Alan,
Thanks for your reply and sorry for my sluggishness in getting
back to you with more info...
Alan DeKok [EMAIL PROTECTED] wrote:
> Yes. The server allows you nearly unlimited control over what to
> look for, and what to do when it finds data of interest.
That is good to know :)
> Your description is useful, but still a little vague. You describe
> what you want, but not how the data is seen by the RADIUS server
> (i.e. attributes).
Ok.. lets give this an other shot.. the setup I'm building is to
authenticate/authorize and account mobile users.
The user will specify his username (User-Name), his password
(User-Password) and the NAS is also configured to send the
MS-ISDN to the radius server which I'm told is send using
Calling-Station-ID.
Now the way I want this to work is that as soon as a request comes
in from the NAS the radius server will check Calling-Station-ID
against a list of known values and if no match is found it denies
the request.
If a match is found it will go on to check for a valid username
and password combination. If none is found it should reject the
session. If a match is found it should reply with the proper
attributes.
In an ideal situation I'd like to use realms and bind a group of
known Calling-Station-ID's to a specific realm. If this is not possible
than a generic list of Calling-Station-ID's for all users will also
work but is the less preferred solution.
So if I go thru the steps I get..
1. Check realm
a) no realm - reject
b) realm found go to 2
2. Check Calling-Station-ID
a) no match found for this realm - reject
b) match - go to 3
3. Check user+pass
a) no match - reject
b) match - return attribs for user
So in this situation:
realm test1:
- known cli's 1111,1112,1113
- known users [EMAIL PROTECTED] w/ pass moo
realm test2:
- known cli's 2222,2223,2224
- known users [EMAIL PROTECTED] w/ pass bla
If [EMAIL PROTECTED] tries to login with pass of moo coming from cli 1111-1113
he is allow - any other cli will not be allowed.
I was the rlm_checkval module.. is this what I would use for this?
A sample configuration and users file entry would be really appreciated.
I hope this helps to clarify the issue,
Thanks,
- Jasper
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
