Re: (RADIATOR) Limiting Port Usage

Tue, 25 Feb 2003 19:58:55 -0800


Hello Dave -

You use the AuthBy PORTLIMITCHECK clause in conjunction with your existing AuthBy.

Something like this:

<Realm ....>
        AuthByPolicy ContinueWhileAccept
        <AuthBy PORTLIMITCHECK>
                .....
        </AuthBy>
        <AuthBy SQL>
                ....
        </AuthBy>
        ....
</Realm>


regards

Hugh


On Wednesday, Feb 26, 2003, at 03:50 Australia/Melbourne, Dave Walters wrote:

Hi,

I'm attempting to limit a group of users using a particular realm to a
specific number of ports. I have a Session Database specified and would
normally use <AuthBy SQL> to authenticate users.

Having looked through the documantation, it would appear that <AuthBy
PORTLIMITCHECK> would be to implement the limits I want, however, I
think I'm missing something along the way (brain fade, I think). How
does the <AuthBy PORTLIMITCHECK> clause actually check the
username/password and check/reply attributes?

For example, if my realm is set as follows:

<SessionDatabase SQL>
        Identifier SDB1
        DBSource dbi:mysql:radius
        DBUsername radius
        DBAuth radius
</SessionDatabase>

<Realm open.com.au>
        <AuthBy SQL>
                DBSource dbi:mysql:radius
                DBUsername radius
                DBAuth radius
                AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
                from SUBSCRIBERS \
                where USERNAME=%0
                AuthColumnDef 0, User-Password, check
                AuthColumnDef 1, GENERIC, check
                AuthColumnDef 2, GENERIC, reply
                AccountingTable ACCOUNTING
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
        </AuthBy>
</Realm>

Is it possible to modify this Realm clause to now limit my "open.com.au"
users to a maximum of 20 ports using <AuthBY PORTLIMITCHECK>?

Hoping you can clear up my understanding,

Many thanks,

Dave Walters

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.



NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to