(RADIATOR) Authby policy question.

Ward, Josh jward at csuchico.edu
Mon Oct 15 19:06:40 CDT 2001 

Here is my config for the authentication for the 'free modem services' at my
university. (see below)

I have a table that I'm creating through AuthbySQL that calculates the
session times and then when users cross over their timelimit, are inserted
into my 'overtime' table in SQL with a bogus password.  I was assuming that
if someone didn't have an entry in the database that Authby SQL would return
an ignore, not a reject.  This is not the case and this has fowled up my
authentication scheme.  I was going to have the users over their time
rejected by that first AuthBy (why I insert a bogus password), then the
other users authenticated properly with the other authby's using a
AuthByPolicy ContinueWhileIgnore.  Like I said, it's not working because
AuthBy SQL is rejecting people not in the database.

Is there anyone who has done anything similar to this?

I just want to pick people off with the first one, and if they are not
found, keep looking.  If they had a bad password, then stop looking.  Seems
simple enough :-)

Any ideas?

-Josh
(config attached below)



<Handler> #Free modems
        
        AuthByPolicy ContinueUntilAccept
        RewriteUsername s/^([^@]+).*/$1/
        RewriteUsername tr/A-Z/a-z/

        <AuthBy SQL>
        
                Identifier FreeModemService_OVERTIME
                DBSource        dbi:mysql:modems
                DBUsername      ----------
                DBAuth          ----------

                AuthSelect SELECT pw FROM overtime WHERE login='%n'
                AuthColumnDef 0, User-Password, check

        </AuthBy>

        <AuthBy FILE>
                Identifier FreeModemService_File
                Filename /etc/radius/free_users
        </AuthBy>

        <AuthBy LDAP2>
                Identifier FreeModemService_LDAP
                Host            directory.csuchico.edu

                AuthDN          ---------
                AuthPassword    ---------

                BaseDN          o=California State University Chico,c=US

                UsernameAttr    uid
                PasswordAttr    userpassword

                AuthAttrDef modemservicetype, X-User-MST, request

                PostSearchHook sub {\
                        my $attr = $_[4]->get_value('modemservicetype');\
                        if ($attr & 1) {\
                                $_[3]->get_check->add_attr('X-User-MST',\
                                $attr); \
                                }\
                        else { \
                                $_[3]->get_check->add_attr('X-User-MST',\
                                'Denied: wrong modem service type'); \
                                }\
                        }
        </AuthBy>
</Handler>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list