WebSVN – ALCASAR – Diff – /conf/radius/alcasar-with-ldap


server default {
listen {
	type = auth
	ipaddr = *
	port = 0
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}
 
listen {
	type = acct
	ipaddr = *
	port = 0
	limit {
		max_pps = 0
	}
}
 
authorize {
#	if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
	if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
		ldap { fail = 1 }
		if ((ok || updated) && User-Password) {
			update control {
				Auth-Type := LDAP
				Tmp-String-0 := "ldap" # AuthType SQL group
			}
		}
	}
 
	sql { notfound = 1 }
	if ((notfound) && (!control:Auth-Type)) {
		update reply {
			Reply-Message := "Username not found"
		}
		reject
	}
 
	expire_on_login { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your usage time has been reached"
		}
		reject
	}
	noresetcounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage time has been reached"
		}
		reject
	}
	monthlycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage time has been reached"
		}
		reject
	}
	dailycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage time has been reached"
		}
		reject
	}
 
	counterCoovaChilliMaxAllTotalOctets { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage volume has been reached"
		}
		reject
	}
 
	expiration { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your expiration date has been reached"
		}
		userlock
	}
 
	logintime { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your are out your allowed time period"
		}
		userlock
	}
 
	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type LDAP {
		ldap
	}
}
 
accounting {
	sql
}
 
session {
	sql
}
 
post-auth {
	Post-Auth-Type REJECT {
		update reply {
			Reply-Message = "Login failed"
		}
		attr_filter.access_reject
	}
}
}
 

