(RADIATOR) AuthBy RADIUS and DefaultSimultaneousUse
Toomas Kärner
tomkar at estpak.ee
Thu Nov 17 01:29:38 CST 2005
I looked into AuthBy INTERNAL but didn't pay too much intention to it - I
didn't see the solution in 1 minute as I did with AuthBy SQL. I'll use your
proposal since it takes less "power".
----- Original Message -----
From: "Hugh Irvine" <hugh at open.com.au>
To: "Toomas Kärner" <tomkar at estpak.ee>
Cc: <radiator at open.com.au>
Sent: Thursday, November 17, 2005 3:50 AM
Subject: Re: (RADIATOR) AuthBy RADIUS and DefaultSimultaneousUse
>
> Hello Toomas -
>
> You could also use an AuthBy INTERNAL for this purpose:
>
> <AuthBy INTERNAL>
> Identifier SessionCount
> DefaultResult IGNORE
> DefaultSimultaneousUse 1
> </AuthBy>
>
> regards
>
> Hugh
>
>
> On 16 Nov 2005, at 22:29, Toomas Kärner wrote:
>
> > I found a workaround already like this:
> > Added another AuthBy into realm clause:
> > .
> > .
> > AuthBy SessionCount
> > .
> > .
> > And this this AuthBy looks like this:
> > <AuthBy SQL>
> > Identifier SessionCount
> > DBSource x
> > DBUsername x
> > DBAuth x
> >
> > AuthSelect select null
> > AuthColumnDef 0, bogus,reply
> >
> > NoDefault
> > DefaultSimultaneousUse 1
> > </AuthBy>
> > Rgds.
> > Toomas
> >
> > ----- Original Message -----
> > From: "Toomas Kärner" <tomkar at estpak.ee>
> > To: <radiator at open.com.au>
> > Sent: Wednesday, November 16, 2005 12:42 PM
> > Subject: (RADIATOR) AuthBy RADIUS and DefaultSimultaneousUse
> >
> >
> >> Hi,
> >>
> >> Am I wrong or is this right that AuthBy RADIUS does not support using
> >> Default SimultaneousUse keyword based on local SessionDB?
> >> conf:
> >> <AuthBy RADIUS>
> >> IgnoreAccounting
> >> Synchronous
> >> <Host x>
> >> AuthPort x
> >> AcctPort
> >> Retries 0
> >> RetryTimeout 2
> >> </Host>
> >> AllowInReply Reply-Message,Session-Timeout
> >> AllowInRequest User-Name,User-Password
> >> DefaultSimultaneousUse 1
> >> </AuthBy>
> >> Results in log:
> >> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
> >> *** Received from x ....
> >> Code: Access-Request
> >> Identifier: 147
> >> Authentic: <233><163>H0<170>I<194>({J7<141><10>p<6><150>
> >> Attributes:
> >> Service-Type = Login-User
> >> User-Name = "user"
> >> User-Password = x
> >> NAS-IP-Address = x
> >> NAS-Port = 0
> >>
> >> Wed Nov 16 10:28:19 2005: DEBUG: Rewrote user name to user
> >> Wed Nov 16 10:28:19 2005: DEBUG: PortalPreHandlerHook Executed
> >>
> >> Wed Nov 16 10:28:19 2005: DEBUG: Handling request with Handler
> >> 'Realm=x'
> >> Wed Nov 16 10:28:19 2005: DEBUG: SessDBWireless Deleting session
> >> for user,
> >> x, 0
> >> Wed Nov 16 10:28:19 2005: DEBUG: do query is: delete from
> >> wnsession where
> >> username = 'user' and framed_ip is null
> >> some other stuff in between
> >> Wed Nov 16 10:28:19 2005: DEBUG: Handling with Radius::AuthRADIUS
> >> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
> >> *** Sending to x port x ....
> >> Code: Access-Request
> >> Identifier: 1
> >> Authentic: <233><163>H0<170>I<194>({J7<141><10>p<6><150>
> >> Attributes:
> >> User-Name = "user"
> >> User-Password = "x"
> >>
> >> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
> >> *** Received from x port x ....
> >> Code: Access-Accept
> >> Identifier: 1
> >> Authentic: /6<14>}<178>J`<236><<184><131><5>E<163>;<243>
> >> Attributes:
> >>
> >> Wed Nov 16 10:28:19 2005: DEBUG: Received reply in AuthRADIUS for
> >> req 1
> > from
> >> x:x
> >> Wed Nov 16 10:28:19 2005: DEBUG: ReplyHook executed!
> >> Wed Nov 16 10:28:19 2005: DEBUG: Handling with Radius::AuthSQL
> >> Wed Nov 16 10:28:19 2005: DEBUG: do query is: delete from
> >> wnsession where
> >> mac_address='xxx' and ...
> >> Wed Nov 16 10:28:19 2005: DEBUG: PostAuthHook Executed
> >> Wed Nov 16 10:28:19 2005: DEBUG: Access accepted for user
> >> Wed Nov 16 10:28:19 2005: DEBUG: Packet dump:
> >> *** Sending to x port x ....
> >> Code: Access-Accept
> >> Identifier: 147
> >> Authentic: <233><163>H0<170>I<194>({J7<141><10>p<6><150>
> >> Attributes:
> >> xxx
> >>
> >> I cave only the part that plays any role in this authentication. I'd
> >> probably find a way to make it happen anyway but I want make sure
> >> it there
> >> is no way to make it with DefaultSimultaneousUse. Radiator
> >> version: 3.5
> >> Rgds.
> >> Toomas
> >>
> >> --
> >> Archive at http://www.open.com.au/archives/radiator/
> >> Announcements on radiator-announce at open.com.au
> >> To unsubscribe, email 'majordomo at open.com.au' with
> >> 'unsubscribe radiator' in the body of the message.
> >
> > --
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list