Re: (RADIATOR) Time check item in Authby UNIX

Jose Roberto Bulcao Mon, 7 Jun 1999 16:32:14 -0700

Hi Mike,

It seems the the specific clause is working ok, but the auth packet is
being catched by the last DEFAULT clause. Here you are (debug level 4):

Tks,

Mon Jun  7 20:57:11 1999: DEBUG: Packet dump:
*** Received from 200.240.25.3 port 1645 ....
Code:       Access-Request
Identifier: 160
Authentic:  l&<226><221><184><11>U#<229><181>~B<217><146><7>#
Attributes:
        NAS-IP-Address = 200.240.25.3
        NAS-Port = 18
        NAS-Port-Type = Virtual
        User-Name = "carmem"
        Calling-Station-Id = "200.240.25.17"
        User-Password = "<191>D/>|<113>b3<127><19><153><211><220>P<175><135>"

Mon Jun  7 20:57:11 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT'
Mon Jun  7 20:57:11 1999: DEBUG: Rewrote user name to carmem
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthFILE
Mon Jun  7 20:57:11 1999: DEBUG: Reading users file /etc/radiator/users
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group 
poponly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group 
poponly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group 
fwdonly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group 
fwdonly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT2
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group 
ftponly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group 
ftponly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT3
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group 
hponly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group 
hponly
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT4
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: Time: not within an 
allowable Time range
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: Time: not within an 
allowable Time range
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT5
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: Check item Service-Type 
value 'Framed-User' does not match '' in request
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: Check item Service-Type 
value 'Framed-User' does not match '' in request
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT6
Mon Jun  7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthUNIX ACCEPT: 
Mon Jun  7 20:57:11 1999: DEBUG: Radius::AuthFILE ACCEPT: 
Mon Jun  7 20:57:11 1999: DEBUG: Access accepted for carmem
Mon Jun  7 20:57:12 1999: DEBUG: Packet dump:
*** Sending to 200.240.25.3 port 1645 ....
Code:       Access-Accept
Identifier: 160
Authentic:  l&<226><221><184><11>U#<229><181>~B<217><146><7>#
Attributes:
        Framed-IP-Address = 255.255.255.254
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-Routing = None
        Framed-MTU = 1500
        Framed-Compression = Van-Jacobson-TCP-IP



On Tue, 8 Jun 1999, Mike McCauley wrote:

> Date: Tue, 8 Jun 1999 08:53:24 -0500
> From: Mike McCauley <[EMAIL PROTECTED]>
> To: Jose Roberto Bulcao <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Time check item in Authby UNIX
> 
> Hello Jose,
> 
> I have just tested your configuration and Time check item. Your configuration
> and users file looks fine, and it worked OK for me, allowing access only
> betweeen the times given.
> 
> Can you send your log file, showing what happens when it should be applying the
> Time restriction?
> 
> Cheers.
> 
> On Jun 7,  9:42am, Jose Roberto Bulcao wrote:
> > Subject: (RADIATOR) Time check item in Authby UNIX
> >
> >
> > Does anybody knows if there is a way to configure time based restriction
> > ("Time" check item) for users authenticated via Authby UNIX ou SYSTEM?
> > Using Radiator v.2.13.1 with latest patches, OS platform is IBM AIX
> > v.4.1.5.
> > The user in question has it group set to "admfin". By looking at the log
> > (debug level of 5) Radiator seems to ignore "Time" check item,
> > authenticating and authorizing the user any time of day.
> >
> > TIA,
> >
> > Here is our radius.cfg file (no secrets and renamed some files, paths):
> >
> > # radius.cfg
> > #
> > # Configuration file for radius server
> > #
> > # Author: Mike McCauley ([EMAIL PROTECTED])
> > # Copyright (C) 1997 Open System Consultants
> > # $Id: radius2.cfg,v 1.4 1998/03/06 04:43:37 mikem Exp $
> > #
> > #Foreground
> > #LogStdout
> > #Trace 9
> > AuthPort    1645
> > AcctPort    1646
> > LogDir              <**OMITTED**>
> > DbDir               <**OMITTED**>
> > LogFile             %L/<**OMITTED**>
> > DictionaryFile      %D/dictionary
> >
> > <SessionDatabase DBM>
> >     Filename        %L/<**OMITTED**>
> > </SessionDatabase>
> >
> > <Client **OMITTED_NAS_NAME**>
> >     Secret **OMITTED**
> >     DefaultRealm **MYREALM**
> > </Client>
> >
> > <Realm DEFAULT>
> >     RewriteUsername s/^([^@]+).*/$1/
> >     AuthByPolicy ContinueWhileAccept
> >     <AuthBy FILE>
> >             Filename %D/MYUSERSFILE
> >     </AuthBy>
> >     MaxSessions 1
> >     AcctLogFileName %L/%Y%m/detail-%d
> > </Realm>
> >
> > <Realm SoparatratarUNIXPW>
> >     <AuthBy UNIX>
> >             Identifier System
> >             Filename %D/MYPASSWDFILE
> >             GroupFilename %D/MYGROUPFILE
> >     </AuthBy>
> > </Realm>
> >
> > #**** EOF radius.cfg ****
> >
> >
> > And here the relevant part of MYUSERSFILE:
> >
> > #**** BOF MYUSERSFILE ****
> >
> > DEFAULT Auth-Type = System, Group = poponly, Auth-Type = "Reject:Essa conta
> eh somente para E-mail"
> >
> > DEFAULT Auth-Type = System, Group = fwdonly, Auth-Type = Reject
> >     Reply-Message = Esse eh POP
> >
> > DEFAULT Auth-Type = System, Group = ftponly, Auth-Type = Reject
> >     Reply-Message = Esse eh POP
> >
> > DEFAULT Auth-Type = System, Group = hponly, Auth-Type = Reject
> >     Reply-Message = "Acesso Proibido"
> >
> > #
> > # Here is the clase in question
> > #
> > DEFAULT Auth-Type = System, Group = admfin, Time = "Al1200-1800"
> >     Service-Type = Login-User,
> >     Reply-Message = "Conectado!"
> >
> > DEFAULT     Auth-Type = System, Service-Type = Framed-User
> >     Service-Type = Framed-User,
> >         Framed-Protocol = PPP,
> >         Framed-IP-Address = 255.255.255.254,
> >         Framed-Routing = None,
> >         Framed-MTU = 1500,
> >         Framed-Compression = Van-Jacobson-TCP-IP
> >
> > DEFAULT     Auth-Type = System
> >     Service-Type = Framed-User,
> >         Framed-Protocol = PPP,
> >         Framed-IP-Address = 255.255.255.254,
> >         Framed-Routing = None,
> >         Framed-MTU = 1500,
> >         Framed-Compression = Van-Jacobson-TCP-IP
> >
> >
> > #**** EOF MYUSERSFILE ****
> >
> > --------------------------------------
> > Jose Roberto Bulcao - RioLink Internet
> > Tel    : (021) 577-8899
> > e-mail : [EMAIL PROTECTED]
> >
> >
> > ===
> > Archive at http://www.thesite.com.au/~radiator/
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >-- End of excerpt from Jose Roberto Bulcao
> 
> 
> 
> -- 
> Mike McCauley                               [EMAIL PROTECTED]
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
> 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
> NT, Rhapsody
> 

--------------------------------------
Jose Roberto Bulcao - RioLink Internet
Tel    : (021) 577-8899
e-mail : [EMAIL PROTECTED]


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Time check item in Authby UNIX

Reply via email to
