(RADIATOR) Time
Hugh Irvine
hugh at open.com.au
Mon Jan 2 15:31:18 CST 2006
Hello Chip -
Time is a check item, not a reply item.
You can also add the Profile to the request instead of the reply:
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername xxxx
DBAuth xxxxxxx
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
SQLRecoveryFile %D/missedaccounting
AddToReply Service-Type = Framed-User,\
MS-MPPE-Encryption-Policy = Encryption-Allowed,\
MS-MPPE-Encryption-Types = Encryption-Any,\
Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
# these five attributes are required
Colubris-AVPAIR = "login-url=https://www.fmwifi.net/
login.php?NASip=%%i&NASid=%%n&original_url=%%o",\
Colubris-AVPAIR = "login-page=https://www.fmwifi.net/
login.php?NASip=%%i&NASid=%%n&original_url=%%o",\
Colubris-AVPAIR = "session-page=https://www.fmwifi.net/
session.php",\
Colubris-AVPAIR = "transport-page=https://www.fmwifi.net/
transport.html",\
Colubris-AVPAIR = "fail-page=https://www.fmwifi.net/
fail.html",\
Colubris-AVPAIR = "logo=https://www.fmwifi.net/images/
logo.jpg",\
# these are optional
Colubris-AVPAIR = "welcome-url=http://www.fmwifi.net/
grassvalley/index.php?original_url=%%o",\
Colubris-AVPAIR = "login-err-url=https://www.fmwifi.net/
login-error.php?site=%%s&user=%%u&wantedurl=%%o",\
Colubris-AVPAIR = "goodbye-url=https://www.fmwifi.net/
goodbye.php",\
# access lists
Colubris-AVPAIR = "mac-address=00-02-6F-08-22-
A4,admin,sc00ter",\
Colubris-AVPAIR = "white-list=tcp, 172.30.10.0/24,443",\
Colubris-AVPAIR = "white-list=tcp, 12.40.197.0/24,443",\
Colubris-AVPAIR = "white-list=tcp, 192.168.1.0/24,443",\
Colubris-AVPAIR = "white-list=tcp, 216.218.152.133,all",\
Colubris-AVPAIR = "white-list=tcp, www.fmwifi.net,443", \
Colubris-AVPAIR = "white-list=tcp, 208.254.45.206,443", \
Colubris-AVPAIR = "white-list=tcp, 208.254.45.206,80", \
Colubris-AVPAIR = "white-list=all, 69.104.38.233, all",\
Colubris-AVPAIR = "white-list=tcp, 192.168.1.55,443", \
Colubris-AVPAIR = "rem-smtp-redirect=spiral.he.net"
# check profile to determin session times and idle times
AuthSelect select PASSWORD,Profile from SUBSCRIBERS where USERNAME=%0
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Profile,request
</AuthBy>
<AuthBy FILE>
Filename /etc/radiator/profiles
</AuthBy>
Then you can do this:
PROFILE
========
DEFAULT Profile=Guest, Time = Al0800-2400
Session-Timeout = 900,
Idle-Timeout = 300
DEFAULT Profile=Hourly, Time = Al0800-2400
Session-Timeout = 3600,
Idle-Timeout = 300
DEFAULT Profile=Daily, Time = Al0800-2400
Session-Timeout = 86400,
Idle-Timeout = 900
DEFAULT Profile=Weekly, Time = Al0800-2400
Session-Timeout = 604800,
Idle-Timeout = 172800
DEFAULT Profile=Weekend, Time = Al0800-2400
Session-Timeout = 172800,
Idle-Timeout = 172800
DEFAULT Profile=Monthly, Time = Al0800-2400
Session-Timeout = 2592000,
Idle-Timeout = 172800
See section 13.1 in the Radiator 3.13 reference manual.
regards
Hugh
On 3 Jan 2006, at 01:21, chip carman wrote:
> Hi:
>
> Using Radiator 3.8 on Mac OSX. We're trying to limit login hours.
