WebSVN – ALCASAR – Diff – /conf/radius/alcasar-with-ldap


server default {
listen {
	type = auth
	ipaddr = *
	port = 0
	limit {
		max_connections = 16
		lifetime = 0
		idle_timeout = 30
	}
}
 
listen {
	type = acct
	ipaddr = *
	port = 0
	limit {
		max_pps = 0
	}
}
 
authorize {
#	if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
	if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
		ldap { fail = 1 }
		if ((ok || updated) && User-Password) {
			update control {
				Auth-Type := LDAP
				Tmp-String-0 := "ldap" # AuthType SQL group
			}
			update reply {
				Filter-Id := "%{control:Tmp-String-0}"
			}
		}
	}
 
	sql { notfound = 1 }
	if ((notfound) && (!control:Auth-Type)) {
		update reply {
			Reply-Message := "Username not found"
		}
		reject
	}
 
	expire_on_login { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your usage time has been reached"
		}
		reject
	}
	noresetcounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage time has been reached"
		}
		reject
	}
	monthlycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage time has been reached"
		}
		reject
	}
	dailycounter { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage time has been reached"
		}
		reject
	}
 
	counterCoovaChilliMaxAllTotalOctets { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum monthly usage volume has been reached"
		}
		reject
	}
	counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
	if (reject) {
		update reply {
			Reply-Message := "Your maximum daily usage volume has been reached"
		}
		reject
	}
 
	expiration { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "Your expiration date has been reached"
		}
		userlock
	}
 
	logintime { userlock = 1 }
	if (userlock) {
		update reply {
			Reply-Message := "You are out your allowed time period"
		}
		userlock
	}
 
	pap
}
authenticate {
	Auth-Type PAP {
		pap
	}
	Auth-Type LDAP {
		ldap
	}
}
 
accounting {
	sql
}
 
session {
	sql
}
 
post-auth {
	Post-Auth-Type REJECT {
		update reply {
			Reply-Message = "Login failed"
		}
		attr_filter.access_reject
	}
}
}
 