Rev 2704	Rev 2706
1	`server default {`	1	`server default {`
2	`listen {`	2	`listen {`
3	`type = auth`	3	`type = auth`
4	`ipaddr = *`	4	`ipaddr = *`
5	`port = 0`	5	`port = 0`
6	`limit {`	6	`limit {`
7	`max_connections = 16`	7	`max_connections = 16`
8	`lifetime = 0`	8	`lifetime = 0`
9	`idle_timeout = 30`	9	`idle_timeout = 30`
10	`}`	10	`}`
11	`}`	11	`}`
12		12
13	`listen {`	13	`listen {`
14	`type = acct`	14	`type = acct`
15	`ipaddr = *`	15	`ipaddr = *`
16	`port = 0`	16	`port = 0`
17	`limit {`	17	`limit {`
18	`max_pps = 0`	18	`max_pps = 0`
19	`}`	19	`}`
20	`}`	20	`}`
21		21
22	`authorize {`	22	`authorize {`
23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`	23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`
24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`	24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`
25	`ldap { fail = 1 }`	25	`ldap { fail = 1 }`
26	`if ((ok \|\| updated) && User-Password) {`	26	`if ((ok \|\| updated) && User-Password) {`
27	`update control {`	27	`update control {`
28	`Auth-Type := LDAP`	28	`Auth-Type := LDAP`
-		29	`Tmp-String-0 := "ldap" # AuthType SQL group`
29	`}`	30	`}`
30	`}`	31	`}`
31	`}`	32	`}`
32		33
33	`sql { notfound = 1 }`	34	`sql { notfound = 1 }`
34	`if ((notfound) && (!control:Auth-Type)) {`	35	`if ((notfound) && (!control:Auth-Type)) {`
35	`update reply {`	36	`update reply {`
36	`Reply-Message := "Username not found"`	37	`Reply-Message := "Username not found"`
37	`}`	38	`}`
38	`reject`	39	`reject`
39	`}`	40	`}`
40		41
41	`expire_on_login { reject = 1 }`	42	`expire_on_login { reject = 1 }`
42	`if (reject) {`	43	`if (reject) {`
43	`update reply {`	44	`update reply {`
44	`Reply-Message := "Your usage time has been reached"`	45	`Reply-Message := "Your usage time has been reached"`
45	`}`	46	`}`
46	`reject`	47	`reject`
47	`}`	48	`}`
48	`noresetcounter { reject = 1 }`	49	`noresetcounter { reject = 1 }`
49	`if (reject) {`	50	`if (reject) {`
50	`update reply {`	51	`update reply {`
51	`Reply-Message := "Your maximum usage time has been reached"`	52	`Reply-Message := "Your maximum usage time has been reached"`
52	`}`	53	`}`
53	`reject`	54	`reject`
54	`}`	55	`}`
55	`monthlycounter { reject = 1 }`	56	`monthlycounter { reject = 1 }`
56	`if (reject) {`	57	`if (reject) {`
57	`update reply {`	58	`update reply {`
58	`Reply-Message := "Your maximum monthly usage time has been reached"`	59	`Reply-Message := "Your maximum monthly usage time has been reached"`
59	`}`	60	`}`
60	`reject`	61	`reject`
61	`}`	62	`}`
62	`dailycounter { reject = 1 }`	63	`dailycounter { reject = 1 }`
63	`if (reject) {`	64	`if (reject) {`
64	`update reply {`	65	`update reply {`
65	`Reply-Message := "Your maximum daily usage time has been reached"`	66	`Reply-Message := "Your maximum daily usage time has been reached"`
66	`}`	67	`}`
67	`reject`	68	`reject`
68	`}`	69	`}`
69		70
70	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`	71	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`
71	`if (reject) {`	72	`if (reject) {`
72	`update reply {`	73	`update reply {`
73	`Reply-Message := "Your maximum usage volume has been reached"`	74	`Reply-Message := "Your maximum usage volume has been reached"`
74	`}`	75	`}`
75	`reject`	76	`reject`
76	`}`	77	`}`
77	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`	78	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`
78	`if (reject) {`	79	`if (reject) {`
79	`update reply {`	80	`update reply {`
80	`Reply-Message := "Your maximum monthly usage volume has been reached"`	81	`Reply-Message := "Your maximum monthly usage volume has been reached"`
81	`}`	82	`}`
82	`reject`	83	`reject`
83	`}`	84	`}`
84	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`	85	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`
85	`if (reject) {`	86	`if (reject) {`
86	`update reply {`	87	`update reply {`
87	`Reply-Message := "Your maximum daily usage volume has been reached"`	88	`Reply-Message := "Your maximum daily usage volume has been reached"`
88	`}`	89	`}`
89	`reject`	90	`reject`
90	`}`	91	`}`
91		92
92	`expiration { userlock = 1 }`	93	`expiration { userlock = 1 }`
93	`if (userlock) {`	94	`if (userlock) {`
94	`update reply {`	95	`update reply {`
95	`Reply-Message := "Your expiration date has been reached"`	96	`Reply-Message := "Your expiration date has been reached"`
96	`}`	97	`}`
97	`userlock`	98	`userlock`
98	`}`	99	`}`
99		100
100	`logintime { userlock = 1 }`	101	`logintime { userlock = 1 }`
101	`if (userlock) {`	102	`if (userlock) {`
102	`update reply {`	103	`update reply {`
103	`Reply-Message := "Your are out your allowed time period"`	104	`Reply-Message := "Your are out your allowed time period"`
104	`}`	105	`}`
105	`userlock`	106	`userlock`
106	`}`	107	`}`
107		108
108	`pap`	109	`pap`
109	`}`	110	`}`
110	`authenticate {`	111	`authenticate {`
111	`Auth-Type PAP {`	112	`Auth-Type PAP {`
112	`pap`	113	`pap`
113	`}`	114	`}`
114	`Auth-Type LDAP {`	115	`Auth-Type LDAP {`
115	`ldap`	116	`ldap`
116	`}`	117	`}`
117	`}`	118	`}`
118		119
119	`accounting {`	120	`accounting {`
120	`sql`	121	`sql`
121	`}`	122	`}`
122		123
123	`session {`	124	`session {`
124	`sql`	125	`sql`
125	`}`	126	`}`
126		127
127	`post-auth {`	128	`post-auth {`
128	`Post-Auth-Type REJECT {`	129	`Post-Auth-Type REJECT {`
129	`update reply {`	130	`update reply {`
130	`Reply-Message = "Login failed"`	131	`Reply-Message = "Login failed"`
131	`}`	132	`}`
132	`attr_filter.access_reject`	133	`attr_filter.access_reject`
133	`}`	134	`}`
134	`}`	135	`}`
135	`}`	136	`}`
136		137

Subversion Repositories ALCASAR

(root)/conf/radius/alcasar-with-ldap – Rev 2704 → 2706