What about if using an LDAP database? The other day, when I was checking the archives, I read that problems or slowness could be encountered if Radiator updates the LDAP.
Ragards
Lina
-----Message d'origine-----
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Date: samedi 18 novembre 2000 02:19
À: [EMAIL PROTECTED]
Objet: (RADIATOR) IMPORTANT - How to do Block Time users
Hello Everyone -
The question of how to control Block Time users has come up a number of times,
so here are some tips and some code to do it.
There are essentially three parts involved in controlling block time.
First, you must have an SQL database with a field that contains a TIMELEFT (or
similar) field for each block time user. I have shown a stand-alone example
below, but this can also be incorporated into a "normal" AuthBy SQL clause.
Second, you need a hook to check the value of the Session-Timeout and reject the
user if there is no time left.
Third, you need to call the hook from your configuration file.
I have include here an example AuthBy SQL clause, the PostAuthHook code, and an
example of how to set up a Realm or Handler.
Here is the AuthBy SQL clause:
# configure AuthBy SQL
# NB: block time checks only
# also note the use of GlobalVar(s)
# supported in Radiator 2.16.4 and later
<AuthBy SQL>
Identifier Block-Time-SQL
DBSource %{GlobalVar:SQLServer1}
DBUsername %{GlobalVar:SQLUser1}
DBAuth %{GlobalVar:SQLAuth1}
AuthSelect TIMELEFT from BLOCK_USERS \
where USERNAME='%n'
AuthColumnDef 0, Session-Timeout, reply
AcctSQLStatement update BLOCK_USERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \
where USERNAME='%n'
</AuthBy>
Here is the hook code:
# -*- mode: Perl -*-
# CheckBlockTimeLeft
#
# PostAuthHook to check time left for a block user
# by verifying the Session-Timeout attribute
#
# Author: Hugh Irvine ([EMAIL PROTECTED])
# Copyright (C) 2000 Open System Consultants
# $Id: CheckBlockTimeLeft,v 1.1 2000/11/18 02:20:32 hugh Exp hugh $
sub
{
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $result = ${$_[2]};
my $name = $p->get_attr('User-Name');
my $timeout = $rp->get_attr('Session-Timeout');
if (($result == $main::ACCEPT) && ($timeout <= 0))
{
&main::log($main::LOG_DEBUG, "User $name has no time left");
${$_[2]} = $main::REJECT;
}
return;
}
And here is an example Realm:
# example Realm showing the use of a PostAuthHook
# the file containing the hook code is installed in DbDir
<Realm .....>
AuthByPolicy ContinueWhileAccept
AuthBy ........ # your normal AuthBy(s)
.........
AuthBy Block-Time-SQL
PostAuthHook file"%D/CheckBlockTimeLeft"
</Realm>
Hopefully some of you may find this useful.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.ne
t/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
**********************************************************************
This email and any files transmitted with it are confidential
and intended solely for the use of the individual or entity to
whom they are addressed. If you have received this email
in error please notify the system manager.
This footnote also confirms that this email message has
been swept by MIMEsweeper for the presence of
computer viruses.
KERTEL 5 rue du Delta 75009 PARIS - www.kertel.com
Tel : 01.72.30.50.00
**********************************************************************
