(RADIATOR) AcctSQLStatement
Hugh Irvine
hugh at open.com.au
Sun Feb 24 19:05:45 CST 2002
Hello Ronan -
The problem you have is due to the way you have set up your configuration
file. You have an AuthByPolicy of ContinueWhileReject, so all accounting
packets are are being processed by the first AuthBy SQL clause.
In your situation you would be better off using Handlers like this:
# define AuthBy clauses
<AuthBy SQL>
Identifier SUBSCRIBERS
.....
AddToReply Class = SUBSCRIBERS
</AuthBy>
<AuthBy SQL>
Identifier LIMITED_20HRS
.....
AddToReply Class = LIMITED_20HRS
</AuthBy>
<AuthBy SQL>
Identifier LIMITED_30HRS
.....
AddToReply Class = LIMITED_30HRS
</AuthBy>
# define Handlers
<Handler Request-Type = Accounting-Request, Class = SUBSCRIBERS>
......
AuthBy SUBSCRIBERS
.....
</Handler>
<Handler Request-Type = Accounting-Request, Class = LIMITED_20HRS>
......
AuthBy LIMITED_20HRS
.....
</Handler>
<Handler Request-Type = Accounting-Request, Class = LIMITED_30HRS>
......
AuthBy LIMITED_30HRS
.....
</Handler>
<Handler>
......
AuthByPolicy ContinueWhileReject
AuthBy SUBSCRIBERS
AuthBy LIMITED_20HRS
AuthBy LIMITED_30HRS
.....
</Handler>
regards
Hugh
On Mon, 25 Feb 2002 11:17, Ronan Eckelberry, Network/Systems Admin wrote:
> I have it in the AuthBy SQL Clause. I don't see it executing in a
> trace though. Maybe I am typing something wrong. Here is a snip from the
> config:
>
> <Realm DEFAULT>
> Description Default Realm for authenticating users
> RejectHasReason
> RewriteUsername s/^([^@]+).*/$1/
> SessionDatabase RADONLINE
> AuthByPolicy ContinueWhileReject
>
> <AuthBy SQL>
> Identifier SUBSCRIBERS
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxx
> DefaultSimultaneousUse 1
> Description Database to use to authenticate users
> FailureBackoffTime 5
> Timeout 10
> AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN from
> SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y'
> # AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Port-Limit,reply
> AuthColumnDef 2,Framed-IP-Address,reply
> AuthColumnDef 3,Simultaneous-Use,check
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef SERVICETYPE,Service-Type,integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AddToReply Service-Type="Framed-User", \
> Framed-Protocol="PPP", \
> Framed-IP-Netmask = 255.255.255.255
>
> </AuthBy>
>
> <AuthBy SQL>
> Identifier LIMITED_20HRS
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxx
> DefaultSimultaneousUse 1
> Description Database to use to authenticate 20 Hour users
> FailureBackoffTime 5
> Timeout 10
> AuthSelect select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
> USERNAME='%n' AND ACTIVE='Y'
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Port-Limit,reply
> AuthColumnDef 2,Framed-IP-Address,reply
> AuthColumnDef 3,Simultaneous-Use,check
> AuthColumnDef 4,Session-Timeout,reply
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef SERVICETYPE,Service-Type,integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AcctSQLStatement update LIMITED_20HRS set
> TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n'
> AddToReply Service-Type="Framed-User", \
> Framed-Protocol="PPP", \
> Framed-IP-Netmask = 255.255.255.255
>
> </AuthBy>
>
> <AuthBy SQL>
> Identifier LIMITED_30HRS
> DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> DBUsername xxxxx
> DBAuth xxxxx
> DefaultSimultaneousUse 1
> Description Database to use to authenticate 30 Hour users
> FailureBackoffTime 5
> Timeout 10
> AuthSelect select
> PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
> USERNAME='%n' AND ACTIVE='Y'
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Port-Limit,reply
> AuthColumnDef 2,Framed-IP-Address,reply
> AuthColumnDef 3,Simultaneous-Use,check
> AuthColumnDef 4,Session-Timeout,reply
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer-date
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef SERVICETYPE,Service-Type,integer
> AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> AcctSQLStatement update LIMITED_20HRS set
> TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n'
> AddToReply Service-Type="Framed-User", \
> Framed-Protocol="PPP", \
> Framed-IP-Netmask = 255.255.255.255
>
> </AuthBy>
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Ronan Eckelberry" <radiator at gowebco.com>; <radiator at open.com.au>
> Sent: Sunday, 24 February, 2002 18:08
> Subject: Re: (RADIATOR) AcctSQLStatement
>
> > Hello Ronan -
> >
> > On Sun, 24 Feb 2002 06:19, Ronan Eckelberry wrote:
> > > Got a quick question. I have my AcctSQLStatement in my config,
> > > but it seems not to execute it.... This is what I have:
> > >
> > > AcctSQLStatement update LIMITED_20HRS set TIMELEFT=TIMELEFT-0%{A
> > > cct-Session-Time} where USERNAME='%n'
> > >
> > > Looking in a Trace 6 I don't seem to see it executing the statement.
> > > Is there any specific place that I should put it in the config?
> >
> > The AcctSQLStatement goes in the AuthBy SQL clause.
> >
> > If you still have a problem, please send me a copy of the configuration
>
> file
>
> > and a trace 4 debug showing what is happening.
> >
> > regards
> >
> > Hugh
> >
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list