Re: (RADIATOR) blocktime question

Hugh Irvine Mon, 09 Sep 2002 15:13:28 -0700

Hello Andreas -

You could try this (I haven't tested it):

<AuthBy GROUP>
Identifier Auth-Oracle-Internal
AuthByPolicy ContinueWhileIgnore
AuthBy Auth-Oracle
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
</AuthBy>

<Realm DEFAULT>
PasswordLogFileName /var/log/radius/news/auth.log
AuthByPolicy ContinueWhileAccept
AuthBy Auth-LDAP
AuthBy Auth-Oracle-Internal
PostAuthHook file:"%D/SetReply"
</Realm>

Otherwise I think you will have to call the AuthBy SQL clause from inside your hook, and deal with database unreachable there.

regards

Hugh

On Tuesday, September 10, 2002, at 07:52 AM, Andreas Stollar wrote:

Hello,

I've got blocktime working ok, using LDAP for auth, then and extra SQL
hook which will talk to an Oracle DB. This works fine. I wanted to make it
so that a user would authenticate if the db is down, or unreachable.
Currently, it will reject everyone if it cannot connect to the db. Is this
a simple config option? Here's part of my radius.cfg.

<AuthBy SQL>
Identifier Auth-Oracle

DBSource dbi:Oracle:host=172.16.0.43;port=1521;sid=prod
DBUsername RADIUS_USER
DBAuth XXXXXXX

AuthSelect \
SELECT u.userid \
FROM \
moses.svc_dialup sn, \
moses.service_instances si, \
moses.userids u \
WHERE u.userid = '%n' \
AND si.status = 1 \
AND sn.service_instance_id = si.service_instance_id \
AND sn.userid_id = u.userid_id \
AND sn.time_left > 0

AuthColumnDef 0, Session-Timeout, reply

AcctSQLStatement \
UPDATE moses.svc_dialup \
SET time_left = (time_left - 0%{Acct-Session-Time}) \
WHERE svc_dialup_id IN ( \
SELECT sn.svc_dialup_id \
FROM \
moses.svc_dialup sn, \
moses.service_instances si, \
moses.userids u \
WHERE u.userid = '%n' \
AND si.status = 1 \
AND sn.service_instance_id = si.service_instance_id \
AND sn.userid_id = u.userid_id \
)

</AuthBy>

<Handler Request-Type = Accounting-Request>
AcctLogFileName /var/log/radius/news/acct.log
AuthBy Auth-Oracle
</Handler>

<Realm DEFAULT>
PasswordLogFileName /var/log/radius/news/auth.log
AuthByPolicy ContinueWhileAccept
AuthBy Auth-LDAP
AuthBy Auth-Oracle
PostAuthHook file:"%D/SetReply"
</Realm>

thanks for any hints.
Andreas

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

Re: (RADIATOR) blocktime question

Reply via email to