(RADIATOR) Block-time users problem
Hugh Irvine
hugh at open.com.au
Wed May 9 17:25:11 CDT 2001
Hello Deepak -
The code shown below was meant to be used with two different Handlers, one
for authentication and the other for accounting:
<Handler Request-Type = Accounting-Request>
AuthBy auth_serfers
</Handler>
<Handler>
AuthBy auth_surfers
PostAuthHook file:"%D/checkblocktimeleft"
</Handler>
If you just want to use a single Handler, the PostAuthHook code should be
changed so that it checks the request type first, and only executes for an
access request (there are examples in "goodies/hooks.txt").
To avoid the error message on the Reject, the PostAuthHook should also remove
the Session-Timeout attribute it the request is rejected.
hth
Hugh
On Wednesday 09 May 2001 23:49, Deepak Shrestha wrote:
> Hi,
>
> I am trying to configure Radiator 2.18.1 for block-time users.
>
> The config files and the trace debug are below:
> <AuthBy SQL>
> Identifier auth_surfers
> DBSource dbi:Sybase:RADIATOR
> DBUsername radius
> DBAuth *****
> AuthSelect select surfers_UserPwd, surfers_SimConnection,
> surfers_Hours from surfers_DialUp where surfers_UserName="%n" and
> surfers_Status=1
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Simultaneous-Use, check
> AuthColumnDef 2, Session-Timeout, reply
> AddToReply Idle-Timeout = 900
> NoDefault
> FailureBackoffTime 10
> AccountingTable surfers_RADACCTTAB
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIMESTAMP,Timestamp,integer
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctSQLStatement update surfers_DialUp set
> surfers_Hours=surfers_Hours-0%{Acct-Session-Time} where
> surfers_UserName='%n'
> </AuthBy>
>
> <Handler>
> AuthBy auth_surfers
> PostAuthHook file:"%D/checkblocktimeleft"
> </Handler>
> ----------------------------------------------------------------
> #CheckBlockTimeLeft
> #
> # PostAuthHook to check time left for a block user
> # by verifying the Session-Timeout attribute
> #
> # Author: Hugh Irvine (hugh at open.com.au)
> # Copyright (C) 2000 Open System Consultants
> # $Id: blocktime.txt,v 1.1 2000/11/21 01:36:22 mikem Exp $
>
> sub
> {
> my $p = ${$_[0]};
> my $rp = ${$_[1]};
> my $result = ${$_[2]};
>
> my $name = $p->get_attr('User-Name');
> my $timeout = $rp->get_attr('Session-Timeout');
>
> if (($result == $main::ACCEPT) && ($timeout <= 0))
> {
> &main::log($main::LOG_DEBUG, "User $name has no time left");
> ${$_[2]} = $main::REJECT;
> }
> return;
> }
>
> -------------------------------------------------------------
>
> *** Received from 127.0.0.1 port 1229 ....
> Code: Access-Request
> Identifier: 17
> Authentic: 1234567890123456
> Attributes:
> User-Name = "v0111111"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<140><225>(<194><195>\<4><246><188>8<9><160><216>}x<153>"
>
> Wed May 9 19:12:40 2001: DEBUG: Check if Handler should be used to
> handle this request
> Wed May 9 19:12:40 2001: DEBUG: Handling request with Handler ''
> Wed May 9 19:12:40 2001: DEBUG: Deleting session for v0111111,
> 203.63.154.1, 1234
> Wed May 9 19:12:40 2001: DEBUG: Handling with Radius::AuthSQL
> Wed May 9 19:12:40 2001: DEBUG: Handling with Radius::AuthSQL
> Wed May 9 19:12:40 2001: DEBUG: Query is: select surfers_UserPwd,
> surfers_SimConnection, surfers_Hours from surfers_DialUp where
> surfers_UserName="v0111111" and surfers_Status=1
>
> Wed May 9 19:12:40 2001: DEBUG: Radius::AuthSQL looks for match with
> v0111111
> Wed May 9 19:12:40 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Wed May 9 19:12:40 2001: DEBUG: Access accepted for v0111111
> Wed May 9 19:12:40 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1229 ....
> Code: Access-Accept
> Identifier: 17
> Authentic: 1234567890123456
> Attributes:
> Session-Timeout = 58
> Idle-Timeout = 900
>
> Wed May 9 19:12:40 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1229 ....
