Newslists
Keith Dovale - HostworX.co.za
keith at hostworx.co.za
Sun Feb 10 12:18:48 CET 2008
Sql tables are standard
RadCheck
test at hxdsl Cleartext-Password := test
test at hxdsl Max-Monthly-Blended-UnShaped := 0
test at hxdsl Max-Monthly-Blended-Shaped := 3145728
test at hxdsl Max-Monthly-Local := 0
test at hxdsl Max-Monthly-Prepaid-Limit-Total := 0
test at hxdsl Max-Monthly-Blended-Limit := 0
Radgroupcheck
DSLSHAPED Auth-Type := Local
DSLUNSHAPED Auth-Type := Local
DSLLOCAL Auth-Type := Local
DISABLED Auth-Type := Reject
Radgroupreply
DSLSHAPED Acct-Interim-Interval := 3600
DSLSHAPED Session-Timeout := 84600
DSLSHAPED Configuration-Token := SHAPED_NORMAL
DSLUNSHAPED Acct-Interim-Interval := 3600
DSLUNSHAPED Session-Timeout := 84600
DSLUNSHAPED Configuration-Token := UNSHAPED_NORMAL
DSLLOCAL Acct-Interim-Interval := 3600
DSLLOCAL Session-Timeout := 84600
DSLLOCAL Configuration-Token := LOCAL_NORMAL
DSLLIMITED Configuration-Token := LOCAL_LIMITED
RADIUSD.CONF
prefix = ..
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
certsdir = ${sysconfdir}/raddb/certs/FreeRADIUS.net/DemoCerts
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 60
delete_blocked_requests = no
cleanup_delay = 6
max_requests = 25600
bind_address = xx.xx.xx.xx
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes
usercollide = no
lower_user = after
lower_pass = no
nospace_user = after
nospace_pass = before
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
$INCLUDE ${confdir}/clients.conf
snmp = no
$INCLUDE ${confdir}/snmp.conf
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 500
}
modules {
pap {
auto_header = yes
}
chap {
authtype = CHAP
}
pam {
pam_auth = radiusd
}
unix {
cache = no
cache_reload = 600
radwtmp = ${logdir}/radwtmp
}
realm hxdsl {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
attr_rewrite AttrRewrite_MonthlyBlendedUnshaped {
attribute = Configuration-Token
searchin = reply
searchfor = "SHAPED_NORMAL"
replacewith = "UNSHAPED_NORMAL"
ignore_case = yes
new_attribute = no
max_matches = 3
append = no
}
attr_rewrite AttrRewrite_MonthlyBlendedShaped {
attribute = Configuration-Token
searchin = reply
searchfor = "UNSHAPED_NORMAL"
replacewith = "SHAPED_NORMAL"
ignore_case = yes
new_attribute = no
max_matches = 3
append = no
}
attr_rewrite AttrRewrite_MonthlyLocal {
attribute = Configuration-Token
searchin = reply
searchfor = "SHAPED_NORMAL"
replacewith = "LOCAL_NORMAL"
ignore_case = yes
new_attribute = no
max_matches = 3
append = no
}
attr_rewrite AttrRewrite_Limited {
attribute = Configuration-Token
searchin = reply
searchfor = "LOCAL_NORMAL"
replacewith = "LOCAL_LIMITED"
ignore_case = yes
new_attribute = no
max_matches = 3
append = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail reply_logUn {
detailfile = ${radacctdir}/reply-detailU-%Y%m%d.log
detailperm = 0777
}
detail reply_logUnFin {
detailfile = ${radacctdir}/reply-detailUF-%Y%m%d.log
detailperm = 0777
}
detail reply_logSh {
detailfile = ${radacctdir}/reply-detailS-%Y%m%d.log
detailperm = 0777
}
detail reply_logShFin {
detailfile = ${radacctdir}/reply-detailSF-%Y%m%d.log
detailperm = 0777
}
detail reply_logLoc {
detailfile = ${radacctdir}/reply-detailL-%Y%m%d.log
detailperm = 0777
}
detail reply_logLocFin {
detailfile = ${radacctdir}/reply-detailLF-%Y%m%d.log
detailperm = 0777
}
detail reply_logEnd {
detailfile = ${radacctdir}/reply-detailE-%Y%m%d.log
detailperm = 0777
}
detail radrelay {
detailfile = ${radacctdir}/detail-radrelay.log
detailperm = 0600
locking = yes
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log
detailperm = 0777
}
detail auth_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d.log
detailperm = 0777
}
detail reply_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/reply-detail-%Y%m%d.log
detailperm = 0777
}
detail pre_proxy_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d.log
detailperm = 0777
}
detail post_proxy_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/post-proxy-detail-%Y%m%d.log
detailperm = 0777
}
sql_log {
path = ${radacctdir}/sql-relay
acct_table = "radacct"
postauth_table = "radpostauth"
Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName,
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctTerminateCause) VALUES ('%{Acct-Session-Id}', '%{User-Name}',
'%{NAS-IP-Address}', '%{Framed-IP-Address}', '%S', '0', '0', '');"
Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName,
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctTerminateCause) VALUES ('%{Acct-Session-Id}', '%{User-Name}',
'%{NAS-IP-Address}', '%{Framed-IP-Address}', '0', '%S',
'%{Acct-Session-Time}', '%{Acct-Terminate-Cause}');"
Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName,
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, AcctSessionTime,
AcctTerminateCause) VALUES ('%{Acct-Session-Id}', '%{User-Name}',
