(RADIATOR) Limiting with port number

Hugh Irvine hugh at open.com.au
Thu Feb 27 14:38:40 CST 2003


Hello Petri -

Yes, one or more AuthBy PORTLIMITCHECK clauses would be the way to go 
(with the appropriate columns and data in the session database).

# define Realms or Handlers

<Handler ....>
	AuthByPolicy ContinueWhileAccept
	<AuthBy PORTLIMITCHECK>
		.....
	</AuthBy>
	.....
	<AuthBy ...>
		.....
	</AuthBy>
	.....
</Handler>

regards

Hugh


On Thursday, Feb 27, 2003, at 22:43 Australia/Melbourne, 
petri.maenpaa at satakunnanpuhelin.fi wrote:

>
> Hi,
>
> We have DSL system that uses Radiator to authenticate users. Users
> give their credentials through a web login page. We limit sessions
> with to 5 with MaxSessions. This works fine, but now I need to come
> up with a way to limit access to 5 sessions via one specific NAS-port.
>
> Problem is, that although the sessions are limited, users can share
> their credentials to get more bandwidth cheaper. (Bandwidth is tied
> to username).
>
> For instance, I've got a user A that has logged in twice from
> port 554107060, which is alright because it's one specific DSL-line.
> Then I've got another user whose logged in from ports 553910634 and
> 554041761, which means that he's logged in from two separate DSL lines.
> Although sharing credentials is forbidden, I'd like to fix this
> technically rather than e.g. closing accounts.
>
> I use SessionDatabase SQL which has NAS-Port column to use.
>
> AuthBy PORTLIMITCHECK is kinda what I need, I think?
>
> Thanks in advance,
>
> Petri Mäenpää
> System Engineer
> Satakunnan Puhelin Oy
> Pori, Finland
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list