(RADIATOR) AcctSQLStatement
Hugh Irvine
hugh at open.com.au
Sun Feb 24 23:57:23 CST 2002
Hello Ronan -
Yes the same thing would happen because the first AuthBy clause will Accept
all of the accounting requests.
regards
Hugh
On Mon, 25 Feb 2002 14:48, Ronan Eckelberry, Network/Systems Admin wrote:
> Cool. thanx for the info Hugh. One other question though....would I
> still get the same result if I changed the AuthByPolicy to
> ContinueUntilAccept?
>
> -Ronan
>
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Ronan Eckelberry, Network/Systems Admin" <radiator at gowebco.com>;
> <radiator at open.com.au>
> Sent: Sunday, 24 February, 2002 20:05
> Subject: Re: (RADIATOR) AcctSQLStatement
>
> > Hello Ronan -
> >
> > The problem you have is due to the way you have set up your configuration
> > file. You have an AuthByPolicy of ContinueWhileReject, so all accounting
> > packets are are being processed by the first AuthBy SQL clause.
> >
> > In your situation you would be better off using Handlers like this:
> >
> > # define AuthBy clauses
> >
> > <AuthBy SQL>
> > Identifier SUBSCRIBERS
> > .....
> > AddToReply Class = SUBSCRIBERS
> > </AuthBy>
> >
> > <AuthBy SQL>
> > Identifier LIMITED_20HRS
> > .....
> > AddToReply Class = LIMITED_20HRS
> > </AuthBy>
> >
> > <AuthBy SQL>
> > Identifier LIMITED_30HRS
> > .....
> > AddToReply Class = LIMITED_30HRS
> > </AuthBy>
> >
> > # define Handlers
> >
> > <Handler Request-Type = Accounting-Request, Class = SUBSCRIBERS>
> > ......
> > AuthBy SUBSCRIBERS
> > .....
> > </Handler>
> >
> > <Handler Request-Type = Accounting-Request, Class = LIMITED_20HRS>
> > ......
> > AuthBy LIMITED_20HRS
> > .....
> > </Handler>
> >
> > <Handler Request-Type = Accounting-Request, Class = LIMITED_30HRS>
> > ......
> > AuthBy LIMITED_30HRS
> > .....
> > </Handler>
> >
> > <Handler>
> > ......
> > AuthByPolicy ContinueWhileReject
> > AuthBy SUBSCRIBERS
> > AuthBy LIMITED_20HRS
> > AuthBy LIMITED_30HRS
> > .....
> > </Handler>
> >
> >
> > regards
> >
> > Hugh
> >
> > On Mon, 25 Feb 2002 11:17, Ronan Eckelberry, Network/Systems Admin wrote:
> > > I have it in the AuthBy SQL Clause. I don't see it executing in a
> > > trace though. Maybe I am typing something wrong. Here is a snip from
>
> the
>
> > > config:
> > >
> > > <Realm DEFAULT>
> > > Description Default Realm for authenticating users
> > > RejectHasReason
> > > RewriteUsername s/^([^@]+).*/$1/
> > > SessionDatabase RADONLINE
> > > AuthByPolicy ContinueWhileReject
> > >
> > > <AuthBy SQL>
> > > Identifier SUBSCRIBERS
> > > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> > > DBUsername xxxxx
> > > DBAuth xxxxx
> > > DefaultSimultaneousUse 1
> > > Description Database to use to authenticate users
> > > FailureBackoffTime 5
> > > Timeout 10
> > > AuthSelect select PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN
>
> from
>
> > > SUBSCRIBERS where USERNAME='%n' AND ACTIVE='Y'
> > > # AuthSelect select PASSWORD from SUBSCRIBERS where USERNAME='%n'
> > > AuthColumnDef 0,User-Password,check
> > > AuthColumnDef 1,Port-Limit,reply
> > > AuthColumnDef 2,Framed-IP-Address,reply
> > > AuthColumnDef 3,Simultaneous-Use,check
> > > AccountingTable ACCOUNTING
> > > AcctColumnDef USERNAME,User-Name
> > > AcctColumnDef TIME_STAMP,Timestamp,integer-date
> > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > > AcctColumnDef
>
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>
> > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > > AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > > AcctColumnDef NASPORT,NAS-Port,integer
> > > AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > > AcctColumnDef SERVICETYPE,Service-Type,integer
> > > AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> > > AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> > > AddToReply Service-Type="Framed-User", \
> > > Framed-Protocol="PPP", \
> > > Framed-IP-Netmask = 255.255.255.255
> > >
> > > </AuthBy>
> > >
> > > <AuthBy SQL>
> > > Identifier LIMITED_20HRS
> > > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> > > DBUsername xxxxx
> > > DBAuth xxxxx
> > > DefaultSimultaneousUse 1
> > > Description Database to use to authenticate 20 Hour
>
> users
>
> > > FailureBackoffTime 5
> > > Timeout 10
> > > AuthSelect select
> > > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_20HRS where
> > > USERNAME='%n' AND ACTIVE='Y'
