(RADIATOR) Limiting with port number
Hugh Irvine
hugh at open.com.au
Thu Feb 27 14:38:40 CST 2003
Hello Petri -
Yes, one or more AuthBy PORTLIMITCHECK clauses would be the way to go
(with the appropriate columns and data in the session database).
# define Realms or Handlers
<Handler ....>
AuthByPolicy ContinueWhileAccept
<AuthBy PORTLIMITCHECK>
.....
</AuthBy>
.....
<AuthBy ...>
.....
</AuthBy>
.....
</Handler>
regards
Hugh
On Thursday, Feb 27, 2003, at 22:43 Australia/Melbourne,
petri.maenpaa at satakunnanpuhelin.fi wrote:
>
> Hi,
>
> We have DSL system that uses Radiator to authenticate users. Users
> give their credentials through a web login page. We limit sessions
> with to 5 with MaxSessions. This works fine, but now I need to come
> up with a way to limit access to 5 sessions via one specific NAS-port.
>
> Problem is, that although the sessions are limited, users can share
> their credentials to get more bandwidth cheaper. (Bandwidth is tied
> to username).
>
> For instance, I've got a user A that has logged in twice from
> port 554107060, which is alright because it's one specific DSL-line.
> Then I've got another user whose logged in from ports 553910634 and
> 554041761, which means that he's logged in from two separate DSL lines.
> Although sharing credentials is forbidden, I'd like to fix this
> technically rather than e.g. closing accounts.
>
> I use SessionDatabase SQL which has NAS-Port column to use.
>
> AuthBy PORTLIMITCHECK is kinda what I need, I think?
>
> Thanks in advance,
>
> Petri Mäenpää
> System Engineer
> Satakunnan Puhelin Oy
> Pori, Finland
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list