RE: (RADIATOR) IMPORTANT - How to do Block Time users

Mon, 20 Nov 2000 14:15:07 -0800 


Hello Lina -

On Tue, 21 Nov 2000, Lina NAKHLE wrote:
> 
> 
> What about if using an LDAP database? The other day, when I was checking the
> archives, I read that problems or slowness could be encountered if Radiator
> updates the LDAP.
> 

As mentioned in the text below, this is for use with an SQL database. I would
not recommend trying to use LDAP for accounting in this context.

Note that you can still use LDAP for authentication while using SQL for
accounting and block time control.

regards

Hugh


> -----Message d'origine-----
> De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Date: samedi 18 novembre 2000 02:19
> À: [EMAIL PROTECTED]
> Objet: (RADIATOR) IMPORTANT - How to do Block Time users
> 
> 
> 
> Hello Everyone -
> 
> The question of how to control Block Time users has come up a number of
> times,
> so here are some tips and some code to do it.
> 
> There are essentially three parts involved in controlling block time.
> 
> First, you must have an SQL database with a field that contains a TIMELEFT
> (or
> similar) field for each block time user. I have shown a stand-alone example
> below, but this can also be incorporated into a "normal" AuthBy SQL clause.
> 
> Second, you need a hook to check the value of the Session-Timeout and reject
> the
> user if there is no time left.
> 
> Third, you need to call the hook from your configuration file.
> 
> I have include here an example AuthBy SQL clause, the PostAuthHook code, and
> an
> example of how to set up a Realm or Handler.
> 
> 
> Here is the AuthBy SQL clause:
> 
> # configure AuthBy SQL
> # NB: block time checks only
> # also note the use of GlobalVar(s)
> # supported in Radiator 2.16.4 and later
> 
> <AuthBy SQL>
> 
>     Identifier Block-Time-SQL
> 
>     DBSource        %{GlobalVar:SQLServer1}
>     DBUsername      %{GlobalVar:SQLUser1}
>     DBAuth          %{GlobalVar:SQLAuth1}
> 
>     AuthSelect TIMELEFT from BLOCK_USERS \
>         where USERNAME='%n'
> 
>     AuthColumnDef 0, Session-Timeout, reply
> 
>     AcctSQLStatement update BLOCK_USERS set \
>         TIMELEFT=TIMELEFT-0%{Acct-Session-Time} \
>         where USERNAME='%n'                 
> 
> </AuthBy>
> 
> 
> Here is the hook code:
> 
> # -*- mode: Perl -*-
> # CheckBlockTimeLeft
> #
> # PostAuthHook to check time left for a block user
> # by verifying the Session-Timeout attribute
> #
> # Author: Hugh Irvine ([EMAIL PROTECTED])
> # Copyright (C) 2000 Open System Consultants
> # $Id: CheckBlockTimeLeft,v 1.1 2000/11/18 02:20:32 hugh Exp hugh $
> 
> sub
> {
>     my $p = ${$_[0]};
>     my $rp = ${$_[1]};
>     my $result = ${$_[2]};
> 
>     my $name = $p->get_attr('User-Name');
>     my $timeout = $rp->get_attr('Session-Timeout');
> 
>     if (($result == $main::ACCEPT) && ($timeout <= 0))
>     {
>         &main::log($main::LOG_DEBUG, "User $name has no time left");
>         ${$_[2]} = $main::REJECT;
>     }
>     return;
> }                                       
> 
> 
> And here is an example Realm:
> 
> # example Realm showing the use of a PostAuthHook
> # the file containing the hook code is installed in DbDir
> 
> <Realm .....>
> 
>       AuthByPolicy ContinueWhileAccept
> 
>       AuthBy ........ # your normal AuthBy(s)
>       .........
>       AuthBy Block-Time-SQL
> 
>       PostAuthHook file"%D/CheckBlockTimeLeft"
> 
> </Realm>
> 
> 
> Hopefully some of you may find this useful.
> 
> regards
> 
> Hugh
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server 
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> 
> 
> 
> ===
> Archive at http://www.starport.ne
> t/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
> 
> 
> **********************************************************************
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity to
> whom they are addressed. If you have received this email
> in error please notify the system manager.
> 
> This footnote also confirms that this email message has
> been swept by MIMEsweeper for the presence of
> computer viruses.
> 
> KERTEL  5 rue du Delta 75009 PARIS - www.kertel.com
> Tel : 01.72.30.50.00
> **********************************************************************
> 

----------------------------------------
Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to