(RADIATOR) Time Restriction
Nathan 'Franko' Franklin
radiator_tsn at tsn.cc
Tue Jan 6 20:21:59 CST 2004
Hugh,
No Time attributes work.
Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
nathanfranko at hotmail.com 'Great managers meet deadlines and mak money.
Great leaders meet the challenge and make history.'
----- Original Message -----
> From: "Hugh Irvine" <hugh at open.com.au>
> To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> Sent: Wednesday, January 07, 2004 11:45 AM
> Subject: Re: (RADIATOR) Time Restriction
>
>
> >
> > Hello Nathan -
> >
> > Thanks for the configuration and the trace.
> >
> > Does this only happen for this particular check item? Or do other Time
> > checks work correctly?
> >
> > I'm wondering whether the string "Al0000-1600" is getting munged during
> > processing.
> >
> > regards
> >
> > Hugh
> >
> >
> > On 07/01/2004, at 10:32 AM, Nathan 'Franko' Franklin wrote:
> >
> > > Hugh here is a copy of what you requested.
> > >
> > > Thanks
> > >
> > > =================== START CONFIG ===================
> > > Trace 4
> > > LogStdout
> > > DictionaryFile dictionary
> > > AuthPort 1810
> > > AcctPort 1811
> > >
> > > <Client xx>
> > > Identifier xx
> > > Secret xx
> > > </client>
> > > <Handler>
> > > PreAuthHook file:"c:\hooks\preAuthHook_Emerald.pl"
> > > PostAuthHook file:"c:\hooks\postAuthHook_Emerald.pl"
> > > DefaultSimultaneousUse 1
> > > <AuthLog SQL>
> > > DBSource dbi:ODBC:xx
> > > DBUsername xx
> > > DBAuth xx
> > > Table radlogs
> > > FailureQuery INSERT into RadLogs
> > > (Username,Data,NASIdentifier,NASport,CallerID) values
> > > ('%n','%P','%N','%{NAS-Port}','%{Calling-Station-Id}')
> > > </Authlog>
> > > <AuthBy EMERALD>
> > > DefaultSimultaneousUse 1
> > > Identifier AuthByEmerald
> > > CaseInsensitivePasswords
> > > DBSource dbi:ODBC:xx
> > > DBUsername xx
> > > DBAuth xxx
> > > # You can add to or change these if you want.
> > > AccountingTable radCalls
> > > AcctColumnDef UserName,User-Name
> > > AcctColumnDef CallDate,Timestamp,integer-date
> > > AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> > > AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> > > AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
> > > AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
> > > AcctColumnDef AcctSessionId,Acct-Session-Id
> > > AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
> > > AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
> > > AcctColumnDef NASIdentifier,NAS-IP-Address
> > > AcctColumnDef FramedAddress,Framed-IP-Address
> > > AcctColumnDef NASPort,NAS-Port,integer
> > > AcctColumnDef AscendSessionKey,Ascend-Session-Svr-Key
> > > AcctColumnDef CallerID,Calling-Station-Id
> > > AcctColumnDef NASPortDNIS,Called-Station-Id
> > > AcctColumnDef SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> > > AcctColumnDef
> > > Recievelevel,Annex-Begin-Receive-Line-Level,integer
> > > AcctColumnDef ConnectSpeed,Connect-Info
> > > AcctColumnDef Modulation,Annex-Begin-Modulation
> > > AcctColumnDef NasHost,NAS-Identifier
> > > StripFromReply Ascend-Data-Filter
> > > </AuthBy>
> > > </Handler>
> > > =================== END CONFIG ===================
> > >
> > > =================== START TRACE ===================
> > > Wed Jan 7 10:22:58 2004: DEBUG: Packet dump:
> > > *** Received from xx port 2909 ....
> > > Code: Access-Request
> > > Identifier: 208
> > > Authentic: 1234567890123456
> > > Attributes:
> > > User-Name = "day1501"
> > > Service-Type = Framed-User
> > > NAS-IP-Address = 203.63.154.1
> > > NAS-Port = 1234
> > > Called-Station-Id = "123456789"
> > > Calling-Station-Id = "987654321"
> > > NAS-Port-Type = Async
> > > User-Password =
> > > "$<245>D<14><139><174>`*@lO<212><189><158>m<147>"
> > >
> > > Wed Jan 7 10:22:58 2004: DEBUG: Handling request with Handler ''
> > > Wed Jan 7 10:22:58 2004: DEBUG: Deleting session for day1501,
> > > 203.63.154.1, 12
> > > 34
> > > Wed Jan 7 10:22:58 2004: DEBUG: do query is: 'delete from RADONLINE
> > > with
> > > (ROWLO
> > > CK) where NASIDENTIFIER='203.63.154.1' and NASPORT='1234' And
> > > AcctSessionID
> > > = ''
> > > And USERNAME='day1501'':
> > >
> > > Wed Jan 7 10:22:58 2004: DEBUG: Start Pre Auth Hook Processing
> > > Wed Jan 7 10:22:58 2004: DEBUG: Finish Pre Auth Hook Processing
> > > Wed Jan 7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD
> > > Wed Jan 7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD:
> > > AuthByEmeral
> > > d
> > > Wed Jan 7 10:22:58 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> > > saExpireDate
> > > ),
> > > DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> > > sa.AccountType,
> > > case AT.AccountType when 7 then sa.shellpassword when 8 then
> > > sa.shellpassword el
> > > se case when sa.login = 'signup' then null else sa.password end end as
> > > password,
> > > sa.login, sa.shell, sa.TimeLeft
> > > from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes
> > > AT
> > > with (N
> > > OLOCK)
> > > where AT.AccName = UI.AccType
> > > And UI.Auto = SA.CustomerID
> > > and (sa.login = 'day1501' or sa.shell = 'day1501')
> > > and sa.active =1':
> > >
> > > Wed Jan 7 10:22:58 2004: DEBUG: Select results: , , 42660, PPP,
> > > password,
> > > day15
> > > 01, , ,
> > > Wed Jan 7 10:22:58 2004: DEBUG: Query is: 'select ra.RadAttributeID,
> > > ra.RadVend
> > > orID,
> > > ra.RadVendorType,
> > > Data, Value, Type, RadCheck
> > > from RadConfigs rc, RadAttributes ra
> > > where ra.RadAttributeID = rc.RadAttributeID
> > > and ra.RadVendorID = rc.RadVendorID
> > > and ra.RadVendorType = rc.RadVendorType
> > > and rc.AccountID=42660 and rc.Active=1 Order By RC.OrderPriority
> > > Desc,RC.RadConf
> > > igID Asc':
> > >
> > > Wed Jan 7 10:22:58 2004: DEBUG: Radius::AuthEMERALD looks for match
> > > with
> > > day150
> > > 1
> > > Wed Jan 7 10:22:59 2004: DEBUG: Radius::AuthEMERALD REJECT: Time: not
> > > within an
> > > allowable Time range
> > > Wed Jan 7 10:22:59 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> > > saExpireDate
> > > ),
> > > DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> > > sa.AccountType,
> > > case AT.AccountType when 7 then sa.shellpassword when 8 then
> > > sa.shellpassword el
> > > se case when sa.login = 'signup' then null else sa.password end end as
> > > password,
> > > sa.login, sa.shell, sa.TimeLeft
> > > from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes
> > > AT
> > > with (N
> > > OLOCK)
> > > where AT.AccName = UI.AccType
> > > And UI.Auto = SA.CustomerID
> > > and (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> > > and sa.active =1':
> > >
> > > Wed Jan 7 10:22:59 2004: DEBUG: Start Hook Processing
> > > Wed Jan 7 10:22:59 2004: DEBUG: DENY NON DOV ACCOUNTS ACCESSING DOV
> > > NUMBER
> > > Wed Jan 7 10:22:59 2004: DEBUG: Access-Request 123456789 203.63.154.1
> > > Wed Jan 7 10:22:59 2004: DEBUG: TIME ONLINE PER HOUR
> > > Wed Jan 7 10:22:59 2004: DEBUG: Access-Request
> > > Wed Jan 7 10:22:59 2004: DEBUG: BYTES DOWNLOADED PER HOUR FOR BRONZE
> > > ACCOUNTS
> > > Wed Jan 7 10:22:59 2004: DEBUG: Access-Request
> > > Wed Jan 7 10:22:59 2004: DEBUG: Query is: 'Select Count(*) As
> > > RecordCount
> > > From
> > > SubAccounts SA,UserInfo UI,AccTypes AT Where UI.Auto = SA.CustomerID
> > > And
> > > UI.AccT
> > > ype = AT.AccName And AT.AccountType =10 And SA.Login = 'day1501'':
> > >
> > > Wed Jan 7 10:22:59 2004: DEBUG: Finish Hook Processing
> > > Wed Jan 7 10:22:59 2004: INFO: Access rejected for day1501: Time: not
> > > within an
> > > allowable Time range
> > > Wed Jan 7 10:22:59 2004: DEBUG: do query is: 'INSERT into RadLogs
> > > (Username,Dat
> > > a,NASIdentifier,NASport,CallerID) values
> > > ('day1501','password','203.63.154.1','1
> > > 234','987654321')':
> > >
> > > Wed Jan 7 10:22:59 2004: DEBUG: Packet dump:
> > > *** Sending to xx port 2909 ....
