Hello, and a (hopefully) simple question

Andy Billington billington.andy at googlemail.com
Fri Jan 25 18:58:20 CET 2008


Vlad,
are the passwords changed _by the billing system_ for any other
reason? You could use a trigger on the table to make a corresponding
change on the usergroup when the billing system changes the password.

Better though might just be to have a "Expiry Due?" column added to
the users, and then have "if expiry_due AND if password changed, then
change usergroup" triggered. You'll have to have a way to keep track
of expiration dates and so on

Vlad,
are the passwords changed by the billing system for any other reason?
You could use a trigger on the table to make a corresponding change on
the usergroup when a billing system changes the password.

Better though might just be to have a "Expired Yes/No" column added to
the users, and then have "if expired AND password changed, then change
usergroup" triggered. You'll have to have a way to keep track of
expiration dates and so on but if the renewals are for a standard
period (e.g. 12 months) then you could do

a. if expiry_due and password changed, change usergroup (and hence ip etc)

b. if expired, password changed already and then password changed
again, change usergroup back to normal on assumption that billing
system has reset password when payment received. Reset expiry_due to
today() plus 12 months

Then again I'm probably looking at database level stuff when
FreeRADIUS will provide a better way using the many bits of it I dont
understand ;-)
Andy





On 25/01/2008, Vlad Sedov <stereomind at gmail.com> wrote:
> Well, what I'm trying to do is accept the session whether the password
> is correct or not, but if it's not correct, assign Framed-IP-Address
> from a different IP pool, so our firewall downstream from the NAS can
> redirect their HTTP traffic to a payment site.
>
>
> Vlad
>
>
> On Jan 25, 2008 11:27 AM, JB <list.freeradius at mac.com> wrote:
> > If it's just a message you want to display, you could use the Reply-
> > Message attribute.
> > Of course, your access controler would have to know how handle this
> > attribute.
> >
> > JB
> >
> >
> > Marinko Tarlac wrote:
> >
> > > radius will reply whatever you need but you need to tell him what do
> > > you want.
> > >
> > > For example, if you're using mysql, when user account expires you
> > > can add him to specific group and group attributes you can set in
> > > radgroupreply table. (ip pool, tx, rx limit etc.)
> > >
> > > On Jan 25, 2008 6:18 PM, Vlad Sedov <stereomind at gmail.com> wrote:
> > >> Hey folks.
> > >>
> > >> Right now, we use freeradius to authenticate simple pap/chap PPP
> > >> clients. When a username/password is rejected, radius simply send
> > >> back
> > >> a reject message to the NAS.
> > >>
> > >> Is it possible to change this behavior so that a failed auth attempt
> > >> gets accepted with an alternate IP pool instead of being rejected?
> > >>
> > >> the idea is to force suspended users through a web proxy that tells
> > >> them that they have a billing issue, instead of rejecting their
> > >> connection altogether.
> > >>
> > >>
> > >> Any help would be appreciated....
> > >>
> > >>
> > >> Vlad
> >
> >
> >
> > JB
> >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list