Configuration of users file
Alan DeKok
aland at ox.org
Tue Dec 27 21:25:24 CET 2005
"Mike Cisar" <mlists at starmania.net> wrote:
> But beyond that, how can I then skip over the 20 or so poola/poolb checks
> which do not apply for accelleration requests? Maybe there's a cleaner way
> of doing this?
The "users" file isn't really mean for complex processing like that.
You're running into it's limitations, which are pretty severe.
> So essentially what I need to do is an initial determination of whether the
> request is dialup, accelleration, or NNTP (well basically if it's
> accelleration or nntp, with dialup being the default path if it's neither of
> the former).
My suggestion is to use rlm_passwd. Define server-side attributes
like "Where-From" with values like "dialup", "acceleration", and
"nntp". Use rlm_passwd to match the client IP's to Where-From.
> Go down a particular branch of processing depending on which
> of the three flavors of request it is, and then drop back out of those
> checks into a common branch
The "users" file can do that.
> P.S. Is there a syntax by which I can specify something like...
>
> DEFAULT Client-IP-Address == (207.102.99.65 or 207.102.99.66 or
> 207.102.99.67), Group != "poolb", Auth-Type :=Reject
Nope.
> or somehow pre-define a group of NAS' to use in place such as...
>
> clientpoola = 207.102.99.65, 207.102.99.66, 207.102.99.67
> DEFAULT Client-IP-Address == clientpoola, Group != "poolb", Auth-Type
> :=Reject
>
> rather than specifiying a separate stanza for each Client-IP-Address as I
> have in my existing config?
rlm_passwd. Map the client IP's to a common "where-from", and key
off of that in the "users" file.
Alan DeKok.
More information about the Freeradius-Users
mailing list