Just curious about how to set up time limits properly..
Jumping of this hurdle should pretty much complete my configuration, so
a huge big thanks from all who have been so helpful. I hope I can return
the favor.
Here is my users file, a demo:
DEFAULT Auth-Type = System
Reply-Message = You are a PPP user
Pgorm Auth-Type=System, Time = "Al0800-1300"
Service-Type = Framed-User,
Framed-Protocol=PPP,
Framed-IP-Address = 206.31.149.117,
Framed-Netmask=255.255.255.255
Which should of course, block the Pgorm account after 1pm...
however, my debug log looks like:
Fri Mar 12 14:25:32 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Fri Mar 12 14:25:32 1999: DEBUG: Rewrote user name to Pgorm
Fri Mar 12 14:25:32 1999: DEBUG: Handling with Radius::AuthGROUP
Fri Mar 12 14:25:32 1999: DEBUG: Handling with Radius::AuthSQL
Fri Mar 12 14:25:32 1999: DEBUG: Handling with Radius::AuthFILE
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthFILE looks for match with Pgorm
Fri Mar 12 14:25:32 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthUNIX looks for match with Pgorm
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthUNIX REJECT: Time: not within
an allowable Time range
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthFILE REJECT: Time: not within
an allowable Time range
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Fri Mar 12 14:25:32 1999: DEBUG: Handling with Radius::AuthUNIX
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthUNIX looks for match with Pgorm
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthUNIX ACCEPT:
Fri Mar 12 14:25:32 1999: DEBUG: Radius::AuthFILE ACCEPT:
Fri Mar 12 14:25:32 1999: DEBUG: Access accepted for Pgorm
The user logs in, gets rejected, but then gets accepted and the connect is
made reguardless
of what is in the Pgorm user definition... In fact, it doesnt assign the
proper ip number from the user
definition either...
Now, some of you may remember that I have been wanting to set up SQL
accounting and session limits, but use
Unix for password authentication. This seems to be working fine... here the
relevant part of my
radius.cfg:
AuthByPolicy ContinueUntilIgnore
DBSource dbi:mysql:radius
DBUsername dbuser
DBAuth dbpassword
# This disables SQL auth
AuthSelect
# This enables SQL accounting
AccountingTable ACCOUNTING
AcctColumnDefUSERNAME,User-Name
AcctColumnDefTIME_STAMP,Timestamp,integer
AcctColumnDefACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDefACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDefACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDefACCTSESSIONID,Acct-Session-Id
AcctColumnDefACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDefACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDefNASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
# The filename defaults to %D/users
Now, I figured that the problem is th AuthByPolicy line, and I changed to it
ContinueUntilReject but this
doesnt function like I had anticipated. Basically it would attempt to query
the SQL database for username and password
(which is disabled), but SQL the query returns a reject and authentication
dies at that point.
Also, once this is corrected, when I specify a maximum default number of
sessions, will my
user definitions be able to override this for a particular account?
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.