I am using freeradius 2.1.3 using MySQL for my IP pool and user auth tables in my small ISP. What I need to do is have customers that get rejected with a bad password assigned to a particular IP pool. I am sure this is possible, but can't find it. I assume I am just looking for the wrong keywords - LOL. Can somebody point me in the right direction? Thanks in advance. Jack Martin Magic Wireless Internet Service Providers LLC P.O. Box 278 104 W. Main Oilton, OK 74052 www.magicwisp.com
Jack D. Martin Jr. wrote:
I am using freeradius 2.1.3 using MySQL for my IP pool and user auth tables in my small ISP. What I need to do is have customers that get rejected with a bad password assigned to a particular IP pool. I am sure this is possible, but can't find it. I assume I am just looking for the wrong keywords - LOL. Can somebody point me in the right direction? Thanks in advance.
The server can't turn a reject into an accept. Doing so will require source code patches. Alan DeKok.
What about using a fall through? Could it be that the last option to auth, even if the password is incorrect - they get assigned to a particular group? Jack Martin Magic Wireless Internet Service Providers LLC P.O. Box 278 104 W. Main Oilton, OK 74052 www.magicwisp.com
Jack D. Martin Jr. wrote:
I am using freeradius 2.1.3 using MySQL for my IP pool and user auth tables in my small ISP. What I need to do is have customers that get rejected with a bad password assigned to a particular IP pool. I am sure this is possible, but can't find it. I assume I am just looking for the wrong keywords - LOL. Can somebody point me in the right direction? Thanks in advance.
The server can't turn a reject into an accept. Doing so will require source code patches.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jack D. Martin Jr. wrote:
What about using a fall through? Could it be that the last option to auth, even if the password is incorrect - they get assigned to a particular group?
As I said:
The server can't turn a reject into an accept. Doing so will require source code patches.
I wrote much of the server. I *think* I know how it works. Alan DeKok.
I wasn't questioning your skills - trust me. I have read many of your responses on the list, you helped me deploy my server without ever talking to me. I am just looking for a solution. Basically what I have is a billing solution that automatically suspends customers by scrambling their passwords. When that happens - I don't want the customers to be rejected, but to be assigned to a different group. Is that a better way of asking? What I am looking for is to not reject people with bad passwords, but to assign them a particular IP pool. Jack Martin Magic Wireless Internet Service Providers LLC P.O. Box 278 104 W. Main Oilton, OK 74052 www.magicwisp.com
Jack D. Martin Jr. wrote:
What about using a fall through? Could it be that the last option to auth, even if the password is incorrect - they get assigned to a particular group?
As I said:
The server can't turn a reject into an accept. Doing so will require source code patches.
I wrote much of the server. I *think* I know how it works.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jack D. Martin Jr. a écrit :
I wasn't questioning your skills - trust me. I have read many of your responses on the list, you helped me deploy my server without ever talking to me. I am just looking for a solution. Basically what I have is a billing solution that automatically suspends customers by scrambling their passwords. When that happens - I don't want the customers to be rejected, but to be assigned to a different group. Is that a better way of asking? What I am looking for is to not reject people with bad passwords, but to assign them a particular IP pool.
Then why don't you simply make your billing solution to put your users exceeding their quota to an Exceeded_Quota group (either in sql DB or in LDAp, or any backend). Don't scramble their password. This way an authenticated use belonging to the Exceeded_Quota group would be assigned a given IP_Pool, and those not in this group would be assigned another IP_Pool. Does my answer make sense? (i admit I've not read the preceeding posts). Thibault
Jack Martin Magic Wireless Internet Service Providers LLC P.O. Box 278 104 W. Main Oilton, OK 74052 www.magicwisp.com
Jack D. Martin Jr. wrote:
What about using a fall through? Could it be that the last option to auth, even if the password is incorrect - they get assigned to a particular group?
As I said:
The server can't turn a reject into an accept. Doing so will require source code patches.
I wrote much of the server. I *think* I know how it works.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jack D. Martin Jr. wrote:
I wasn't questioning your skills - trust me. I have read many of your responses on the list, you helped me deploy my server without ever talking to me. I am just looking for a solution. Basically what I have is a billing solution that automatically suspends customers by scrambling their passwords. When that happens - I don't want the customers to be rejected, but to be assigned to a different group. Is that a better way of asking? What I am looking for is to not reject people with bad passwords, but to assign them a particular IP pool.
What kind of authentication methods are you using? If it's PAP, then the answer is easy: authenticate { ... Auth-Type PAP { if (User-Password == "%{control:Cleartext-Password}") { update control { Pool-Name := "pool-for-good-users" } } else { update control { Pool-Name := "pool-for-bad-users" } } ok # mark them as authenticated } ... } And configure the two pools, including putting them in the post-auth section. Alan DeKok.
This kind of handling of rejected users should be handled by your NAS. Radius server is suposed to reject users with bad passwords. You can make policy on your NAS to place them in a restricted VLAN instead of dropping the connection. Ivan Kalik Kalik Informatika ISP Dana 4/3/2009, "Jack D. Martin Jr." <jack.d.martin@magicwisp.com> piše:
What about using a fall through? Could it be that the last option to auth, even if the password is incorrect - they get assigned to a particular group?
Jack Martin Magic Wireless Internet Service Providers LLC P.O. Box 278 104 W. Main Oilton, OK 74052 www.magicwisp.com
Jack D. Martin Jr. wrote:
I am using freeradius 2.1.3 using MySQL for my IP pool and user auth tables in my small ISP. What I need to do is have customers that get rejected with a bad password assigned to a particular IP pool. I am sure this is possible, but can't find it. I assume I am just looking for the wrong keywords - LOL. Can somebody point me in the right direction? Thanks in advance.
The server can't turn a reject into an accept. Doing so will require source code patches.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (4)
-
Alan DeKok -
Jack D. Martin Jr. -
Thibault Le Meur -
tnt@kalik.net