Tips ..

Okka Radius radius at okka.org.za
Thu Jul 7 14:11:24 CEST 2005


I got my Freeradius install ( 1.04 ) authing against a MySQL DB and using
dialup_admin to add , delete and administer user accounts.

My question , my upstream asks that I return the following replies on
authorization ..

>>>ADSL Profiles
>>>
>>>You need to return one of two profiles for ADSL users depending on their 
>>>'capped' state.  For normal (not-capped) users the follwing attributes 
>>>must be returned in Access-Accepts:
>>>
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback50"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool1"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>
>>>For 'capped' users return the following set:
>>>
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback51"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool2"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>
>>>For 'unshaped dsl' return the following set:
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback52"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool3"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP

I do have an option to use old redback profiles ) but they are not supported
any longer and it is preferred that I use the VSA's ...

Redback for uncapped dsl ....

Ip-Address-Pool-Name = ipnetsubs2
Service-Type = Framed-User
Framed-Protocol = PPP

Redback for capped dsl ...

Ip-Address-Pool-Name = ipnetsubs3
Service-Type = Framed-User
Framed-Protocol = PPP


The only place I can think of to define this is either in the hints file in
the /usr/local/etc/raddb dir OR in the sql database tables , being either
radcheck , radgroupreply , radpostauth
In including this in the radcheck and radgroupreply tables and when I auth
against the radius service , I fail to get the correct attributes back upon
authentication BUT the usernames do auth ..

Anyone have any ideas .. 




More information about the Freeradius-Users mailing list