Hi guys, a clarification of my problems trying to set time limits.
I've been playing around with the AuthByPolicy attributes.
I've been trying to make it so I can auth by a unix password file, but
need the SQL accounting. So, my radius.cfg file looks somewhat like this:
Basically, the disabled AuthSelect seems to return a REJECT, and not an
ignore,
as I would expect.
So, pretty much all my login attempts get blocked at the AuthSelect (even
tho it is disabled).
I need it to pass through the authselect to check my individual user
specifications in my users record.
If I change the AuthByPolicy to ContinueUntilIgnore,
it attempts to block access based on indivudual user settings, sees the
specific requirements,
but allows the connect even if they should be blocked because of my DEFAULT
entry.
Should a disabled AuthSelect return a reject? doesn't seem like it should
to me... Thoughts?
The below information is placed into my logfiles when a user tries to
authenticate:
Mon Mar 15 08:12:43 1999: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Mon Mar 15 08:12:43 1999: DEBUG: Rewrote user name to Pshampton
Mon Mar 15 08:12:43 1999: DEBUG: Handling with Radius::AuthGROUP
Mon Mar 15 08:12:43 1999: DEBUG: Handling with Radius::AuthSQL
Mon Mar 15 08:12:43 1999: INFO: Access rejected for Pshampton:
Authentication disabled
And then authentication dies from there...
<Realm DEFAULT>
RewriteFunction sub { my($username) = shift; if
(substr($username,0,1) ne 'P') { $username ="InvalidU$
<AuthBy GROUP>
AuthByPolicy ContinueUntilReject
<AuthBy SQL>
DBSource dbi:mysql:radius
DBUsername dbuser
DBAuth dbpass
# This disables SQL auth
AuthSelect
# This enables SQL accounting
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct_Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIP,Framed-IP-Address
</AuthBy>
<AuthBy FILE>
# The filename defaults to %D/users
</AuthBy>
</AuthBy>
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
</Realm>
<Realm dummyrealmforholdingauthbyunix>
<AuthBy UNIX>
Identifier System
Filename /etc/master.passwd
</AuthBy>
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
