(RADIATOR) Limiting Port Usage

Hugh Irvine hugh at open.com.au
Tue Feb 25 21:52:18 CST 2003


Hello Dave -

You use the AuthBy PORTLIMITCHECK clause in conjunction with your 
existing AuthBy.

Something like this:

<Realm ....>
	AuthByPolicy ContinueWhileAccept
	<AuthBy PORTLIMITCHECK>
		.....
	</AuthBy>
	<AuthBy SQL>
		....
	</AuthBy>
	....
</Realm>


regards

Hugh


On Wednesday, Feb 26, 2003, at 03:50 Australia/Melbourne, Dave Walters 
wrote:

> Hi,
>
> I'm attempting to limit a group of users using a particular realm to a
> specific number of ports. I have a Session Database specified and would
> normally use <AuthBy SQL> to authenticate users.
>
> Having looked through the documantation, it would appear that <AuthBy
> PORTLIMITCHECK> would be to implement the limits I want, however, I
> think I'm missing something along the way (brain fade, I think). How
> does the <AuthBy PORTLIMITCHECK> clause actually check the
> username/password and check/reply attributes?
>
> For example, if my realm is set as follows:
>
> <SessionDatabase SQL>
>         Identifier SDB1
>         DBSource dbi:mysql:radius
>         DBUsername radius
>         DBAuth radius
> </SessionDatabase>
>
> <Realm open.com.au>
>         <AuthBy SQL>
>                 DBSource dbi:mysql:radius
>                 DBUsername radius
>                 DBAuth radius
>                 AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
>                 from SUBSCRIBERS \
>                 where USERNAME=%0
>                 AuthColumnDef 0, User-Password, check
>                 AuthColumnDef 1, GENERIC, check
>                 AuthColumnDef 2, GENERIC, reply
>                 AccountingTable ACCOUNTING
>                 AcctColumnDef   USERNAME,User-Name
>                 AcctColumnDef   TIME_STAMP,Timestamp,integer
>                 AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
>                 AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time
>                 AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets
>                 AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets
>                 AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>                 AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time
>                 AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
>                 AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>                 AcctColumnDef   NASPORT,NAS-Port,integer
>                 AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>         </AuthBy>
> </Realm>
>
> Is it possible to modify this Realm clause to now limit my 
> "open.com.au"
> users to a maximum of 20 ports using <AuthBY PORTLIMITCHECK>?
>
> Hoping you can clear up my understanding,
>
> Many thanks,
>
> Dave Walters
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list