Service Provisioning Using AAA (FreeRadius)

Russell Mike radius.sir at gmail.com
Thu Jun 6 14:30:20 CEST 2013


Greetings Everyone, My goal is to use only ONE "A" (Authorization Only) as
starting of FR implementation. i do have different system to authenticate
users. Plan is to replace that with FR but one step at a time.

i tried with the following virtual server to accept everyone. With that
done, Everyone is accepted, regardless of user exists in MySQL_DB or not.
And replay message is sent correctly as well.

*Check Items in unlang code:*
1.) Login time is verified correctly - if users attempts to access outside
of time slot, then rejected, else accepted. (First Attribute Works)
2.) Everyone is accepted (Second Attribute also Works)
3.) Users are not disconnected after 10 minutes (Third Attribute do not
work)

*Reply Items **in unlang code**: *

1.) Users are successfully redirected to the URL specified for "
WISPr-Redirection-URL" (First Reply Item Works)
2.) Users are not disconnected after 10 minutes (Second Attribute do not
work)

server accept_everyone {
           authorize {

# If user not present in MySQL Database still allow them access
# Only Between 10:00 and 12:59PM
# File Module Retunes "noop" & sql Module Returns "notfound"

#files
          #if(noop) {

sql

        if(notfound) {
                   update control {
                       Login-Time := 'Any1000-1259'
                       Auth-Type := "Accept"
                       Max-All-Session := "600"
}
  }
# Redirect Everyone To Yale Website
               update reply {
                   WISPr-Redirection-URL := "http://www.yale.edu"
                   Max-All-Session := "600"
               }

}
           authenticate {
               Auth-Type PAP {
pap

}
  }
    }
pap
logintime
forevertimecounter

## Authorization Area ENDs Here


Can someone give little hint ? Only hint would be enough, i will study the
rest. is it even posible to control that (Max-All-Session) using "unlang"
code ?

Thanks / Regards
--RM


On Wed, Jun 5, 2013 at 4:17 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Russell Mike wrote:
> > Hi John & Alan, Kindly clarify
>
>   This isn't a private list.  Messages should NOT be addressed to
> individual people.
>
>   Just reply to a message.  It's simpler, and more polite.
>
> > Does this means, it is posible to use only authorize function of FR and
> > process all authentication requests with following virtual server?
>
>   Did you try it?  What does it do?
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130606/99152c8a/attachment.html>


More information about the Freeradius-Users mailing list