Login-Time, huntgroup and mysql

alexander at infomed.sld.cu alexander at infomed.sld.cu
Fri Jun 17 20:30:16 CEST 2005 

Hi

I'm have using freeradius+mysql.
All the users are on a mysql database, and we have our owns NAS pointed to the radius
servers, everything work fine.
Recently, in order to increase our capabilities was introduced an other NAS that points to
an other freeradius server who proxied the requests to our server. We were trying to
control the trafic to the remote NAS by using the
Login-Time attribute and "huntgroups" file to distinguish the requests that come from the
remote NAS. So, we have an entry
on huntgroup file like this:

huntgroup file:
.
.
.
remote_nas		NAS-IP-Address == 1.2.3.4
.
.
.

then on the users file:

.
.
.

DEFAULT         Service-Type == Framed-User, Login-Time := "al0600-1800", Huntgroup-Name
== "remote_nas"
                Fall-Through = Yes
.
.
.
then on radiusd.conf, at the authorize we have files and sql

The above configuration work O.K!

But all peoples that try to connect to NAS 1.2.3.4 out of time will be reject.
So we define 3 users categories: 1- the useres that only can login by day ("al0600-1800");
2- users that only can
login by night ("al1800-0600"); and 3- users than can login any time at the romote NAS. If
the same user try
to connect to an other NAS, then the Login-Time have'n effect, so that it can connect any
time.
How we can do that without have to do any change on the users names and groups of the data
base?

We probe the fallowing:

huntgroup file:
.
.
.
remote_nas		NAS-IP-Address == 1.2.3.4
.
.
.

then on the users file:

.
.
.

DEFAULT         Service-Type == Framed-User, User-Category == "day", Login-Time :=
"al0600-1800", Huntgroup-Name == "remote_nas"
                Fall-Through = Yes

DEFAULT         Service-Type == Framed-User, User-Category == "night", Login-Time :=
"al1800-0600", Huntgroup-Name == "remote_nas"
                Fall-Through = Yes

DEFAULT         Service-Type == Framed-User, User-Category == "fulltime", Huntgroup-Name
== "remote_nas"
                Fall-Through = Yes
.
.
.

on mysql:

radcheck
+----+-----------+----------------+----+------------------------------------+
| id | UserName  | Attribute      | op | Value                              |
+----+-----------+----------------+----+------------------------------------+
|  1 | alexander | Crypt-Password | == | $1$9D9s.vO6$GlVbRFf7qRaUXTAJ1gGGe. |
|  4 | alexander | User-Category  | := | day                                |
+----+-----------+----------------+----+------------------------------------+

and radiusd.conf, at the authorize we have files and sql

But this configuration don't work because the request never match any of 3 entries of
users file due to User-Category attribute, maybe cause sql is the last module that the
server call:
.
.
.
authorize {
           .
	   .
           preprocess
	   .
	   .
	   files
           .
	   .
	   sql
	   .
	   .
	   }


We would be grateful for any suggestion.
Thanks.


-------------------------------------------------
Este mensaje fue enviado usando el servicio de correo en web de Infomed
http://webmail.sld.cu

More information about the Freeradius-Users mailing list