on the right track?
Galloway, David Mr KRS
david.l.galloway at us.army.mil
Thu Feb 23 00:16:01 CET 2006
I just worked this out yesterday.
Best way for me (I found) was to create two groups (one is pubnet-dialup the
other is pubnet-extend)
I set this in the /etc/raddb/users file
# Authentication for pubnet-dialup group
DEFAULT Auth-Type = System, Group == "pubnet-dialup"
Fall-Through = 1
# authentication for pubnet-extend group
DEFAULT Auth-Type = System, Group == "pubnet-extend"
Fall-Through = 1
# Defaults for all framed connections.
#
# sets timeout for group "pubnet-dialup"
DEFAULT Service-Type == Framed-User, Group == "pubnet-dialup"
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Session-Timeout = 14400,
Idle-Timeout = 1800,
Fall-Through = Yes
# Sets timeout for group "pubnet-extend"
DEFAULT Service-Type == Framed-User, Group == "pubnet-extend"
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Session-Timeout = 28800,
Idle-Timeout = 1800,
Fall-Through = Yes
I authenticate against two groups. Then set the timeouts per each group
(first is for 4 hours, second 8).
Hope that helps.
Regards,
David Galloway
Public Networks Administration
KRS IT Network Operations
Help Desk (805) 355-2444
Direct (805) 355-4512
-----Original Message-----
From:
freeradius-users-bounces+david.l.galloway=us.army.mil at lists.freeradius.org
[mailto:freeradius-users-bounces+david.l.galloway=us.army.mil at lists.freeradi
us.org] On Behalf Of mbjohn at duke.edu
Sent: Thursday, February 23, 2006 3:43 AM
To: freeradius-users at lists.freeradius.org
Subject: on the right track?
Hello all!
I've tried to search the web and the archives for an answer to this question
and didn't come up with anything, so I hope I'm not duplicating a question
that's already been answered.
Currently, where I work, we run two modem pools. One pool is limited to
certain users who are allowed to connect up to 8 hrs at a time. The other
pool is for general users who are given 15 min to quickly check email or
search for something on the web (fwiw, they're allowed to reconnect after
their time is up....).
As broadband has become more available, less and less users are using the
modem pool. We still have a handful of people from both groups who are
still using it. So, in the interest to provide the service for the people
still using it while not paying for unused lines, we're trying to
consolidate things.
We have a Cisco AS5300 terminal server that already uses freeradius w/
kerberos to authenticate users. We would like to take that a step further
and use freeradius to limit usage time based on the user name (certain users
are allowed 8hrs while all others are given 15min).
Looking over the config files in /etc/raddb, it appears the attrs file is
just what I need to use. Would I be able to use a combination of huntgroups
and the attrs file to accomplish what I need? I know in the documentation
for the "fisp" entry, it talks about not having a Fall-Through entry. Does
that mean it CANNOT have a Fall-Through entry, or that the given example
does not? Am I on the right track with this, or should I look elsewhere?
Thanks for your help!
Brian
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060223/69595049/attachment.html>
More information about the Freeradius-Users
mailing list