(RADIATOR) Time Restriction

Nathan 'Franko' Franklin radiator_tsn at tsn.cc
Tue Jan 6 17:49:07 CST 2004


> Hugh here is a copy of what you requested.
>
> Thanks
>
> =================== START CONFIG ===================
> Trace 4
> LogStdout
> DictionaryFile dictionary
> AuthPort 1810
> AcctPort 1811
>
> <Client xx>
>  Identifier xx
>  Secret xx
> </client>
> <Handler>
>  PreAuthHook file:"c:\hooks\preAuthHook_Emerald.pl"
>  PostAuthHook file:"c:\hooks\postAuthHook_Emerald.pl"
>  DefaultSimultaneousUse 1
>  <AuthLog SQL>
>                 DBSource  dbi:ODBC:xx
>                 DBUsername      xx
>                 DBAuth          xx
>                 Table radlogs
>                 FailureQuery INSERT into RadLogs
> (Username,Data,NASIdentifier,NASport,CallerID) values
> ('%n','%P','%N','%{NAS-Port}','%{Calling-Station-Id}')
>  </Authlog>
>  <AuthBy EMERALD>
>   DefaultSimultaneousUse 1
>   Identifier AuthByEmerald
>   CaseInsensitivePasswords
>   DBSource dbi:ODBC:xx
>   DBUsername xx
>   DBAuth  xxx
>   # You can add to or change these if you want.
>   AccountingTable radCalls
>   AcctColumnDef UserName,User-Name
>   AcctColumnDef CallDate,Timestamp,integer-date
>   AcctColumnDef AcctStatusType,Acct-Status-Type,integer
>   AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
>   AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
>   AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
>   AcctColumnDef AcctSessionId,Acct-Session-Id
>   AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
>   AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
>   AcctColumnDef NASIdentifier,NAS-IP-Address
>   AcctColumnDef FramedAddress,Framed-IP-Address
>   AcctColumnDef NASPort,NAS-Port,integer
>   AcctColumnDef   AscendSessionKey,Ascend-Session-Svr-Key
>   AcctColumnDef   CallerID,Calling-Station-Id
>   AcctColumnDef   NASPortDNIS,Called-Station-Id
>   AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
>                 AcctColumnDef
> Recievelevel,Annex-Begin-Receive-Line-Level,integer
>                 AcctColumnDef   ConnectSpeed,Connect-Info
>                 AcctColumnDef   Modulation,Annex-Begin-Modulation
>                 AcctColumnDef   NasHost,NAS-Identifier
>   StripFromReply Ascend-Data-Filter
>  </AuthBy>
> </Handler>
> =================== END CONFIG ===================
>
> =================== START TRACE ===================
> Wed Jan  7 10:22:58 2004: DEBUG: Packet dump:
> *** Received from xx port 2909 ....
> Code:       Access-Request
> Identifier: 208
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "day1501"
>         Service-Type = Framed-User
>         NAS-IP-Address = 203.63.154.1
>         NAS-Port = 1234
>         Called-Station-Id = "123456789"
>         Calling-Station-Id = "987654321"
>         NAS-Port-Type = Async
>         User-Password = "$<245>D<14><139><174>`*@lO<212><189><158>m<147>"
>
> Wed Jan  7 10:22:58 2004: DEBUG: Handling request with Handler ''
> Wed Jan  7 10:22:58 2004: DEBUG:  Deleting session for day1501,
> 203.63.154.1, 12
> 34
> Wed Jan  7 10:22:58 2004: DEBUG: do query is: 'delete from RADONLINE with
> (ROWLO
> CK) where NASIDENTIFIER='203.63.154.1' and NASPORT='1234' And
AcctSessionID
> = ''
>  And USERNAME='day1501'':
>
> Wed Jan  7 10:22:58 2004: DEBUG: Start Pre Auth Hook Processing
> Wed Jan  7 10:22:58 2004: DEBUG: Finish Pre Auth Hook Processing
> Wed Jan  7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD
> Wed Jan  7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD:
> AuthByEmeral
> d
> Wed Jan  7 10:22:58 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> saExpireDate
> ),
> DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
sa.AccountType,
> case AT.AccountType when 7 then sa.shellpassword when 8 then
> sa.shellpassword el
> se case when sa.login = 'signup' then null else sa.password end end as
> password,
>  sa.login, sa.shell, sa.TimeLeft
> from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes AT
> with (N
> OLOCK)
> where AT.AccName = UI.AccType
> And UI.Auto = SA.CustomerID
> and (sa.login = 'day1501' or sa.shell = 'day1501')
> and sa.active =1':
>
> Wed Jan  7 10:22:58 2004: DEBUG: Select results: , , 42660, PPP, password,
> day15
> 01, , ,
> Wed Jan  7 10:22:58 2004: DEBUG: Query is: 'select ra.RadAttributeID,
> ra.RadVend
> orID,
> ra.RadVendorType,
> Data, Value, Type, RadCheck
> from RadConfigs rc, RadAttributes ra
