Hello Rolando -
You can add both Session-Timeout and Idle-Timeout in the AuthBy GROUP: <AuthBy GROUP> Identifier DoAuthentication ..... AddToReply Session-Timeout = 10800, \ Idle-Timeout = 3600 </AuthBy> Note that the actual disconnection is performed by the NAS, which must support these attributes. regards Hugh On Tuesday, October 15, 2002, at 11:59 PM, Rolando Riley wrote: > > Sorry to skip that one =(( . Hugh .. one last question on what of > those > AuthBy I should add the line: > AddToReply Session-Timeout = 10800 > > > to have a user disconnected after 3 hour session? > > > Hugh... Does Radiator have idle timeout? I wish to disconnect 1 hour > idleing connection . > > > cheers, > > > R. Riley > > > > > > -----Mensaje original----- > De: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Enviado el: Tuesday, October 15, 2002 12:12 AM > Para: Rolando Riley > Asunto: Re: (RADIATOR) Users Blacklists > > > > Hello Rolando - > > Thanks for sending the files. > > You have incorrectly specified "AuthColumnDef" instead of > "AcctColumnDef" in your AuthBy SQL clause for accounting. > > regards > > Hugh > > > On Tuesday, October 15, 2002, at 07:10 AM, Rolando Riley wrote: > >> Hugh: >> The configuration is not giving me any error but it is not >> Logging >> anything on the ACCOUNTING table. >> >> >> I am ataching my radius.cfg (radius.txt) and a trace debug 4 of the >> radius. >> What could be wrong? >> >> >> cheers, >> >> >> R. Riley >> >> >> -----Mensaje original----- >> De: Hugh Irvine [mailto:[EMAIL PROTECTED]] >> Enviado el: Saturday, September 28, 2002 7:55 PM >> Para: Rolando Riley >> CC: [EMAIL PROTECTED] >> Asunto: Re: (RADIATOR) Users Blacklists >> >> >> >> Hello Rolando - >> >> You should do something like this: >> >> # define AuthBy clauses >> >> <AuthBy SQL> >> Identifier DoSQLAccounting >> DBSource ...... >> DBUsername ...... >> DBAuth ...... >> AuthSelect >> AccountingTable ACCOUNTING >> AcctColumnDef ..... >> ...... >> </AuthBy> >> >> <AuthBy SQL> >> Identifier VE_blacklist >> DBSource ...... >> DBUsername ...... >> DBAuth ...... >> AuthSelect select "REJECT" from BLACKLIST \ >> where USERNAME='%n' >> AuthColumnDef 0, GENERIC, check >> AccountingTable >> </AuthBy> >> >> <AuthBy FILE> >> Identifier CheckUSERS >> Filename %D/Check-Users >> </AuthBy> >> >> <AuthBy LDAP2> >> Identifier CheckLDAP >> Host ...... >> AuthDN ...... >> AuthPassword ...... >> BaseDN ...... >> UsernameAttr uid >> PasswordAttr userPassword >> </AuthBy> >> >> <AuthBy GROUP> >> Identifier DoAuthentication >> AuthByPolicy ContinueWhileAccept >> AuthBy CheckUSERS >> AuthBy CheckLDAP >> </AuthBy> >> >> # define Realms >> >> <Realm> >> UsernameCharset a-zA-Z0-9\._@- >> MaxSessions 1 >> RewriteUsername tr/A-Z/a-z/ >> AuthByPolicy ContinueAlways >> AuthBy DoSQLAccounting >> AuthBy DoAuthentication >> AcctLogFileName %L/detailu >> </Realm> >> >> >> regards >> >> Hugh >> >> >> On Saturday, September 28, 2002, at 07:45 AM, Rolando Riley wrote: >> >>> Hi Hugh: >>> >>> Sometime ago I posted this email but I am getting tired of >>> processing >>> big flat logs for reports. What should I have to add to my cfg to >>> have the >>> ACCOUNTING going to the ACCOUNTING table and hence use radcgi and >>> radwho for >>> reports? >>> >>> regards, >>> >>> Rolando >>> >>> >>> -----Mensaje original----- >>> De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En >>> nombre de Hugh Irvine >>> Enviado el: Wednesday, June 12, 2002 6:14 PM >>> Para: Rolando Riley; [EMAIL PROTECTED] >>> Asunto: