<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'><div>Hi Radius People,</div><div><br></div><div>I'm a new user on FreeRadius and recently considering using FreeRadius version 2 in our environment. </div><div><br></div><div>Basically we are an education/training environment where we have some students accessing the routers and switches for practise, terminal server are used to consolidate the console access, and these terminal servers authenticate the users through a Radius server (as shown in the following figure). Additionally, the students are categorized into few groups. We want to implement policy on the radius server so that only a certain group can access the pod in a given duration of time (the user should be dropped from the terminal when the subscribed time is reached and cannot access thereafter .) </div><div><br></div><div><br></div><div><div>+++++++++++++++ +++++++++++++++ +++++++++++++</div><div>+ User +++++++++++++++++++++ Cisco 2600 +++++++++++++++++++ Network +</div><div>+ + + Terminal Serv + + Devices +</div><div>+++++++++++++++ +++++++++++++++ +++++++++++++</div><div> (NAS)</div><div> +</div><div> +</div><div> +++++++++++++++ </div><div> + FreeRadius +</div><div> +++++++++++++++</div></div><div><br></div><div><br></div><div>Right now I'm able to do the "hello-world" setup with the following users and clients.conf. On the terminal server side, aaa new-model is enabled on the cisco terminal server to communicate with this radius server.</div><div><br></div><div>users</div><div>=============</div><div><div>cisco Auth-Type := System</div><div> Service-Type = NAS-Prompt-User,</div><div> cisco-avpair = "shell:priv-lvl=15"</div></div><div><br></div><div>clients.conf</div><div>==============</div><div><div>client 192.168.1.1 {</div><div> secret = SECRET_KEY</div><div> shortname = termserver</div><div> nastype = cisco</div><div>}</div></div><div><br></div><div>A typical transaction would be :</div><div><br></div><div>Access-Request</div><div>=======</div><div><div> NAS-IP-Address = 192.168.1.1</div><div> NAS-Port = 35</div><div> NAS-Port-Type = Async</div><div> User-Name = "cisco"</div><div> Calling-Station-Id = "1.1.1.1"</div></div><div> User-Password = "cisco"</div><div><br></div><div><div>Access-Accept</div><div>=======</div></div><div><div> Service-Type = NAS-Prompt-User</div><div> Cisco-AVPair = "shell:priv-lvl=15"</div></div><div><br></div><div>However, this doesn't really provide any timing or grouping policy. Could you please provide some hints on how typically the timing limits are enforced with the freeradius and cisco terminal server?</div><div><br></div><div>Thanks a lot in advance.</div><div><br></div><div>Thanks</div><div>Frank</div><div><br></div><div><br></div><div><br></div><div><br></div> </div></body>
</html>