(RADIATOR) Time Restriction

Nathan 'Franko' Franklin radiator_tsn at tsn.cc
Tue Jan 6 20:21:59 CST 2004


Hugh,

No Time attributes work.

Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
nathanfranko at hotmail.com 'Great managers meet deadlines and mak money.
Great leaders meet the challenge and make history.'
----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> Sent: Wednesday, January 07, 2004 11:45 AM
> Subject: Re: (RADIATOR) Time Restriction
>
>
> >
> > Hello Nathan -
> >
> > Thanks for the configuration and the trace.
> >
> > Does this only happen for this particular check item? Or do other Time
> > checks work correctly?
> >
> > I'm wondering whether the string "Al0000-1600" is getting munged during
> > processing.
> >
> > regards
> >
> > Hugh
> >
> >
> > On 07/01/2004, at 10:32 AM, Nathan 'Franko' Franklin wrote:
> >
> > > Hugh here is a copy of what you requested.
> > >
> > > Thanks
> > >
> > > =================== START CONFIG ===================
> > > Trace 4
> > > LogStdout
> > > DictionaryFile dictionary
> > > AuthPort 1810
> > > AcctPort 1811
> > >
> > > <Client xx>
> > >  Identifier xx
> > >  Secret xx
> > > </client>
> > > <Handler>
> > >  PreAuthHook file:"c:\hooks\preAuthHook_Emerald.pl"
> > >  PostAuthHook file:"c:\hooks\postAuthHook_Emerald.pl"
> > >  DefaultSimultaneousUse 1
> > >  <AuthLog SQL>
> > >                 DBSource  dbi:ODBC:xx
> > >                 DBUsername      xx
> > >                 DBAuth          xx
> > >                 Table radlogs
> > >                 FailureQuery INSERT into RadLogs
> > > (Username,Data,NASIdentifier,NASport,CallerID) values
> > > ('%n','%P','%N','%{NAS-Port}','%{Calling-Station-Id}')
> > >  </Authlog>
> > >  <AuthBy EMERALD>
> > >   DefaultSimultaneousUse 1
> > >   Identifier AuthByEmerald
> > >   CaseInsensitivePasswords
> > >   DBSource dbi:ODBC:xx
> > >   DBUsername xx
> > >   DBAuth  xxx
> > >   # You can add to or change these if you want.
> > >   AccountingTable radCalls
> > >   AcctColumnDef UserName,User-Name
> > >   AcctColumnDef CallDate,Timestamp,integer-date
> > >   AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> > >   AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> > >   AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
> > >   AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
> > >   AcctColumnDef AcctSessionId,Acct-Session-Id
> > >   AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
> > >   AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
> > >   AcctColumnDef NASIdentifier,NAS-IP-Address
> > >   AcctColumnDef FramedAddress,Framed-IP-Address
> > >   AcctColumnDef NASPort,NAS-Port,integer
> > >   AcctColumnDef   AscendSessionKey,Ascend-Session-Svr-Key
> > >   AcctColumnDef   CallerID,Calling-Station-Id
> > >   AcctColumnDef   NASPortDNIS,Called-Station-Id
> > >   AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> > >                 AcctColumnDef
> > > Recievelevel,Annex-Begin-Receive-Line-Level,integer
> > >                 AcctColumnDef   ConnectSpeed,Connect-Info
> > >                 AcctColumnDef   Modulation,Annex-Begin-Modulation
> > >                 AcctColumnDef   NasHost,NAS-Identifier
> > >   StripFromReply Ascend-Data-Filter
> > >  </AuthBy>
> > > </Handler>
> > > =================== END CONFIG ===================
> > >
> > > =================== START TRACE ===================
> > > Wed Jan  7 10:22:58 2004: DEBUG: Packet dump:
> > > *** Received from xx port 2909 ....
