On 20/3/09 12:25, tnt@kalik.net wrote:
I do not want visitors to be able to get onto the original service, and I do not want normal users to get onto the visitor service.
My thoughts are to set up a new virtual server and add an 'if' statement to look for the visitor user names, and reject or allow as necessary.
something like this in the new virtual server
if ( Stripped-User-Name != /visitor[0-9]?[0-9]/i ) { reject }
and the inverse for the old service.
if ( Stripped-User-Name =~ /visitor[0-9]?[0-9]/i ) { reject }
Is this syntax correct ? and where do I put it?
What about the service? You probably want:
if(("%{request:Service-Type}" == 'whatever') && ("%{request:Stripped-User-Name}" !~ /visitor[0-9]?[0-9]/i)) { reject } I don't think naked attribute names were supported in 2.0.5..
That goes in authorize section.
Ivan Kalik Kalik Informatika ISP
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2