(RADIATOR) AuthBy Policy and Accounting
Hugh Irvine
hugh at open.com.au
Thu Apr 10 07:37:37 CDT 2003
Hello Jaime -
This has been discussed on the mailing list before, but here is what to
do:
<AuthBy SQL>
Identifier Type1
DBSource dbi:mysql:DB1
DBUsername xxxxxxxxxxxxx
DBAuth xxxxxxxxxxxxxx
##### Authentication ###########
AuthSelect select password, MAXTIME from SUBSCRIBERS where
username='%n' \
and (MFLAG='M' or MFLAG='F' or MFLAG='S' or
MFLAG='U') and MAXTIME>30
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
# You may want to tailor these for your ACCOUNTING table
# You can add your own columns to store whatever you like
AccountingTable ACCOUNTING
AccountingStopsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef A_STAT_TYP,Acct-Status-Type
AcctColumnDef A_SES_ID,Acct-Session-Id
AcctColumnDef A_SES_TIME,Acct-Session-Time,integer
AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause
AcctColumnDef NAS_ID,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef F_IP_ADD,Framed-IP-Address
AcctColumnDef CALLER_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION,Called-Station-Id
AcctColumnDef 1X,tot1x,integer
AcctColumnDef 2X,tot2x,integer
AcctColumnDef 3X,tot3x,integer
AcctColumnDef TIME_START,time-start,integer
AcctSQLStatement update SUBSCRIBERS set
MAXTIME=MAXTIME-0%{Acct-Session-Time}, LAST_USE=from_unixtime(0%b), \
LAST_SESSION_ID='%{Acct-Session-Id}' where
USERNAME='%n' and '%{Acct-Status-Type}'='Stop' \
and (LAST_SESSION_ID IS NULL OR
LAST_SESSION_ID<>'%{Acct-Session-Id}')
AcctSQLStatement update SUBSCRIBERS set
FIRST_USE=from_unixtime(0%b-0%{Acct-Session-Time}) \
where USERNAME='%U' and FIRST_USE=0
AcctSQLStatement update SUBSCRIBERS SET OPFLAG = '1' WHERE
USERNAME='%n' AND \
('%{Ascend-Disconnect-Cause}'='sessTimeOut' or
'%{Ascend-Disconnect-Cause}'='maxCallDuration' \
or
'%{Acct-Terminate-Cause}'='Session-Timeout') AND MFLAG='M' AND MAXTIME
< 30 \
AND FIRST_USE > '2003-04-08 00:00:00'
DefaultReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-Routing=None, Framed-MTU=576
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-Routing=None
Timeout 4
</AuthBy>
<AuthBy SQL>
Identifier Type2
# Adjust DBSource, DBUsername, DBAuth to suit your DB
DBSource dbi:mysql:DB1
DBUsername xxxxxxx
DBAuth xxxxxxx
AuthSelect select password, if(('32400' -
time_to_sec(curtime())) > FREETIME, FREETIME, 'until 0900') \
from SUBSCRIBERS WHERE USERNAME ='%U' and
OPFLAG='1' and curtime() between "01:00:00" and "09:00:00" \
and (MFLAG='M' or MFLAG='F' or MFLAG='S' or
MFLAG='U') and FREETIME>30 and \
(OP_FIRST_USE = 0 OR TO_DAYS(NOW()) -
TO_DAYS(OP_FIRST_USE) <= 90)
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, Session-Timeout, reply
AccountingTable OP_ACCT
AccountingStopsOnly
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef A_STAT_TYP,Acct-Status-Type
AcctColumnDef A_SES_ID,Acct-Session-Id
AcctColumnDef A_SES_TIME,Acct-Session-Time,integer
AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause
AcctColumnDef NAS_ID,NAS-IP-Address
AcctColumnDef NAS_PORT,NAS-Port,integer
AcctColumnDef F_IP_ADD,Framed-IP-Address
AcctColumnDef CALLER_ID,Calling-Station-Id
AcctColumnDef CALLED_STATION,Called-Station-Id
AcctColumnDef 1X,tot1x,integer
AcctColumnDef 2X,tot2x,integer
AcctColumnDef 3X,tot3x,integer
AcctColumnDef TIME_START,time-start,integer
AcctSQLStatement update SUBSCRIBERS set
FREETIME=FREETIME-0%{Acct-Session-Time}, LAST_USE=from_unixtime(0%b), \
LAST_SESSION_ID='%{Acct-Session-Id}' where
USERNAME='%U' and '%{Acct-Status-Type}'='Stop' \
and (LAST_SESSION_ID IS NULL OR
LAST_SESSION_ID<>'%{Acct-Session-Id}')
AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
Framed-Routing=None, Framed-MTU=576
Timeout 4
</AuthBy>
<Handler Class = Type1>
AuthBy Type1
SessionDatabase SDB1
</Handler>
<Handler Class = Type2>
AuthBy Type2
SessionDatabase SDB1
</Handler>
<Handler>
MaxSessions 1
PasswordLogFileName xxxx
SessionDatabase SDB1
AuthByPolicy ContinueWhileReject
AuthBy Type1
AuthBy Type2
</Handler>
regards
Hugh
On Thursday, Apr 10, 2003, at 16:46 Australia/Melbourne, Jaime Elizaga
Jr. wrote:
> Hi,
>
> I want to authenticate two types of users using AuthBy Policy. Here
> is my config..