> > > Code:       Access-Request
> > > Identifier: 208
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         User-Name = "day1501"
> > >         Service-Type = Framed-User
> > >         NAS-IP-Address = 203.63.154.1
> > >         NAS-Port = 1234
> > >         Called-Station-Id = "123456789"
> > >         Calling-Station-Id = "987654321"
> > >         NAS-Port-Type = Async
> > >         User-Password =
> > > "$<245>D<14><139><174>`*@lO<212><189><158>m<147>"
> > >
> > > Wed Jan  7 10:22:58 2004: DEBUG: Handling request with Handler ''
> > > Wed Jan  7 10:22:58 2004: DEBUG:  Deleting session for day1501,
> > > 203.63.154.1, 12
> > > 34
> > > Wed Jan  7 10:22:58 2004: DEBUG: do query is: 'delete from RADONLINE
> > > with
> > > (ROWLO
> > > CK) where NASIDENTIFIER='203.63.154.1' and NASPORT='1234' And
> > > AcctSessionID
> > > = ''
> > >  And USERNAME='day1501'':
> > >
> > > Wed Jan  7 10:22:58 2004: DEBUG: Start Pre Auth Hook Processing
> > > Wed Jan  7 10:22:58 2004: DEBUG: Finish Pre Auth Hook Processing
> > > Wed Jan  7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD
> > > Wed Jan  7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD:
> > > AuthByEmeral
> > > d
> > > Wed Jan  7 10:22:58 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> > > saExpireDate
> > > ),
> > > DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> > > sa.AccountType,
> > > case AT.AccountType when 7 then sa.shellpassword when 8 then
> > > sa.shellpassword el
> > > se case when sa.login = 'signup' then null else sa.password end end as
> > > password,
> > >  sa.login, sa.shell, sa.TimeLeft
> > > from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes
> > > AT
> > > with (N
> > > OLOCK)
> > > where AT.AccName = UI.AccType
> > > And UI.Auto = SA.CustomerID
> > > and (sa.login = 'day1501' or sa.shell = 'day1501')
> > > and sa.active =1':
> > >
> > > Wed Jan  7 10:22:58 2004: DEBUG: Select results: , , 42660, PPP,
> > > password,
> > > day15
> > > 01, , ,
> > > Wed Jan  7 10:22:58 2004: DEBUG: Query is: 'select ra.RadAttributeID,
> > > ra.RadVend
> > > orID,
> > > ra.RadVendorType,
> > > Data, Value, Type, RadCheck
> > > from RadConfigs rc, RadAttributes ra
> > > where ra.RadAttributeID = rc.RadAttributeID
> > > and ra.RadVendorID = rc.RadVendorID
> > > and ra.RadVendorType = rc.RadVendorType
> > > and rc.AccountID=42660 and rc.Active=1 Order By RC.OrderPriority
> > > Desc,RC.RadConf
> > > igID Asc':
> > >
> > > Wed Jan  7 10:22:58 2004: DEBUG: Radius::AuthEMERALD looks for match
> > > with
> > > day150
> > > 1
> > > Wed Jan  7 10:22:59 2004: DEBUG: Radius::AuthEMERALD REJECT: Time: not
> > > within an
> > >  allowable Time range
> > > Wed Jan  7 10:22:59 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> > > saExpireDate
> > > ),
> > > DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> > > sa.AccountType,
> > > case AT.AccountType when 7 then sa.shellpassword when 8 then
> > > sa.shellpassword el
> > > se case when sa.login = 'signup' then null else sa.password end end as
> > > password,
> > >  sa.login, sa.shell, sa.TimeLeft
> > > from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes
> > > AT
> > > with (N
> > > OLOCK)
> > > where AT.AccName = UI.AccType
> > > And UI.Auto = SA.CustomerID
> > > and (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> > > and sa.active =1':
> > >
> > > Wed Jan  7 10:22:59 2004: DEBUG: Start Hook Processing
> > > Wed Jan  7 10:22:59 2004: DEBUG: DENY NON DOV ACCOUNTS ACCESSING DOV
> > > NUMBER
> > > Wed Jan  7 10:22:59 2004: DEBUG: Access-Request 123456789 203.63.154.1
> > > Wed Jan  7 10:22:59 2004: DEBUG: TIME ONLINE PER HOUR
> > > Wed Jan  7 10:22:59 2004: DEBUG: Access-Request
> > > Wed Jan  7 10:22:59 2004: DEBUG: BYTES DOWNLOADED PER HOUR FOR BRONZE
> > > ACCOUNTS
> > > Wed Jan  7 10:22:59 2004: DEBUG: Access-Request
> > > Wed Jan  7 10:22:59 2004: DEBUG: Query is: 'Select Count(*) As
> > > RecordCount
> > > From
> > > SubAccounts SA,UserInfo UI,AccTypes AT Where UI.Auto = SA.CustomerID
> > > And
> > > UI.AccT
> > > ype = AT.AccName And AT.AccountType =10 And SA.Login = 'day1501'':
> > >
> > > Wed Jan  7 10:22:59 2004: DEBUG: Finish Hook Processing
> > > Wed Jan  7 10:22:59 2004: INFO: Access rejected for day1501: Time: not
> > > within an
> > >  allowable Time range
> > > Wed Jan  7 10:22:59 2004: DEBUG: do query is: 'INSERT into RadLogs
> > > (Username,Dat
> > > a,NASIdentifier,NASport,CallerID) values
> > > ('day1501','password','203.63.154.1','1
> > > 234','987654321')':
> > >
> > > Wed Jan  7 10:22:59 2004: DEBUG: Packet dump:
> > > *** Sending to xx port 2909 ....
