Re: (RADIATOR) Time check item in Authby UNIX
Hi Mike, It seems the the specific clause is working ok, but the auth packet is being catched by the last DEFAULT clause. Here you are (debug level 4): Tks, Mon Jun 7 20:57:11 1999: DEBUG: Packet dump: *** Received from 200.240.25.3 port 1645 Code: Access-Request Identifier: 160 Authentic: l22622118411U#229181~B2171467# Attributes: NAS-IP-Address = 200.240.25.3 NAS-Port = 18 NAS-Port-Type = Virtual User-Name = "carmem" Calling-Station-Id = "200.240.25.17" User-Password = "191D/|113b312719153211220P175135" Mon Jun 7 20:57:11 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Jun 7 20:57:11 1999: DEBUG: Rewrote user name to carmem Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthFILE Mon Jun 7 20:57:11 1999: DEBUG: Reading users file /etc/radiator/users Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group poponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group poponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group fwdonly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group fwdonly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT2 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group ftponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group ftponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT3 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group hponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group hponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT4 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: Time: not within an allowable Time range Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: Time: not within an allowable Time range Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT5 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: Check item Service-Type value 'Framed-User' does not match '' in request Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: Check item Service-Type value 'Framed-User' does not match '' in request Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT6 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX ACCEPT: Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE ACCEPT: Mon Jun 7 20:57:11 1999: DEBUG: Access accepted for carmem Mon Jun 7 20:57:12 1999: DEBUG: Packet dump: *** Sending to 200.240.25.3 port 1645 Code: Access-Accept Identifier: 160 Authentic: l22622118411U#229181~B2171467# Attributes: Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP On Tue, 8 Jun 1999, Mike McCauley wrote: Date: Tue, 8 Jun 1999 08:53:24 -0500 From: Mike McCauley [EMAIL PROTECTED] To: Jose Roberto Bulcao [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: (RADIATOR) Time check item in Authby UNIX Hello Jose, I have just tested your configuration and Time check item. Your configuration and users file looks fine, and it worked OK for me, allowing access only betweeen the times given. Can you send your log file, showing what happens when it should be applying the Time restriction? Cheers. On Jun 7, 9:42am, Jose Roberto Bulcao wrote: Subject: (RADIATOR) Time check item in Authby UNIX Does anybody knows if th
Re: (RADIATOR) Time check item in Authby UNIX
On Jun 7, 9:03pm, Jose Roberto Bulcao wrote: Subject: Re: (RADIATOR) Time check item in Authby UNIX Hi Mike, It seems the the specific clause is working ok, but the auth packet is being catched by the last DEFAULT clause. Here you are (debug level 4): Yes, its clear that your clause is correctly rejecting based on the Time, but they are being accepted by a more liberal DEFAULT that follows it. So this is not a problem with the Time check item, but rather with the design of the users file. What do you really want to have happen? If you want users in group admfin to be rejected unless they are within the time band, you should add this after your existing admfin DEFAULT user: DEFAULT Auth-Type = System, Group = admfin, Auth-Type=Reject Hope that helps. Cheers. Tks, Mon Jun 7 20:57:11 1999: DEBUG: Packet dump: *** Received from 200.240.25.3 port 1645 Code: Access-Request Identifier: 160 Authentic: l22622118411U#229181~B2171467# Attributes: NAS-IP-Address = 200.240.25.3 NAS-Port = 18 NAS-Port-Type = Virtual User-Name = "carmem" Calling-Station-Id = "200.240.25.17" User-Password = "191D/|113b312719153211220P175135" Mon Jun 7 20:57:11 1999: DEBUG: Handling request with Handler 'Realm=DEFAULT' Mon Jun 7 20:57:11 1999: DEBUG: Rewrote user name to carmem Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthFILE Mon Jun 7 20:57:11 1999: DEBUG: Reading users file /etc/radiator/users Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group poponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group poponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT1 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group fwdonly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group fwdonly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT2 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group ftponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group ftponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT3 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: User carmem is not in Group hponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: User carmem is not in Group hponly Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT4 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: Time: not within an allowable Time range Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: Time: not within an allowable Time range Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT5 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX REJECT: Check item Service-Type value 'Framed-User' does not match '' in request Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE REJECT: Check item Service-Type value 'Framed-User' does not match '' in request Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE looks for match with DEFAULT6 Mon Jun 7 20:57:11 1999: DEBUG: Handling with Radius::AuthUNIX Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX looks for match with carmem Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthUNIX ACCEPT: Mon Jun 7 20:57:11 1999: DEBUG: Radius::AuthFILE ACCEPT: Mon Jun 7 20:57:11 1999: DEBUG: Access accepted for carmem Mon Jun 7 20:57:12 1999: DEBUG: Packet dump: *** Sending to 200.240.25.3 port 1645 Code: Access-Accept Identifier: 160 Authentic: l22622118411U#229181~B2171467# Attributes: Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = None Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP On Tue, 8 Jun 1999, Mik