(RADIATOR) Time Restriction

Nathan 'Franko' Franklin radiator_tsn at tsn.cc
Wed Jan 7 15:48:06 CST 2004


Hugh,List

I got it working,

My data types were incorrect,

here is what happened...

I had my Time attribute datatype set at 1 (integer), which means in my
RadConfigs tables for my customers it was looking at the integer value (an
integer field) which had the value of 2. So i change the data type to 2
(string i think) and it allowed me to log on. I also changed the
Session-Timeout attribute to a string as well, so "until Time" would work...
Everything works sweet now!!

Have a good day guys...

Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
nathanfranko at hotmail.com 'Great managers meet deadlines and make money.
Great leaders meet the challenge and make history.'
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
Sent: Wednesday, January 07, 2004 6:38 PM
Subject: Re: (RADIATOR) Time Restriction


>
> Hello Nathan -
>
> Thanks for the information.
>
> I have forwarded your mail to Mike so he can take a look, but it may be
> a couple of days until he gets to it.
>
> If you haven't heard back from me by the end of the week please contact
> me again.
>
> regards
>
> Hugh
>
>
> On 07/01/2004, at 11:49 AM, Nathan 'Franko' Franklin wrote:
>
> > Hugh,
> >
> > No Time attributes work.
> >
> > Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
> > nathanfranko at hotmail.com 'Great managers meet deadlines and make money.
> > Great leaders meet the challenge and make history.'
> > ----- Original Message -----
> > From: "Hugh Irvine" <hugh at open.com.au>
> > To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> > Sent: Wednesday, January 07, 2004 11:45 AM
> > Subject: Re: (RADIATOR) Time Restriction
> >
> >
> >>
> >> Hello Nathan -
> >>
> >> Thanks for the configuration and the trace.
> >>
> >> Does this only happen for this particular check item? Or do other Time
> >> checks work correctly?
> >>
> >> I'm wondering whether the string "Al0000-1600" is getting munged
> >> during
> >> processing.
> >>
> >> regards
> >>
> >> Hugh
> >>
> >>
> >> On 07/01/2004, at 10:32 AM, Nathan 'Franko' Franklin wrote:
> >>
> >>> Hugh here is a copy of what you requested.
> >>>
> >>> Thanks
> >>>
> >>> =================== START CONFIG ===================
> >>> Trace 4
> >>> LogStdout
> >>> DictionaryFile dictionary
> >>> AuthPort 1810
> >>> AcctPort 1811
> >>>
> >>> <Client xx>
> >>>  Identifier xx
> >>>  Secret xx
> >>> </client>
> >>> <Handler>
> >>>  PreAuthHook file:"c:\hooks\preAuthHook_Emerald.pl"
> >>>  PostAuthHook file:"c:\hooks\postAuthHook_Emerald.pl"
> >>>  DefaultSimultaneousUse 1
> >>>  <AuthLog SQL>
> >>>                 DBSource  dbi:ODBC:xx
> >>>                 DBUsername      xx
> >>>                 DBAuth          xx
> >>>                 Table radlogs
> >>>                 FailureQuery INSERT into RadLogs
> >>> (Username,Data,NASIdentifier,NASport,CallerID) values
> >>> ('%n','%P','%N','%{NAS-Port}','%{Calling-Station-Id}')
> >>>  </Authlog>
> >>>  <AuthBy EMERALD>
> >>>   DefaultSimultaneousUse 1
> >>>   Identifier AuthByEmerald
> >>>   CaseInsensitivePasswords
> >>>   DBSource dbi:ODBC:xx
> >>>   DBUsername xx
> >>>   DBAuth  xxx
> >>>   # You can add to or change these if you want.
> >>>   AccountingTable radCalls
> >>>   AcctColumnDef UserName,User-Name
> >>>   AcctColumnDef CallDate,Timestamp,integer-date
> >>>   AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> >>>   AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> >>>   AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
> >>>   AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
> >>>   AcctColumnDef AcctSessionId,Acct-Session-Id
> >>>   AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
> >>>   AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
> >>>   AcctColumnDef NASIdentifier,NAS-IP-Address
> >>>   AcctColumnDef FramedAddress,Framed-IP-Address
> >>>   AcctColumnDef NASPort,NAS-Port,integer
> >>>   AcctColumnDef   AscendSessionKey,Ascend-Session-Svr-Key
> >>>   AcctColumnDef   CallerID,Calling-Station-Id
> >>>   AcctColumnDef   NASPortDNIS,Called-Station-Id
> >>>   AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> >>>                 AcctColumnDef
> >>> Recievelevel,Annex-Begin-Receive-Line-Level,integer
> >>>                 AcctColumnDef   ConnectSpeed,Connect-Info
