Hello, and a (hopefully) simple question

Vlad Sedov stereomind at gmail.com
Fri Jan 25 19:20:50 CET 2008 

Now that you mention it, the billing software _is_ getting replaced
some time soon, but until then I have to hack radius as a workaround.

Is it not possible to "Fall-Through" failed users to another section
with its own pool and auth-type: accept?



Vlad



On Jan 25, 2008 12:16 PM, Andy Billington
<billington.andy at googlemail.com> wrote:
> David - agreed. It's a workaround until the billing software can be
> modified (or replaced); in combination with an expiry_due check and
> also checking whether its the billing system that made the change
> though, its not a bad short-term workaround. Needs to be both of those
> checks though ;-)
> Andy
>
>
> On 25/01/2008, David Roze <david at netexpertise.eu> wrote:
> > A trigger on the password field is a workaround.
> > What about if he wants to change a user's password or when it changes back
> > to bring the connection back on?
> > Changing the password is not the right way to reject a connection and
> > everything possible should be done to change the software's behaviour.
> >
> > David Roze
> > ---
> > http://www.netexpertise.eu
> >
> >
> > -----Original Message-----
> > From: freeradius-users-bounces+david=netexpertise.eu at lists.freeradius.org
> > [mailto:freeradius-users-bounces+david=netexpertise.eu at lists.freeradius.org]
> > On Behalf Of Andy Billington
> > Sent: 25 January 2008 18:58
> > To: FreeRadius users mailing list
> > Subject: Re: Hello, and a (hopefully) simple question
> >
> > Vlad,
> > are the passwords changed _by the billing system_ for any other
> > reason? You could use a trigger on the table to make a corresponding
> > change on the usergroup when the billing system changes the password.
> >
> > Better though might just be to have a "Expiry Due?" column added to
> > the users, and then have "if expiry_due AND if password changed, then
> > change usergroup" triggered. You'll have to have a way to keep track
> > of expiration dates and so on
> >
> > Vlad,
> > are the passwords changed by the billing system for any other reason?
> > You could use a trigger on the table to make a corresponding change on
> > the usergroup when a billing system changes the password.
> >
> > Better though might just be to have a "Expired Yes/No" column added to
> > the users, and then have "if expired AND password changed, then change
> > usergroup" triggered. You'll have to have a way to keep track of
> > expiration dates and so on but if the renewals are for a standard
> > period (e.g. 12 months) then you could do
> >
> > a. if expiry_due and password changed, change usergroup (and hence ip etc)
> >
> > b. if expired, password changed already and then password changed
> > again, change usergroup back to normal on assumption that billing
> > system has reset password when payment received. Reset expiry_due to
> > today() plus 12 months
> >
> > Then again I'm probably looking at database level stuff when
> > FreeRADIUS will provide a better way using the many bits of it I dont
> > understand ;-)
> > Andy
> >
> >
> >
> >
> >
> > On 25/01/2008, Vlad Sedov <stereomind at gmail.com> wrote:
> > > Well, what I'm trying to do is accept the session whether the password
> > > is correct or not, but if it's not correct, assign Framed-IP-Address
> > > from a different IP pool, so our firewall downstream from the NAS can
> > > redirect their HTTP traffic to a payment site.
> > >
> > >
> > > Vlad
> > >
> > >
> > > On Jan 25, 2008 11:27 AM, JB <list.freeradius at mac.com> wrote:
> > > > If it's just a message you want to display, you could use the Reply-
> > > > Message attribute.
> > > > Of course, your access controler would have to know how handle this
> > > > attribute.
> > > >
> > > > JB
> > > >
> > > >
> > > > Marinko Tarlac wrote:
> > > >
> > > > > radius will reply whatever you need but you need to tell him what do
> > > > > you want.
> > > > >
> > > > > For example, if you're using mysql, when user account expires you
> > > > > can add him to specific group and group attributes you can set in
> > > > > radgroupreply table. (ip pool, tx, rx limit etc.)
> > > > >
> > > > > On Jan 25, 2008 6:18 PM, Vlad Sedov <stereomind at gmail.com> wrote:
> > > > >> Hey folks.
> > > > >>
> > > > >> Right now, we use freeradius to authenticate simple pap/chap PPP
> > > > >> clients. When a username/password is rejected, radius simply send
> > > > >> back
> > > > >> a reject message to the NAS.
> > > > >>
> > > > >> Is it possible to change this behavior so that a failed auth attempt
> > > > >> gets accepted with an alternate IP pool instead of being rejected?
> > > > >>
> > > > >> the idea is to force suspended users through a web proxy that tells
> > > > >> them that they have a billing issue, instead of rejecting their
> > > > >> connection altogether.
> > > > >>
> > > > >>
> > > > >> Any help would be appreciated....
> > > > >>
> > > > >>
> > > > >> Vlad
> > > >
> > > >
> > > >
> > > > JB
> > > >
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list