Re: (RADIATOR) Users Blacklists >>> >>> >>> >>> Hello Rolando - >>> >>> You are close, but not quite there. >>> >>> Here is what to do: >>> >>> # Check-Users file >>> # ENTRADA default para chequear la tabla BLACKLIST >>> >>> DEFAULT Auth-Type = VE_blacklist >>> >>> DEFAULT Auth-Type = Accept >>> >>> >>> Your BLACKLIST SQL table should contain this: >>> >>> USERNAME REJECT >>> >>> someuser Auth-Type = "Reject: This user is on the BLACKLIST" >>> >>> anotheruser Auth-Type = "Reject: This user is on the BLACKLIST" >>> >>> >>> Here is a snippet of my radius.cfg >>> >>> ---------------------- >>> >>> <AuthBy SQL> >>> Identifier VE_blacklist >>> DBSource ...... >>> DBUsername ...... >>> DBAuth ...... >>> AuthSelect select "REJECT" from BLACKLIST \ >>> where USERNAME='%n' >>> AuthColumnDef 0, GENERIC, check >>> AccountingTable >>> </AuthBy> >>> >>> <AuthBy FILE> >>> Identifier CheckUSERS >>> Filename %D/Check-Users >>> </AuthBy> >>> >>> <AuthBy LDAP2> >>> Identifier CheckLDAP >>> Host ...... >>> AuthDN ...... >>> AuthPassword ...... >>> BaseDN ...... >>> UsernameAttr uid >>> PasswordAttr userPassword >>> </AuthBy> >>> >>> >>> <Realm> >>> UsernameCharset a-zA-Z0-9\._@- >>> MaxSessions 1 >>> RewriteUsername tr/A-Z/a-z/ >>> AuthByPolicy ContinueWhileAccept >>> AuthBy CheckUSERS >>> AuthBy CheckLDAP >>> AcctLogFileName %L/detailu >>> </Realm> >>> >>> >>> Please let me know how you get on. >>> >>> regards >>> >>> Hugh >>> >>> >>> On Thu, 13 Jun 2002 04:52, Rolando Riley wrote: >>>> Hi Hugh: >>>> >>>> Well this time I want to configure a users blacklist and what I >>>> want >>>> to >>> do >>>> is simple: >>>> 1) Everytime I have a request this list (BLACKLIST) will be >>>> checked. >>>> If >>>> the user is found the request is Rejected. >>>> NO further queries should be performed after the user is >>>> rejected. >>>> 2) If the user isn't found then the authentication should be done >>> against >>>> LDAP uid and userPassword attributes. >>>> >>>> I have searched the mailing lists and have found something very >>>> similar >>>> that was done against "calling stations id". For some reason the >>>> user, >>>> although it is being found on the BLACKLIST, radiator continue the >>>> searching and auth process over LDAP. What could I have been doing >>>> wrong? >>>> >>>> >>>> >>>> >>>> >>>> Here is the output of Check-Users file >>>> --------------------------------------------- >>>> # ENTRADA default para chequear la tabla BLACKLIST >>>> >>>> DEFAULT Auth-Type = VE_blacklist >>>> >>>> >>>> >>>> Here is a snippet of my radius.cfg >>>> >>>> ---------------------- >>>> >>>> <AuthBy SQL> >>>> Identifier VE_blacklist >>>> DBSource ...... >>>> DBUsername ...... >>>> DBAuth ...... >>>> AuthSelect select "REJECT" from BLACKLIST \ >>>> where USERNAME='%n' >>>> AccountingTable >>>> </AuthBy> >>>> >>>> <AuthBy FILE> >>>> Identifier CheckUSERS >>>> Filename %D/Check-Users >>>> # NoDefaultIfFound >>>> AcceptIfMissing >>>> </AuthBy> >>>> >>>> <AuthBy LDAP2> >>>> Identifier CheckLDAP >>>> Host ...... >>>> AuthDN ...... >>>> AuthPassword ...... >>>> BaseDN ...... >>>> UsernameAttr uid >>>> PasswordAttr userPassword >>>> </AuthBy> >>>> >>>> >>>> <Realm> >>>> UsernameCharset a-zA-Z0-9\._@- >>>> MaxSessions 1 >>>> RewriteUsername tr/A-Z/a-z/ >>>> AuthByPolicy ContinueWhileAccept >>>> AuthBy CheckUSERS >>>> AuthBy CheckLDAP >>>> AcctLogFileName %L/detailu >>>> </Realm> >>>> >>>> ------------------------------ >>>> >>>> >>>> Here is a trace debug 4 of a test: >>>> >>>> >>>> --------------------- >>>> Wed Jun 12 04:57:24 2002: DEBUG: Query is: select NASIDENTIFIER, >>>> NASPORT, >>>> ACCTSE SSIONID, FRAMEDIPADDRESS from RADONLINE where >>>> USERNAME='rriley' >>>> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthFILE: >>> CheckUSERS >>>> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match >>>> with >>>> rriley >>>> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE looks for match >>>> with >>>> DEFAULT >>>> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL >>>> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthSQL: >>>> VE_blacklist Wed Jun 12 04:57:24 2002: DEBUG: Query is: select >>>> "REJECT" >>>> from BLACKLIST where USERNAME='rriley' >>>> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL looks for match >>>> with >>>> rriley Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthSQL REJECT: Bad >>>> Password Wed Jun 12 04:57:24 2002: DEBUG: Query is: select "REJECT" >>>> from >>>> BLACKLIST where USERNAME='DEFAULT' >>>> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthFILE REJECT: Bad >>>> Password >>>> Wed Jun 12 04:57:24 2002: DEBUG: Handling with Radius::AuthLDAP2: >>> CheckLDAP >>>> Wed Jun 12 04:57:24 2002: INFO: Connecting to XX.XX.XX.XX, port 389 >>>> Wed Jun 12 04:57:24 2002: INFO: Attempting to bind with (admin dn) >>>> Wed Jun 12 04:57:24 2002: DEBUG: LDAP got result for (my dn) >>>> Wed Jun 12 04:57:24 2002: DEBUG: LDAP got userPassword: xxxxxxxxxxx >>>> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 looks for match >>>> with >>>> rriley >>>> Wed Jun 12 04:57:24 2002: DEBUG: Radius::AuthLDAP2 ACCEPT: >>>> Wed Jun 12 04:57:24 2002: DEBUG: Access accepted for rriley >>>> Wed Jun 12 04:57:24 2002: DEBUG: Packet dump: >>>> *** Sending to 127.0.0.1 port 32768 .... >>>> Code: Access-Accept >>>> Identifier: 99 >>>> Authentic: 1234567890123456 >>>> Attributes: >>>> ----------------- >>>> >>>> >>>> cheers, >>>> >>>> ----------------------------------- >>>> Ing. Rolando Riley >>>> Gerente de Sistemas >>>> AYAYAI.COM S.A. >>>> Tel: (507) 265-2424 ext. 408 >>>> ----------------------------------- >>>> >>>> >>>> ______________________________________________ >>>> Ayayai.com Ultra, tu Internet prepago LIBRE DE PUBLICIDAD >>>> http://www.ayayai.com/ultra >>>> >>>> === >>>> Archive at http://www.open.com.au/archives/radiator/ >>>> Announcements on [EMAIL PROTECTED] >>>> To unsubscribe, email '[EMAIL PROTECTED]' with >>>> 'unsubscribe radiator' in the body of the message. >>> >>> -- >>> Radiator: the most portable, flexible and configurable RADIUS server >>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >>> - >>> Nets: internetwork inventory and management - graphical, extensible, >>> flexible with hardware, software, platform and database independence. >>> === >>> Archive at http://www.open.com.au/archives/radiator/ >>> Announcements on [EMAIL PROTECTED] >>> To unsubscribe, email '[EMAIL PROTECTED]' with >>> 'unsubscribe radiator' in the body of the message. >>> >>> >>> >>> >> >> -- >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >> - >> Nets: internetwork inventory and management - graphical, extensible, >> flexible with hardware, software, platform and database independence. >> >> <radius.txt><log.txt> > > NB: I am travelling this week, so there may be delays in our > correspondence. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > > > > NB: I am travelling this week, so there may be delays in our correspondence. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.