> >>>                 AcctColumnDef   Modulation,Annex-Begin-Modulation
> >>>                 AcctColumnDef   NasHost,NAS-Identifier
> >>>   StripFromReply Ascend-Data-Filter
> >>>  </AuthBy>
> >>> </Handler>
> >>> =================== END CONFIG ===================
> >>>
> >>> =================== START TRACE ===================
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Packet dump:
> >>> *** Received from xx port 2909 ....
> >>> Code:       Access-Request
> >>> Identifier: 208
> >>> Authentic:  1234567890123456
> >>> Attributes:
> >>>         User-Name = "day1501"
> >>>         Service-Type = Framed-User
> >>>         NAS-IP-Address = 203.63.154.1
> >>>         NAS-Port = 1234
> >>>         Called-Station-Id = "123456789"
> >>>         Calling-Station-Id = "987654321"
> >>>         NAS-Port-Type = Async
> >>>         User-Password =
> >>> "$<245>D<14><139><174>`*@lO<212><189><158>m<147>"
> >>>
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Handling request with Handler ''
> >>> Wed Jan  7 10:22:58 2004: DEBUG:  Deleting session for day1501,
> >>> 203.63.154.1, 12
> >>> 34
> >>> Wed Jan  7 10:22:58 2004: DEBUG: do query is: 'delete from RADONLINE
> >>> with
> >>> (ROWLO
> >>> CK) where NASIDENTIFIER='203.63.154.1' and NASPORT='1234' And
> >>> AcctSessionID
> >>> = ''
> >>>  And USERNAME='day1501'':
> >>>
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Start Pre Auth Hook Processing
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Finish Pre Auth Hook Processing
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Handling with Radius::AuthEMERALD:
> >>> AuthByEmeral
> >>> d
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> >>> saExpireDate
> >>> ),
> >>> DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> >>> sa.AccountType,
> >>> case AT.AccountType when 7 then sa.shellpassword when 8 then
> >>> sa.shellpassword el
> >>> se case when sa.login = 'signup' then null else sa.password end end
> >>> as
> >>> password,
> >>>  sa.login, sa.shell, sa.TimeLeft
> >>> from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes
> >>> AT
> >>> with (N
> >>> OLOCK)
> >>> where AT.AccName = UI.AccType
> >>> And UI.Auto = SA.CustomerID
> >>> and (sa.login = 'day1501' or sa.shell = 'day1501')
> >>> and sa.active =1':
> >>>
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Select results: , , 42660, PPP,
> >>> password,
> >>> day15
> >>> 01, , ,
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Query is: 'select ra.RadAttributeID,
> >>> ra.RadVend
> >>> orID,
> >>> ra.RadVendorType,
> >>> Data, Value, Type, RadCheck
> >>> from RadConfigs rc, RadAttributes ra
> >>> where ra.RadAttributeID = rc.RadAttributeID
> >>> and ra.RadVendorID = rc.RadVendorID
> >>> and ra.RadVendorType = rc.RadVendorType
> >>> and rc.AccountID=42660 and rc.Active=1 Order By RC.OrderPriority
> >>> Desc,RC.RadConf
> >>> igID Asc':
> >>>
> >>> Wed Jan  7 10:22:58 2004: DEBUG: Radius::AuthEMERALD looks for match
> >>> with
> >>> day150
> >>> 1
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Radius::AuthEMERALD REJECT: Time:
> >>> not
> >>> within an
> >>>  allowable Time range
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Query is: 'select DateAdd(Day, 20,
> >>> saExpireDate
> >>> ),
> >>> DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> >>> sa.AccountType,
> >>> case AT.AccountType when 7 then sa.shellpassword when 8 then
> >>> sa.shellpassword el
> >>> se case when sa.login = 'signup' then null else sa.password end end
> >>> as
> >>> password,
> >>>  sa.login, sa.shell, sa.TimeLeft
> >>> from subaccounts sa with (NOLOCK),userinfo ui with (NOLOCK), acctypes
> >>> AT
> >>> with (N
> >>> OLOCK)
> >>> where AT.AccName = UI.AccType
> >>> And UI.Auto = SA.CustomerID
> >>> and (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> >>> and sa.active =1':
> >>>
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Start Hook Processing
> >>> Wed Jan  7 10:22:59 2004: DEBUG: DENY NON DOV ACCOUNTS ACCESSING DOV
> >>> NUMBER
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Access-Request 123456789
> >>> 203.63.154.1
> >>> Wed Jan  7 10:22:59 2004: DEBUG: TIME ONLINE PER HOUR
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Access-Request
> >>> Wed Jan  7 10:22:59 2004: DEBUG: BYTES DOWNLOADED PER HOUR FOR BRONZE
> >>> ACCOUNTS
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Access-Request
