Different replies based on Service-Type

Ivan Kalik tnt at kalik.net
Mon May 5 14:00:58 CEST 2008


Done. There are more examples for using Auth-Type Reject, which is
essentially the same thing for banning users. It might make sense to
group them under the heading "How to ban/permit users regardless of the
password".

Ivan Kalik
Kalik Informatika ISP


Dana 5/5/2008, "Dejan Markic" <Dejan.Markic at mobik.si> piše:

>Hello!
>
>Thanks, this cleared up the thing ... it's working now.
>It would be great if this, what you wrote to me, would be on the FAQ - as what is written now, and I've read it, didn't give me correct clue :)
>
>Thanks!
>
>Kind regards,
>Dejan
>
>-----Original Message-----
>From: freeradius-users-bounces+dejan.markic=mobik.si at lists.freeradius.org [mailto:freeradius-users-bounces+dejan.markic=mobik.si at lists.freeradius.org] On Behalf Of Ivan Kalik
>Sent: Monday, May 05, 2008 1:07 PM
>To: FreeRadius users mailing list
>Subject: Re: Different replies based on Service-Type
>
>Yes. Just add Auth-Type := Accept in radgroupcheck for Call-Check group.
>This is documented in FAQ, you just adapt it for your case:
>
>http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ#How_do_I_permit_access_to_any_user_regardless_of_password.3F
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 5/5/2008, "Dejan Markic" <Dejan.Markic at mobik.si> piše:
>
>>Hello!
>>
>>I need some configuration help, I'm stuck! I have configured Freeradius to work great with PPP access with user/pass, etc using rlm_sql module with MySQL.
>>Now I have a problem. I have different requests coming in from OpenSER. One is authentication it self (the registration) which includes the user/pass combination - the packet looks like this:
>>        User-Name = "10000 at voip"
>>        Digest-Attributes = 0x0a073130303030
>>        Digest-Attributes = 0x0110766f69702e6962757273742e7369
>>        Digest-Attributes = 0x022a34383165633632613431333361613638303939666434316333306136396363643665363765353239
>>        Digest-Attributes = 0x04147369703a766f69702e6962757273742e7369
>>        Digest-Attributes = 0x030a5245474953544552
>>        Digest-Response = "0d741120406c55bb2631bc16ba79eedc"
>>        Service-Type = Sip-Session
>>        Sip-Uri-User = "10000"
>>        NAS-Port = 5060
>>        NAS-IP-Address = 172.16.3.10
>>
>>This works OK, and user get's authenticated. But how could I match also this query received:
>>
>>        User-Name = "10000 at voip"
>>        Service-Type = Call-Check
>>        NAS-Port = 0
>>        NAS-IP-Address = 172.16.3.10
>>
>>Now, there's no Password or anything, I would just like to check if this user is in the database.
>>I have put the user into two groups, one checking for Service-Type Sip-Session and the other to Service-Type Call-Check. I can see in the debug, that the user was found in Call-Check group, but then radius sends REJECT as there was no password provided. Can I somehow send Accept, without user/pass checking, if the user was found in this group?!
>>
>>Thank you for any inputs regarding this issue.
>>
>>Kind regards,
>>Dejan Markic
>>
>>-
>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list