A trigger on the password field is a workaround. What about if he wants to change a user's password or when it changes back to bring the connection back on? Changing the password is not the right way to reject a connection and everything possible should be done to change the software's behaviour.
David Roze --- http://www.netexpertise.eu -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andy Billington Sent: 25 January 2008 18:58 To: FreeRadius users mailing list Subject: Re: Hello, and a (hopefully) simple question Vlad, are the passwords changed _by the billing system_ for any other reason? You could use a trigger on the table to make a corresponding change on the usergroup when the billing system changes the password. Better though might just be to have a "Expiry Due?" column added to the users, and then have "if expiry_due AND if password changed, then change usergroup" triggered. You'll have to have a way to keep track of expiration dates and so on Vlad, are the passwords changed by the billing system for any other reason? You could use a trigger on the table to make a corresponding change on the usergroup when a billing system changes the password. Better though might just be to have a "Expired Yes/No" column added to the users, and then have "if expired AND password changed, then change usergroup" triggered. You'll have to have a way to keep track of expiration dates and so on but if the renewals are for a standard period (e.g. 12 months) then you could do a. if expiry_due and password changed, change usergroup (and hence ip etc) b. if expired, password changed already and then password changed again, change usergroup back to normal on assumption that billing system has reset password when payment received. Reset expiry_due to today() plus 12 months Then again I'm probably looking at database level stuff when FreeRADIUS will provide a better way using the many bits of it I dont understand ;-) Andy On 25/01/2008, Vlad Sedov <[EMAIL PROTECTED]> wrote: > Well, what I'm trying to do is accept the session whether the password > is correct or not, but if it's not correct, assign Framed-IP-Address > from a different IP pool, so our firewall downstream from the NAS can > redirect their HTTP traffic to a payment site. > > > Vlad > > > On Jan 25, 2008 11:27 AM, JB <[EMAIL PROTECTED]> wrote: > > If it's just a message you want to display, you could use the Reply- > > Message attribute. > > Of course, your access controler would have to know how handle this > > attribute. > > > > JB > > > > > > Marinko Tarlac wrote: > > > > > radius will reply whatever you need but you need to tell him what do > > > you want. > > > > > > For example, if you're using mysql, when user account expires you > > > can add him to specific group and group attributes you can set in > > > radgroupreply table. (ip pool, tx, rx limit etc.) > > > > > > On Jan 25, 2008 6:18 PM, Vlad Sedov <[EMAIL PROTECTED]> wrote: > > >> Hey folks. > > >> > > >> Right now, we use freeradius to authenticate simple pap/chap PPP > > >> clients. When a username/password is rejected, radius simply send > > >> back > > >> a reject message to the NAS. > > >> > > >> Is it possible to change this behavior so that a failed auth attempt > > >> gets accepted with an alternate IP pool instead of being rejected? > > >> > > >> the idea is to force suspended users through a web proxy that tells > > >> them that they have a billing issue, instead of rejecting their > > >> connection altogether. > > >> > > >> > > >> Any help would be appreciated.... > > >> > > >> > > >> Vlad > > > > > > > > JB > > > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
