implementing network authentication
Randeep
randeep123 at gmail.com
Wed Jun 10 08:40:58 CEST 2015
Hi,
I have been following this paper
<https://www.academia.edu/3415850/PPPoE_With_Mikrotik_and_Radius> for
implementing the Mikrotik+freeradius+mysql. I have a few questions please
have a look.
1.
The attributes of the Internet connection of a client (IP, GW, DNS,
bandwidth, etc.) can be defined in the radius database or in the profile of
the client in MikroTik. In this case, if we are specifying these values in
radius, where we can specify it? and which is better. In radius or mikrotik?
2.
if we are using PPPPoE, where we can specify the ippool. I have seen one
ippool.sql and ippool.conf. But is this for the local ip pool or the public
ip pool. Where we can specify public ip pool and how this 1 to 8 or 1 to 24
mapping can be done?
3.
In the example initially we created the profile and the user credentials
in the mikrotik. But later we changed the authentication to the radius. But
the profile is still in mikrotik. How we can specify profile in radius. or
pass the profile information to the mikrotik?
4.
In one pppoe service only one profile is supported?
5.
Services were created in the RM in this example. Suppose if I have to
create different plans and map the user to a particular plan, this plan I
have to create in which table? radacc or radreply or radcheck?
6.
counter can automatically check how much the data is consumed and it can
check with the service plan max limit and work accordingly? for this I have
to write query in the counter.conf only?
7.
is it possible to do pppoe and api based authentication by giving
username and password together?
Thanks a lot for your time. Please guide me. All the suggestions are much
appreciated.
Best regards,
Randeep
On Thu, May 28, 2015 at 10:39 AM, Randeep <randeep123 at gmail.com> wrote:
> Thanks a lot Arran.
>
> I'll check these.
>
> Thanks again.
>
> Regards,
> Randeep
>
> On Thu, May 28, 2015 at 2:19 AM, Arran Cudbard-Bell <
> a.cudbardb at freeradius.org> wrote:
>
>>
>> > The issues are:
>> > I couldn't find any apis for the freeradius to create the plans or
>> create
>> > the users or specify the plan details. How can I do this?
>>
>> You write your own which interfaces with one of the supported backends,
>> ldap, sql, redis, flatfiles etc.
>>
>> > We will be using mysql along with FreeRadius.
>> > What I understood from the google is the radius will send the VSA to the
>> > NAS for limiting the user access. But from where the FreeRadius will get
>> > these values?
>>
>> mysql
>>
>> > Can we write this to the mysql tables?
>>
>> Yes. Use the radcheck/radreply tables from the schema that ships with the
>> server.
>>
>> > And I learned that the NAS will update the Radius about the usage
>> > periodically. But to which table in FreeRadius this will be written?
>>
>> radacct
>>
>> > And will the freeRadius will compare the total data the user consumed
>> and
>> > his limit when the radius validate the next request from the user? Is
>> there
>> > any rules we need to write for this?
>>
>> yes. But it's deployment specific. Generally you perform the check when
>> receiving an Accounting-Request and do something when the use is
>> overlimit.
>>
>> The something might be sending a disconnect-request to the NAS.
>>
>> > We would like to use PPPoE for auth. We have to run the PPPoE on
>> Mikrotik?
>> > also the ip pools we have to allot there?
>>
>> You can do either. If you use pools on the server the IP address is
>> returned
>> in the Framed-IP-Address attribute.
>>
>> > And we would like to do two kind of logins.
>> > 1. A browser page redirection when the user tries to start using
>> interent.
>> > Which asks for password and username.
>> > 2. PPPoE dialer for android
>> >
>> > Can you guys please clear these or suggest if any other better scenario
>> for
>> > implementing this kind of solution?
>>
>> That's outside the scope of this mailing list.
>>
>> -Arran
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>
> --
> Randeep
> Mob: +919447831699[kerala]
> Mob: +919880050349[B'lore]
> http://twitter.com/Randeeppr
> http://in.linkedin.com/in/randeeppr
>
> [image: --]
> Randeep Raman
> [image: http://]about.me/Randeeppr
> <http://about.me/Randeeppr>
>
>
--
Randeep
Mob: +919447831699[kerala]
Mob: +919880050349[B'lore]
http://twitter.com/Randeeppr
http://in.linkedin.com/in/randeeppr
[image: --]
Randeep Raman
[image: http://]about.me/Randeeppr
<http://about.me/Randeeppr>
More information about the Freeradius-Users
mailing list