(RADIATOR) WISPr-Bandiwidth control using Active Directory authentification.
Hugh Irvine
hugh at open.com.au
Sat Dec 20 18:27:24 CST 2003
Hello Mario -
The usual way to do this is with cascaded AuthBy clauses and DEFAULT's.
Something like this:
# define AuthBy clauses
<AuthBy ADSI>
Identifier CheckADSI
.....
</AuthBy>
<AuthBy FILE>
Identifier CheckUsers
Filename %D/users
# AddToReply for common reply attributes
AddToReply ......
</AuthBy>
.....
# define Realms or Handlers
<Handler ...>
AuthBy CheckUsers
.....
</Handler>
The "users" file would contain something like this:
# define DEFAULT users for the different Groups
DEFAULT Auth-Type = CheckADSI, Group = Access-512-512
Bandwidth-Max-Up = .....,
Bandwidth-Mas-Down = .....,
.....
DEFAULT Auth-Type = CheckADSI, Group = Access-256-256
Bandwidth-Max-Up = .....,
Bandwidth-Max-Down = .....,
......
DEFAULT ......
......
Hope that helps.
For the simultaneous use problem, you will need to look at the trace 4
debug from Radiator to see what attributes are present in the access
requests that you can use to control the sessions.
regards
Hugh
On 21/12/2003, at 3:54 AM, Mario Lopez wrote:
> Hi,
>
> I will expose mi problem.
>
> I am using Active Directory authentification which works ok, my
> problem is
> that I have several kinds of users that depending on what they pay
> they get
> a bandwidth limit, I can do bandwidth control in a per-user basis
> using the
> WISPr VSA's included in dictionary file (Bandwidth-Max-Up,
> Bandwidth-Max-Down), the problem is that I need to send this
> attributes when
> user belongs to a specific Windows Group.
>
> For example, if I had user Mario wich belongs to Windows Group
> "Access 512-512", I would need to send the corresponding VSA attribute
> to
> limit the bandwidth.
>
> I know how to send the VSA's with "AddToReply", I can even send them
> with
> AuthAttrDef reading the attributes from Active Directory.
>
> What I would like to do is send the reply VSA IF the user belongs to
> Windows
> Group = X.
>
> Could I use the CheckGroup statement?
>
> Is it possible to set CheckGroup
> Access512-512,WISPr-Bandwidth-Max-Down=512
> and then send the WISPr-Bandwidth-Max-Down attribute?.
>
> Another problem I am having is that Radiator does not know how to
> identify
> concurrent conections from my NAS, because is treats them all as being
> from
> the same user.
>
> Thanks!
>
> Mario.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list