(RADIATOR) Limiting time before reconnection

miko at yournetplus.com miko at yournetplus.com
Tue Apr 8 11:10:04 CDT 2003


Hmm,,, I can't think of any simple way of doing it, but you could use a
combination of AuthBy SQL with a ContinueUntilReject policy, & an
AcctSQLStatement in your accounting AuthBy to update an added table with
the elements you are wanting to Query by.

Basically the theory is that you create a new table in your SQL that
stores Username & LastSeen, then that info is populated how you want it
from the accounting data. From there you create an AuthBy SQL that will
query that table against your parameters to allow the connection. Your
AuthBy would have an AuthSelect statement similar to this:

 SELECT NULL AS Password FROM mytable WHERE Username = '%u' AND
(DateDiff(Hour, LastSeen, GetDate()) > 2 ) 

This would only show users that had not connected in the past 2 hours.
So anyone that had would yield a No Such User error and be rejected. You
could also get more complex with the SELECT statement to utilize a
LastSessionTime field; ie: SELECT NULL AS Password FROM mytable WHERE
Username = '%u' AND ( (DateDiff(Hour, LastSeen, GetDate()) > 2 ) OR
(LastSessionTime < 108000) )  Which would allow anyone who had connected
more than 2 hours ago, or whose last session was less than 30 minutes.

Of course there are ways to beat this, a customer who sets up a dialer
script to disconnect and reconnect them every 25 minutes would always be
able to log on.

This also requires that you keep an acurate list of usernames in your
table that stores this extra info that your SQL statement queries. You
will want your AcctSQLStatement to be an UPDATE statement and not an
INSERT statement to keep the row count down, and it will need to UPDATE
based on the Username, and you will need to make sure that when you put
the username into the table for the first time that you do not put NULLS
into the other fields, or else you may not get records unless your SQL
statement is setup to handle NULLs in the comparisons. 

A StoredProcedure may even be a better way to go...

Kinda complex, but entirely doable...

Hope it helps,
Miko


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Hugh Irvine
Sent: Tuesday, April 08, 2003 1:34 AM
To: Nick M. Black
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Limiting time before reconnection



Hello Nick -

I can't think of an easy way to do this - any one else?

regards

Hugh


On Tuesday, Apr 8, 2003, at 18:05 Australia/Melbourne, Nick M. Black 
wrote:

> Hi,
>
> Is there a simple way to stop a user who has been disconnected due to
> a session timeout from being reconnected within a certain time period 
> ??? Or even better, to stop abuse, anyone who has been connected for, 
> say, greater than 30 minutes be stopped from reconnecting.
>
> We are using Platypus with RadiusNT, and AuthBy EMERALD. I am guessing
> it can be done using AuthSelect - am I going on the right lines??
>
> We are currently using Radiator 2.19 running on Redhat 7.3 with
> freetds 0.53, but I was thinking of upgrading to Radiator 3.5 as it 
> will also solve another problem I have
>
> Thanks in advance
>
> Nick Black
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with 'unsubscribe
> radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list