WebSVN – ALCASAR – Diff – /conf/radius/alcasar-with-ldap


server default {
listen {
	type = auth
	ipaddr = *
	port = 0
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}
 
listen {
	type = acct
	ipaddr = *
	port = 0
	limit {
		max_pps = 0
	}
}
 
authorize {
	ldap { fail = 1 }
	if ((ok || updated) && User-Password) {
		update control {
			Auth-Type := LDAP
		}
	}
 
	sql { notfound = 1 }
	if ((notfound) && (!control:Auth-Type)) {
		update reply {
			Reply-Message := "Username not found"
		}
		reject
	}
 
	expire_on_login { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your usage time has been reached"
		}
		reject
	}
	noresetcounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage time has been reached"
		}
		reject
	}
	monthlycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage time has been reached"
		}
		reject
	}
	dailycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage time has been reached"
		}
		reject
	}
 
	counterCoovaChilliMaxAllTotalOctets { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage volume has been reached"
		}
		reject
	}
 
	expiration { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your expiration date has been reached"
		}
		userlock
	}
 
	logintime { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your are out your allowed time period"
		}
		userlock
	}
 
	pap
 
 
 
 
 
 
 
 
 
}
 
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type LDAP {
		ldap
	}
}
 
accounting {
	sql
}
 
session {
	sql
}
 
post-auth {
	Post-Auth-Type REJECT {
		update reply {
			Reply-Message = "Login failed"
		}
		attr_filter.access_reject
	}
}
}
 

