on the right track?

mbjohn at duke.edu mbjohn at duke.edu
Wed Feb 22 16:42:34 CET 2006

Hello all!

I've tried to search the web and the archives for an answer to this
question and didn't come up with anything, so I hope I'm not duplicating a
question that's already been answered.

Currently, where I work, we run two modem pools.  One pool is limited to
certain users who are allowed to connect up to 8 hrs at a time.  The other
pool is for general users who are given 15 min to quickly check email or
search for something on the web (fwiw, they're allowed to reconnect after
their time is up....).

As broadband has become more available, less and less users are using the
modem pool.  We still have a handful of people from both groups who are
still using it.  So, in the interest to provide the service for the people
still using it while not paying for unused lines, we're trying to
consolidate things.

We have a Cisco AS5300 terminal server that already uses freeradius w/
kerberos to authenticate users.  We would like to take that a step further
and use freeradius to limit usage time based on the user name (certain
users are allowed 8hrs while all others are given 15min).

Looking over the config files in /etc/raddb, it appears the attrs file is
just what I need to use.  Would I be able to use a combination of
huntgroups and the attrs file to accomplish what I need?  I know in the
documentation for the "fisp" entry, it talks about not having a
Fall-Through entry.  Does that mean it CANNOT have a Fall-Through entry,
or that the given example does not?  Am I on the right track with this, or
should I look elsewhere?

Thanks for your help!


More information about the Freeradius-Users mailing list