Subversion Repositories ALCASAR

Rev

Rev 2712 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log

server default {
listen {
        type = auth
        ipaddr = *
        port = 0
        limit {
                max_connections = 16
                lifetime = 0
                idle_timeout = 30
        }
}

listen {
        type = acct
        ipaddr = *
        port = 0
        limit {
                max_pps = 0
        }
}

authorize {
#       if (!(&User-Name =~ /^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/)) {
        if ((!&Calling-Station-Id) || (&User-Name != &Calling-Station-Id) || (!&User-Password) || (&User-Password != "password")) { # no LDAP query for @MAC
                ldap { fail = 1 }
                if ((ok || updated) && User-Password) {
                        update control {
                                Auth-Type := LDAP
                                Tmp-String-0 := "ldap" # AuthType SQL group
                        }
                        update reply {
                                Filter-Id := "%{control:Tmp-String-0}"
                        }
                }
        }

        sql { notfound = 1 }
        if ((notfound) && (!control:Auth-Type)) {
                update reply {
                        Reply-Message := "Username not found"
                }
                reject
        }

        expire_on_login { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your usage time has been reached"
                }
                reject
        }
        noresetcounter { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your maximum usage time has been reached"
                }
                reject
        }
        monthlycounter { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your maximum monthly usage time has been reached"
                }
                reject
        }
        dailycounter { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your maximum daily usage time has been reached"
                }
                reject
        }

        counterCoovaChilliMaxAllTotalOctets { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your maximum usage volume has been reached"
                }
                reject
        }
        counterCoovaChilliMaxTotalOctetsMonthly { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your maximum monthly usage volume has been reached"
                }
                reject
        }
        counterCoovaChilliMaxTotalOctetsDaily { reject = 1 }
        if (reject) {
                update reply {
                        Reply-Message := "Your maximum daily usage volume has been reached"
                }
                reject
        }

        expiration { userlock = 1 }
        if (userlock) {
                update reply {
                        Reply-Message := "Your expiration date has been reached"
                }
                userlock
        }

        logintime { userlock = 1 }
        if (userlock) {
                update reply {
                        Reply-Message := "You are out your allowed time period"
                }
                userlock
        }

        pap
}
authenticate {
        Auth-Type PAP {
                pap
        }
        Auth-Type LDAP {
                ldap
        }
}

accounting {
        sql
}

session {
        sql
}

post-auth {
        Post-Auth-Type REJECT {
                update reply {
                        Reply-Message = "Login failed"
                }
                attr_filter.access_reject
        }
}
}