> > > Code: Access-Reject
> > > Identifier: 208
> > > Authentic: 1234567890123456
> > > Attributes:
> > > Reply-Message = "Request Denied"
> > > =================== END TRACE ===================
> > >
> > > Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
> > > nathanfranko at hotmail.com 'Great managers meet deadlines and make
money.
> > > Great leaders meet the challenge and make history.'
> > > ----- Original Message -----
> > > From: "Hugh Irvine" <hugh at open.com.au>
> > > To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> > > Cc: <radiator at open.com.au>
> > > Sent: Wednesday, January 07, 2004 10:21 AM
> > > Subject: Re: (RADIATOR) Time Restriction
> > >
> > >
> > >
> > > Hello Nathan -
> > >
> > > I will need to see a copy of the configuration file (no secrets)
> > > together with a trace 4 debug showing what is happening.
> > >
> > > I suspect the configuration is not set up to check the time properly.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > >
> > > On 07/01/2004, at 8:45 AM, Nathan 'Franko' Franklin wrote:
> > >
> > >> Hello List,
> > >>
> > >> I am trying to set up restriction for logins based on a certain time
> > >> period of the day..
> > >> But it is rejecting my log in
> > >> I try to log on at 8:30am and this is what happens
> > >>
> > >> Wed Jan 7 08:37:37 2004: INFO: Access rejected for day1501: Time: not
> > >> within an
> > >> allowable Time range
> > >>
> > >> Here is a list of attibutes on the account
> > >>
> > >>
> > >> RadConfigID
> > >> AccountID
> > >> RadAttributeID
> > >> RadVendorID
> > >> RadVendorType
> > >> Data
> > >> Value
> > >> RadCheck
> > >> Active
> > >> OrderPriority
> > >> LastChange
> > >>
> > >> 108167
> > >> 42660
> > >> 90480013
> > >> 0
> > >> 0
> > >> Al0000-1600
> > >> 2
> > >> 1
> > >> True
> > >> 1
> > >> 6/01/2004 3:21:32 PM
> > >>
> > >> 108168
> > >> 42660
> > >> 27
> > >> 0
> > >> 0
> > >> until Time
> > >> 2
> > >> 0
> > >> True
> > >> 1
> > >> 6/01/2004 3:22:07 PM
> > >>
> > >> 108169
> > >> 42660
> > >> 6
> > >> 0
> > >> 0
> > >> 2
> > >> 2
> > >> 0
> > >> True
> > >> 1
> > >> 6/01/2004 3:39:41 PM
> > >>
> > >> 108170
> > >> 42660
> > >> 7
> > >> 0
> > >> 0
> > >> 1
> > >> 1
> > >> 0
> > >> True
> > >> 1
> > >> 6/01/2004 3:39:41 PM
> > >>
> > >>
> > >> I am using radiator 3.7.1
> > >>
> > >> Any help would be great..
> > >>
> > >> Thanks
> > >>
> > >> Kind Regards
> > >>
> > >> Nathan Franklin
> > >> TSN Internet
> > >> nathan at tsn.cc
> > >> MSN:nathanfranko at hotmail.com
> > >>
> > >> 'Great managers meet deadlines and make money. Great leaders meet the
> > >> challenge and make history.'
> > >>
> > >
> > > NB: have you included a copy of your configuration file (no secrets),
> > > together with a trace 4 debug showing what is happening?
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > -
> > > CATool: Private Certificate Authority for Unix and Unix-like systems.
> > >
> > >
> >
> > NB: have you included a copy of your configuration file (no secrets),
> > together with a trace 4 debug showing what is happening?
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> > -
> > Nets: internetwork inventory and management - graphical, extensible,
> > flexible with hardware, software, platform and database independence.
> > -
> > CATool: Private Certificate Authority for Unix and Unix-like systems.
> >
> >
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list