Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2421 → Rev 2422

/alcasar.sh
1097,9 → 1097,9
# INFO : To connect from outside (EAP), add the EAP virtual server (link in sites-enabled) and inner-tunnel modules (link in mods-enabled)
 
# Set modules
# Set only usefull modules for ALCASAR
# Set only usefull modules for ALCASAR (ldap is enabled only via ACC)
rm -rf /etc/raddb/mods-enabled/*
for mods in sql sqlcounter attr_filter expiration logintime ldap pap
for mods in sql sqlcounter attr_filter expiration logintime pap
do
ln -s /etc/raddb/mods-available/$mods /etc/raddb/mods-enabled/$mods
done
1127,24 → 1127,27
# sqlcounter modifications
[ -e /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf.default
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)),0)) \
FROM radacct WHERE username = '%{${key}}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'),0)"
query = "\
SELECT IFNULL((SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)),0)) \
FROM radacct \
WHERE username = '%{\${key}}' \
AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'),0)"
EOF
[ -e /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf.default
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
query = "SELECT IFNULL((SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username='%{${key}}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%b'),0)"
query = "\
SELECT IFNULL((SELECT SUM(acctsessiontime - GREATEST((%%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct \
WHERE username='%{\${key}}' \
AND UNIX_TIMESTAMP(acctstarttime) + acctsessiontime > '%%b'),0)"
EOF
[ -e /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default ] || cp /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf.default
cat << EOF > /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
# This is the query modified for ALCASAR needs (thanks to Daniel Laliberte --> authorized period after the first connection)
query = "SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) \
query = "\
SELECT IFNULL((SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) \
FROM radacct \
WHERE UserName='%{${key}}' \
WHERE UserName='%{\${key}}' \
ORDER BY acctstarttime \
LIMIT 1),0)"
EOF
/conf/radius/alcasar-radius
383,7 → 383,7
# eap {
# ok = return
# updated = return
}
# }
 
#
# Pull crypt'd passwords from /etc/passwd or /etc/shadow,
828,16 → 828,16
#
Post-Auth-Type REJECT {
# log failed authentications in SQL, too.
sql
-sql
attr_filter.access_reject
 
# Insert EAP-Failure message if the request was
# rejected by policy instead of because of an
# authentication failure
# eap
eap
 
# Remove reply message if the response contains an EAP-Message
# remove_reply_message_if_eap
# remove_reply_message_if_eap
}
 
#
/conf/radius/queries.conf
61,7 → 61,7
# 4. Secret
#######################################################################
 
nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}"
# nas_query = "SELECT id, nasname, shortname, type, secret FROM ${nas_table}"
 
#######################################################################
# Authorization Queries