Restricting dialup users to certain client definitions only

Jeff Crowe listacct at genhex.net
Fri Dec 19 20:00:08 CET 2008


Hi Todd,

I am using FR & MySQL and have the following in my radgroupcheck table to
limit my dialup customers from connecting to my dsl aggregators.  I have
created different Groups (dialup & dsl for simplicity).  In the dialup group
I have rule that reads:

ID: xxx
GroupName: dialup
Attribute: NAS-IP-Address
OP: !~
Value: (xxx.xxx.xxx.4|xxx.xxx.xxx.2)

This prevents any user in FR with a group of dialup from connecting to a NAS
device with an IP of xxx.xxx.xxx.4 or .2

Hope this gives you an idea on where to limit your customers.

Cheers,
Jeff.


-----Original Message-----
From: freeradius-users-bounces+listacct=genhex.net at lists.freeradius.org
[mailto:freeradius-users-bounces+listacct=genhex.net at lists.freeradius.org]
On Behalf Of Paul Bartell
Sent: Friday, December 19, 2008 1:26 PM
To: FreeRadius users mailing list
Subject: Re: Restricting dialup users to certain client definitions only

You would use the Calling-Station-ID or Called-Station-ID checks in
the groupcheck table.

On Fri, Dec 19, 2008 at 9:48 AM, Todd R. <tjrlist at lightwavetech.com> wrote:
> In a nutshell here is what I need to do, the long story is after the short
> version if you are interested.
>
> ########Short version##########
>
> I want to restrict dialup users or a group of dialup users living within
my
> MySQL tables to certain clients or list of clients.
>
> So when a user who is only allowed access when coming from clients 1 and 2
> dials in and the request comes from client 3 he is denied access.
>
> I already do this with the crappy Windows based radius solution we have
been
> stuck on for years, surely I can accomplish the same with FR.
>
> Any help in a language which a total FR novice can understand would be
> appreciated.
>
>
> ######end short version########
>
>
>
>
> ########Long Version###########
>
> I have read the docs, the archives, the readmes, the examples etc.
>
> So far, I can't get a good handle on how to accomplish the following so I
am
> again asking for some guidance from the list.
>
> Here is my situation and what I need to accomplish, any help in getting
this
> done would be most appreciated. I don't mind doing the footwork, research
> etc. to build a solution that will work but please keep in mind that I am
a
> total FR Newb and need this in dufus language :)
>
> For the last 8 years or so we have been using a dreaded windows based
Radius
> solution that we just couldn't get away from due to how much code we have
> written around this horrible solution. Finally, it's time to just do it
and
> deal with the pain.
>
> What we have right now is several dialup wholesale
> networks/carriers/aggregators who proxy the radius request to us, we then
> decide to accept or deny the dialup user based on many things but of
course
> username/pass etc.. One of the things we use to determine if they get
access
> or not is which client they came from meaning which of our wholesale
dialup
> network's radius server (client) sent us the request.
>
> So, in short I need to accomplish the same thing on FR.
>
> Let's say I have 5 clients, their short names and IPs configured in my FR
> clients file.
>
> I need to somehow decide within FR when the request comes in from client
#1
> that this user (in Mysql table) is allowed to have access to that dialup
> network.
>
> So:
>
> Joeuser from client1 = OK (allow user)
> Joeuser from client2 = Not OK (deny user)
>
> I am guessing I should do something with groups within the SQL tables such
> as assign joeuser to dialgroup1 which is then somehow allowed from client1
> or for that fact clients 1, 3 and 5 but not allowed to client2.
>
> I researched huntgroups but can't find much documentation on that, not
sure
> if that's were I need to go or??
>
> Regards,
> Todd R.
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



-- 
Random quote of the week/month/whenever i get to updating it:
"Opportunity knocked. My doorman threw him out." - Adrienne Gusoff

"At school you don't get parole, good behavior only brings a longer
sentence." - The History Boys
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list