Now that you mention it, the billing software _is_ getting replaced some time soon, but until then I have to hack radius as a workaround.
Is it not possible to "Fall-Through" failed users to another section with its own pool and auth-type: accept? Vlad On Jan 25, 2008 12:16 PM, Andy Billington <[EMAIL PROTECTED]> wrote: > David - agreed. It's a workaround until the billing software can be > modified (or replaced); in combination with an expiry_due check and > also checking whether its the billing system that made the change > though, its not a bad short-term workaround. Needs to be both of those > checks though ;-) > Andy > > > On 25/01/2008, David Roze <[EMAIL PROTECTED]> wrote: > > A trigger on the password field is a workaround. > > What about if he wants to change a user's password or when it changes back > > to bring the connection back on? > > Changing the password is not the right way to reject a connection and > > everything possible should be done to change the software's behaviour. > > > > David Roze > > --- > > http://www.netexpertise.eu > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > On Behalf Of Andy Billington > > Sent: 25 January 2008 18:58 > > To: FreeRadius users mailing list > > Subject: Re: Hello, and a (hopefully) simple question > > > > Vlad, > > are the passwords changed _by the billing system_ for any other > > reason? You could use a trigger on the table to make a corresponding > > change on the usergroup when the billing system changes the password. > > > > Better though might just be to have a "Expiry Due?" column added to > > the users, and then have "if expiry_due AND if password changed, then > > change usergroup" triggered. You'll have to have a way to keep track > > of expiration dates and so on > > > > Vlad, > > are the passwords changed by the billing system for any other reason? > > You could use a trigger on the table to make a corresponding change on > > the usergroup when a billing system changes the password. > > > > Better though might just be to have a "Expired Yes/No" column added to > > the users, and then have "if expired AND password changed, then change > > usergroup" triggered. You'll have to have a way to keep track of > > expiration dates and so on but if the renewals are for a standard > > period (e.g. 12 months) then you could do > > > > a. if expiry_due and password changed, change usergroup (and hence ip etc) > > > > b. if expired, password changed already and then password changed > > again, change usergroup back to normal on assumption that billing > > system has reset password when payment received. Reset expiry_due to > > today() plus 12 months > > > > Then again I'm probably looking at database level stuff when > > FreeRADIUS will provide a better way using the many bits of it I dont > > understand ;-) > > Andy > > > > > > > > > > > > On 25/01/2008, Vlad Sedov <[EMAIL PROTECTED]> wrote: > > > Well, what I'm trying to do is accept the session whether the password > > > is correct or not, but if it's not correct, assign Framed-IP-Address > > > from a different IP pool, so our firewall downstream from the NAS can > > > redirect their HTTP traffic to a payment site. > > > > > > > > > Vlad > > > > > > > > > On Jan 25, 2008 11:27 AM, JB <[EMAIL PROTECTED]> wrote: > > > > If it's just a message you want to display, you could use the Reply- > > > > Message attribute. > > > > Of course, your access controler would have to know how handle this > > > > attribute. > > > > > > > > JB > > > > > > > > > > > > Marinko Tarlac wrote: > > > > > > > > > radius will reply whatever you need but you need to tell him what do > > > > > you want. > > > > > > > > > > For example, if you're using mysql, when user account expires you > > > > > can add him to specific group and group attributes you can set in > > > > > radgroupreply table. (ip pool, tx, rx limit etc.) > > > > > > > > > > On Jan 25, 2008 6:18 PM, Vlad Sedov <[EMAIL PROTECTED]> wrote: > > > > >> Hey folks. > > > > >> > > > > >> Right now, we use freeradius to authenticate simple pap/chap PPP > > > > >> clients. When a username/password is rejected, radius simply send > > > > >> back > > > > >> a reject message to the NAS. > > > > >> > > > > >> Is it possible to change this behavior so that a failed auth attempt > > > > >> gets accepted with an alternate IP pool instead of being rejected? > > > > >> > > > > >> the idea is to force suspended users through a web proxy that tells > > > > >> them that they have a billing issue, instead of rejecting their > > > > >> connection altogether. > > > > >> > > > > >> > > > > >> Any help would be appreciated.... > > > > >> > > > > >> > > > > >> Vlad > > > > > > > > > > > > > > > > JB > > > > > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html