Rev 2618	Rev 2701
1	`server default {`	1	`server default {`
2	`listen {`	2	`listen {`
3	`type = auth`	3	`type = auth`
4	`ipaddr = *`	4	`ipaddr = *`
5	`port = 0`	5	`port = 0`
6	`limit {`	6	`limit {`
7	`max_connections = 16`	7	`max_connections = 16`
8	`lifetime = 0`	8	`lifetime = 0`
9	`idle_timeout = 30`	9	`idle_timeout = 30`
10	`}`	10	`}`
11	`}`	11	`}`
12		12
13	`listen {`	13	`listen {`
14	`type = acct`	14	`type = acct`
15	`ipaddr = *`	15	`ipaddr = *`
16	`port = 0`	16	`port = 0`
17	`limit {`	17	`limit {`
18	`max_pps = 0`	18	`max_pps = 0`
19	`}`	19	`}`
20	`}`	20	`}`
21		21
22	`authorize {`	22	`authorize {`
-		23	`ldap { fail = 1 }`
-		24	`if ((ok \|\| updated) && User-Password) {`
23	`sql {`	25	`update control {`
24	`notfound = 1`	26	`Auth-Type := LDAP`
-		27	`}`
25	`}`	28	`}`
-		29
26	`if (notfound) {`	30	`sql { notfound = 1 }`
-		31	`if ((notfound) && (!control:Auth-Type)) {`
27	`update reply {`	32	`update reply {`
28	`Reply-Message := "Username not found"`	33	`Reply-Message := "Username not found"`
29	`}`	34	`}`
30	`reject`	35	`reject`
31	`}`	36	`}`
32		37
33	`expire_on_login { reject = 1 }`	38	`expire_on_login { reject = 1 }`
34	`if (reject) {`	39	`if (reject) {`
35	`update reply {`	40	`update reply {`
36	`Reply-Message := "Your usage time has been reached"`	41	`Reply-Message := "Your usage time has been reached"`
37	`}`	42	`}`
38	`reject`	43	`reject`
39	`}`	44	`}`
40	`noresetcounter { reject = 1 }`	45	`noresetcounter { reject = 1 }`
41	`if (reject) {`	46	`if (reject) {`
42	`update reply {`	47	`update reply {`
43	`Reply-Message := "Your maximum usage time has been reached"`	48	`Reply-Message := "Your maximum usage time has been reached"`
44	`}`	49	`}`
45	`reject`	50	`reject`
46	`}`	51	`}`
47	`monthlycounter { reject = 1 }`	52	`monthlycounter { reject = 1 }`
48	`if (reject) {`	53	`if (reject) {`
49	`update reply {`	54	`update reply {`
50	`Reply-Message := "Your maximum monthly usage time has been reached"`	55	`Reply-Message := "Your maximum monthly usage time has been reached"`
51	`}`	56	`}`
52	`reject`	57	`reject`
53	`}`	58	`}`
54	`dailycounter { reject = 1 }`	59	`dailycounter { reject = 1 }`
55	`if (reject) {`	60	`if (reject) {`
56	`update reply {`	61	`update reply {`
57	`Reply-Message := "Your maximum daily usage time has been reached"`	62	`Reply-Message := "Your maximum daily usage time has been reached"`
58	`}`	63	`}`
59	`reject`	64	`reject`
60	`}`	65	`}`
61		66
62	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`	67	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`
63	`if (reject) {`	68	`if (reject) {`
64	`update reply {`	69	`update reply {`
65	`Reply-Message := "Your maximum usage volume has been reached"`	70	`Reply-Message := "Your maximum usage volume has been reached"`
66	`}`	71	`}`
67	`reject`	72	`reject`
68	`}`	73	`}`
69	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`	74	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`
70	`if (reject) {`	75	`if (reject) {`
71	`update reply {`	76	`update reply {`
72	`Reply-Message := "Your maximum monthly usage volume has been reached"`	77	`Reply-Message := "Your maximum monthly usage volume has been reached"`
73	`}`	78	`}`
74	`reject`	79	`reject`
75	`}`	80	`}`
76	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`	81	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`
77	`if (reject) {`	82	`if (reject) {`
78	`update reply {`	83	`update reply {`
79	`Reply-Message := "Your maximum daily usage volume has been reached"`	84	`Reply-Message := "Your maximum daily usage volume has been reached"`
80	`}`	85	`}`
81	`reject`	86	`reject`
82	`}`	87	`}`
83		88
84	`expiration { userlock = 1 }`	89	`expiration { userlock = 1 }`
85	`if (userlock) {`	90	`if (userlock) {`
86	`update reply {`	91	`update reply {`
87	`Reply-Message := "Your expiration date has been reached"`	92	`Reply-Message := "Your expiration date has been reached"`
88	`}`	93	`}`
89	`userlock`	94	`userlock`
90	`}`	95	`}`
91		96
92	`logintime { userlock = 1 }`	97	`logintime { userlock = 1 }`
93	`if (userlock) {`	98	`if (userlock) {`
94	`update reply {`	99	`update reply {`
95	`Reply-Message := "Your are out your allowed time period"`	100	`Reply-Message := "Your are out your allowed time period"`
96	`}`	101	`}`
97	`userlock`	102	`userlock`
98	`}`	103	`}`
99		104
100	`pap`	105	`pap`
101		-
102	`ldap {`	-
103	`fail = 1`	-
104	`}`	-
105	`if ((ok \|\| updated) && User-Password) {`	-
106	`update control {`	-
107	`Auth-Type := ldap`	-
108	`}`	-
109	`}`	-
110	`}`	106	`}`
111		-
112	`authenticate {`	107	`authenticate {`
113	`Auth-Type PAP {`	108	`Auth-Type PAP {`
114	`pap`	109	`pap`
115	`}`	110	`}`
116	`Auth-Type LDAP {`	111	`Auth-Type LDAP {`
117	`ldap`	112	`ldap`
118	`}`	113	`}`
119	`}`	114	`}`
120		115
121	`accounting {`	116	`accounting {`
122	`sql`	117	`sql`
123	`}`	118	`}`
124		119
125	`session {`	120	`session {`
126	`sql`	121	`sql`
127	`}`	122	`}`
128		123
129	`post-auth {`	124	`post-auth {`
130	`Post-Auth-Type REJECT {`	125	`Post-Auth-Type REJECT {`
131	`update reply {`	126	`update reply {`
132	`Reply-Message = "Login failed"`	127	`Reply-Message = "Login failed"`
133	`}`	128	`}`
134	`attr_filter.access_reject`	129	`attr_filter.access_reject`
135	`}`	130	`}`
136	`}`	131	`}`
137	`}`	132	`}`
138		133

Subversion Repositories ALCASAR

(root)/conf/radius/alcasar-with-ldap – Rev 2618 → 2701