How to reply Session-Timeout without password
Stefan Winter
stefan.winter at restena.lu
Wed Jul 26 15:11:03 CEST 2006
Hi!
> Now I am a little confused.
>
> For user 005001, I not only want to check the Session-Timeout for
> accounting, but also want to check its password for authorization.
>
> Before you tell me the "auth by IP address" method, my conf is like this:
>
> 005001 Auth-Type := Digest, Password == "005001"
>
> Now my question is: How can I make radius server to use Password for normal
> authorization and then use the "auth by IP address" method for *b2bua
> request?
You can use Fall-Through: first the entries with the NAS-IP-Address, but
adding a Fall-Through = Yes, and later your other, sepcial, user. Altogether
it will look like that:
NAS-IP-Address == your-b2bua-ns, Auth-Type := Accept
Session-Timeout := whatever,
Fall-Through = Yes
005001 Auth-Type := Digest, Password == "005001"
All users whose user name is *not* 005001 are caught with the first expression
and not with the second. User 005001 is first caught with the first
expression, but later overridden with the second one and thus needs to
authenticate.
Greetings,
Stefan Winter
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingenieur Forschung & Entwicklung
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at restena.lu Tel.: +352 424409-1
http://www.restena.lu Fax: +352 422473
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060726/75fd69ae/attachment.pgp>
More information about the Freeradius-Users
mailing list