# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
}
- # Do server side ip pool management. Should be added in post-auth and
- # accounting sections.
- #
- ## This module is highly experimental at the moment. Please
- ## give feedback on the mailing list.
- #
- # The module also requires the existance of the Pool-Name
- # attribute. That way the administrator can add the Pool-Name
- # attribute in the user profiles and use different pools
- # for different users. The Pool-Name attribute is a *check* item not
- # a reply item.
- #
- # Example:
- # radiusd.conf: ippool students { [...] }
- # users file : DEFAULT Group == students, Pool-Name := "students"
- #
- # ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST THEN ERASE THE DB FILES *******
- #
- ippool main_pool {
-
- # range-start,range-stop: The start and end ip
- # addresses for the ip pool
- range-start = 192.168.1.1
- range-stop = 192.168.3.254
-
- # netmask: The network mask used for the ip's
- netmask = 255.255.255.0
-
- # cache-size: The gdbm cache size for the db
- # files. Should be equal to the number of ip's
- # available in the ip pool
- cache-size = 800
-
- # session-db: The main db file used to allocate ip's to clients
- session-db = ${raddbdir}/db.ippool
-
- # ip-index: Helper db index file used in multilink
- ip-index = ${raddbdir}/db.ipindex
-
- # override: Will this ippool override a Framed-IP-Address already set
- override = no
- }
-
# To create a dbm users file, do:
#
# cat test.users | rlm_dbm_parser -f /etc/raddb/users_db
}
#
- # The digest module. It doesn't take any configuration
- # parameters, but it does require a configuration section,
- # otherwise the parser complains.
- #
- #
- #
- # See '../doc/rfc/draft-sterman-aaa-sip-00.txt' for details
- # on performing digest authentication for Cisco SIP servers.
- #
- digest {
- }
-
- #
# Perform NT-Domain authentication. This only works
# with PAP authentication. That is, Authentication-Request
# packets containing a User-Password attribute.
# DEFAULT is no
#notfound-reject = no
}
-
- #
- # Execute external programs
- #
- # The first example is useful only for 'xlat'. To use it,
- # put 'exec' into the 'instantiate' section. You can then
- # do dynamic translation of attributes like:
- #
- # Attribute-Name = `{%exec:/path/to/program args}`
- #
- # The value of the attribute will be replaced with the output
- # of the program which is executed. Due to RADIUS protocol
- # limitations, any output over 253 bytes will be ignored.
- #
- # The RADIUS attributes from the user request will be placed
- # into environment variables of the executed program, as
- # described in 'doc/variables.txt'
- #
- exec {
- wait = yes
- input_pairs = request
- }
-
- #
- # This is a more general example of the execute module.
- #
- # If you wish to execute an external program in more than
- # one section (e.g. 'authorize', 'pre_proxy', etc), then it
- # is probably best to define a different instance of the
- # 'exec' module for every section.
- #
- exec echo {
- #
- # Wait for the program to finish.
- #
- # If we do NOT wait, then the program is "fire and
- # forget", and any output attributes from it are ignored.
- #
- # If we are looking for the program to output
- # attributes, and want to add those attributes to the
- # request, then we MUST wait for the program to
- # finish, and therefore set 'wait=yes'
- #
- # allowed values: {no, yes}
- wait = yes
-
- #
- # The name of the program to execute, and it's
- # arguments. Dynamic translation is done on this
- # field, so things like the following example will
- # work.
- #
- program = "/bin/echo %{User-Name}"
-
- #
- # The attributes which are placed into the
- # environment variables for the program.
- #
- # Allowed values are:
- #
- # request attributes from the request
- # reply attributes from the reply
- # proxy-request attributes from the proxy request
- # proxy-reply attributes from the proxy reply
- #
- # Note that some attributes may not exist at some
- # stages. e.g. There may be no proxy-reply
- # attributes if this module is used in the
- # 'authorize' section.
- #
- input_pairs = request
-
- #
- # Where to place the output attributes (if any) from
- # the executed program. The values allowed, and the
- # restrictions as to availability, are the same as
- # for the input_pairs.
- #
- output_pairs = reply
-
- #
- # When to execute the program. If the packet
- # type does NOT match what's listed here, then
- # the module does NOT execute the program.
- #
- # For a list of allowed packet types, see
- # the 'dictionary' file, and look for VALUEs
- # of the Packet-Type attribute.
- #
- # By default, the module executes on ANY packet.
- # Un-comment out the following line to tell the
- # module to execute only if an Access-Accept is
- # being sent to the NAS.
- #
- #packet_type = Access-Accept
- }
# The 'digest' module currently has no configuration.
#
# "Digest" authentication against a Cisco SIP server.
+ # See 'doc/rfc/draft-sterman-aaa-sip-00.txt' for details
+ # on performing digest authentication for Cisco SIP servers.