> Tried using 'Time' as well as 'Block-Logon-To' and 'Block-Logon-
> From'. They all give either unknown command or 'Invalid reply item
> Time ignored' (as in debug log below). Any idea what I'm doing wrong?
>
> Thanks in advance,
> Chip Carman
>
>
>
> DEBUG LOG
> ==========
>
> Mon Jan 2 05:59:36 2006: DEBUG: Radius::AuthSQL looks for match
> with holbrooke at fmwifi.net
> Mon Jan 2 05:59:37 2006: DEBUG: Radius::AuthSQL ACCEPT:
> Mon Jan 2 05:59:37 2006: DEBUG: Handling with Radius::AuthFILE:
> Mon Jan 2 05:59:37 2006: DEBUG: Radius::AuthFILE looks for match
> with holbrooke at fmwifi.net
> Mon Jan 2 05:59:37 2006: DEBUG: Radius::AuthFILE looks for match
> with DEFAULT5
> Mon Jan 2 05:59:37 2006: DEBUG: Radius::AuthFILE ACCEPT:
> Mon Jan 2 05:59:37 2006: DEBUG: Access accepted for
> holbrooke at fmwifi.net
> Mon Jan 2 05:59:37 2006: DEBUG: do query is: 'insert into
> RADAUTHLOG (TIME_STAMP,USERNAME,TYPE) values
> (1136210377,'holbrooke at fmwifi.net',1)':
>
> Mon Jan 2 05:59:37 2006: WARNING: Invalid reply item Time ignored
> Mon Jan 2 05:59:37 2006: DEBUG: Packet dump:
> *** Sending to 69.106.76.205 port 1029 ....
>
>
>
>
> CONFIGURATION FILE
> ====================
>
>
>
> <Handler NAS-Identifier="M035-00636">
> ######################################################
> MaxSessions 4
> AuthByPolicy ContinueWhileAccept
>
> # 6.54
> <AuthLog SQL>
> DBSource dbi:mysql:radius
> DBUsername xxxx
> DBAuth xxxxx
> LogSuccess
> SuccessQuery insert into RADAUTHLOG
> (TIME_STAMP,USERNAME,TYPE) values (%t,'%n',1)
> LogFailure
> FailureQuery insert into RADAUTHLOG
> (TIME_STAMP,USERNAME,TYPE,REASON) values (%t,'%n',0,%1)
> </AuthLog SQL>
>
> # 6.7
> <SessionDatabase SQL>
> DBSource dbi:mysql:radius
> DBUsername xxxx
> DBAuth xxxxxx
> AddQuery insert into RADONLINE
> (USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRE
> SS,NASPORTTYPE,SERVICETYPE) values ('%u','%1',%2,%3,%{Timestamp},'%
> {Framed-IP-Address}','%{NAS-Port-Type}','%{Service-Type}')
> DeleteQuery delete from RADONLINE where NASIDENTIFIER='%1' and
> NASPORT=0%2
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
> </SessionDatabase SQL>
>
> #6.61
> <StatsLog SQL>
> DBSource dbi:mysql:radius
> DBUsername xxxx
> DBAuth sxxxxxxx
> Interval 600
> InsertQuery insert into RADSTATSLOG (TIME_STAMP, TYPE,
> IDENTIFIER, RESPONSETIME) values ('%0',' %1',' %2',' %23')
> </StatsLog SQL>
>
> # 6.28
> <AuthBy SQL>
> DBSource dbi:mysql:radius
> DBUsername xxxx
> DBAuth xxxxxxx
>
> AccountingTable ACCOUNTING
> AcctColumnDef USERNAME,User-Name
> AcctColumnDef TIME_STAMP,Timestamp,integer
> AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef NASIDENTIFIER,NAS-Identifier
> AcctColumnDef NASPORT,NAS-Port,integer
> AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
>
> SQLRecoveryFile %D/missedaccounting
>
> AddToReply Service-Type = Framed-User,\
