freeradius 1 mysql Attribute

Dustin Schuemann schuemann at supportdept.com
Thu Feb 28 23:08:46 CET 2008


Im working with dialup provider that is acting as the nas and they are  
authenticating off my radius server. Authentication works fine. They  
have this fastnet program that is supposed to make the internet  
faster. Attached is what they told me to do. I have added it to the  
dynamic group in mysql and the user is part of that group. But nothing.

If you run your own radius server:

For those of you that run your own radius server, you must configure  
your radius server to authenticate the enduser. The authentication  
will be passed to you, via the same radius servers that authentication  
currently comes from for pass through radius. The customer must login  
to the software using their dial-up username and password.

You will need to pass back to us the following attribute.
(You will need to add this to your dictionary file):

VENDORATTR 7000 Slipstream-Auth	1 string

Set this equal to 'true' for those that have web acceleration and  
'false' for those that do not. By default right now it accepts all  
users, so be sure to test it with setting one user equal to false and  
trying to login, it should deny them.


Example of how this can be done (using Radiator):

Add to your dictionary file at /usr/local/etc/raddb/dictionary:

VENDORATTR 7000 Slipstream-Auth 1 string

Next, In Radiator you will want to configure like we have listed  
below. The default entry should be listed after all the webcompress  
users but before all normal users.


Example of how this can be done (Most Radius's):

Open up your current dictionary file. Search for the word : cisco- 
avpair . This is attribute # 1 of vendor 9. You need to create a  
similar entry, but it should be attribute # 1 of vendor 7000. Follow  
the example of how the other entry is in your dictionary file.

If you cannot find this attribute, it could be under a sub dictionary  
file. Perhaps something called dictionary.cisco . You may have some  
INCLUDE lines at the top of your dictionary file that call include  
dictionary.cisco. If so, you will want to add an INCLUDE line for  
something like dictionary.slipstream and then follow the example on  
how dictionary.cisco is setup to make your own dictionary.slipstream  
file and add that one attribute in it.




To Accept a user (this will accept dial-up and accept slipstream):

test at realm Auth-Type := Local, User-Password == "trial"
         Slipstream-Auth = "true"


To Deny a user from Slipstream.

    Do not pass back the Slipstream-Auth = "true".   We deny all  
customers
    that do not hae a Slipstream-Auth = "true" attribute.


Dustin Schuemann  .  Network Engineer
. . .  . . . . . . . . . . . . . . . . . . . . . . .
AMS/The Support Dept
400 Ann St NW Suite 102
Grand  Rapids, MI 49504
p. 616.235.0725 ext. 7007
e. schuemann at supportdept.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080228/885fd4c5/attachment.html>


More information about the Freeradius-Users mailing list