on the right track?

mbjohn at duke.edu mbjohn at duke.edu
Tue May 2 20:19:03 CEST 2006


My apologies to Alan who also responded and I seem to have not gotten his
original message (regarding using rlm_passwd for the groups).  I'll be
investigating that as well.

Thanks again for your help!

Brian

On Thu, 23 Feb 2006, Galloway, David  Mr  KRS wrote:

> I just worked this out yesterday.
>
> Best way for me (I found) was to create two groups (one is pubnet-dialup the
> other is pubnet-extend)
>
> I set this in the /etc/raddb/users   file
>
>
> #       Authentication for pubnet-dialup group
> DEFAULT Auth-Type = System, Group == "pubnet-dialup"
>         Fall-Through = 1
>
>
> #       authentication for pubnet-extend group
> DEFAULT Auth-Type = System, Group == "pubnet-extend"
>         Fall-Through = 1
>
>
>
> # Defaults for all framed connections.
> #
> # sets timeout for group "pubnet-dialup"
> DEFAULT Service-Type == Framed-User, Group == "pubnet-dialup"
>         Framed-IP-Address = 255.255.255.254,
>         Framed-MTU = 576,
>         Service-Type = Framed-User,
>         Session-Timeout = 14400,
>         Idle-Timeout = 1800,
>         Fall-Through = Yes
>
> # Sets timeout for group "pubnet-extend"
> DEFAULT Service-Type == Framed-User, Group == "pubnet-extend"
>         Framed-IP-Address = 255.255.255.254,
>         Framed-MTU = 576,
>         Service-Type = Framed-User,
>         Session-Timeout = 28800,
>         Idle-Timeout = 1800,
>         Fall-Through = Yes
>
>
>
>
>
> I authenticate against two groups. Then set the timeouts per each group
> (first is for 4 hours, second 8).
>
>
> Hope that helps.
>
>
> Regards,
>
>
> David Galloway
> Public Networks Administration
> KRS IT Network Operations
> Help Desk   (805) 355-2444
> Direct      (805) 355-4512
>
> -----Original Message-----
> From:
> freeradius-users-bounces+david.l.galloway=us.army.mil at lists.freeradius.org
> [mailto:freeradius-users-bounces+david.l.galloway=us.army.mil at lists.freeradi
> us.org] On Behalf Of mbjohn at duke.edu
> Sent: Thursday, February 23, 2006 3:43 AM
> To: freeradius-users at lists.freeradius.org
> Subject: on the right track?
>
> Hello all!
>
> I've tried to search the web and the archives for an answer to this question
> and didn't come up with anything, so I hope I'm not duplicating a question
> that's already been answered.
>
> Currently, where I work, we run two modem pools.  One pool is limited to
> certain users who are allowed to connect up to 8 hrs at a time.  The other
> pool is for general users who are given 15 min to quickly check email or
> search for something on the web (fwiw, they're allowed to reconnect after
> their time is up....).
>
> As broadband has become more available, less and less users are using the
> modem pool.  We still have a handful of people from both groups who are
> still using it.  So, in the interest to provide the service for the people
> still using it while not paying for unused lines, we're trying to
> consolidate things.
>
> We have a Cisco AS5300 terminal server that already uses freeradius w/
> kerberos to authenticate users.  We would like to take that a step further
> and use freeradius to limit usage time based on the user name (certain users
> are allowed 8hrs while all others are given 15min).
>
> Looking over the config files in /etc/raddb, it appears the attrs file is
> just what I need to use.  Would I be able to use a combination of huntgroups
> and the attrs file to accomplish what I need?  I know in the documentation
> for the "fisp" entry, it talks about not having a Fall-Through entry.  Does
> that mean it CANNOT have a Fall-Through entry, or that the given example
> does not?  Am I on the right track with this, or should I look elsewhere?
>
> Thanks for your help!
>
> Brian
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list