Freeradius Access-Reject to Access-Accept
vanish
vanishox at coltel.ru
Wed Mar 18 12:24:06 CET 2015
Hi, freeradius team!
I newbye in FR and need your help with next scheme.
I have:
- L2TP NAS (cisco ASR1013) + freeradius2 + sql DBase
I must realize next algorithm:
- User connect to L2TP bras
- Bras get from user login and chap password
- Bras send to FR access-request:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
rad_recv: Access-Request packet from host 10.10.10.10. port 1645,
id=228, length=133
Framed-Protocol = PPP
User-Name = "user1"
CHAP-Password = 0x018ca6f7913b5901e187a80e3f41c419c54465v565
Connect-Info = "100000000"
NAS-Port-Type = Virtual
...
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- FR in sql module into "authorize" section select special-data from
DBase by user-login.
... From here i need to realize next logic (as i see):
1. If user password is wrong - Freeradius must send to cisco
access-accept and next reply:
Cisco-Account-Info = "ARedirect_WRNG_PSSWRD"
(This is Cisco SSG Service for redirect user to web-portal)
2. If user password is OK, but Tariff_Plan not set - Freeradius must
send to cisco access-accept and next reply:
Cisco-Account-Info = "ARedirect_NO_PAY"
3. If user password is OK, and Tariff_Plan is OK - Freeradius must send
to cisco access-accept and next reply:
Cisco-Account-Info = "AInternet_xxxIN_xxxOUT"
In first and second steps - i must change access-reject to
access-accept with some reply message.
For example - if FR got from DBase:
- "1" - wrong password (1 paragraph)
- "2" - wrong tariff (2 paragraph)
- "cleartext password" - allright (3 paragraph)
can i in "authorize" section in module "sql" check return code from DB
and by this code change access-reject to access-accept with reply valid
service to cisco?
Help me please.
More information about the Freeradius-Users
mailing list