On Thu, 15 Apr 2004, Kostas Zorbadelos wrote: > At Wed, 14 Apr 2004 17:44:52 +0300 (EEST), > Kostas Kalevras wrote: > > > > Well now that i think of it, the module can't really help you on that subject. > > But in any case you can check the comments in the latest radiusd.conf, it's now > > part of the stable modules list. > > > > Is it in 0.9.3 release or in the cvs snapshot?
I think it's in raddb/experimental.conf in the 0.9.3 release In the latest cvs snapshot it's in radiusd.conf > > > As for your problem, you can just always set Simultaneous-Use = 1. For ISDN you > > just need to also set Port-Limit = 2 for the user to be able to use 2 channels. > > So everything should work just fine with just that. Just make sure that > > Port-Limit is only returned on ISDN connections, else a user can get 2 DSL > > connections from the PTT and do multilink PPP (just guessing i am not that > > familiar with how ADSL works, i think it just transmits PPP frames so it's > > possible). Since you are using LDAP something like this: > > > > --users-- > > > > DEFAULT NAS-Port-Type == ISDN, Ldap-Group == "adsl-users" > > Port-Limit := 2 > > > > Thanks Kostas. I am familiar with the Port-Limit attribute, in fact I > use it already in a profile for prepaid cards. But from the way I have > seen it works, it just instructs the router to allow a bundle > interface with up to 2 channels (if the value is 2). This way if someone has > value 0 in this attribute he won't be allowed to have a bundle > interface and every connection he will attempt with on demand ISDN or > ISDN 128 will fail. > However the authentication is independent of that. If an ISDN user > tries to get a second channel he will initiate an > authorization/authentication sequence normally and he will fail if > Simultaneous-Use is 1. > This is the way I believe things work, let me know if I am wrong. Read around line 683 in src/main/auth.c if you want source code details. In any case freeradius will use the Port-Limit attribute (if available) to determine if a user is allowed to open another channel on multilink connections (like 128 ISDN). So you can have simultaneous-use=1 to not allow double logins but port-limit=2 to allow a user to open a second channel on a multilink connection. > In any case thanks. > > > -- > Kostas Zorbadelos > Currently at: Otenet IT Department > mailto: [EMAIL PROTECTED] > > Out there in the darkness, out there in the night > out there in the starlight, one soul burns brighter > than a thousand suns. > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