> > > AuthColumnDef 0,User-Password,check
> > > AuthColumnDef 1,Port-Limit,reply
> > > AuthColumnDef 2,Framed-IP-Address,reply
> > > AuthColumnDef 3,Simultaneous-Use,check
> > > AuthColumnDef 4,Session-Timeout,reply
> > > AccountingTable ACCOUNTING
> > > AcctColumnDef USERNAME,User-Name
> > > AcctColumnDef TIME_STAMP,Timestamp,integer-date
> > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > > AcctColumnDef
>
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>
> > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > > AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > > AcctColumnDef NASPORT,NAS-Port,integer
> > > AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > > AcctColumnDef SERVICETYPE,Service-Type,integer
> > > AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> > > AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> > > AcctSQLStatement update LIMITED_20HRS set
> > > TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n'
> > > AddToReply Service-Type="Framed-User", \
> > > Framed-Protocol="PPP", \
> > > Framed-IP-Netmask = 255.255.255.255
> > >
> > > </AuthBy>
> > >
> > > <AuthBy SQL>
> > > Identifier LIMITED_30HRS
> > > DBSource dbi:mysql:radius:xxx.xxx.xxx.xxx
> > > DBUsername xxxxx
> > > DBAuth xxxxx
> > > DefaultSimultaneousUse 1
> > > Description Database to use to authenticate 30 Hour
>
> users
>
> > > FailureBackoffTime 5
> > > Timeout 10
> > > AuthSelect select
> > > PASSWORD,PORTLIMIT,STATICIP,SIMLOGIN,TIMELEFT from LIMITED_30HRS where
> > > USERNAME='%n' AND ACTIVE='Y'
> > > AuthColumnDef 0,User-Password,check
> > > AuthColumnDef 1,Port-Limit,reply
> > > AuthColumnDef 2,Framed-IP-Address,reply
> > > AuthColumnDef 3,Simultaneous-Use,check
> > > AuthColumnDef 4,Session-Timeout,reply
> > > AccountingTable ACCOUNTING
> > > AcctColumnDef USERNAME,User-Name
> > > AcctColumnDef TIME_STAMP,Timestamp,integer-date
> > > AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> > > AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> > > AcctColumnDef
>
> ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>
> > > AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> > > AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> > > AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> > > AcctColumnDef NASIDENTIFIER,NAS-IP-Address
> > > AcctColumnDef NASPORT,NAS-Port,integer
> > > AcctColumnDef NASPORTTYPE,NAS-Port-Type,integer
> > > AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
> > > AcctColumnDef SERVICETYPE,Service-Type,integer
> > > AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
> > > AcctColumnDef CALLEDSTATIONID,Called-Station-Id
> > > AcctSQLStatement update LIMITED_20HRS set
> > > TIMELEFT=TIMELEFT-'%{Acct-Session-Time}' where USERNAME='%n'
> > > AddToReply Service-Type="Framed-User", \
> > > Framed-Protocol="PPP", \
> > > Framed-IP-Netmask = 255.255.255.255
> > >
> > > </AuthBy>
> > >
> > > ----- Original Message -----
> > > From: "Hugh Irvine" <hugh at open.com.au>
> > > To: "Ronan Eckelberry" <radiator at gowebco.com>; <radiator at open.com.au>
> > > Sent: Sunday, 24 February, 2002 18:08
> > > Subject: Re: (RADIATOR) AcctSQLStatement
> > >
> > > > Hello Ronan -
> > > >
> > > > On Sun, 24 Feb 2002 06:19, Ronan Eckelberry wrote:
> > > > > Got a quick question. I have my AcctSQLStatement in my config,
> > > > > but it seems not to execute it.... This is what I have:
> > > > >
> > > > > AcctSQLStatement update LIMITED_20HRS set TIMELEFT=TIMELEFT-0%{A
> > > > > cct-Session-Time} where USERNAME='%n'
> > > > >
> > > > > Looking in a Trace 6 I don't seem to see it executing the
> > > > > statement. Is there any specific place that I should put it in the
> > > > > config?
> > > >
> > > > The AcctSQLStatement goes in the AuthBy SQL clause.
> > > >
> > > > If you still have a problem, please send me a copy of the
>
> configuration
>
> > > file
> > >
> > > > and a trace 4 debug showing what is happening.
> > > >
> > > > regards
> > > >
> > > > Hugh
> > > >
> > > >
> > > > --
> > > > Radiator: the most portable, flexible and configurable RADIUS server
> > > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > > -
> > > > Nets: internetwork inventory and management - graphical, extensible,
> > > > flexible with hardware, software, platform and database independence.
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list