WebSVN – ALCASAR – Diff – /conf/radius/alcasar-with-ldap


server default {
listen {
	type = auth
	ipaddr = *
	port = 0
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}
 
listen {
	type = acct
	ipaddr = *
	port = 0
	limit {
		max_pps = 0
	}
}
 
authorize {
#	if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
	if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
		ldap { fail = 1 }
		if ((ok || updated) && User-Password) {
			update control {
				Auth-Type := LDAP
				Tmp-String-0 := "ldap" # AuthType SQL group
			}
			update reply {
				Filter-Id := "%{control:Tmp-String-0}"
			}
		}
	}
 
	sql { notfound = 1 }
	if ((notfound) && (!control:Auth-Type)) {
		update reply {
			Reply-Message := "Username not found"
		}
		reject
	}
 
	expire_on_login { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your usage time has been reached"
		}
		reject
	}
	noresetcounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage time has been reached"
		}
		reject
	}
	monthlycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage time has been reached"
		}
		reject
	}
	dailycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage time has been reached"
		}
		reject
	}
 
	counterCoovaChilliMaxAllTotalOctets { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage volume has been reached"
		}
		reject
	}
 
	expiration { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your expiration date has been reached"
		}
		userlock
	}
 
	logintime { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your are out your allowed time period"
		}
		userlock
	}
 
	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type LDAP {
		ldap
	}
}
 
accounting {
	sql
}
 
session {
	sql
}
 
post-auth {
	Post-Auth-Type REJECT {
		update reply {
			Reply-Message = "Login failed"
		}
		attr_filter.access_reject
	}
}
}
 

