My apologies to Alan who also responded and I seem to have not gotten his original message (regarding using rlm_passwd for the groups). I'll be investigating that as well.
Thanks again for your help! Brian On Thu, 23 Feb 2006, Galloway, David Mr KRS wrote: > I just worked this out yesterday. > > Best way for me (I found) was to create two groups (one is pubnet-dialup the > other is pubnet-extend) > > I set this in the /etc/raddb/users file > > > # Authentication for pubnet-dialup group > DEFAULT Auth-Type = System, Group == "pubnet-dialup" > Fall-Through = 1 > > > # authentication for pubnet-extend group > DEFAULT Auth-Type = System, Group == "pubnet-extend" > Fall-Through = 1 > > > > # Defaults for all framed connections. > # > # sets timeout for group "pubnet-dialup" > DEFAULT Service-Type == Framed-User, Group == "pubnet-dialup" > Framed-IP-Address = 255.255.255.254, > Framed-MTU = 576, > Service-Type = Framed-User, > Session-Timeout = 14400, > Idle-Timeout = 1800, > Fall-Through = Yes > > # Sets timeout for group "pubnet-extend" > DEFAULT Service-Type == Framed-User, Group == "pubnet-extend" > Framed-IP-Address = 255.255.255.254, > Framed-MTU = 576, > Service-Type = Framed-User, > Session-Timeout = 28800, > Idle-Timeout = 1800, > Fall-Through = Yes > > > > > > I authenticate against two groups. Then set the timeouts per each group > (first is for 4 hours, second 8). > > > Hope that helps. > > > Regards, > > > David Galloway > Public Networks Administration > KRS IT Network Operations > Help Desk (805) 355-2444 > Direct (805) 355-4512 > > -----Original Message----- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > us.org] On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, February 23, 2006 3:43 AM > To: freeradius-users@lists.freeradius.org > Subject: on the right track? > > Hello all! > > I've tried to search the web and the archives for an answer to this question > and didn't come up with anything, so I hope I'm not duplicating a question > that's already been answered. > > Currently, where I work, we run two modem pools. One pool is limited to > certain users who are allowed to connect up to 8 hrs at a time. The other > pool is for general users who are given 15 min to quickly check email or > search for something on the web (fwiw, they're allowed to reconnect after > their time is up....). > > As broadband has become more available, less and less users are using the > modem pool. We still have a handful of people from both groups who are > still using it. So, in the interest to provide the service for the people > still using it while not paying for unused lines, we're trying to > consolidate things. > > We have a Cisco AS5300 terminal server that already uses freeradius w/ > kerberos to authenticate users. We would like to take that a step further > and use freeradius to limit usage time based on the user name (certain users > are allowed 8hrs while all others are given 15min). > > Looking over the config files in /etc/raddb, it appears the attrs file is > just what I need to use. Would I be able to use a combination of huntgroups > and the attrs file to accomplish what I need? I know in the documentation > for the "fisp" entry, it talks about not having a Fall-Through entry. Does > that mean it CANNOT have a Fall-Through entry, or that the given example > does not? Am I on the right track with this, or should I look elsewhere? > > Thanks for your help! > > Brian > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html