(RADIATOR) AuthBy Policy and Accounting

Jaime Elizaga Jr. chaos at flash.net.ph
Thu Apr 10 01:46:42 CDT 2003 

Hi,

I want to authenticate two types of users using AuthBy Policy.  Here is my config..

<Handler>
     MaxSessions 1
     PasswordLogFileName   xxxx
     SessionDatabase   SDB1
     AuthByPolicy ContinueWhileReject

     <AuthBy SQL>

        DBSource        dbi:mysql:DB1
        DBUsername    xxxxxxxxxxxxx
        DBAuth          xxxxxxxxxxxxxx
        
        ##### Authentication ###########
        AuthSelect      select password, MAXTIME from SUBSCRIBERS where username='%n' \ 
                        and (MFLAG='M' or MFLAG='F' or MFLAG='S' or MFLAG='U') and MAXTIME>30
        AuthColumnDef 0, User-Password, check
        AuthColumnDef 1, Session-Timeout, reply

        # You may want to tailor these for your ACCOUNTING table
        # You can add your own columns to store whatever you like
        AccountingTable ACCOUNTING
        AccountingStopsOnly
        AcctColumnDef   USERNAME,User-Name
        AcctColumnDef   TIME_STAMP,Timestamp,integer
        AcctColumnDef   A_STAT_TYP,Acct-Status-Type
        AcctColumnDef   A_SES_ID,Acct-Session-Id
        AcctColumnDef   A_SES_TIME,Acct-Session-Time,integer
        AcctColumnDef   A_TERM_CAUSE,Ascend-Disconnect-Cause
        AcctColumnDef   NAS_ID,NAS-IP-Address
        AcctColumnDef   NAS_PORT,NAS-Port,integer
        AcctColumnDef   F_IP_ADD,Framed-IP-Address
        AcctColumnDef   CALLER_ID,Calling-Station-Id
        AcctColumnDef   CALLED_STATION,Called-Station-Id
        AcctColumnDef   1X,tot1x,integer
        AcctColumnDef   2X,tot2x,integer
        AcctColumnDef   3X,tot3x,integer
        AcctColumnDef   TIME_START,time-start,integer


        AcctSQLStatement update SUBSCRIBERS set MAXTIME=MAXTIME-0%{Acct-Session-Time}, LAST_USE=from_unixtime(0%b), \ 
                         LAST_SESSION_ID='%{Acct-Session-Id}' where USERNAME='%n' and '%{Acct-Status-Type}'='Stop' \
                         and (LAST_SESSION_ID IS NULL  OR LAST_SESSION_ID<>'%{Acct-Session-Id}')   

        AcctSQLStatement update SUBSCRIBERS set FIRST_USE=from_unixtime(0%b-0%{Acct-Session-Time}) \
                         where USERNAME='%U' and FIRST_USE=0 
       
         AcctSQLStatement update SUBSCRIBERS SET OPFLAG = '1' WHERE USERNAME='%n' AND \
                         ('%{Ascend-Disconnect-Cause}'='sessTimeOut' or '%{Ascend-Disconnect-Cause}'='maxCallDuration' \
                         or '%{Acct-Terminate-Cause}'='Session-Timeout') AND MFLAG='M' AND MAXTIME < 30 \
                         AND FIRST_USE > '2003-04-08 00:00:00'       

        DefaultReply Service-Type=Framed-User, Framed-Protocol=PPP,  Framed-Routing=None, Framed-MTU=576
        AddToReply    Service-Type=Framed-User, Framed-Protocol=PPP,  Framed-Routing=None

        Timeout 4 
    </AuthBy>

    <AuthBy SQL>
        # Adjust DBSource, DBUsername, DBAuth to suit your DB

        DBSource        dbi:mysql:DB1
        DBUsername    xxxxxxx
        DBAuth          xxxxxxx
       
        AuthSelect      select password, if(('32400' - time_to_sec(curtime())) > FREETIME, FREETIME, 'until 0900') \ 
                        from SUBSCRIBERS WHERE USERNAME ='%U' and OPFLAG='1' and curtime() between "01:00:00" and "09:00:00" \
                        and (MFLAG='M' or MFLAG='F' or MFLAG='S' or MFLAG='U') and FREETIME>30 and \
                        (OP_FIRST_USE = 0 OR TO_DAYS(NOW()) - TO_DAYS(OP_FIRST_USE) <= 90)

        AuthColumnDef 0, User-Password, check
        AuthColumnDef 1, Session-Timeout, reply

        AccountingTable OP_ACCT
        AccountingStopsOnly
        AcctColumnDef   USERNAME,User-Name
        AcctColumnDef   TIME_STAMP,Timestamp,integer
        AcctColumnDef   A_STAT_TYP,Acct-Status-Type
        AcctColumnDef   A_SES_ID,Acct-Session-Id
        AcctColumnDef   A_SES_TIME,Acct-Session-Time,integer
        AcctColumnDef   A_TERM_CAUSE,Ascend-Disconnect-Cause
        AcctColumnDef   NAS_ID,NAS-IP-Address
        AcctColumnDef   NAS_PORT,NAS-Port,integer
        AcctColumnDef   F_IP_ADD,Framed-IP-Address
        AcctColumnDef   CALLER_ID,Calling-Station-Id
        AcctColumnDef   CALLED_STATION,Called-Station-Id
        AcctColumnDef   1X,tot1x,integer
        AcctColumnDef   2X,tot2x,integer
        AcctColumnDef   3X,tot3x,integer
        AcctColumnDef   TIME_START,time-start,integer

        AcctSQLStatement update SUBSCRIBERS set FREETIME=FREETIME-0%{Acct-Session-Time}, LAST_USE=from_unixtime(0%b), \ 
                         LAST_SESSION_ID='%{Acct-Session-Id}' where USERNAME='%U' and '%{Acct-Status-Type}'='Stop' \
                         and (LAST_SESSION_ID IS NULL  OR LAST_SESSION_ID<>'%{Acct-Session-Id}')   
        AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,  Framed-Routing=None, Framed-MTU=576

        Timeout 4 
    </AuthBy>
</Handler>


I have no problem with the authentication.. when the first <authby> rejects the user, radiator automatically pushes on to the next authby.  But my problem is with accounting.  It seems that when the user gets authenticated by the second authby, all the accounting for the connection gets handled by the acccounting of the first authby and not the second.. 

Does anyone hae any idea on how to go about this? Thanks! 


Best Regards,

Jaime Elizaga Jr.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030410/12e80cbc/attachment.html>

More information about the radiator mailing list