Hi Aaron,
On Feb 23, 4:43pm, Aaron Holtz wrote:
> Subject: (RADIATOR) About face...
> ... well, after much testing I've deemed that radiator startup time is too
> slow for a large password or shadow file. Stepping back it may be a
> better scheme to auth out of an sql database - so I've reset my configs to
> auth and things appear to be just about OK (and the more I think about our
> situation, the more I like using the db for authing).
We are strongly of the view that using SQL is the best way to go for any ISP of
more than moderate size.
> Anyways, one
> "problem" with my configs. I'm attempting to apply the same
> check-attributes to everyone except a few. So I've done the following in
> my radius.cfg:
>
>
> <Realm DEFAULT>
> AuthByPolicy ContinueWhileAccept
> <AuthBy SQL>
> DBSource dbi:Pg:dbname=xxxxx
> DBUsername xxxx
> DBAuth xxxx
> AuthSelect select ENCRYPTEDPASSWORD from SUBSCRIBERS where
> USERNAME = '%n'
> EncryptedPassword
> DefaultReply Service-Type=Framed-User,Framed-Protocol=PPP
> </AuthBy>
> <AuthBy FILE>
> Filename /etc/raddb/users
> </AuthBy>
> AcctLogFileName %L/%C/detail
> </Realm>
>
>
> That works. However, I'm trying to set a per-user Simultaneous-Use check
> in my users file:
>
> aholtz Simultaneous-Use = 1
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.0,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
>
> DEFAULT Simultaneous-Use = 3
> Framed-Protocol = PPP,
> Framed-IP-Netmask = 255.255.255.0,
> Framed-Routing = None,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobson-TCP-IP
>
>
> What I'm getting in my logfile is the following:
>
>
> Tue Feb 23 16:34:19 1999: DEBUG: Checking if user is still online:
> unknown, aholtz,xxxxxx, 1231, 00001234
> Tue Feb 23 16:34:19 1999: DEBUG: Radius::AuthFILE REJECT: Simultaneous-Use
> of 1 exceeded
> Tue Feb 23 16:34:19 1999: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Tue Feb 23 16:34:19 1999: DEBUG: Query is: select NASIDENTIFIER, NASPORT,
> ACCTSESSIONID from RADONLINE where USERNAME='aholtz'
>
> Tue Feb 23 16:34:19 1999: DEBUG: Radius::AuthFILE ACCEPT:
> Tue Feb 23 16:34:19 1999: DEBUG: Access accepted for aholtz
> Tue Feb 23 16:34:19 1999: DEBUG: Packet dump:
>
>
> I see what is happening but I'm unsure how to rearrange things to work
> correctly (tried putting aholtz after DEFAULT with no luck either.) I'm
> not sure if the problem is with the .cfg file or the users file. It does
> follow the DEFAULT of limiting usage to 3 connects in testing, so I know
> that part is working.
So, you want a "standard" sim-use limit of 3, but some selected users with a
limit of 1?
In that case I suggest you use the MaxSessions Realm parameter which sets a
sim-use limit for all users, and have Simultaneous-Use for users with more
restrictive numbers, then remove Simultaneous-Use from your DEFAULT user.
Radiator will apply the _most_restrictive_ of MaxSessions and the per-user
Simultaneous-Use.
>
> One other question - now that I'm using a db, is there a way to setup a
> user profile (in the users file) to check other items in my db?
Yes.
There are a few things you can do:
1. Alter AuthSelect, so it gets the password only if the user has the magic
number you want:
AuthSelect select password from users where username='%n' and magicnumber=1
You may want to have several cascaded AuthBy SQLs if there are several types of
magcnumber to check.
2. Similarly you can select your user based on any attribute in the incoming
request:
AuthSelect select password from users where username='%n' and
permittednas='%{NAS-IP-Address}'
3. If you want to get additional check items for your user, you use
AuthColumnDef:
AuthSelect select password, maxsessions from users where username='%n'
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Simultaneous-Use, check
> Going back to my age old example, I'd like to have a DEFAULT user profile
> that would apply to anyone with a specific number in a field of my db.
> I could update the query in radius.cfg to get it out, I'm just unsure how
> to tell radiator that you need to check against that value and what to do
> if you make a match.
Hope that helps.
Cheers.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
