Re: (RADIATOR) Simultaneous use

Anonymous Sun, 13 Jun 1999 19:10:19 -0700
Hi James.

On Jun 11,  2:21am, James H. Thompson wrote:
> Subject: Re: (RADIATOR) Simultaneous use
> Since the NAS reply items are different for each NAS, I'd have to setup
> 3 full sets of check/reply items for each user.  That sounds like
> too much work.  How would I do it by chaining the File authentications?
I was thinking about something like this:

<Realm DEFAULT>
        AuthByPolicy ContinueAlways
        <AuthBy FILE>
                DefaultSimultaneosUse 1
                Filename xxx
        </AuthBy>
        <AuthBy FILE>
                Filename yyy
        </AuthBy>
</Realm>

In file xxx:
# This make user1 and user2 have a sim-use limit of 2, everyone else gets 1
DEFAULT
user1   Simultaneous-Use=2
user2   Simultaneous-Use=2


IN file yyy:

DEFAULT NAS-Identifier = "LRD56_82BE00", Auth-Type = ljnet_sql
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP
   Idle-Timeout = 400

# Nortel
DEFAULT NAS-Identifier = "las-nortel", Auth-Type = ljnet_sql
    Service-Type = Framed-User,
    Framed-Protocol = PPP,
    Framed-Compression = Van-Jacobson-TCP-IP
    Idle-Timeout = 200

etc.

So the effect is that xxx checks the sim-use amd yyy check everything else.


>
> Since I'm using SQL Auth, Would this work?
>
> Set DefaultSimultaneousUse to 1
>
> Create a new sql table containing 2 fields:
>       username
>       check item
>
> And use a LEFT OUTER JOIN to reference this table in the
> Auth SQL stmt.
>
> This way the check item would be null for everyone except for users that
> have an row in this table.  The row for these users
> would have thier 'check item' column set to 'Simultaneous-Use = 2'
Yep, that would work too.

Dont forget that you need the patched version of AuthGeneric.pm to get
DefaultSimultaneousUse.

Hope that helps.

Cheers.

>
>
>
> On Fri, 11 Jun 1999, Mike McCauley wrote:
>
> > Hi James.
> >
> > For complicated reasons, that wont work the way you expect, even if you use
the
> > DefaultSimultaneousUse parameter I mentioned recently. I think you will
have to
> > set up a full set of check and reply items for each special user. There are
> > other ways to tackle this, involving chaining FILE authentication. Do you
want
> > to talk about that?
> >
> >
> > Cheers.
> >
> >
> > On Jun 10, 10:38pm, James H. Thompson wrote:
> > > Subject: (RADIATOR) Simultaneous use
> > > I have only a handful of users that are allowed to do 2 simultaneous
> > > logins.  I want to restrict them to two logins, and everyone else to one.
> > >
> > >
> > > Will this work?
> > >
> > > In the realm:
> > >   MaxSessions 1
> > >
> > > In the users file:
> > >
> > > #users with dual login priv
> > > user1 Simultaneous-Use = 2
> > >         Fall-Through = yes
> > >
> > > user2 Simultaneous-Use = 2
> > >         Fall-Through = yes
> > >
> > > # Shiva
> > > DEFAULT NAS-Identifier = "LRD56_82BE00", Auth-Type = ljnet_sql
> > >     Service-Type = Framed-User,
> > >     Framed-Protocol = PPP,
> > >     Framed-Compression = Van-Jacobson-TCP-IP
> > >     Idle-Timeout = 400
> > >
> > > # Nortel
> > > DEFAULT NAS-Identifier = "las-nortel", Auth-Type = ljnet_sql
> > >     Service-Type = Framed-User,
> > >     Framed-Protocol = PPP,
> > >     Framed-Compression = Van-Jacobson-TCP-IP
> > >     Idle-Timeout = 200
> > >
> > >
> > > # TCR
> > > DEFAULT Auth-Type = ljnet_sql
> > >     Service-Type = Framed-User,
> > >     Framed-Protocol = PPP,
> > >     Idle-Timeout = 900
> > >
> > >
> > >
> > >
> > >
> > > Jim
> > > [EMAIL PROTECTED]
> > >
> > >
> > > ===
> > > Archive at http://www.thesite.com.au/~radiator/
> > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > 'unsubscribe radiator' in the body of the message.
> > >-- End of excerpt from James H. Thompson
> >
> >
> >
> > --
> > Mike McCauley                               [EMAIL PROTECTED]
> > Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> > 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> > Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
> >
> > Radiator: the most portable, flexible and configurable RADIUS server
> > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> > NT, Rhapsody
> >
> >
>
> Jim
> [EMAIL PROTECTED]
>
>
>-- End of excerpt from James H. Thompson



-- 
Mike McCauley                               [EMAIL PROTECTED]
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simultaneous use

Reply via email to
