Hi.<br><br>I knew how to make all you wrote above. I need to know how to accept customer, when sim-use rejected him.<br><br>Regards,<br>Alexander.<br>
<br><br><div class="gmail_quote">2011/12/21 Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net">list@fajar.net</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On Wed, Dec 21, 2011 at 5:29 AM, Fajar A. Nugraha <<a href="mailto:list@fajar.net">list@fajar.net</a>> wrote:<br>
> On Wed, Dec 21, 2011 at 4:18 AM, Alexander Kosykh <<a href="mailto:avkosykh@gmail.com">avkosykh@gmail.com</a>> wrote:<br>
<br>
>> I tried to do this in my config<br>
<br>
</div><div class="im">>> but radius answer is reject whatever and pppoe didn't up<br>
<br>
</div>You know what, since you say it's pppoe, I can share a setup on my<br>
environment that might be adaptable for you.<br>
<br>
The situation:<br>
- pppoe<br>
- IP address is (normally) allocated by nas, dynamically, using public<br>
IP address<br>
- AAA using freeradius<br>
<br>
The problem:<br>
- we want disabled users to still be able to login, but they'd be<br>
placed on a special network where they'd only be able to access an<br>
info page (or, in your terms, "error page")<br>
<br>
The solution:<br>
- setup a private IP pool on the NAS (e.g. 10.x.x.x)<br>
- put disabled users in a special group (e.g. "disabled-users")<br>
- setup sqlippool for that IP address pool (e.g. "disabled-users-pool")<br>
- setup a special DNS server (any authoritative DNS server supporting<br>
wildcard will do) that will resolve all DNS record to a special web<br>
server.<br>
- setup routing on the NAS so that the private IP pool can access the<br>
DNS server and the web server, but it can't access public IP address<br>
- add radgroupcheck entry for that group which points to the pool<br>
(e.g. Pool-Name := "disabled-users-pool")<br>
- add radgroupreply entry which will tell users to use the special DNS<br>
server (e.g MS-Primary-DNS-Server := "10.0.0.10")<br>
<br>
That way, when a user in "disabled-users" group logs in, he'd get a<br>
private IP address, and whatever address he typed in browser will<br>
bring him to the info page.<br>
<br>
You might be able to adapt it to your needs by adding Pool-Name and<br>
MS-Primary-DNS-Server attribute dynamically using unlang, based on an<br>
sql query which checks whether a user is already logged in or not.<br>
Somewhat complicated, but should work.<br>
<br>
If you're still having trouble understanding the example, better ask<br>
<div class="HOEnZb"><div class="h5">an expert to help you.<br>
<br>
--<br>
Fajar<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</div></div></blockquote></div><br>