(RADIATOR) Time & Session-Timeout

Hugh Irvine hugh at open.com.au
Wed May 16 19:04:02 CDT 2001 

Hello Michael -

Many thanks for posting this code. Would you be agreeable to us 
including it in the Radiator distribution?

regards

Hugh


At 12:03 -0400 16/5/01, Michael Audet wrote:
>I attached some code I wrote a few months back.
>I combined the AuthbyADSI with the AuthbySQL code to produce a
>authentication method that authenticates a user via Windows 2000 ADSI and
>then tracks their monthly time via SQL.
>
>For example:  I have a 800# that users call into and I want to restrict
>their time to 20 hours per month on that dial-in device.    I also want to
>allow those users to dial outside the U.S. and allow them 160 hours when
>dialing Canada.   I also want to allow those same users to connect via VPN
>and have unlimited time.
>
>The code I wrote allows each device to decide how much time per month each
>user can have on each device.   Each device has its own Time Tracking
>Database done in SQL (using mysql).   The system still keeps its own
>accounting database separate from the time tracking database.  This way.. if
>you wanted to unlock a user and give him/her another 20 hours per month on a
>dial-in unit even after then exceeded the given 20 hours.. you can go into
>the time tracking database and delete their record for the month.  So when
>they dial-in the time tracker sees no record for them and starts the 20 hour
>clock over again but meanwhile the Accounting database is logging the true
>time online for that user.
>
>Hope I'm not confusing everyone.
>
>But if you can read code check out the AuthbyADSIwSQL.pm code I attached to
>this file.  You can see how I modified the authentication file to support a
>separate database for tracking time.  Also included in the .zip file is a
>txt file explaining how to create the MySQL databases.
>
>Hope this helps,
>
>Michael Audet
>Network Services
>Chubb & Son
>maudet at chubb.com
>
>
>
>----- Original Message -----
>From: "Mariano Absatz" <lradius at pert.com.ar>
>To: "Radiator List" <radiator at open.com.au>
>Sent: Tuesday, May 15, 2001 5:47 PM
>Subject: (RADIATOR) Time & Session-Timeout
>
>
>>  Hi,
>>
>>  I would like to do the following.
>>
>>  Suppose I have a dial-up product that allows a user to connect only in a
>>  certain block time AND also has a maximum hours per month.
>>
>>  For instance, he can connect Mon-Fri 8-20 and Sat 8-13 but no more than
>>  20 hours per month.
>>
>>  I would have a TIMEBLOCK column in that user database with the following
>>  content:
>>
>>  "MoTuWeThFr0800-2000, Sa0800-2000"
>>
>>  (btw, does the weekday support ranges also, like in "Mo-Fr0800-2000,
>>  Sa0800-2000"?)
>>
>>  The TIMELEFT column would have the seconds remaining for this user.
>>
>>  What I want is to set Session-Timeout to the minimum of "until Time" and
>>  TIMELEFT.
>>
>>  But... :-) ... I also want to be able to have a value (in the db column)
>>  to ignore either or both:
>>
>>  Example database:
>>
>>  username,password,timeleft,timeblock
>>  john,secret,7200,"MoTuWeThFr0800-2000, Sa0800-2000"
>>  paul,xxxx,-1,"Wk0800-2000, Sa0800-2000"
>>  mary,abcd,-1,"Al0000-2400"
>>  jane,wxyz,126000,"Al0000-2400"
>>
>>  being, -1, for instance, an indicator that the user has unlimited monthly
>>  connection time (but maybe subject to timeblock restrictions).
>>
>>  In this example database john has 2 hours left and can only log on
>>  weekdays from 8 through 20 and saturdays from 8 through 13.
>>
>>  paul can log in during the same periods but has no total time
>>  restrictions.
>>
>>  mary has no restrictions at all
>>
>>  jane can log in at any time, but she has only 35 hours left.
>>
>>  Questions:
>>
>>  1) can I do this weird thing somehow simply? (I already read
>>  goodies/blocktime.txt, but this is way more complicated, is it?) (note: I
>>  could, if necessary, use a "very large value" to indicate
>>  timeleft=infinity, but I'd rather have a more visual and checkable value,
>>  like -1).
>>
>>  2) is the timeblock "Al0000-2400" acceptable?
>>
>>  3) are overlapping timeblocks acceptable? (e.g. "Wk0800-1700,
>  > MoWeFrSa1500-2000")
>>
>>  TIA.
>>
>>
>>  Mariano Absatz
>>  El Baby
>>  ----------------------------------------------------------
>>  To define recursion, we must first define recursion.
>>
>>  ===
>>  Archive at http://www.open.com.au/archives/radiator/
>>  Announcements on radiator-announce at open.com.au
>>  To unsubscribe, email 'majordomo at open.com.au' with
>>  'unsubscribe radiator' in the body of the message.
>>
>
>Attachment converted: Macintosh HD:timelimit.zip (pZIP/pZIP) (00019D89)

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list