How to reply Session-Timeout without password

Stefan Winter stefan.winter at restena.lu
Wed Jul 26 15:11:03 CEST 2006


Hi!

> Now I am a little confused.
>
> For user 005001, I not only want to check the Session-Timeout for
> accounting, but also want to check its password for authorization.
>
> Before you tell me the "auth by IP address" method, my conf is like this:
>
> 005001 Auth-Type := Digest, Password == "005001"
>
> Now my question is: How can I make radius server to use Password for normal
> authorization and then use the "auth by IP address" method for *b2bua
> request?

You can use Fall-Through: first the entries with the NAS-IP-Address, but 
adding a Fall-Through = Yes, and later your other, sepcial, user. Altogether 
it will look like that:

NAS-IP-Address == your-b2bua-ns, Auth-Type := Accept
        Session-Timeout := whatever,
	Fall-Through = Yes

005001 Auth-Type := Digest, Password == "005001"

All users whose user name is *not* 005001 are caught with the first expression 
and not with the second. User 005001 is first caught with the first 
expression, but later overridden with the second one and thus needs to 
authenticate.

Greetings,

Stefan Winter

-- 
Stefan WINTER

Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu     Tel.:     +352 424409-1
http://www.restena.lu                Fax:      +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060726/75fd69ae/attachment.pgp>


More information about the Freeradius-Users mailing list