(RADIATOR) Assign IP's or Default
Hugh Irvine
hugh at open.com.au
Tue Feb 4 16:57:16 CST 2003
Hello William -
All of what you want to do is fairly straightforward, although dealing
with ISDN will probably involve the use of Handlers.
Here is what I would do:
# define AuthBy clauses
<AuthBy SQL>
Identifier CheckISDN
.....
# set up AuthSelect for ISDN only
AuthSelect .....
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
.....
.....
</AuthBy>
<AuthBy SQL>
Identifier CheckAsync
.....
# set up AuthSelect
AuthSelect select PASSWORD, GID, REPLYATTR \
from USERS where USERNAME = '%U' \
and ISACTIVE <> 0
AuthColumnDef 0, Password, check
AuthColumnDef 1, Group-Id, request
AuthColumnDef 2, GENERIC, reply
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
...
....
</AuthBy>
# define Handlers
<Handler NAS-Port-Type = ISDN>
AuthBy CheckISDN
.....
</Handler>
<Handler>
AuthBy CheckAsync
PostAuthHook file:"%D/postprocess.pl"
.....
</Handler>
The PostAuthHook would add the extra reply attributes according to the
"Group-Id" pseudo-attribute added to the incoming access request by the
AuthBy clause (it is easier to add the pseudo-attribute to the incoming
request, because the packet is discarded after processing).
You will find some example hooks in the file "goodies/hooks.txt" in the
Radiator distribution.
regards
Hugh
On Wednesday, Feb 5, 2003, at 06:39 Australia/Melbourne, William Taylor
wrote:
> Ok guys, Im trying to finish up my migration off of livingston radius.
> Here is what I would like to do.
>
> Currently in radiator I am authing users out of an SQL database.
>
> Some of my users have Static IP address and Framed routes.
> For these users I had entries in the Users File in livingston.
>
> For other users I had differnt default entries based on what group they
> belong to.
> Some users can use 1 port or 2 ports.
> Some users have differnt Session Timouts.
>
> What I would like to do is:
>
> AuthSelect select password,gid,replyattr from users where
> username='%U' AND isactive <> 0 ( 0 means locked users in my database
> )
>
> now if their replyattr is not NULL in the database send it along. This
> would be for the static folks.
> Now since I don't want a billion (ok not a billion) entries in my
> database that are the same:
>
> If replyattr is NULL I would like to go
>
> if($gid == 200 ) {
> send this replyattr:
> Idle=Timeout = 1220,
> Session-Timeout = 86400,
> Port-Limit = 2
> } elsif ($gid == 201 ) {
> send this other replyattr :
> Idle=Timeout = 1220,
> Session-Timeout = 86400,
> Port-Limit = 1
> } else {
> reject the call because there is no matching gid (maybe it's a
> mailbox account)
> }
>
> Is this doable?
> Also do you know if there is a way to say if they connect with an ISDN
> line but they are using a dialup username, reject the call or make it
> so
> they only connect at 56K?
> Any help would be great.
>
> Thanks,
> William
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list