> Code: Accounting-Request
> Identifier: 18
> Authentic: <250><7>_<7><28><192>l=<243><10>x<3>@<224>*<165>
> Attributes:
> User-Name = "v0111111"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
>
> Wed May 9 19:12:40 2001: DEBUG: Check if Handler should be used to
> handle this request
> Wed May 9 19:12:40 2001: DEBUG: Handling request with Handler ''
> Wed May 9 19:12:40 2001: DEBUG: Adding session for v0111111,
> 203.63.154.1, 1234
> Wed May 9 19:12:40 2001: DEBUG: Handling with Radius::AuthSQL
> Wed May 9 19:12:40 2001: DEBUG: Handling accounting with Radius::AuthSQL
> Wed May 9 19:12:40 2001: DEBUG: do query is: update surfers_DialUp set
> surfers_Hours=surfers_Hours-0 where surfers_UserName='v0111111'
>
> Wed May 9 19:12:40 2001: DEBUG: do query is: insert into
> surfers_RADACCTTAB
> (USERNAME, TIMESTAMP, TIME_STAMP, ACCTSTATUSTYPE,
> ACCTSESSIONID, NASIDENTIFIER, NASPORT)
> values
> ('v0111111', 989414860, 'May 9, 2001 19:12', 'Start',
> '00001234', '203.63.154.1', 1234)
>
> Wed May 9 19:12:40 2001: DEBUG: User v0111111 has no time left
> Wed May 9 19:12:45 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1229 ....
> Code: Accounting-Request
> Identifier: 19
> Authentic:
> <228><169><165><2><209><193><240><224><194><150>L<177>i^<132><161>
> Attributes:
> User-Name = "v0111111"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Stop
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> Acct-Delay-Time = 0
> Acct-Session-Time = 100
> Acct-Input-Octets = 20000
> Acct-Output-Octets = 30000
>
> Wed May 9 19:12:45 2001: DEBUG: Check if Handler should be used to
> handle this request
> Wed May 9 19:12:45 2001: DEBUG: Handling request with Handler ''
> Wed May 9 19:12:45 2001: DEBUG: Deleting session for v0111111,
> 203.63.154.1, 1234
> Wed May 9 19:12:45 2001: DEBUG: Handling with Radius::AuthSQL
> Wed May 9 19:12:45 2001: DEBUG: Handling accounting with Radius::AuthSQL
> Wed May 9 19:12:45 2001: DEBUG: do query is: update surfers_DialUp set
> surfers_Hours=surfers_Hours-0100 where surfers_UserName='v0111111'
>
> Wed May 9 19:12:45 2001: DEBUG: do query is: insert into
> surfers_RADACCTTAB
> (USERNAME, TIMESTAMP, TIME_STAMP, ACCTSTATUSTYPE,
> ACCTDELAYTIME, ACCTINPUTOCTETS, ACCTOUTPUTOCTETS, ACCTSESSIONID,
> ACCTSESSIONTIME, NASIDENTIFIER, NASPORT)
> values
> ('v0111111', 989414865, 'May 9, 2001 19:12', 'Stop', 0,
> 20000, 30000, '00001234', 100, '203.63.154.1', 1234)
>
> Wed May 9 19:12:45 2001: DEBUG: User v0111111 has no time left
> --------------------------------------------------------------------------
>
> I get this error when the timeleft is negative.
>
> ed May 9 19:15:34 2001: DEBUG: Packet dump:
> *** Received from 127.0.0.1 port 1231 ....
> Code: Access-Request
> Identifier: 225
> Authentic: 1234567890123456
> Attributes:
> User-Name = "v0111111"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
> "<140><225>(<194><195>\<4><246><188>8<9><160><216>}x<153>"
>
> Wed May 9 19:15:34 2001: DEBUG: Check if Handler should be used to
> handle this request
> Wed May 9 19:15:34 2001: DEBUG: Handling request with Handler ''
> Wed May 9 19:15:34 2001: DEBUG: Deleting session for v0111111,
> 203.63.154.1, 1234
> Wed May 9 19:15:34 2001: DEBUG: Handling with Radius::AuthSQL
> Wed May 9 19:15:35 2001: DEBUG: Handling with Radius::AuthSQL
> Wed May 9 19:15:35 2001: DEBUG: Query is: select surfers_UserPwd,
> surfers_SimConnection, surfers_Hours from surfers_DialUp where
> surfers_UserName="v0111111" and surfers_Status=1
>
> Wed May 9 19:15:35 2001: DEBUG: Radius::AuthSQL looks for match with
> v0111111
> Wed May 9 19:15:35 2001: DEBUG: Radius::AuthSQL ACCEPT:
> Wed May 9 19:15:35 2001: DEBUG: User v0111111 has no time left
> Wed May 9 19:15:35 2001: INFO: Access rejected for v0111111:
> Wed May 9 19:15:35 2001: ERR: There is no value named -290 for attribute
> Session-Timeout. Using 0.
> Wed May 9 19:15:35 2001: DEBUG: Packet dump:
> *** Sending to 127.0.0.1 port 1231 ....
> Code: Access-Reject
> Identifier: 225
> Authentic: 1234567890123456
> Attributes:
> Session-Timeout = -290
> Idle-Timeout = 900
> Reply-Message = "Request Denied"
>
> ----------------------------------------------------------------
>
> I get No Reply for Accounting START/STOP.
> Negative Session-Timeout errors as well in the logfile.
> What and where could be the problem.
>
> Any help would be appreciated.
>
> Regards,
>
> Deepak
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list