Re: Daily RADIUS window
So the issue you're having is with the admin interface you're using? How about if you manually define the attribute in the users file? Does the functionality itself work? --Aaron Nick Marino wrote: > Although I have tried using this and it doesnt work. > And Also when you try to add the Dialup Access attribute so you can lock a > user out or not doesnt work either. You can select to add the attribute but > it doesnt add the list just refreshes and you still have the list of > attributes in Dialup Admin that you had to start with. > > - Original Message - > From: "Nick Marino" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, September 22, 2002 6:13 PM > Subject: Re: Daily RADIUS window > > > >>I belive this is what you are looking for. >> >> Login-Time Help Page >> >> Login-Time defines the time span a user may login to the system. The >> format of a so-called time string is like the format used by UUCP. >> A time string may be a list of simple time strings separated by "|" or >>",". >> >> Each simple time string must begin with a day definition. That can be > > just > >> one day, multiple days, or a range of days separated by a hyphen. A >> day is Mo, Tu, We, Th, Fr, Sa or Su, or Wk for Mo-Fr. "Any" or "Al" >> means all days. >> >> After that a range of hours follows in hhmm-hhmm format. >> >> For example, "Wk2305-0855,Sa,Su2305-1655". >> >> Radiusd calculates the number of seconds left in the time span, and >> sets the Session-Timeout to that number of seconds. So if someones >> Login-Time is "Al0800-1800" and he logs in at 17:30, Session-Timeout >> is set to 1800 seconds so that he is kicked off at 18:00. >> >> >>- Original Message - >>From: "Aaron Paetznick" <[EMAIL PROTECTED]> >>To: <[EMAIL PROTECTED]> >>Sent: Sunday, September 22, 2002 5:52 PM >>Subject: Daily RADIUS window >> >> >> >>>I've looked through the docs and the mailing list archives. I want to >>>be able to limit the time of day when a user can connect with the RADIUS >>>server. I can define a daily total, but that's not going to be useful. >>> For example, I want to be able to disallow a user from authenticating >>>between 10:00PM and 8:00AM every day. Even better would be to further >>>define that as only weekdays. >>> >>>Any suggestions? >>> >>> >>>--Aaron >>> >>> >>> >>> >>>- >>>List info/subscribe/unsubscribe? See >> >>http://www.freeradius.org/list/users.html >> >> >>- >>List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Daily RADIUS window
I've looked through the docs and the mailing list archives. I want to be able to limit the time of day when a user can connect with the RADIUS server. I can define a daily total, but that's not going to be useful. For example, I want to be able to disallow a user from authenticating between 10:00PM and 8:00AM every day. Even better would be to further define that as only weekdays. Any suggestions? --Aaron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Feature request: new check attributes
Sure, but I was hoping to do this with the rlm_sql module. I still like the idea of nascheck and nasreply tables, or maybe a native huntgroup table? Anybody else? --Aaron Alan DeKok wrote: > Aaron Paetznick <[EMAIL PROTECTED]> wrote: > >>I need to be able to sort users by the NAS that they connect to. > > > See the 'huntgroups' file. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Feature request: new check attributes
I need to be able to sort users by the NAS that they connect to. I'm experimenting with using Called-Station-ID to sort by, but not all of my NASes will be using a dialup number (PPPoE through DSL, VDSL, etc.). Ideally, I'd like to sort by NAS-IP-Address. I'm envisioning two different scenerios: 1) New check attributes that can be assigned to any user or group -- maybe "Allow-NAS-IP" and "Deny-NAS-IP"? These attributes could be "stacked" (in a logical, common-sense way), meaning more than one could be assigned to a user or group to create a sort of per user/group access list. 2) In reference to the rlm_sql module, there are currently two "levels" that attributes can be assigned to (not counting realms which aren't working yet) -- the user level and the group level. Could we add a third "nas" level. I.e. nascheck and nasreply tables? I would find this EXTREMELY useful. Thanks for the great software! --Aaron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL accounting issue
The NAS wasn't setup to account to the right place. *sigh* It works now. Thanks for all the help! --Aaron Alan DeKok wrote: > Aaron Paetznick <[EMAIL PROTECTED]> wrote: > >>I've just setup FreeRADIUS v0.6.0, and it works great in every way >>except that it won't account correctly. Maybe better said that it won't >>account correctly for me. I'm trying to use the radacct MySQL table, >>but nothing ever shows up (zero rows). radiusd -X shows that it's >>connecting to the database, but it looks like it doesn't even try to >>account. > > > Is it receiving accounting packets? > > >> When using -X, does the server even try to account? > > > Uh... yes. Why wouldn't it? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL accounting issue
I've been use ICRADIUS for years now with great success. I'm familiar
with it's MySQL table structure. This isn't an ICRADIUS list, so I'll
get to the point.
I've just setup FreeRADIUS v0.6.0, and it works great in every way
except that it won't account correctly. Maybe better said that it won't
account correctly for me. I'm trying to use the radacct MySQL table,
but nothing ever shows up (zero rows). radiusd -X shows that it's
connecting to the database, but it looks like it doesn't even try to
account. When using -X, does the server even try to account? I tried
it as a normal daemon too. My sql.conf is default except for login,
password, and database name. Here's an excerpt from my radiusd.conf file:
snip ===
authenticate {
# sql
# pam
unix
}
preacct {
preprocess
files
}
accounting {
sql
# detail
# unix
}
session {
# radutmp
sql
}
snip ===
Any ideas? I'm using RedHat 7.1, MySQL v3.23.51, and FreeRADIUS v0.6.0.
Thanks in advance!
--Aaron
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
