Hello, and a (hopefully) simple question

Andy Billington billington.andy at googlemail.com
Fri Jan 25 19:16:17 CET 2008


David - agreed. It's a workaround until the billing software can be
modified (or replaced); in combination with an expiry_due check and
also checking whether its the billing system that made the change
though, its not a bad short-term workaround. Needs to be both of those
checks though ;-)
Andy

On 25/01/2008, David Roze <david at netexpertise.eu> wrote:
> A trigger on the password field is a workaround.
> What about if he wants to change a user's password or when it changes back
> to bring the connection back on?
> Changing the password is not the right way to reject a connection and
> everything possible should be done to change the software's behaviour.
>
> David Roze
> ---
> http://www.netexpertise.eu
>
>
> -----Original Message-----
> From: freeradius-users-bounces+david=netexpertise.eu at lists.freeradius.org
> [mailto:freeradius-users-bounces+david=netexpertise.eu at lists.freeradius.org]
> On Behalf Of Andy Billington
> Sent: 25 January 2008 18:58
> To: FreeRadius users mailing list
> Subject: Re: Hello, and a (hopefully) simple question
>
> Vlad,
> are the passwords changed _by the billing system_ for any other
> reason? You could use a trigger on the table to make a corresponding
> change on the usergroup when the billing system changes the password.
>
> Better though might just be to have a "Expiry Due?" column added to
> the users, and then have "if expiry_due AND if password changed, then
> change usergroup" triggered. You'll have to have a way to keep track
> of expiration dates and so on
>
> Vlad,
> are the passwords changed by the billing system for any other reason?
> You could use a trigger on the table to make a corresponding change on
> the usergroup when a billing system changes the password.
>
> Better though might just be to have a "Expired Yes/No" column added to
> the users, and then have "if expired AND password changed, then change
> usergroup" triggered. You'll have to have a way to keep track of
> expiration dates and so on but if the renewals are for a standard
> period (e.g. 12 months) then you could do
>
> a. if expiry_due and password changed, change usergroup (and hence ip etc)
>
> b. if expired, password changed already and then password changed
> again, change usergroup back to normal on assumption that billing
> system has reset password when payment received. Reset expiry_due to
> today() plus 12 months
>
> Then again I'm probably looking at database level stuff when
> FreeRADIUS will provide a better way using the many bits of it I dont
> understand ;-)
> Andy
>
>
>
>
>
> On 25/01/2008, Vlad Sedov <stereomind at gmail.com> wrote:
> > Well, what I'm trying to do is accept the session whether the password
> > is correct or not, but if it's not correct, assign Framed-IP-Address
> > from a different IP pool, so our firewall downstream from the NAS can
> > redirect their HTTP traffic to a payment site.
> >
> >
> > Vlad
> >
> >
> > On Jan 25, 2008 11:27 AM, JB <list.freeradius at mac.com> wrote:
> > > If it's just a message you want to display, you could use the Reply-
> > > Message attribute.
> > > Of course, your access controler would have to know how handle this
> > > attribute.
> > >
> > > JB
> > >
> > >
> > > Marinko Tarlac wrote:
> > >
> > > > radius will reply whatever you need but you need to tell him what do
> > > > you want.
> > > >
> > > > For example, if you're using mysql, when user account expires you
> > > > can add him to specific group and group attributes you can set in
> > > > radgroupreply table. (ip pool, tx, rx limit etc.)
> > > >
> > > > On Jan 25, 2008 6:18 PM, Vlad Sedov <stereomind at gmail.com> wrote:
> > > >> Hey folks.
> > > >>
> > > >> Right now, we use freeradius to authenticate simple pap/chap PPP
> > > >> clients. When a username/password is rejected, radius simply send
> > > >> back
> > > >> a reject message to the NAS.
> > > >>
> > > >> Is it possible to change this behavior so that a failed auth attempt
> > > >> gets accepted with an alternate IP pool instead of being rejected?
> > > >>
> > > >> the idea is to force suspended users through a web proxy that tells
> > > >> them that they have a billing issue, instead of rejecting their
> > > >> connection altogether.
> > > >>
> > > >>
> > > >> Any help would be appreciated....
> > > >>
> > > >>
> > > >> Vlad
> > >
> > >
> > >
> > > JB
> > >
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> > >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list