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Query is: 'Select Count(*) As
> >>> RecordCount
> >>> From
> >>> SubAccounts SA,UserInfo UI,AccTypes AT Where UI.Auto = SA.CustomerID
> >>> And
> >>> UI.AccT
> >>> ype = AT.AccName And AT.AccountType =10 And SA.Login = 'day1501'':
> >>>
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Finish Hook Processing
> >>> Wed Jan  7 10:22:59 2004: INFO: Access rejected for day1501: Time:
> >>> not
> >>> within an
> >>>  allowable Time range
> >>> Wed Jan  7 10:22:59 2004: DEBUG: do query is: 'INSERT into RadLogs
> >>> (Username,Dat
> >>> a,NASIdentifier,NASport,CallerID) values
> >>> ('day1501','password','203.63.154.1','1
> >>> 234','987654321')':
> >>>
> >>> Wed Jan  7 10:22:59 2004: DEBUG: Packet dump:
> >>> *** Sending to xx port 2909 ....
> >>> Code:       Access-Reject
> >>> Identifier: 208
> >>> Authentic:  1234567890123456
> >>> Attributes:
> >>>         Reply-Message = "Request Denied"
> >>> =================== END TRACE ===================
> >>>
> >>> Kind Regards Nathan Franklin TSN Internet nathan at tsn.cc MSN:
> >>> nathanfranko at hotmail.com 'Great managers meet deadlines and make
> >>> money.
> >>> Great leaders meet the challenge and make history.'
> >>> ----- Original Message -----
> >>> From: "Hugh Irvine" <hugh at open.com.au>
> >>> To: "Nathan 'Franko' Franklin" <radiator_tsn at tsn.cc>
> >>> Cc: <radiator at open.com.au>
> >>> Sent: Wednesday, January 07, 2004 10:21 AM
> >>> Subject: Re: (RADIATOR) Time Restriction
> >>>
> >>>
> >>>
> >>> Hello Nathan -
> >>>
> >>> I will need to see a copy of the configuration file (no secrets)
> >>> together with a trace 4 debug showing what is happening.
> >>>
> >>> I suspect the configuration is not set up to check the time properly.
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>>
> >>> On 07/01/2004, at 8:45 AM, Nathan 'Franko' Franklin wrote:
> >>>
> >>>> Hello List,
> >>>>
> >>>> I am trying to set up restriction for logins based on a certain time
> >>>> period of the day..
> >>>> But it is rejecting my log in
> >>>> I try to log on at 8:30am and this is what happens
> >>>>
> >>>> Wed Jan 7 08:37:37 2004: INFO: Access rejected for day1501: Time:
> >>>> not
> >>>> within an
> >>>> allowable Time range
> >>>>
> >>>> Here is a list of attibutes on the account
> >>>>
> >>>>
> >>>> RadConfigID
> >>>> AccountID
> >>>> RadAttributeID
> >>>> RadVendorID
> >>>> RadVendorType
> >>>> Data
> >>>> Value
> >>>> RadCheck
> >>>> Active
> >>>> OrderPriority
> >>>> LastChange
> >>>>
> >>>> 108167
> >>>> 42660
> >>>> 90480013
> >>>> 0
> >>>> 0
> >>>> Al0000-1600
> >>>> 2
> >>>> 1
> >>>> True
> >>>> 1
> >>>> 6/01/2004 3:21:32 PM
> >>>>
> >>>> 108168
> >>>> 42660
> >>>> 27
> >>>> 0
> >>>> 0
> >>>> until Time
> >>>> 2
> >>>> 0
> >>>> True
> >>>> 1
> >>>> 6/01/2004 3:22:07 PM
> >>>>
> >>>> 108169
> >>>> 42660
> >>>> 6
> >>>> 0
> >>>> 0
> >>>> 2
> >>>> 2
> >>>> 0
> >>>> True
> >>>> 1
> >>>> 6/01/2004 3:39:41 PM
> >>>>
> >>>> 108170
> >>>> 42660
> >>>> 7
> >>>> 0
> >>>> 0
> >>>> 1
> >>>> 1
> >>>> 0
> >>>> True
> >>>> 1
> >>>> 6/01/2004 3:39:41 PM
> >>>>
> >>>>
> >>>> I am using radiator 3.7.1
> >>>>
> >>>> Any help would be great..
> >>>>
> >>>> Thanks
> >>>>
> >>>> Kind Regards
> >>>>
> >>>> Nathan Franklin
> >>>> TSN Internet
> >>>> nathan at tsn.cc
> >>>> MSN:nathanfranko at hotmail.com
> >>>>
> >>>> 'Great managers meet deadlines and make money. Great leaders meet
> >>>> the
> >>>> challenge and make history.'
> >>>>
> >>>
> >>> NB: have you included a copy of your configuration file (no secrets),
> >>> together with a trace 4 debug showing what is happening?
> >>>
> >>> --
> >>> Radiator: the most portable, flexible and configurable RADIUS server
> >>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >>> -
> >>> Nets: internetwork inventory and management - graphical, extensible,
> >>> flexible with hardware, software, platform and database independence.
> >>> -
> >>> CATool: Private Certificate Authority for Unix and Unix-like systems.
> >>>
> >>>
> >>
> >> NB: have you included a copy of your configuration file (no secrets),
> >> together with a trace 4 debug showing what is happening?
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >> -
> >> CATool: Private Certificate Authority for Unix and Unix-like systems.
> >>
> >>
> >
> >
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list