Users file giving me headaches :)

Marcelus Trojahn trojahn at i-next.psi.br
Wed Mar 7 15:49:18 CET 2007


Hello folks,

  For quite some time now I'm struggling with a problem I have no clue
  how to solve...

  Consider the following:
  zro Auth-Type := MD5, User-Password := 9bb05e8970a8c18991d3048f3f5ad976, Calling-Station-Id == 00:16:EC:54:2E:C4, Simultaneous-Use := 1
      Mikrotik-Rate-Limit = "128k/192k 128k/384k 64k/64k 1/8"

  This  is  an example of an user account on my ISP. As you can see we
  also  check  the  "Caller-ID"  (MAC  address)  on the authentication
  process of our PPPOE customers.

  The  problem  is:  we  also  provide free dialup connection to these
  customers.  When  connected  via  dialup  we get the phone number as
  CallerID  so,  obviously,  it  doesn't match the MAC address and the
  authentication fails.

  Is  there  any way I can instruct the Radius to do like a logical OR
  check? Like:

  if (NAS-IP-Address != "10.200.200.2") {
    Calling-Station-Id has to be 00:16:EC:54:2E:C4
  } else {
    Ignore the Calling-Station-Id, check only the password
  }

  Maybe  it  is  just  ask too much... For now, I've been ignoring the
  dialup  users,  allowing  them  to  authenticate  with  any login or
  password using this in the begging of users file:
  DEFAULT NAS-IP-Address == 10.200.200.2, Auth-Type := Accept

  This  way  is not good because many people are now using our service
  without  even  being  customers...  My only option, if I can't solve
  this,  is  to  make  a  secondary Radius server just to authenticate
  them.

-- 
Marcelus Trojahn




---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 000722-1, 07/03/2007
Tested on: 7/3/2007 11:49:19
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com






More information about the Freeradius-Users mailing list