Simultaneous-use check but don't reject

Alexander Kosykh avkosykh at gmail.com
Wed Dec 21 06:56:57 CET 2011


Hi.

I knew how to make all you wrote above. I need to know how to accept
customer, when sim-use rejected him.

Regards,
Alexander.


2011/12/21 Fajar A. Nugraha <list at fajar.net>

> On Wed, Dec 21, 2011 at 5:29 AM, Fajar A. Nugraha <list at fajar.net> wrote:
> > On Wed, Dec 21, 2011 at 4:18 AM, Alexander Kosykh <avkosykh at gmail.com>
> wrote:
>
> >> I tried to do this in my config
>
> >> but radius answer is reject whatever and pppoe didn't up
>
> You know what, since you say it's pppoe, I can share a setup on my
> environment that might be adaptable for you.
>
> The situation:
> - pppoe
> - IP address is (normally) allocated by nas, dynamically, using public
> IP address
> - AAA using freeradius
>
> The problem:
> - we want disabled users to still be able to login, but they'd be
> placed on a special network where they'd only be able to access an
> info page (or, in your terms, "error page")
>
> The solution:
> - setup a private IP pool on the NAS (e.g. 10.x.x.x)
> - put disabled users in a special group (e.g. "disabled-users")
> - setup sqlippool for that IP address pool (e.g. "disabled-users-pool")
> - setup a special DNS server (any authoritative DNS server supporting
> wildcard will do) that will resolve all DNS record to a special web
> server.
> - setup routing on the NAS so that the private IP pool can access the
> DNS server and the web server, but it can't access public IP address
> - add radgroupcheck entry for that group which points to the pool
> (e.g. Pool-Name := "disabled-users-pool")
> - add radgroupreply entry which will tell users to use the special DNS
> server (e.g MS-Primary-DNS-Server := "10.0.0.10")
>
> That way, when a user in "disabled-users" group logs in, he'd get a
> private IP address, and whatever address he typed in browser will
> bring him to the info page.
>
> You might be able to adapt it to your needs by adding Pool-Name and
> MS-Primary-DNS-Server attribute dynamically using unlang, based on an
> sql query which checks whether a user is already logged in or not.
> Somewhat complicated, but should work.
>
> If you're still having trouble understanding the example, better ask
> an expert to help you.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111221/0e1c77bd/attachment.html>


More information about the Freeradius-Users mailing list