'Re: FreeRadius db.counter'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: FreeRadius db.counter
From:       "JD" <jd () leilogic ! com>
Date:       2002-09-28 15:08:45
[Download RAW message or body]

I tried that in the users file, but if I change the value to 0 it still lets
them authenticate.

I put that first, and now it works more properly in rejecting the users
listed there, along with
the ones in /etc/shadow (Admins) which is correct. Now I have to remind
myself that these configs
work like an IPTables/IPChains script. :)

I just tried this after that.

## USERS ##

DEFAULT Max-Monthly-Session = 720000
                  Fall-Through = 1

DEFAULT Monthly-Session-Time > 720000, Auth-Type = Reject
                   Reply-Message = " You've used up your time. "

#### /var/log/radius/radius.log ####

Sending Access-Request of id 187 to radius:1645
        User-Name = "test"
        User-Password = "\251\311\004\031x9\316\326\307r{w\240]>\024"
        NAS-IP-Address = radius
        NAS-Port-Id = "0"
rad_recv: Access-Reject packet from host radius:1645, id=187, length=49
        Reply-Message = " You've used up your time. "

######### END ##########

Although no time was actually used. It rejects them no matter what value I
put in. < or >, =, or :=

I tested this with "radtest test pass radius 0 radius-pass".

(IP Replaced with "radius" so some script kiddy that reads this won't mess
with it)


----- Original Message -----
From: "Kostas Kalevras" <kkalev@noc.ntua.gr>
To: <freeradius-users@lists.cistron.nl>
Sent: Saturday, September 28, 2002 2:12 AM
Subject: Re: FreeRadius db.counter


> On Fri, 27 Sep 2002, JD wrote:
>
> > Ive read all the documentation, and the conf files over and over, none
if it makes any sense to me. Im trying
> > to keep the users in /etc/raddb/users, and at the same time. Limit them
to 200 hours per month. Some
> > advice on how to limit the 200 hours to the users listed in the users
file would be greatly appreciated.
> > Im also in a time frame. Im trying to get this fixed before the weekend
is up.
>
> Let's say that in your radiusd.conf you have check-name =
Max-Daily-Session in
> your counter module configuration. Then you should put a DEFAULT entry in
your
> users file like:
>
> DEFAULT Max-Daily-Session = 720000
> Fall-Through = 1
>
> This should be before any user entries.
>
> If you want to set it to another value for one of your users just add it
in the
> user's check items (use the := operator to override the value).
>
> Also make sure that the files module comes before the counter module in
the
> authorize section. Add the counter module in the instantiate section (so
that it
> registers the Max-Daily-Session attribute before the files module reads
the
> users file) and in the authorize and accounting section.
>
> >
> > I don't really like fooling with SQL, and I don't know anything about
LDAP. There must be a way
> > to do this.
>
> SQL and LDAP are really nice. It really pays off having your users in one
of
> these databases.  There's also dialup_admin to administer user entries if
you
> decide to put your users there.
>
> >
> > Thanks
>
> --
> Kostas Kalevras Network Operations Center
> kkalev@noc.ntua.gr National Technical University of Athens, Greece
> Work Phone: +30 10 7721861
> 'Go back to the shadow' Gandalf
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic