(RADIATOR) weird setup

Bogdan TARU bgd at icomag.de
Tue Oct 22 05:40:24 CDT 2002 


	Hi Hugh, guys,

 Ok, I have found why I got the PostAuthHook errors at start-time, and was
also able to solve them. But now I get another (strange) problem: I have
put this PostAuthHook inside my realm:

    PostAuthHook sub { \
       my $p = ${$_[0]}; \
       my $rp = ${$_[1]}; \
       my $result = ${$_[2]}; \
       my $session_timeout; \
       my $rand; \
                \
       $session_timeout = $rp->get_attr('Session-Timeout'); \
       if ( !defined($session_timeout) ) { \
        $rand = int (rand (2400));\
        $rp->add_attr('Session-Timeout', ($rand + 300)); \
       } \
       $session_timeout = $rp->get_attr('Session-Timeout'); \
       &main::log($main::LOG_ERR, "$session_timeout"); \
    }

 And my AuthSelect statement looks like:

   AuthSelect      select attribute from users_dc where user like '%U%'

 But now when I make a test, I get these messages in the logfile:

Tue Oct 22 11:36:49 2002: ERR: 2700
Tue Oct 22 11:36:49 2002: ERR: 1969
Tue Oct 22 11:36:49 2002: ERR: 774

 Indeed, I have an entry like:

 Service-Type=Framed-User,Framed-Protocol=PPP,Session-Timeout=2700

 As attribute for a user, but why do I get 3 entries in the log file
(means that PostAuthHook is called 3 times, right), and why aren't all
'2700'?

 Thanks,
 bogdan


----------------------------
iCom Media AG
Kirchweg 36
Koln, 50858
Germany

Phone: +49-(0)221-485-689-16
Fax  : +49-(0)221-485-689-20
Mobile:+49-(0)173-906-46-01

On Mon, 21 Oct 2002, Hugh Irvine wrote:

>
> Hello Bogdan -
>
> You will need to write a PostAuthHook to do what you describe.
>
> There are some example hooks in the file "goodies/hooks.txt" in the
> Radiator 3.3.1 distribution.
>
> regards
>
> Hugh
>
>
> On Monday, October 21, 2002, at 07:42 PM, Bogdan TARU wrote:
>
> >
> >
> > 	Hi Hugh & all,
> >
> >  Unfortunately, my problem is getting complicated. I need a setup like:
> > the DEFAULT user gets a random value for the Session-Timeout, and all
> > the
> > other users have a defined Session-Timeout value.
> >
> >  Up until now, I made something like:
> >
> >  select concat (attribute,round((rand()*540)+60)) from users where \
> > 	user='%0'
> >
> >  to get the random value. But now, I don't know how to implement the
> > new
> > scenario... I thought about making two entries,
> >
> > User	|	Attribute
> > -----------------------------------------------------------------
> > DEFAULT | Service-Type=Framed-User,Framed-Protocol=PPP
> > -----------------------------------------------------------------
> > user1	|
> > Service-Type=Framed-User,Framed-Protocol=PPP,Session-Timeout=3600
> >
> >
> >  But I really don't have any idea on how to add a random value to
> > Default
> > (AddToReplyIfNotExist doesn't accept perl functions or sql statements
> > in
> > it, does it?
> >
> >  Could you give me some ideas about this?
> >
> >  Thanks,
> >  bogdan
> >
> >
> > ----------------------------
> > iCom Media AG
> > Kirchweg 36
> > Koln, 50858
> > Germany
> >
> > Phone: +49-(0)221-485-689-16
> > Fax  : +49-(0)221-485-689-20
> > Mobile:+49-(0)173-906-46-01
> >
> > On Fri, 18 Oct 2002, Hugh Irvine wrote:
> >
> >>
> >> Hello Bogdan -
> >>
> >> I would use a DEFAULT entry together with the specific users in your
> >> database:
> >>
> >> USERNAME		REPLYATTRS
> >>
> >> DEFAULT			Session-Timeout=2700
> >>
> >> userb			Session-Timeout=3600
> >>
> >> userc			........
> >>
> >>
> >> Then your Radiator configuration file would look like this:
> >>
> >> # define Realm or Handler
> >>
> >> <Realm ....>
> >> 	<AuthBy SQL>
> >> 		DBSource .....
> >> 		DBUsername ....
> >> 		DBAuth ....
> >>
> >> 		AuthSelect select REPLYATTRS from USERS where USERNAME = %0
> >>
> >> 		AuthColumnDef 0, GENERIC, reply
> >>
> >> 		AddToReply Service-Type = Framed-User, \
> >> 			Framed-Protocol = PPP
> >>
> >> 	</AuthBy>
> >> </Realm>
> >>
> >> If the user is found directly, the REPLYATTRS for that user will be
> >> used, if the user is not found, a second lookup for "DEFAULT" will be
> >> done automatically.
> >>
> >> If you have any other questions, please don't hesitate to ask.
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On Friday, October 18, 2002, at 03:07 AM, Bogdan TARU wrote:
> >>
> >>>
> >>> 	Hi guys,
> >>>
> >>>  I have a weirdo requirement and don't know how to implement it in
> >>> the
> >>> radiator. So this were the requirements up until now:
> >>>
> >>> 1. all users should go through. No authentification is done.
> >>> 2. the users should be disconnected after, let's say, 45 minutes
> >>>
> >>>  That mean I had a row in a mysql database saying:
> >>>
> >>> User | attribute
> >>> dc   |
> >>> Service-Type=Framed-User,Framed-Protocol=PPP,Session-Timeout=2700
> >>>
> >>>  And in the radiator I had the setting:
> >>>
> >>>  AuthSelect select attribute from users where user='dc'
> >>>
> >>>  That meant the Cisco dialin machine got an answer to disconnect the
> >>> user
> >>> after 45 minutes.
> >>>
> >>>  The new requirement is that we should have some special 'usernames',
> >>> which get disconnected after, let's say, an hour. Making a new realm
> >>> setting for them is out of the question (don't ask why). So, if the
> >>> user
> >>> 'a' can surf net only for 45minutes, the user 'b' should be able to
> >>> surf
> >>> the net for 60minutes.
> >>>
> >>>  What I could do is create a new row in the database, so that I'll
> >>> have:
> >>>
> >>> User | attribute
> >>> dc   |
> >>> Service-Type=Framed-User,Framed-Protocol=PPP,Session-Timeout=2700
> >>> b    |
> >>> Service-Type=Framed-User,Framed-Protocol=PPP,Session-Timeout=3600
> >>>
> >>>  But I don't know how to construct a query in MySQL to return me
> >>> attribute_2700 in case user != 'b' and attribute_3600 if user == 'b'.
> >>> Of
> >>> course, mysql doesn't support subselects, and changing the database
> >>> is
> >>> not
> >>> really an option.
> >>>
> >>>  So, could you enlighten me and tell me what's the easiest way of
> >>> doing
> >>> this?
> >>>
> >>>  Thanks,
> >>>  bogdan
> >>>
> >>> ----------------------------
> >>> iCom Media AG
> >>> Kirchweg 36
> >>> Koln, 50858
> >>> Germany
> >>>
> >>> Phone: +49-(0)221-485-689-16
> >>> Fax  : +49-(0)221-485-689-20
> >>> Mobile:+49-(0)173-906-46-01
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> NB: I am travelling this week, so there may be delays in our
> correspondence.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list