> > > Code:       Access-Reject
> > > Identifier: 208
> > > Authentic:  1234567890123456
> > > Attributes:
> > >         Reply-Message = "Request Denied"
> > > =================== END TRACE ===================
> > >
> > > Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
> > > nathanfranko at hotmail.com 'Great managers meet deadlines and make
money.
> > > Great leaders meet the challenge and make history.'
> > > ----- Original Message -----
> > > From: "Hugh Irvine" <hugh at open.com.au>
> > > To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> > > Cc: <radiator at open.com.au>
> > > Sent: Wednesday, January 07, 2004 10:21 AM
> > > Subject: Re: (RADIATOR) Time Restriction
> > >
> > >
> > >
> > > Hello Nathan -
> > >
> > > I will need to see a copy of the configuration file (no secrets)
> > > together with a trace 4 debug showing what is happening.
> > >
> > > I suspect the configuration is not set up to check the time properly.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > >
> > > On 07/01/2004, at 8:45 AM, Nathan 'Franko' Franklin wrote:
> > >
> > >> Hello List,
> > >>
> > >> I am trying to set up restriction for logins based on a certain time
> > >> period of the day..
> > >> But it is rejecting my log in
> > >> I try to log on at 8:30am and this is what happens
> > >>
> > >> Wed Jan 7 08:37:37 2004: INFO: Access rejected for day1501: Time: not
> > >> within an
> > >> allowable Time range
> > >>
> > >> Here is a list of attibutes on the account
> > >>
> > >>
> > >> RadConfigID
> > >> AccountID
> > >> RadAttributeID
> > >> RadVendorID
> > >> RadVendorType
> > >> Data
> > >> Value
> > >> RadCheck
> > >> Active
> > >> OrderPriority
> > >> LastChange
> > >>
> > >> 108167
> > >> 42660
> > >> 90480013
> > >> 0
> > >> 0
> > >> Al0000-1600
> > >> 2
> > >> 1
> > >> True
> > >> 1
> > >> 6/01/2004 3:21:32 PM
> > >>
> > >> 108168
> > >> 42660
> > >> 27
> > >> 0
> > >> 0
> > >> until Time
> > >> 2
> > >> 0
> > >> True
> > >> 1
> > >> 6/01/2004 3:22:07 PM
> > >>
> > >> 108169
> > >> 42660
> > >> 6
> > >> 0
> > >> 0
> > >> 2
> > >> 2
> > >> 0
> > >> True
> > >> 1
> > >> 6/01/2004 3:39:41 PM
> > >>
> > >> 108170
> > >> 42660
> > >> 7
> > >> 0
> > >> 0
> > >> 1
> > >> 1
> > >> 0
> > >> True
> > >> 1
> > >> 6/01/2004 3:39:41 PM
> > >>
> > >>
> > >> I am using radiator 3.7.1
> > >>
> > >> Any help would be great..
> > >>
> > >> Thanks
> > >>
> > >> Kind Regards
> > >>
> > >> Nathan Franklin
> > >> TSN Internet
> > >> nathan at tsn.cc
> > >> MSN:nathanfranko at hotmail.com
> > >>
> > >> 'Great managers meet deadlines and make money. Great leaders meet the
> > >> challenge and make history.'
> > >>
> > >
> > > NB: have you included a copy of your configuration file (no secrets),
> > > together with a trace 4 debug showing what is happening?
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > -
> > > CATool: Private Certificate Authority for Unix and Unix-like systems.
> > >
> > >
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> >
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list