Hi Hugh.
Thanks for your response.
We have "Block User" set to Y in Platypus and the time gets subtracted just
fine from the users total after a disconnect. However we are using AuthBy
EMERALD rather then AuthBy Platypus which may be the problem?
AuthBy Emerald is what Platypus recommend when running Radiator as this
allows us to manage the User Attributed easily from within Platypus. Does
this mean I should look at a change in Emerald.pm?
Cheers
John
At 14:49 26/10/99 +1000, Hugh Irvine wrote:
>Hi John -
>
>On Tue, 26 Oct 1999, John Vorstermans wrote:
> > Hi.
> >
> > I have been experimenting with the TimeLeft option. I seem to have it
> > working correctly where Rediator picks up the Time the User has left on
> > their account and I can see it coming through the logfile below as
> sa.TimeLeft.
> >
> > I set this to -5 which I would thought would have been no time left but
> the
> > user is still able to login. That is Radiator authorises the
> connection. I
> > would have thought it would NOT authorise the connection if this was a
> > negative number? Am I seeing this from a different perspective than I
> should?
> >
>
>There is an additional flag that must be set in Platypus for this to work:
>
> "Block User"
>
>which is retrieved from the database by the following query in
>AuthPLATYPUS.pm:
>
>#####################################################################
># Find a the named user by looking in the database, and constructing
># User object if we found the named user
># This is tailored exactly to Platypus's user database
>sub findUser
>{
> my ($self, $name, $p) = @_;
>
> # (Re)-connect to the database if necessary,
> return (undef, 1) unless $self->reconnect;
>
> my $q = "select password, active, timeleft, blockuser, guarantor
> $self->{AuthSelect} from customer where username='$name'";
>
> my $sth = $self->prepareAndExecute($q);
> return undef unless $sth;
>
> my $user;
> my ($password, $active, $timeleft, $blockuser,
> $guarantor, @extras);
> if (($password, $active, $timeleft, $blockuser,
> $guarantor, @extras)
> = $sth->fetchrow())
> {
> $sth->finish;
>
> if ($active ne 'Y')
> {
> $self->log($main::LOG_DEBUG,
> "User $name is deactivated");
> return undef;
> }
> if ($blockuser eq 'G')
> {
> # They gave a guarantor, so get the guarantor's
> # time left and blockuser
> $q = "select timeleft, blockuser
> from customer where id=$guarantor";
> $sth = $self->prepareAndExecute($q);
> ($timeleft, $blockuser) = $sth->fetchrow();
> }
> if ($blockuser eq 'Y' && $timeleft <= 0)
> {
> # Apply blockuser time
> $self->log($main::LOG_DEBUG,
> "User $name has no time left");
> return undef;
> }
>
>As you can see, Block User must be set to either "G" or "Y".
>
> > Also, if the user runs out of time while on-line how can we ensure that
> the
> > connection is dropped? Do I need to install the snmp module for this?
> >
>
>Radiator will return a Session-Timeout attribute which is set to the amount of
>time left, which will cause the session to end when it runs out of time. Of
>course this is entirely NAS dependent, so YMMV.
>
> if ($timeleft > 0 && $blockuser EQ 'Y')
> {
> $user->get_reply->add_attr('Session-Timeout', $timeleft * 60);
> }
>
>
>hth
>
>Hugh
>
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
>NT, Rhapsody
--
John Vorstermans || We are what we repeatedly do.
Technical Manager || - Aristotle
Actrix Networks
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.