+ #
digest {
}
+ #
+ # Execute external programs
+ #
+ # The first example is useful only for 'xlat'. To use it,
+ # put 'exec' into the 'instantiate' section. You can then
+ # do dynamic translation of attributes like:
+ #
+ # Attribute-Name = `{%exec:/path/to/program args}`
+ #
+ # The value of the attribute will be replaced with the output
+ # of the program which is executed. Due to RADIUS protocol
+ # limitations, any output over 253 bytes will be ignored.
+ #
+ # The RADIUS attributes from the user request will be placed
+ # into environment variables of the executed program, as
+ # described in 'doc/variables.txt'
+ #
+ exec {
+ wait = yes
+ input_pairs = request
+ }
+
+ #
+ # This is a more general example of the execute module.
+ #
+ # If you wish to execute an external program in more than
+ # one section (e.g. 'authorize', 'pre_proxy', etc), then it
+ # is probably best to define a different instance of the
+ # 'exec' module for every section.
+ #
+ exec echo {
+ #
+ # Wait for the program to finish.
+ #
+ # If we do NOT wait, then the program is "fire and
+ # forget", and any output attributes from it are ignored.
+ #
+ # If we are looking for the program to output
+ # attributes, and want to add those attributes to the
+ # request, then we MUST wait for the program to
+ # finish, and therefore set 'wait=yes'
+ #
+ # allowed values: {no, yes}
+ wait = yes
+
+ #
+ # The name of the program to execute, and it's
+ # arguments. Dynamic translation is done on this
+ # field, so things like the following example will
+ # work.
+ #
+ program = "/bin/echo %{User-Name}"
+
+ #
+ # The attributes which are placed into the
+ # environment variables for the program.
+ #
+ # Allowed values are:
+ #
+ # request attributes from the request
+ # reply attributes from the reply
+ # proxy-request attributes from the proxy request
+ # proxy-reply attributes from the proxy reply
+ #
+ # Note that some attributes may not exist at some
+ # stages. e.g. There may be no proxy-reply
+ # attributes if this module is used in the
+ # 'authorize' section.
+ #
+ input_pairs = request
+
+ #
+ # Where to place the output attributes (if any) from
+ # the executed program. The values allowed, and the
+ # restrictions as to availability, are the same as
+ # for the input_pairs.
+ #
+ output_pairs = reply
+
+ #
+ # When to execute the program. If the packet
+ # type does NOT match what's listed here, then
+ # the module does NOT execute the program.
+ #
+ # For a list of allowed packet types, see
+ # the 'dictionary' file, and look for VALUEs
+ # of the Packet-Type attribute.
+ #
+ # By default, the module executes on ANY packet.
+ # Un-comment out the following line to tell the
+ # module to execute only if an Access-Accept is
+ # being sent to the NAS.
+ #
+ #packet_type = Access-Accept
+ }
+
+ # Do server side ip pool management. Should be added in post-auth and
+ # accounting sections.
+ #
+ # The module also requires the existance of the Pool-Name
+ # attribute. That way the administrator can add the Pool-Name
+ # attribute in the user profiles and use different pools
+ # for different users. The Pool-Name attribute is a *check* item not
+ # a reply item.
+ #
+ # Example:
+ # radiusd.conf: ippool students { [...] }
+ # users file : DEFAULT Group == students, Pool-Name := "students"
+ #
+ # ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST THEN ERASE THE DB FILES *******
+ #
+ ippool main_pool {
+
+ # range-start,range-stop: The start and end ip
+ # addresses for the ip pool
+ range-start = 192.168.1.1
+ range-stop = 192.168.3.254
+
+ # netmask: The network mask used for the ip's
+ netmask = 255.255.255.0
+
+ # cache-size: The gdbm cache size for the db
+ # files. Should be equal to the number of ip's
+ # available in the ip pool
+ cache-size = 800
+
+ # session-db: The main db file used to allocate ip's to clients
+ session-db = ${raddbdir}/db.ippool
+
+ # ip-index: Helper db index file used in multilink
+ ip-index = ${raddbdir}/db.ipindex
+
+ # override: Will this ippool override a Framed-IP-Address already set
+ override = no
+ }
+
+
# ANSI X9.9 token support. Not included by default.
# $INCLUDE ${confdir}/x99.conf
# may be incorrect. There's little we can do about it.
radutmp
# sradutmp
+ # Return an address to the IP Pool when we see a stop record.
+# main_pool
}
# additional steps we can take.
post-auth {
# Get an address from the IP Pool.
- #main_pool
+# main_pool
}
#