Restricting dialup users to certain client definitions only
paul.bartell at gmail.com
Fri Dec 19 19:26:08 CET 2008
You would use the Calling-Station-ID or Called-Station-ID checks in
the groupcheck table.
On Fri, Dec 19, 2008 at 9:48 AM, Todd R. <tjrlist at lightwavetech.com> wrote:
> In a nutshell here is what I need to do, the long story is after the short
> version if you are interested.
> ########Short version##########
> I want to restrict dialup users or a group of dialup users living within my
> MySQL tables to certain clients or list of clients.
> So when a user who is only allowed access when coming from clients 1 and 2
> dials in and the request comes from client 3 he is denied access.
> I already do this with the crappy Windows based radius solution we have been
> stuck on for years, surely I can accomplish the same with FR.
> Any help in a language which a total FR novice can understand would be
> ######end short version########
> ########Long Version###########
> I have read the docs, the archives, the readmes, the examples etc.
> So far, I can't get a good handle on how to accomplish the following so I am
> again asking for some guidance from the list.
> Here is my situation and what I need to accomplish, any help in getting this
> done would be most appreciated. I don't mind doing the footwork, research
> etc. to build a solution that will work but please keep in mind that I am a
> total FR Newb and need this in dufus language :)
> For the last 8 years or so we have been using a dreaded windows based Radius
> solution that we just couldn't get away from due to how much code we have
> written around this horrible solution. Finally, it's time to just do it and
> deal with the pain.
> What we have right now is several dialup wholesale
> networks/carriers/aggregators who proxy the radius request to us, we then
> decide to accept or deny the dialup user based on many things but of course
> username/pass etc.. One of the things we use to determine if they get access
> or not is which client they came from meaning which of our wholesale dialup
> network's radius server (client) sent us the request.
> So, in short I need to accomplish the same thing on FR.
> Let's say I have 5 clients, their short names and IPs configured in my FR
> clients file.
> I need to somehow decide within FR when the request comes in from client #1
> that this user (in Mysql table) is allowed to have access to that dialup
> Joeuser from client1 = OK (allow user)
> Joeuser from client2 = Not OK (deny user)
> I am guessing I should do something with groups within the SQL tables such
> as assign joeuser to dialgroup1 which is then somehow allowed from client1
> or for that fact clients 1, 3 and 5 but not allowed to client2.
> I researched huntgroups but can't find much documentation on that, not sure
> if that's were I need to go or??
> Todd R.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Random quote of the week/month/whenever i get to updating it:
"Opportunity knocked. My doorman threw him out." - Adrienne Gusoff
"At school you don't get parole, good behavior only brings a longer
sentence." - The History Boys
More information about the Freeradius-Users