Hi Stephen,
Thanks for contributing that!. I know lots of people appreciate it.
I wonder if you could get the same effect by just changing the definition of
CountQuery in , so it would count the current sessions by
whatever criteria you liked, and MaxSessions would specify the upper limit?
That would have the side effect of continuing to work propoerly with string
authentication too (ie where Radiator uses finger or SNMP to check the NAS)
Thoughts?
On May 19, 2:45pm, Stephen Roderick wrote:
> Subject: (RADIATOR) Group Maximum
>
> Another kludge that may be useful to someone:
>
>
> I added some code to create a group maximum within the session database.
> This required a modification to Handler.pm, SessGeneric.pm, and SessSQL.pm
> (If you used a different Sess.pm module it would need to be modified
> as well)
>
> Then within the I use:
>
>GroupQuery someUniqueName 30 \
>select count(*) from radonline \
>where ('%{Called-Station-Id}'='XXX')
>
> This would limit the number of connections to the phone number XXX to
> 30.
>
> You could add as many of these as you wanted and use whatever query
> generated the necessary results.
>
> *
> Handler.pm - Add the following after the check for MaxSession:
>
> if ($p->code eq 'Access-Request' && $sessdb->groupexceeded($p))
> {
> # Issue a denial and bomb out
> my $reason = "Group Maximum exceeded";
> &main::log($main::LOG_INFO, "Access rejected for $name: $reason");
> $rp->set_code('Access-Reject');
> $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE,
> 'Request Denied');
> $rp->addAttrByNum($Radius::Radius::REPLY_MESSAGE, $reason)
> if $self->{RejectHasReason};
> $p->{Client}->replyTo($rp, $p);
> return;
> }
>
> *
> SessGeneric.pm - add the following (this is probably not needed):
>
> sub groupexceeded
> {
> my ($self, $max, $name, $p) = @_;
>
> &main::log($main::LOG_ERR, "You did not override groupexceeded in
> SessGeneric");
> }
>
> *
> SessSQL.pm - add the following:
>
> elsif ($keyword eq 'GroupQuery')
> {
> my($id, $count, $q) = split(/\s+/, $value, 3);
> $self->{GroupQuery}{$id} = "$count:$q";
> }
>
> sub groupexceeded
> {
> my ($self, $p) = @_;
>
> # (Re)-connect to the database if necessary, but dont let
> # a dead database prevent logins
> return 0
> if !$self->reconnect;
>
> my $count = 0; # Number of current simultaneous sessions for the user
>
> my($id,$max,$q,$sth);
> foreach $id (keys %{$self->{GroupQuery}})
> {
> ($max, $q) = split(':', $self->{GroupQuery}{$id});
>
> $q = &main::format_special($q, $p);
>
> $sth = $self->prepareAndExecute($q);
> if (!$sth)
> {
> return 0; # Dont let a dead database stop logins
> }
> ($count) = $sth->fetchrow();
> return 1if ($count > $max);
> }
> return 0;
> }
>
>
> All improvements welcome.
>
> Steve
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Stephen Roderick
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.