> Once upon a time Helio Coelho Jr. - CompuLand Informatica shaped the
> electrons to say...
> > Is there a way to control access based on the time of the day ?
>
> None in the default RADIUS - is there a general interest in this kind of
> thing? When I did my recent survey on what people wanted to see in RADIUS
> only one person asked for something like this. Didn't seem to have demand.
>
> -MZ
> --
i have this running now, but then i've hacked the living fnord out of the
radiusd that we run at work...
in users.c, just before it opens /etc/raddb/users, i have it open a file
called /etc/raddb/lockout that contains the user id's that are supposed to
be locked out... if the id in the current authentication packet matches
one of the names in the lockout file, it fclose()s lockout, logs the fact
that the user was found in the lockout file (to /etc/raddb/logfile) and
returns -1, making it seem as though the user was not found in the file.
the code...
add to radius.h:
#define RADIUS_LOCK "lockout"
in users.c, in the user_find() function, add these declarations to the
beginning of the function...
FILE *lockfile ;
char buffer[256] ;
and add the following code (the final comment is to show where the new
code goes in relation to the existing code.)
/*
* See if user has been locked out
*/
sprintf ( buffer , "%s/%s" , radius_dir , RADIUS_LOCK ) ;
if ( ( lockfile = fopen ( buffer , "r" ) ) == (FILE *)NULL )
{
sprintf ( msg , "user_find: Couldn\'t open %s for reading\n" ,
progname , buffer ) ;
log_err ( msg ) ;
return -1 ;
}
fgets ( buffer , 80 , lockfile ) ;
if ( *buffer )
buffer[strlen(buffer)-1]=(char)0 ;
while ( ! feof ( lockfile ) )
{
if ( ! strcmp ( buffer , name ) )
{
fclose ( lockfile ) ;
sprintf ( msg , "user_find: User \"%s\" is locked out\n" ,
name ) ;
log_err ( msg ) ;
return -1 ;
}
fgets ( buffer , 80 , lockfile ) ;
if ( *buffer )
buffer[strlen(buffer)-1]=(char)0 ;
}
fclose ( lockfile ) ;
/*
* Open the user table
*/
i've got cron jobs set up that manage the actual "lockout" file... one of
our clients is the local school board, and they have a number of accounts
that are being charged at a lower rate because they are only to be used
during the day. we've got a "lockout-school" file, a "lockout-billing"
file, and a "lockout-others" file. at 7am, a cron job runs that cats the
billing and other files to "lockout", and at 5pm, it cats these two files
PLUS the school file into "lockout". there's also an interactive job that
we run whenever we change one of the other two files, that does the
appropriate cat based on the time of day.
hope this helps someone out there.
take care all
-------------------------------------------------------------------------------
John Simpson, Software Engineering | The Internet Access Group, Inc.
http://www.depeche.mode.net/~jms1/ | PO Box 162625
<jms1@depeche.mode.net> | Altamonte Springs, FL 32716-2625
<jms1@iag.net> | (407) 786-1145
-------------------------------------------------------------------------------