Hello Dave -
You use the AuthBy PORTLIMITCHECK clause in conjunction with your existing AuthBy.
Something like this:
<Realm ....> AuthByPolicy ContinueWhileAccept <AuthBy PORTLIMITCHECK> ..... </AuthBy> <AuthBy SQL> .... </AuthBy> .... </Realm>
regards
Hugh
On Wednesday, Feb 26, 2003, at 03:50 Australia/Melbourne, Dave Walters wrote:
Hi,
I'm attempting to limit a group of users using a particular realm to a specific number of ports. I have a Session Database specified and would normally use <AuthBy SQL> to authenticate users.
Having looked through the documantation, it would appear that <AuthBy PORTLIMITCHECK> would be to implement the limits I want, however, I think I'm missing something along the way (brain fade, I think). How does the <AuthBy PORTLIMITCHECK> clause actually check the username/password and check/reply attributes?
For example, if my realm is set as follows:
<SessionDatabase SQL> Identifier SDB1 DBSource dbi:mysql:radius DBUsername radius DBAuth radius </SessionDatabase>
<Realm open.com.au> <AuthBy SQL> DBSource dbi:mysql:radius DBUsername radius DBAuth radius AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ from SUBSCRIBERS \ where USERNAME=%0 AuthColumnDef 0, User-Password, check AuthColumnDef 1, GENERIC, check AuthColumnDef 2, GENERIC, reply AccountingTable ACCOUNTING AcctColumnDef USERNAME,User-Name AcctColumnDef TIME_STAMP,Timestamp,integer AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets AcctColumnDef ACCTSESSIONID,Acct-Session-Id AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause AcctColumnDef NASIDENTIFIER,NAS-Identifier AcctColumnDef NASPORT,NAS-Port,integer AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address </AuthBy> </Realm>
Is it possible to modify this Realm clause to now limit my "open.com.au"
users to a maximum of 20 ports using <AuthBY PORTLIMITCHECK>?
Hoping you can clear up my understanding,
Many thanks,
Dave Walters
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.