Restricting dialup users to certain client definitions only

Todd R. tjrlist at lightwavetech.com
Fri Dec 19 18:48:56 CET 2008 

In a nutshell here is what I need to do, the long story is after the short
version if you are interested.

########Short version##########

I want to restrict dialup users or a group of dialup users living within my
MySQL tables to certain clients or list of clients.

So when a user who is only allowed access when coming from clients 1 and 2
dials in and the request comes from client 3 he is denied access.

I already do this with the crappy Windows based radius solution we have been
stuck on for years, surely I can accomplish the same with FR.

Any help in a language which a total FR novice can understand would be
appreciated.


######end short version########




########Long Version###########

I have read the docs, the archives, the readmes, the examples etc.

So far, I can't get a good handle on how to accomplish the following so I am
again asking for some guidance from the list.

Here is my situation and what I need to accomplish, any help in getting this
done would be most appreciated. I don't mind doing the footwork, research
etc. to build a solution that will work but please keep in mind that I am a
total FR Newb and need this in dufus language :)

For the last 8 years or so we have been using a dreaded windows based Radius
solution that we just couldn't get away from due to how much code we have
written around this horrible solution. Finally, it's time to just do it and
deal with the pain.

What we have right now is several dialup wholesale
networks/carriers/aggregators who proxy the radius request to us, we then
decide to accept or deny the dialup user based on many things but of course
username/pass etc.. One of the things we use to determine if they get access
or not is which client they came from meaning which of our wholesale dialup
network's radius server (client) sent us the request.

So, in short I need to accomplish the same thing on FR.

Let's say I have 5 clients, their short names and IPs configured in my FR
clients file.

I need to somehow decide within FR when the request comes in from client #1
that this user (in Mysql table) is allowed to have access to that dialup
network.

So:

Joeuser from client1 = OK (allow user)
Joeuser from client2 = Not OK (deny user)

I am guessing I should do something with groups within the SQL tables such
as assign joeuser to dialgroup1 which is then somehow allowed from client1
or for that fact clients 1, 3 and 5 but not allowed to client2.

I researched huntgroups but can't find much documentation on that, not sure
if that's were I need to go or??

Regards,
Todd R.

More information about the Freeradius-Users mailing list