Rev 2706	Rev 2712
1	`server default {`	1	`server default {`
2	`listen {`	2	`listen {`
3	`type = auth`	3	`type = auth`
4	`ipaddr = *`	4	`ipaddr = *`
5	`port = 0`	5	`port = 0`
6	`limit {`	6	`limit {`
7	`max_connections = 16`	7	`max_connections = 16`
8	`lifetime = 0`	8	`lifetime = 0`
9	`idle_timeout = 30`	9	`idle_timeout = 30`
10	`}`	10	`}`
11	`}`	11	`}`
12		12
13	`listen {`	13	`listen {`
14	`type = acct`	14	`type = acct`
15	`ipaddr = *`	15	`ipaddr = *`
16	`port = 0`	16	`port = 0`
17	`limit {`	17	`limit {`
18	`max_pps = 0`	18	`max_pps = 0`
19	`}`	19	`}`
20	`}`	20	`}`
21		21
22	`authorize {`	22	`authorize {`
23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`	23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`
24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`	24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`
25	`ldap { fail = 1 }`	25	`ldap { fail = 1 }`
26	`if ((ok \|\| updated) && User-Password) {`	26	`if ((ok \|\| updated) && User-Password) {`
27	`update control {`	27	`update control {`
28	`Auth-Type := LDAP`	28	`Auth-Type := LDAP`
29	`Tmp-String-0 := "ldap" # AuthType SQL group`	29	`Tmp-String-0 := "ldap" # AuthType SQL group`
30	`}`	30	`}`
-		31	`update reply {`
-		32	`Filter-Id := "%{control:Tmp-String-0}"`
-		33	`}`
31	`}`	34	`}`
32	`}`	35	`}`
33		36
34	`sql { notfound = 1 }`	37	`sql { notfound = 1 }`
35	`if ((notfound) && (!control:Auth-Type)) {`	38	`if ((notfound) && (!control:Auth-Type)) {`
36	`update reply {`	39	`update reply {`
37	`Reply-Message := "Username not found"`	40	`Reply-Message := "Username not found"`
38	`}`	41	`}`
39	`reject`	42	`reject`
40	`}`	43	`}`
41		44
42	`expire_on_login { reject = 1 }`	45	`expire_on_login { reject = 1 }`
43	`if (reject) {`	46	`if (reject) {`
44	`update reply {`	47	`update reply {`
45	`Reply-Message := "Your usage time has been reached"`	48	`Reply-Message := "Your usage time has been reached"`
46	`}`	49	`}`
47	`reject`	50	`reject`
48	`}`	51	`}`
49	`noresetcounter { reject = 1 }`	52	`noresetcounter { reject = 1 }`
50	`if (reject) {`	53	`if (reject) {`
51	`update reply {`	54	`update reply {`
52	`Reply-Message := "Your maximum usage time has been reached"`	55	`Reply-Message := "Your maximum usage time has been reached"`
53	`}`	56	`}`
54	`reject`	57	`reject`
55	`}`	58	`}`
56	`monthlycounter { reject = 1 }`	59	`monthlycounter { reject = 1 }`
57	`if (reject) {`	60	`if (reject) {`
58	`update reply {`	61	`update reply {`
59	`Reply-Message := "Your maximum monthly usage time has been reached"`	62	`Reply-Message := "Your maximum monthly usage time has been reached"`
60	`}`	63	`}`
61	`reject`	64	`reject`
62	`}`	65	`}`
63	`dailycounter { reject = 1 }`	66	`dailycounter { reject = 1 }`
64	`if (reject) {`	67	`if (reject) {`
65	`update reply {`	68	`update reply {`
66	`Reply-Message := "Your maximum daily usage time has been reached"`	69	`Reply-Message := "Your maximum daily usage time has been reached"`
67	`}`	70	`}`
68	`reject`	71	`reject`
69	`}`	72	`}`
70		73
71	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`	74	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`
72	`if (reject) {`	75	`if (reject) {`
73	`update reply {`	76	`update reply {`
74	`Reply-Message := "Your maximum usage volume has been reached"`	77	`Reply-Message := "Your maximum usage volume has been reached"`
75	`}`	78	`}`
76	`reject`	79	`reject`
77	`}`	80	`}`
78	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`	81	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`
79	`if (reject) {`	82	`if (reject) {`
80	`update reply {`	83	`update reply {`
81	`Reply-Message := "Your maximum monthly usage volume has been reached"`	84	`Reply-Message := "Your maximum monthly usage volume has been reached"`
82	`}`	85	`}`
83	`reject`	86	`reject`
84	`}`	87	`}`
85	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`	88	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`
86	`if (reject) {`	89	`if (reject) {`
87	`update reply {`	90	`update reply {`
88	`Reply-Message := "Your maximum daily usage volume has been reached"`	91	`Reply-Message := "Your maximum daily usage volume has been reached"`
89	`}`	92	`}`
90	`reject`	93	`reject`
91	`}`	94	`}`
92		95
93	`expiration { userlock = 1 }`	96	`expiration { userlock = 1 }`
94	`if (userlock) {`	97	`if (userlock) {`
95	`update reply {`	98	`update reply {`
96	`Reply-Message := "Your expiration date has been reached"`	99	`Reply-Message := "Your expiration date has been reached"`
97	`}`	100	`}`
98	`userlock`	101	`userlock`
99	`}`	102	`}`
100		103
101	`logintime { userlock = 1 }`	104	`logintime { userlock = 1 }`
102	`if (userlock) {`	105	`if (userlock) {`
103	`update reply {`	106	`update reply {`
104	`Reply-Message := "Your are out your allowed time period"`	107	`Reply-Message := "Your are out your allowed time period"`
105	`}`	108	`}`
106	`userlock`	109	`userlock`
107	`}`	110	`}`
108		111
109	`pap`	112	`pap`
110	`}`	113	`}`
111	`authenticate {`	114	`authenticate {`
112	`Auth-Type PAP {`	115	`Auth-Type PAP {`
113	`pap`	116	`pap`
114	`}`	117	`}`
115	`Auth-Type LDAP {`	118	`Auth-Type LDAP {`
116	`ldap`	119	`ldap`
117	`}`	120	`}`
118	`}`	121	`}`
119		122
120	`accounting {`	123	`accounting {`
121	`sql`	124	`sql`
122	`}`	125	`}`
123		126
124	`session {`	127	`session {`
125	`sql`	128	`sql`
126	`}`	129	`}`
127		130
128	`post-auth {`	131	`post-auth {`
129	`Post-Auth-Type REJECT {`	132	`Post-Auth-Type REJECT {`
130	`update reply {`	133	`update reply {`
131	`Reply-Message = "Login failed"`	134	`Reply-Message = "Login failed"`
132	`}`	135	`}`
133	`attr_filter.access_reject`	136	`attr_filter.access_reject`
134	`}`	137	`}`
135	`}`	138	`}`
136	`}`	139	`}`
137		140

Subversion Repositories ALCASAR

(root)/conf/radius/alcasar-with-ldap – Rev 2706 → 2712