >hi Hugh/Mike, i hope you guys are doing well. > >i'd like to get your opinion as to whether this config will serve me right >and at the same to solicit other neat ways of implementing my requirements. OK. >we recieve every now and then duplicate STOP packets from our various NAS, >however, in this particular case, we deduct the session-timeout values >against the "value" (in our table) but we are seeing double or multiple >deductions from the same SESSION-IDs. Understood. >so i'm thinking of adding sort of a flag that tells RADIATOR when to deduct >and otherwise. i'd like to clarrify some things. Fine. >1. what should be the proper AuthByPolicy to use here? making sure that >everybody gets authenticated and all accounting packets get processed. >2. are the sequence of my cascading AuthBys correct? or do i have to >transfer the AuthPolicy after the StopAcctng? >3. i've tried testing the config but i don't seem to get the accounting >packets at all. >4. will this config ever work in the first place? You are almost there, but it would be *much* easier to do this: # define Handlers <Handler Realm=/acme.com$/i, Acct-Status-Type = Start> AcctLogFileName /acct/logs/acctlog AuthBy StartAcctng </Handler> <Handler Realm=/acme.com$/i, Acct-Status-Type = Stop> AcctLogFileName /acct/logs/acctlog AuthBy StopAcctng </Handler> <Handler Realm=/acme.com$/i> MaxSessions 1 AuthBy AuthPolicy </Handler> > You should probably also add this to the AuthPolicy clause: AuthSQLStatement update users set deduct = "T" where username='%n' Note that the AuthSQLStatement is only supported in Radiator 2.19. cheers Hugh >thanks in advace. > > >-------- ><Handler Realm=/acme.com$/i> > AcctLogFileName /acct/logs/acctlog > MaxSessions 1 > AuthByPolicy ContinueUntilReject > > AuthBy AuthPolicy > AuthBy StartAcctng > AuthBy StopAcctng > ></Handler> > ><AuthBy SQL> > Identifier AuthPolicy > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx > DBUsername xxx > DBAuth xxx > > AuthSelect select password, value, value from users \ > where username='%n' and status = 1 and value > 0 \ > and valid_until>= "'%Y'-'%m'-'%d'" > > AuthColumnDef 0, User-Password, check > AuthColumnDef 1, Session-Timeout, reply > AuthColumnDef 2, Ascend-Maximum-Time, reply > > AccountingTable > > AddToReply Service-Type = Framed-User,\ > Framed-Protocol = PPP, \ > Framed-MTU = 1500, \ > Framed-Routing = None, \ ></AuthBy> > ><AuthBy SQL> > Identifier StartAcctng > > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx > DBUsername xxx > DBAuth xxx > > AuthSelect > > AccountingStartsOnly > > AccountingTable radacctng > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer > AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-Address > AcctColumnDef NASIDENTIFIER,NAS-Identifier > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef DNIS,Caller-Id > AcctColumnDef CLASS,Class > AcctColumnDef RATE,Connect-Speed,integer > AcctColumnDef RATE,Ascend-Xmit-Rate,integer > > # setting initial login date and expiry dates > AcctSQLStatement update users set ...... > > AcctSQLStatement update users set deduct = "T" where username='%n' > ></AuthBy> > > ><AuthBy SQL> > Identifier StopAcctng > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx > DBUsername xxx > DBAuth xxx > > AuthSelect > > AccountingStopsOnly > > AccountingTable radacctng > AcctColumnDef USERNAME,User-Name > AcctColumnDef TIME_STAMP,Timestamp,integer > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer > AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer > AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer > AcctColumnDef ACCTSESSIONID,Acct-Session-Id > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer > AcctColumnDef ACCTTERMINATECAUSE,Ascend-Disconnect-Cause,integer > AcctColumnDef FRAMEDIPADDRESS,Framed-Address > AcctColumnDef NASIDENTIFIER,NAS-Identifier > AcctColumnDef NASPORT,NAS-Port,integer > AcctColumnDef DNIS,Caller-Id > AcctColumnDef CLASS,Class > AcctColumnDef RATE,Connect-Speed,integer > AcctColumnDef RATE,Ascend-Xmit-Rate,integer > > AcctSQLStatement update users set \ > value = value - 0%{Acct-Session-Time} where username='%n' and >deduct="T" > > AcctSQLStatement update users set deduct = "F" where username='%n' > ></AuthBy> > > > > >-- > __ >OO- `. Darwin A. Bawasanta [EMAIL PROTECTED] >* ||| Systems Development Manager SKYCablenet/SKYinternet Inc. >L_(_/ Ofc: +63 32 253-6677 Mobile: +63 917 486-5033 > |||== > ((_| "If the facts don't fit the theory, change the facts." > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.