Tips ..
Okka Radius
radius at okka.org.za
Thu Jul 7 14:11:24 CEST 2005
I got my Freeradius install ( 1.04 ) authing against a MySQL DB and using
dialup_admin to add , delete and administer user accounts.
My question , my upstream asks that I return the following replies on
authorization ..
>>>ADSL Profiles
>>>
>>>You need to return one of two profiles for ADSL users depending on their
>>>'capped' state. For normal (not-capped) users the follwing attributes
>>>must be returned in Access-Accepts:
>>>
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback50"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool1"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>
>>>For 'capped' users return the following set:
>>>
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback51"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool2"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
>>>
>>>For 'unshaped dsl' return the following set:
>>>Cisco-AVPair = "ip:ip-unnumbered=Loopback52"
>>>Cisco-AVPair = "ip:addr-pool=ipnetpool3"
>>>Service-Type = Framed-User
>>>Framed-Protocol = PPP
I do have an option to use old redback profiles ) but they are not supported
any longer and it is preferred that I use the VSA's ...
Redback for uncapped dsl ....
Ip-Address-Pool-Name = ipnetsubs2
Service-Type = Framed-User
Framed-Protocol = PPP
Redback for capped dsl ...
Ip-Address-Pool-Name = ipnetsubs3
Service-Type = Framed-User
Framed-Protocol = PPP
The only place I can think of to define this is either in the hints file in
the /usr/local/etc/raddb dir OR in the sql database tables , being either
radcheck , radgroupreply , radpostauth
In including this in the radcheck and radgroupreply tables and when I auth
against the radius service , I fail to get the correct attributes back upon
authentication BUT the usernames do auth ..
Anyone have any ideas ..
More information about the Freeradius-Users
mailing list