WebSVN – ALCASAR – Diff – /conf/radius/alcasar-with-ldap


server default {
listen {
	type = auth
	ipaddr = *
	port = 0
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}
 
listen {
	type = acct
	ipaddr = *
	port = 0
	limit {
		max_pps = 0
	}
}
 
authorize {
#	if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
	if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
		ldap { fail = 1 }
		if ((ok || updated) && User-Password) {
			update control {
				Auth-Type := LDAP
			}
		}
	}
 
	sql { notfound = 1 }
	if ((notfound) && (!control:Auth-Type)) {
		update reply {
			Reply-Message := "Username not found"
		}
		reject
	}
 
	expire_on_login { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your usage time has been reached"
		}
		reject
	}
	noresetcounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage time has been reached"
		}
		reject
	}
	monthlycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage time has been reached"
		}
		reject
	}
	dailycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage time has been reached"
		}
		reject
	}
 
	counterCoovaChilliMaxAllTotalOctets { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage volume has been reached"
		}
		reject
	}
 
	expiration { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your expiration date has been reached"
		}
		userlock
	}
 
	logintime { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your are out your allowed time period"
		}
		userlock
	}
 
	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type LDAP {
		ldap
	}
}
 
accounting {
	sql
}
 
session {
	sql
}
 
post-auth {
	Post-Auth-Type REJECT {
		update reply {
			Reply-Message = "Login failed"
		}
		attr_filter.access_reject
	}
}
}
 

