Hello William -
Yes I do mean request, which you can reference with:
$gid = $p->get_attr('Group-Id');
The reason for doing it this way (as described in my previous mail) is because you then don't have to bother with any housekeeping as the request packet is discarded automatically. You can also do it as you show below, but then you have to remove the "Group-Id" attribute from the reply packet before returning it to the NAS, otherwise you will get an error in your logs.
regards
Hugh
On Wednesday, Feb 5, 2003, at 10:30 Australia/Melbourne, William Taylor wrote:
Hi Hugh, Thanks for the info. I was doing something similar with the replaceProfiles hook you were using. I do have a question though. Below in the AuthColumnDef you say Group-Id, request Are you sure that is supposed to be request and not reply? I don't get anything with using "request" when I do a : my $rp = ${$_[1]}; $gid = $rp->get_attr('Group-Id');But if I change it to reply I do. Thanks again for the help. On Tue, 2003-02-04 at 14:57, Hugh Irvine wrote:Hello William -
All of what you want to do is fairly straightforward, although dealing
with ISDN will probably involve the use of Handlers.
Here is what I would do:
# define AuthBy clauses
<AuthBy SQL>
Identifier CheckISDN
.....
# set up AuthSelect for ISDN only
AuthSelect .....
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
.....
.....
</AuthBy>
<AuthBy SQL>
Identifier CheckAsync
.....
# set up AuthSelect
AuthSelect select PASSWORD, GID, REPLYATTR \
from USERS where USERNAME = '%U' \
and ISACTIVE <> 0
AuthColumnDef 0, Password, check
AuthColumnDef 1, Group-Id, request
AuthColumnDef 2, GENERIC, reply
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
...
....
</AuthBy>
# define Handlers
<Handler NAS-Port-Type = ISDN>
AuthBy CheckISDN
.....
</Handler>
<Handler>
AuthBy CheckAsync
PostAuthHook file:"%D/postprocess.pl"
.....
</Handler>
The PostAuthHook would add the extra reply attributes according to the
"Group-Id" pseudo-attribute added to the incoming access request by the
AuthBy clause (it is easier to add the pseudo-attribute to the incoming
request, because the packet is discarded after processing).
You will find some example hooks in the file "goodies/hooks.txt" in the
Radiator distribution.
regards
Hugh
On Wednesday, Feb 5, 2003, at 06:39 Australia/Melbourne, William Taylor
wrote:
Ok guys, Im trying to finish up my migration off of livingston radius.
Here is what I would like to do.
Currently in radiator I am authing users out of an SQL database.
Some of my users have Static IP address and Framed routes.
For these users I had entries in the Users File in livingston.
For other users I had differnt default entries based on what group they
belong to.
Some users can use 1 port or 2 ports.
Some users have differnt Session Timouts.
What I would like to do is:
AuthSelect select password,gid,replyattr from users where
username='%U' AND isactive <> 0 ( 0 means locked users in my database
)
now if their replyattr is not NULL in the database send it along. This
would be for the static folks.
Now since I don't want a billion (ok not a billion) entries in my
database that are the same:
If replyattr is NULL I would like to go
if($gid == 200 ) {
send this replyattr:
Idle=Timeout = 1220,
Session-Timeout = 86400,
Port-Limit = 2
} elsif ($gid == 201 ) {
send this other replyattr :
Idle=Timeout = 1220,
Session-Timeout = 86400,
Port-Limit = 1
} else {
reject the call because there is no matching gid (maybe it's a
mailbox account)
}
Is this doable?
Also do you know if there is a way to say if they connect with an ISDN
line but they are using a dialup username, reject the call or make it
so
they only connect at 56K?
Any help would be great.
Thanks,
William
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