Rev 2712	Rev 2882
1	`server default {`	1	`server default {`
2	`listen {`	2	`listen {`
3	`type = auth`	3	`type = auth`
4	`ipaddr = *`	4	`ipaddr = *`
5	`port = 0`	5	`port = 0`
6	`limit {`	6	`limit {`
7	`max_connections = 16`	7	`max_connections = 16`
8	`lifetime = 0`	8	`lifetime = 0`
9	`idle_timeout = 30`	9	`idle_timeout = 30`
10	`}`	10	`}`
11	`}`	11	`}`
12		12
13	`listen {`	13	`listen {`
14	`type = acct`	14	`type = acct`
15	`ipaddr = *`	15	`ipaddr = *`
16	`port = 0`	16	`port = 0`
17	`limit {`	17	`limit {`
18	`max_pps = 0`	18	`max_pps = 0`
19	`}`	19	`}`
20	`}`	20	`}`
21		21
22	`authorize {`	22	`authorize {`
23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`	23	`# if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {`
24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`	24	`if ((!&Calling-Station-Id) \|\| (&User-Name != &Calling-Station-Id) \|\| (!&User-Password) \|\| (&User-Password != "password")) { # no LDAP query for @MAC`
25	`ldap { fail = 1 }`	25	`ldap { fail = 1 }`
26	`if ((ok \|\| updated) && User-Password) {`	26	`if ((ok \|\| updated) && User-Password) {`
27	`update control {`	27	`update control {`
28	`Auth-Type := LDAP`	28	`Auth-Type := LDAP`
29	`Tmp-String-0 := "ldap" # AuthType SQL group`	29	`Tmp-String-0 := "ldap" # AuthType SQL group`
30	`}`	30	`}`
31	`update reply {`	31	`update reply {`
32	`Filter-Id := "%{control:Tmp-String-0}"`	32	`Filter-Id := "%{control:Tmp-String-0}"`
33	`}`	33	`}`
34	`}`	34	`}`
35	`}`	35	`}`
36		36
37	`sql { notfound = 1 }`	37	`sql { notfound = 1 }`
38	`if ((notfound) && (!control:Auth-Type)) {`	38	`if ((notfound) && (!control:Auth-Type)) {`
39	`update reply {`	39	`update reply {`
40	`Reply-Message := "Username not found"`	40	`Reply-Message := "Username not found"`
41	`}`	41	`}`
42	`reject`	42	`reject`
43	`}`	43	`}`
44		44
45	`expire_on_login { reject = 1 }`	45	`expire_on_login { reject = 1 }`
46	`if (reject) {`	46	`if (reject) {`
47	`update reply {`	47	`update reply {`
48	`Reply-Message := "Your usage time has been reached"`	48	`Reply-Message := "Your usage time has been reached"`
49	`}`	49	`}`
50	`reject`	50	`reject`
51	`}`	51	`}`
52	`noresetcounter { reject = 1 }`	52	`noresetcounter { reject = 1 }`
53	`if (reject) {`	53	`if (reject) {`
54	`update reply {`	54	`update reply {`
55	`Reply-Message := "Your maximum usage time has been reached"`	55	`Reply-Message := "Your maximum usage time has been reached"`
56	`}`	56	`}`
57	`reject`	57	`reject`
58	`}`	58	`}`
59	`monthlycounter { reject = 1 }`	59	`monthlycounter { reject = 1 }`
60	`if (reject) {`	60	`if (reject) {`
61	`update reply {`	61	`update reply {`
62	`Reply-Message := "Your maximum monthly usage time has been reached"`	62	`Reply-Message := "Your maximum monthly usage time has been reached"`
63	`}`	63	`}`
64	`reject`	64	`reject`
65	`}`	65	`}`
66	`dailycounter { reject = 1 }`	66	`dailycounter { reject = 1 }`
67	`if (reject) {`	67	`if (reject) {`
68	`update reply {`	68	`update reply {`
69	`Reply-Message := "Your maximum daily usage time has been reached"`	69	`Reply-Message := "Your maximum daily usage time has been reached"`
70	`}`	70	`}`
71	`reject`	71	`reject`
72	`}`	72	`}`
73		73
74	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`	74	`counterCoovaChilliMaxAllTotalOctets { reject = 1 }`
75	`if (reject) {`	75	`if (reject) {`
76	`update reply {`	76	`update reply {`
77	`Reply-Message := "Your maximum usage volume has been reached"`	77	`Reply-Message := "Your maximum usage volume has been reached"`
78	`}`	78	`}`
79	`reject`	79	`reject`
80	`}`	80	`}`
81	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`	81	`counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }`
82	`if (reject) {`	82	`if (reject) {`
83	`update reply {`	83	`update reply {`
84	`Reply-Message := "Your maximum monthly usage volume has been reached"`	84	`Reply-Message := "Your maximum monthly usage volume has been reached"`
85	`}`	85	`}`
86	`reject`	86	`reject`
87	`}`	87	`}`
88	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`	88	`counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }`
89	`if (reject) {`	89	`if (reject) {`
90	`update reply {`	90	`update reply {`
91	`Reply-Message := "Your maximum daily usage volume has been reached"`	91	`Reply-Message := "Your maximum daily usage volume has been reached"`
92	`}`	92	`}`
93	`reject`	93	`reject`
94	`}`	94	`}`
95		95
96	`expiration { userlock = 1 }`	96	`expiration { userlock = 1 }`
97	`if (userlock) {`	97	`if (userlock) {`
98	`update reply {`	98	`update reply {`
99	`Reply-Message := "Your expiration date has been reached"`	99	`Reply-Message := "Your expiration date has been reached"`
100	`}`	100	`}`
101	`userlock`	101	`userlock`
102	`}`	102	`}`
103		103
104	`logintime { userlock = 1 }`	104	`logintime { userlock = 1 }`
105	`if (userlock) {`	105	`if (userlock) {`
106	`update reply {`	106	`update reply {`
107	`Reply-Message := "Your are out your allowed time period"`	107	`Reply-Message := "You are out your allowed time period"`
108	`}`	108	`}`
109	`userlock`	109	`userlock`
110	`}`	110	`}`
111		111
112	`pap`	112	`pap`
113	`}`	113	`}`
114	`authenticate {`	114	`authenticate {`
115	`Auth-Type PAP {`	115	`Auth-Type PAP {`
116	`pap`	116	`pap`
117	`}`	117	`}`
118	`Auth-Type LDAP {`	118	`Auth-Type LDAP {`
119	`ldap`	119	`ldap`
120	`}`	120	`}`
121	`}`	121	`}`
122		122
123	`accounting {`	123	`accounting {`
124	`sql`	124	`sql`
125	`}`	125	`}`
126		126
127	`session {`	127	`session {`
128	`sql`	128	`sql`
129	`}`	129	`}`
130		130
131	`post-auth {`	131	`post-auth {`
132	`Post-Auth-Type REJECT {`	132	`Post-Auth-Type REJECT {`
133	`update reply {`	133	`update reply {`
134	`Reply-Message = "Login failed"`	134	`Reply-Message = "Login failed"`
135	`}`	135	`}`
136	`attr_filter.access_reject`	136	`attr_filter.access_reject`
137	`}`	137	`}`
138	`}`	138	`}`
139	`}`	139	`}`
140		140

Subversion Repositories ALCASAR

(root)/conf/radius/alcasar-with-ldap – Rev 2712 → 2882