"Mike Cisar" <mlists@starmania.net> wrote:
But beyond that, how can I then skip over the 20 or so poola/poolb checks which do not apply for accelleration requests? Maybe there's a cleaner way of doing this?
The "users" file isn't really mean for complex processing like that. You're running into it's limitations, which are pretty severe.
So essentially what I need to do is an initial determination of whether the request is dialup, accelleration, or NNTP (well basically if it's accelleration or nntp, with dialup being the default path if it's neither of the former).
My suggestion is to use rlm_passwd. Define server-side attributes like "Where-From" with values like "dialup", "acceleration", and "nntp". Use rlm_passwd to match the client IP's to Where-From.
Go down a particular branch of processing depending on which of the three flavors of request it is, and then drop back out of those checks into a common branch
The "users" file can do that.
P.S. Is there a syntax by which I can specify something like...
DEFAULT Client-IP-Address == (207.102.99.65 or 207.102.99.66 or 207.102.99.67), Group != "poolb", Auth-Type :=Reject
Nope.
or somehow pre-define a group of NAS' to use in place such as...
clientpoola = 207.102.99.65, 207.102.99.66, 207.102.99.67 DEFAULT Client-IP-Address == clientpoola, Group != "poolb", Auth-Type :=Reject
rather than specifiying a separate stanza for each Client-IP-Address as I have in my existing config?
rlm_passwd. Map the client IP's to a common "where-from", and key off of that in the "users" file. Alan DeKok.