> MS-MPPE-Encryption-Policy = Encryption-Allowed,\
> MS-MPPE-Encryption-Types = Encryption-Any,\
> Framed-Protocol = PPP,\
> Framed-IP-Netmask = 255.255.255.255,\
> Framed-Routing = None,\
> Framed-MTU = 1500,\
> # these five attributes are required
> Colubris-AVPAIR = "login-url=https://www.fmwifi.net/
> login.php?NASip=%%i&NASid=%%n&original_url=%%o",\
> Colubris-AVPAIR = "login-page=https://www.fmwifi.net/
> login.php?NASip=%%i&NASid=%%n&original_url=%%o",\
> Colubris-AVPAIR = "session-page=https://www.fmwifi.net/
> session.php",\
> Colubris-AVPAIR = "transport-page=https://www.fmwifi.net/
> transport.html",\
> Colubris-AVPAIR = "fail-page=https://www.fmwifi.net/
> fail.html",\
> Colubris-AVPAIR = "logo=https://www.fmwifi.net/images/
> logo.jpg",\
> # these are optional
> Colubris-AVPAIR = "welcome-url=http://www.fmwifi.net/
> grassvalley/index.php?original_url=%%o",\
> Colubris-AVPAIR = "login-err-url=https://www.fmwifi.net/
> login-error.php?site=%%s&user=%%u&wantedurl=%%o",\
> Colubris-AVPAIR = "goodbye-url=https://www.fmwifi.net/
> goodbye.php",\
> # access lists
> Colubris-AVPAIR = "mac-address=00-02-6F-08-22-
> A4,admin,sc00ter",\
> Colubris-AVPAIR = "white-list=tcp, 172.30.10.0/24,443",\
> Colubris-AVPAIR = "white-list=tcp, 12.40.197.0/24,443",\
> Colubris-AVPAIR = "white-list=tcp, 192.168.1.0/24,443",\
> Colubris-AVPAIR = "white-list=tcp, 216.218.152.133,all",\
> Colubris-AVPAIR = "white-list=tcp, www.fmwifi.net,443", \
> Colubris-AVPAIR = "white-list=tcp, 208.254.45.206,443", \
> Colubris-AVPAIR = "white-list=tcp, 208.254.45.206,80", \
> Colubris-AVPAIR = "white-list=all, 69.104.38.233, all",\
> Colubris-AVPAIR = "white-list=tcp, 192.168.1.55,443", \
> Colubris-AVPAIR = "rem-smtp-redirect=spiral.he.net"
>
>
> # check profile to determin session times and idle times
> AuthSelect select PASSWORD,Profile from SUBSCRIBERS where
> USERNAME=%0
>
> AuthColumnDef 0,User-Password,check
> AuthColumnDef 1,Profile,reply
>
> </AuthBy>
>
> <AuthBy FILE>
> Filename /etc/radiator/profiles
> StripFromReply Profile
>
> </AuthBy>
>
> # 6.6
> <ClientListSQL>
> DBSource dbi:mysql:radius
> DBUsername xxxxx
> DBAuth xxxxxx
> </ClientListSQL>
> </handler>
>
>
> PROFILE
> ========
>
> DEFAULT Reply:Profile=Guest
> Session-Timeout = 900,
> Idle-Timeout = 300,
> Time = Al0800-2400
>
> DEFAULT Reply:Profile=Hourly
> Session-Timeout = 3600,
> Idle-Timeout = 300,
> Time = Al0800-2400
>
> DEFAULT Reply:Profile=Daily
> Session-Timeout = 86400,
> Idle-Timeout = 900,
> Time = Al0800-2400
>
> DEFAULT Reply:Profile=Weekly
> Session-Timeout = 604800,
> Idle-Timeout = 172800,
> Time = Al0800-2400
>
> DEFAULT Reply:Profile=Weekend
> Session-Timeout = 172800,
> Idle-Timeout = 172800,
> Time = Al0800-2400
>
> DEFAULT Reply:Profile=Monthly
> Session-Timeout = 2592000,
> Idle-Timeout = 172800,
> Time = Al0800-2400
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list