Users file giving me headaches :)
Marcelus Trojahn
trojahn at i-next.psi.br
Wed Mar 7 15:49:18 CET 2007
Hello folks,
For quite some time now I'm struggling with a problem I have no clue
how to solve...
Consider the following:
zro Auth-Type := MD5, User-Password := 9bb05e8970a8c18991d3048f3f5ad976, Calling-Station-Id == 00:16:EC:54:2E:C4, Simultaneous-Use := 1
Mikrotik-Rate-Limit = "128k/192k 128k/384k 64k/64k 1/8"
This is an example of an user account on my ISP. As you can see we
also check the "Caller-ID" (MAC address) on the authentication
process of our PPPOE customers.
The problem is: we also provide free dialup connection to these
customers. When connected via dialup we get the phone number as
CallerID so, obviously, it doesn't match the MAC address and the
authentication fails.
Is there any way I can instruct the Radius to do like a logical OR
check? Like:
if (NAS-IP-Address != "10.200.200.2") {
Calling-Station-Id has to be 00:16:EC:54:2E:C4
} else {
Ignore the Calling-Station-Id, check only the password
}
Maybe it is just ask too much... For now, I've been ignoring the
dialup users, allowing them to authenticate with any login or
password using this in the begging of users file:
DEFAULT NAS-IP-Address == 10.200.200.2, Auth-Type := Accept
This way is not good because many people are now using our service
without even being customers... My only option, if I can't solve
this, is to make a secondary Radius server just to authenticate
them.
--
Marcelus Trojahn
---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 000722-1, 07/03/2007
Tested on: 7/3/2007 11:49:19
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com
More information about the Freeradius-Users
mailing list