Rev 2701	Rev 2704
1	`server default {`	1	`server default {`
2	`listen {`	2	`listen {`
3	`type = auth`	3	`type = auth`
4	`ipaddr = *`	4	`ipaddr = *`
5	`port = 0`	5	`port = 0`
6	`limit {`	6	`limit {`
7	`max_connections = 16`	7	`max_connections = 16`
8	`lifetime = 0`	8	`lifetime = 0`
9	`idle_timeout = 30`	9	`idle_timeout = 30`
10	`}`	10	`}`
11	`}`	11	`}`
12		12
13	`listen {`	13	`listen {`
14	`type = acct`	14	`type = acct`
15	`ipaddr = *`	15	`ipaddr = *`
16	`port = 0`	16	`port = 0`
17	`limit {`	17	`limit {`
18	`max_pps = 0`	18	`max_pps = 0`
19	`}`	19	`}`
20	`}`	20	`}`
21		21
22	`authorize {`	22	`authorize {`
-		23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`
-		24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`
23	`ldap { fail = 1 }`	25	`ldap { fail = 1 }`
24	`if ((ok \|\| updated) && User-Password) {`	26	`if ((ok \|\| updated) && User-Password) {`
25	`update control {`	27	`update control {`
26	`Auth-Type := LDAP`	28	`Auth-Type := LDAP`
-		29	`}`
27	`}`	30	`}`
28	`}`	31	`}`
29		32
30	`sql { notfound = 1 }`	33	`sql { notfound = 1 }`
31	`if ((notfound) && (!control:Auth-Type)) {`	34	`if ((notfound) && (!control:Auth-Type)) {`
32	`update reply {`	35	`update reply {`
33	`Reply-Message := "Username not found"`	36	`Reply-Message := "Username not found"`
34	`}`	37	`}`
35	`reject`	38	`reject`
36	`}`	39	`}`
37		40
38	`expire_on_login { reject = 1 }`	41	`expire_on_login { reject = 1 }`
39	`if (reject) {`	42	`if (reject) {`
40	`update reply {`	43	`update reply {`
41	`Reply-Message := "Your usage time has been reached"`	44	`Reply-Message := "Your usage time has been reached"`
42	`}`	45	`}`
43	`reject`	46	`reject`
44	`}`	47	`}`
45	`noresetcounter { reject = 1 }`	48	`noresetcounter { reject = 1 }`
46	`if (reject) {`	49	`if (reject) {`
47	`update reply {`	50	`update reply {`
48	`Reply-Message := "Your maximum usage time has been reached"`	51	`Reply-Message := "Your maximum usage time has been reached"`
49	`}`	52	`}`
50	`reject`	53	`reject`
51	`}`	54	`}`
52	`monthlycounter { reject = 1 }`	55	`monthlycounter { reject = 1 }`
53	`if (reject) {`	56	`if (reject) {`
54	`update reply {`	57	`update reply {`
55	`Reply-Message := "Your maximum monthly usage time has been reached"`	58	`Reply-Message := "Your maximum monthly usage time has been reached"`
56	`}`	59	`}`
57	`reject`	60	`reject`
58	`}`	61	`}`
59	`dailycounter { reject = 1 }`	62	`dailycounter { reject = 1 }`
60	`if (reject) {`	63	`if (reject) {`
61	`update reply {`	64	`update reply {`
62	`Reply-Message := "Your maximum daily usage time has been reached"`	65	`Reply-Message := "Your maximum daily usage time has been reached"`
63	`}`	66	`}`
64	`reject`	67	`reject`
65	`}`	68	`}`
66		69
67	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`	70	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`
68	`if (reject) {`	71	`if (reject) {`
69	`update reply {`	72	`update reply {`
70	`Reply-Message := "Your maximum usage volume has been reached"`	73	`Reply-Message := "Your maximum usage volume has been reached"`
71	`}`	74	`}`
72	`reject`	75	`reject`
73	`}`	76	`}`
74	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`	77	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`
75	`if (reject) {`	78	`if (reject) {`
76	`update reply {`	79	`update reply {`
77	`Reply-Message := "Your maximum monthly usage volume has been reached"`	80	`Reply-Message := "Your maximum monthly usage volume has been reached"`
78	`}`	81	`}`
79	`reject`	82	`reject`
80	`}`	83	`}`
81	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`	84	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`
82	`if (reject) {`	85	`if (reject) {`
83	`update reply {`	86	`update reply {`
84	`Reply-Message := "Your maximum daily usage volume has been reached"`	87	`Reply-Message := "Your maximum daily usage volume has been reached"`
85	`}`	88	`}`
86	`reject`	89	`reject`
87	`}`	90	`}`
88		91
89	`expiration { userlock = 1 }`	92	`expiration { userlock = 1 }`
90	`if (userlock) {`	93	`if (userlock) {`
91	`update reply {`	94	`update reply {`
92	`Reply-Message := "Your expiration date has been reached"`	95	`Reply-Message := "Your expiration date has been reached"`
93	`}`	96	`}`
94	`userlock`	97	`userlock`
95	`}`	98	`}`
96		99
97	`logintime { userlock = 1 }`	100	`logintime { userlock = 1 }`
98	`if (userlock) {`	101	`if (userlock) {`
99	`update reply {`	102	`update reply {`
100	`Reply-Message := "Your are out your allowed time period"`	103	`Reply-Message := "Your are out your allowed time period"`
101	`}`	104	`}`
102	`userlock`	105	`userlock`
103	`}`	106	`}`
104		107
105	`pap`	108	`pap`
106	`}`	109	`}`
107	`authenticate {`	110	`authenticate {`
108	`Auth-Type PAP {`	111	`Auth-Type PAP {`
109	`pap`	112	`pap`
110	`}`	113	`}`
111	`Auth-Type LDAP {`	114	`Auth-Type LDAP {`
112	`ldap`	115	`ldap`
113	`}`	116	`}`
114	`}`	117	`}`
115		118
116	`accounting {`	119	`accounting {`
117	`sql`	120	`sql`
118	`}`	121	`}`
119		122
120	`session {`	123	`session {`
121	`sql`	124	`sql`
122	`}`	125	`}`
123		126
124	`post-auth {`	127	`post-auth {`
125	`Post-Auth-Type REJECT {`	128	`Post-Auth-Type REJECT {`
126	`update reply {`	129	`update reply {`
127	`Reply-Message = "Login failed"`	130	`Reply-Message = "Login failed"`
128	`}`	131	`}`
129	`attr_filter.access_reject`	132	`attr_filter.access_reject`
130	`}`	133	`}`
131	`}`	134	`}`
132	`}`	135	`}`
133		136

Subversion Repositories ALCASAR

(root)/conf/radius/alcasar-with-ldap – Rev 2701 → 2704