(RADIATOR) WISPr-Bandiwidth control using Active Directory authentification.
hugh at open.com.au
Sat Dec 20 18:27:24 CST 2003
Hello Mario -
The usual way to do this is with cascaded AuthBy clauses and DEFAULT's.
Something like this:
# define AuthBy clauses
# AddToReply for common reply attributes
# define Realms or Handlers
The "users" file would contain something like this:
# define DEFAULT users for the different Groups
DEFAULT Auth-Type = CheckADSI, Group = Access-512-512
Bandwidth-Max-Up = .....,
Bandwidth-Mas-Down = .....,
DEFAULT Auth-Type = CheckADSI, Group = Access-256-256
Bandwidth-Max-Up = .....,
Bandwidth-Max-Down = .....,
Hope that helps.
For the simultaneous use problem, you will need to look at the trace 4
debug from Radiator to see what attributes are present in the access
requests that you can use to control the sessions.
On 21/12/2003, at 3:54 AM, Mario Lopez wrote:
> I will expose mi problem.
> I am using Active Directory authentification which works ok, my
> problem is
> that I have several kinds of users that depending on what they pay
> they get
> a bandwidth limit, I can do bandwidth control in a per-user basis
> using the
> WISPr VSA's included in dictionary file (Bandwidth-Max-Up,
> Bandwidth-Max-Down), the problem is that I need to send this
> attributes when
> user belongs to a specific Windows Group.
> For example, if I had user Mario wich belongs to Windows Group
> "Access 512-512", I would need to send the corresponding VSA attribute
> limit the bandwidth.
> I know how to send the VSA's with "AddToReply", I can even send them
> AuthAttrDef reading the attributes from Active Directory.
> What I would like to do is send the reply VSA IF the user belongs to
> Group = X.
> Could I use the CheckGroup statement?
> Is it possible to set CheckGroup
> and then send the WISPr-Bandwidth-Max-Down attribute?.
> Another problem I am having is that Radiator does not know how to
> concurrent conections from my NAS, because is treats them all as being
> the same user.
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator