FreeRadius, three NAS types and users privileges

Leandro Pereira de Lima e Silva - ViaLink leandro at vialink.com.br
Mon Jun 19 02:41:17 CEST 2006


I don't know how those equipments are configured, but can you configure 
them to send some special attribute to radius?

If your DSL device sends something like "Connect-Info == DSL", so you 
can put Connect-Info == DSL to the users in DSL group in radgroupcheck 
table.

Have I made myself clear? The idea is making radius to check if the user 
that is in group dsl (or dial-up, or vpn) has the attribute relative to 
his group.

Best regards, Leandro.

Robert Hass escreveu:
> Hi
>
> My current network is running DSL services (PPPoE), Dial-Up services
> and VPN services. All NAS devices are Cisco - 7206VXR BRAS for DSL,
> AS5300 for Dial-Up and Cisco PIX520 for VPN (EasyVPN). Currently all
> those NASes uses one common FreeRadius (all data is in MySQL).
>
> The problem is that DSL user can configure their PPPoE connection as
> username from Dial-Up user (eg. ppp/ppp) and there will be no
> rate-limit on his connection (VirtualAccess interface). Silimar problem
> with VPNs - sometimes we have duplicated login names...
>
> Is any way to resolv this issue other than installing 3 FreeRadiuses
> using different MySQL databases, and different TCP/UDP ports ?
>
> I was wondering about class in MySQL database, eg.
>
> class = 0		Dialup
> class = 1		DSL
> class = 2		VPN
> class = ...		...
>
> And and 'class' varible into USERS and NAS tables. I'm looking for
> ready solution for above described problem.
>
> Robert Hass
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   


-- 
Leandro Pereira de Lima e Silva
http://www.vialink.com.br/
"A verdadeira medida do caráter de um homem é o que ele faria se soubesse que nunca seria descoberto." -- Thomas B. Macaulay




More information about the Freeradius-Users mailing list