FreeRadius, three NAS types and users privileges
Leandro Pereira de Lima e Silva - ViaLink
leandro at vialink.com.br
Mon Jun 19 02:41:17 CEST 2006
I don't know how those equipments are configured, but can you configure
them to send some special attribute to radius?
If your DSL device sends something like "Connect-Info == DSL", so you
can put Connect-Info == DSL to the users in DSL group in radgroupcheck
table.
Have I made myself clear? The idea is making radius to check if the user
that is in group dsl (or dial-up, or vpn) has the attribute relative to
his group.
Best regards, Leandro.
Robert Hass escreveu:
> Hi
>
> My current network is running DSL services (PPPoE), Dial-Up services
> and VPN services. All NAS devices are Cisco - 7206VXR BRAS for DSL,
> AS5300 for Dial-Up and Cisco PIX520 for VPN (EasyVPN). Currently all
> those NASes uses one common FreeRadius (all data is in MySQL).
>
> The problem is that DSL user can configure their PPPoE connection as
> username from Dial-Up user (eg. ppp/ppp) and there will be no
> rate-limit on his connection (VirtualAccess interface). Silimar problem
> with VPNs - sometimes we have duplicated login names...
>
> Is any way to resolv this issue other than installing 3 FreeRadiuses
> using different MySQL databases, and different TCP/UDP ports ?
>
> I was wondering about class in MySQL database, eg.
>
> class = 0 Dialup
> class = 1 DSL
> class = 2 VPN
> class = ... ...
>
> And and 'class' varible into USERS and NAS tables. I'm looking for
> ready solution for above described problem.
>
> Robert Hass
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
--
Leandro Pereira de Lima e Silva
http://www.vialink.com.br/
"A verdadeira medida do caráter de um homem é o que ele faria se soubesse que nunca seria descoberto." -- Thomas B. Macaulay
More information about the Freeradius-Users
mailing list