'%{NAS-IP-Address}', '%{Framed-IP-Address}', '0', '0',
'%{Acct-Session-Time}','');"
Post-Auth = "INSERT INTO ${postauth_table}(user, pass, reply, date,
IPAddress, NasIpAddress, NasPort, Class, TelkomType, SessionKey) VALUES
('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}',
'%S', '%{Framed-IP-Address}', '%{NAS-IP-Address}', '%{NASPort}', '%{Class}',
'%{Telkom-Access-Type}', '%{X-Ascend-Session-Svr-Key}');"
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0777
callerid = "yes"
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0777
callerid = "no"
}
attr_filter {
attrsfile = ${confdir}/attrs
}
sqlcounter MonthlyUnShaped {
counter-name = Monthly-Traffic-UnShaped
check-name = Max-Monthly-Blended-UnShaped
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = monthly
Reply-Message = You have reached your Unshaped bandwidth cap
for this Month
query = "SELECT IF(((SELECT (sum(AcctInputOctets) +
SUM(AcctOutputOctets))/1024)- (Select Value from radcheck where
UserName='%{%k}' and Attribute = 'Max-Prepaid-Limit') from radacct WHERE
UserName='%{%k}' AND Class REGEXP '^NU' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'),((SELECT (sum(AcctInputOctets) +
SUM(AcctOutputOctets))/1024)- (Select Value from radcheck where
UserName='%{%k}' and Attribute = 'Max-Prepaid-Limit') from radacct WHERE
UserName='%{%k}' AND Class REGEXP '^NU' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'),0)"
}
sqlcounter MonthlyShaped {
counter-name = Monthly-Traffic-Shaped
check-name = Max-Monthly-Blended-Shaped
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = monthly
Reply-Message = You have reached your SHaped bandwidth cap
for this Month
query = "SELECT IF(((SELECT (sum(AcctInputOctets) +
SUM(AcctOutputOctets))/1024)- (Select Value from radcheck where
UserName='%{%k}' and Attribute = 'Max-Prepaid-Limit') from radacct WHERE
UserName='%{%k}' AND Class REGEXP '^NS' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'),((SELECT (sum(AcctInputOctets) +
SUM(AcctOutputOctets))/1024)- (Select Value from radcheck where
UserName='%{%k}' and Attribute = 'Max-Prepaid-Limit') from radacct WHERE
UserName='%{%k}' AND Class REGEXP '^NS' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'),0)"
}
sqlcounter MonthlyLocal {
counter-name = Monthly-Traffic-Local
check-name = Max-Monthly-Local
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = monthly
Reply-Message = You have reached your Local bandwidth cap
for this Month
query = "SELECT IF(((SELECT (sum(AcctInputOctets) +
SUM(AcctOutputOctets))/1024)- (Select Value from radcheck where
UserName='%{%k}' and Attribute = 'Max-Prepaid-Limit') from radacct WHERE
UserName='%{%k}' AND Class REGEXP '^NL' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'),SELECT ((SUM(AcctInputOctets) +
SUM(AcctOutputOctets))/1024)- (Select Value from radcheck where
UserName='%{%k}' and Attribute = 'Max-Prepaid-Limit') from radacct WHERE
UserName='%{%k}' AND Class REGEXP '^NL' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'),0)"
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = "/bin/echo %{User-Name}"
input_pairs = request
output_pairs = reply
}
exec POD {
wait = yes
program = "../../perl/bin/perl.exe
${confdir}/DisconChkAlt.pl %{User-Name} %{Framed-IP-Address}
%{NAS-IP-Address} %{X-Ascend-Session-Svr-Key}"
input_pairs = request
output_pairs = reply
# packet_type = Accounting-Request
}
}
instantiate {
exec
expr
MonthlyUnShaped
MonthlyShaped
MonthlyLocal
}
authorize {
auth_log
# digest
hxdsl
sql
group {
reply_logUn
AttrRewrite_MonthlyBlendedUnshaped
reply_logUnFin
MonthlyUnShaped {
reject = 1
ok = return
}
reply_logSh
AttrRewrite_MonthlyBlendedShaped
reply_logShFin
MonthlyShaped {
reject = 1
ok = return
}
reply_logLoc
AttrRewrite_MonthlyLocal
reply_logLocFin
MonthlyLocal {
reject = 1
ok = return
}
AttrRewrite_Limited
}
reply_logEnd
pap
}
authenticate {
Auth-Type PAP {
pap
}
unix
}
preacct {
preprocess
acct_unique
hxdsl
files
}
accounting {
detail
sql
Acct-Type LOCAL-AUTH {
sql
radrelay
}
Acct-Type REMOTE-AUTH {
sql
}
Acct-Type interim {
sql
POD
}
}
session {
sql
}
post-auth {
sql
sql_log
Post-Auth-Type REJECT {
# Login failed: log to SQL database.
sql
sql_log
}
}
pre-proxy {
# pre_proxy_log
}
post-proxy {
# post_proxy_log
}
Regards
Keith Dovale
-----Original Message-----
From: freeradius-users-bounces+keith=hostworx.co.za at lists.freeradius.org
[mailto:freeradius-users-bounces+keith=hostworx.co.za at lists.freeradius.org]
On Behalf Of A.L.M.Buxey at lboro.ac.uk
Sent: Sunday, February 10, 2008 12:36 PM
To: FreeRadius users mailing list
Subject: Re: Newslists
hi,
..and i'd like to add that, once again, we are not seeing the whole
picture - eg your configuration files and/or SQL tables. this case
hence drags on and on...........
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list