> where ra.RadAttributeID = rc.RadAttributeID
> and ra.RadVendorID = rc.RadVendorID
> and ra.RadVendorType = rc.RadVendorType
> and rc.AccountID=42660 and rc.Active=1 Order By RC.OrderPriority
> Desc,RC.RadConf
> igID Asc':
>
> Wed Jan  7 10:22:58 2004: DEBUG: Radius::AuthEMERALD looks for match with
> day150
> 1
> Wed Jan  7 10:22:59 2004: DEBUG: Radius::AuthEMERALD REJECT: Time: not
> within an
>  allowable Time range
> Wed Jan  7 10:22:59 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> saExpireDate
> ),
> DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
sa.AccountType,
> case AT.AccountType when 7 then sa.shellpassword when 8 then
> sa.shellpassword el
> se case when sa.login = 'signup' then null else sa.password end end as
> password,
>  sa.login, sa.shell, sa.TimeLeft
> from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes AT
> with (N
> OLOCK)
> where AT.AccName = UI.AccType
> And UI.Auto = SA.CustomerID
> and (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> and sa.active =1':
>
> Wed Jan  7 10:22:59 2004: DEBUG: Start Hook Processing
> Wed Jan  7 10:22:59 2004: DEBUG: DENY NON DOV ACCOUNTS ACCESSING DOV
NUMBER
> Wed Jan  7 10:22:59 2004: DEBUG: Access-Request 123456789 203.63.154.1
> Wed Jan  7 10:22:59 2004: DEBUG: TIME ONLINE PER HOUR
> Wed Jan  7 10:22:59 2004: DEBUG: Access-Request
> Wed Jan  7 10:22:59 2004: DEBUG: BYTES DOWNLOADED PER HOUR FOR BRONZE
> ACCOUNTS
> Wed Jan  7 10:22:59 2004: DEBUG: Access-Request
> Wed Jan  7 10:22:59 2004: DEBUG: Query is: 'Select Count(*) As RecordCount
> From
> SubAccounts SA,UserInfo UI,AccTypes AT Where UI.Auto = SA.CustomerID And
> UI.AccT
> ype = AT.AccName And AT.AccountType =10 And SA.Login = 'day1501'':
>
> Wed Jan  7 10:22:59 2004: DEBUG: Finish Hook Processing
> Wed Jan  7 10:22:59 2004: INFO: Access rejected for day1501: Time: not
> within an
>  allowable Time range
> Wed Jan  7 10:22:59 2004: DEBUG: do query is: 'INSERT into RadLogs
> (Username,Dat
> a,NASIdentifier,NASport,CallerID) values
> ('day1501','password','203.63.154.1','1
> 234','987654321')':
>
> Wed Jan  7 10:22:59 2004: DEBUG: Packet dump:
> *** Sending to xx port 2909 ....
> Code:       Access-Reject
> Identifier: 208
> Authentic:  1234567890123456
> Attributes:
>         Reply-Message = "Request Denied"
> =================== END TRACE ===================
>
> Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
> nathanfranko at hotmail.com 'Great managers meet deadlines and make money.
> Great leaders meet the challenge and make history.'
> ----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> Cc: <radiator at open.com.au>
> Sent: Wednesday, January 07, 2004 10:21 AM
> Subject: Re: (RADIATOR) Time Restriction
>
>
>
> Hello Nathan -
>
> I will need to see a copy of the configuration file (no secrets)
> together with a trace 4 debug showing what is happening.
>
> I suspect the configuration is not set up to check the time properly.
>
> regards
>
> Hugh
>
>
> On 07/01/2004, at 8:45 AM, Nathan 'Franko' Franklin wrote:
>
> > Hello List,
> >
> > I am trying to set up restriction for logins based on a certain time
> > period of the day..
> > But it is rejecting my log in
> > I try to log on at 8:30am and this is what happens
> >
> > Wed Jan 7 08:37:37 2004: INFO: Access rejected for day1501: Time: not
> > within an
> > allowable Time range
> >
> > Here is a list of attibutes on the account
> >
> >
> > RadConfigID
> > AccountID
> > RadAttributeID
> > RadVendorID
> > RadVendorType
> > Data
> > Value
> > RadCheck
> > Active
> > OrderPriority
> > LastChange
> >
> > 108167
> > 42660
> > 90480013
> > 0
> > 0
> > Al0000-1600
> > 2
> > 1
> > True
> > 1
> > 6/01/2004 3:21:32 PM
> >
> > 108168
> > 42660
> > 27
> > 0
> > 0
> > until Time
> > 2
> > 0
> > True
> > 1
> > 6/01/2004 3:22:07 PM
> >
> > 108169
> > 42660
> > 6
> > 0
> > 0
> > 2
> > 2
> > 0
> > True
> > 1
> > 6/01/2004 3:39:41 PM
> >
> > 108170
> > 42660
> > 7
> > 0
> > 0
> > 1
> > 1
> > 0
> > True
> > 1
> > 6/01/2004 3:39:41 PM
> >
> >
> > I am using radiator 3.7.1
> >
> > Any help would be great..
> >
> > Thanks
> >
> > Kind Regards
> >
> > Nathan Franklin
> > TSN Internet
> > nathan at tsn.cc
> > MSN:nathanfranko at hotmail.com
> >
> > 'Great managers meet deadlines and make money. Great leaders meet the
> > challenge and make history.'
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list