>
> <Handler>
> MaxSessions 1
> PasswordLogFileName xxxx
> SessionDatabase SDB1
> AuthByPolicy ContinueWhileReject
>
> <AuthBy SQL>
> DBSource dbi:mysql:DB1
> DBUsername xxxxxxxxxxxxx
> DBAuth xxxxxxxxxxxxxx
>
> ##### Authentication ###########
> AuthSelect select password, MAXTIME from SUBSCRIBERS
> where username='%n' \
> and (MFLAG='M' or MFLAG='F' or MFLAG='S' or
> MFLAG='U') and MAXTIME>30
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Session-Timeout, reply
>
> # You may want to tailor these for your ACCOUNTING table
> # You can add your own columns to store whatever you like
> AccountingTable ACCOUNTING
> AccountingStopsOnly
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef A_STAT_TYP,Acct-Status-Type
> AcctColumnDef A_SES_ID,Acct-Session-Id
> AcctColumnDef A_SES_TIME,Acct-Session-Time,integer
> AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause
> AcctColumnDef NAS_ID,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef F_IP_ADD,Framed-IP-Address
> AcctColumnDef CALLER_ID,Calling-Station-Id
> AcctColumnDef CALLED_STATION,Called-Station-Id
> AcctColumnDef 1X,tot1x,integer
> AcctColumnDef 2X,tot2x,integer
> AcctColumnDef 3X,tot3x,integer
> AcctColumnDef TIME_START,time-start,integer
>
>
> AcctSQLStatement update SUBSCRIBERS set
> MAXTIME=MAXTIME-0%{Acct-Session-Time}, LAST_USE=from_unixtime(0%b), \
> LAST_SESSION_ID='%{Acct-Session-Id}' where
> USERNAME='%n' and '%{Acct-Status-Type}'='Stop' \
> and (LAST_SESSION_ID IS NULL OR
> LAST_SESSION_ID<>'%{Acct-Session-Id}')
>
> AcctSQLStatement update SUBSCRIBERS set
> FIRST_USE=from_unixtime(0%b-0%{Acct-Session-Time}) \
> where USERNAME='%U' and FIRST_USE=0
>
> AcctSQLStatement update SUBSCRIBERS SET OPFLAG = '1' WHERE
> USERNAME='%n' AND \
> ('%{Ascend-Disconnect-Cause}'='sessTimeOut'
> or '%{Ascend-Disconnect-Cause}'='maxCallDuration' \
> or
> '%{Acct-Terminate-Cause}'='Session-Timeout') AND MFLAG='M' AND MAXTIME
> < 30 \
> AND FIRST_USE > '2003-04-08 00:00:00'
>
> DefaultReply Service-Type=Framed-User, Framed-Protocol=PPP,
> Framed-Routing=None, Framed-MTU=576
> AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
> Framed-Routing=None
>
> Timeout 4
> </AuthBy>
>
> <AuthBy SQL>
> # Adjust DBSource, DBUsername, DBAuth to suit your DB
>
> DBSource dbi:mysql:DB1
> DBUsername xxxxxxx
> DBAuth xxxxxxx
>
> AuthSelect select password, if(('32400' -
> time_to_sec(curtime())) > FREETIME, FREETIME, 'until 0900') \
> from SUBSCRIBERS WHERE USERNAME ='%U' and
> OPFLAG='1' and curtime() between "01:00:00" and "09:00:00" \
> and (MFLAG='M' or MFLAG='F' or MFLAG='S' or
> MFLAG='U') and FREETIME>30 and \
> (OP_FIRST_USE = 0 OR TO_DAYS(NOW()) -
> TO_DAYS(OP_FIRST_USE) <= 90)
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Session-Timeout, reply
>
> AccountingTable OP_ACCT
> AccountingStopsOnly
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef A_STAT_TYP,Acct-Status-Type
> AcctColumnDef A_SES_ID,Acct-Session-Id
> AcctColumnDef A_SES_TIME,Acct-Session-Time,integer
> AcctColumnDef A_TERM_CAUSE,Ascend-Disconnect-Cause
> AcctColumnDef NAS_ID,NAS-IP-Address
> AcctColumnDef NAS_PORT,NAS-Port,integer
> AcctColumnDef F_IP_ADD,Framed-IP-Address
> AcctColumnDef CALLER_ID,Calling-Station-Id
> AcctColumnDef CALLED_STATION,Called-Station-Id
> AcctColumnDef 1X,tot1x,integer
> AcctColumnDef 2X,tot2x,integer
> AcctColumnDef 3X,tot3x,integer
> AcctColumnDef TIME_START,time-start,integer
>
> AcctSQLStatement update SUBSCRIBERS set
> FREETIME=FREETIME-0%{Acct-Session-Time}, LAST_USE=from_unixtime(0%b), > \
> LAST_SESSION_ID='%{Acct-Session-Id}' where
> USERNAME='%U' and '%{Acct-Status-Type}'='Stop' \
> and (LAST_SESSION_ID IS NULL OR
> LAST_SESSION_ID<>'%{Acct-Session-Id}')
> AddToReply Service-Type=Framed-User, Framed-Protocol=PPP,
> Framed-Routing=None, Framed-MTU=576
>
> Timeout 4
> </AuthBy>
> </Handler>
>
>
> I have no problem with the authentication.. when the first <authby>
> rejects the user, radiator automatically pushes on to the next
> authby. But my problem is with accounting. It seems that when the
> user gets authenticated by the second authby, all the accounting for
> the connection gets handled by the acccounting of the first authby and
> not the second..
>
> Does anyone hae any idea on how to go about this? Thanks!
>
>
> Best Regards,
>
> Jaime Elizaga Jr.
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 11716 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030410/f2e6e6f1/attachment.bin>
More information about the radiator
mailing list