David - agreed. It's a workaround until the billing software can be modified (or replaced); in combination with an expiry_due check and also checking whether its the billing system that made the change though, its not a bad short-term workaround. Needs to be both of those checks though ;-) Andy
On 25/01/2008, David Roze <[EMAIL PROTECTED]> wrote: > A trigger on the password field is a workaround. > What about if he wants to change a user's password or when it changes back > to bring the connection back on? > Changing the password is not the right way to reject a connection and > everything possible should be done to change the software's behaviour. > > David Roze > --- > http://www.netexpertise.eu > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Andy Billington > Sent: 25 January 2008 18:58 > To: FreeRadius users mailing list > Subject: Re: Hello, and a (hopefully) simple question > > Vlad, > are the passwords changed _by the billing system_ for any other > reason? You could use a trigger on the table to make a corresponding > change on the usergroup when the billing system changes the password. > > Better though might just be to have a "Expiry Due?" column added to > the users, and then have "if expiry_due AND if password changed, then > change usergroup" triggered. You'll have to have a way to keep track > of expiration dates and so on > > Vlad, > are the passwords changed by the billing system for any other reason? > You could use a trigger on the table to make a corresponding change on > the usergroup when a billing system changes the password. > > Better though might just be to have a "Expired Yes/No" column added to > the users, and then have "if expired AND password changed, then change > usergroup" triggered. You'll have to have a way to keep track of > expiration dates and so on but if the renewals are for a standard > period (e.g. 12 months) then you could do > > a. if expiry_due and password changed, change usergroup (and hence ip etc) > > b. if expired, password changed already and then password changed > again, change usergroup back to normal on assumption that billing > system has reset password when payment received. Reset expiry_due to > today() plus 12 months > > Then again I'm probably looking at database level stuff when > FreeRADIUS will provide a better way using the many bits of it I dont > understand ;-) > Andy > > > > > > On 25/01/2008, Vlad Sedov <[EMAIL PROTECTED]> wrote: > > Well, what I'm trying to do is accept the session whether the password > > is correct or not, but if it's not correct, assign Framed-IP-Address > > from a different IP pool, so our firewall downstream from the NAS can > > redirect their HTTP traffic to a payment site. > > > > > > Vlad > > > > > > On Jan 25, 2008 11:27 AM, JB <[EMAIL PROTECTED]> wrote: > > > If it's just a message you want to display, you could use the Reply- > > > Message attribute. > > > Of course, your access controler would have to know how handle this > > > attribute. > > > > > > JB > > > > > > > > > Marinko Tarlac wrote: > > > > > > > radius will reply whatever you need but you need to tell him what do > > > > you want. > > > > > > > > For example, if you're using mysql, when user account expires you > > > > can add him to specific group and group attributes you can set in > > > > radgroupreply table. (ip pool, tx, rx limit etc.) > > > > > > > > On Jan 25, 2008 6:18 PM, Vlad Sedov <[EMAIL PROTECTED]> wrote: > > > >> Hey folks. > > > >> > > > >> Right now, we use freeradius to authenticate simple pap/chap PPP > > > >> clients. When a username/password is rejected, radius simply send > > > >> back > > > >> a reject message to the NAS. > > > >> > > > >> Is it possible to change this behavior so that a failed auth attempt > > > >> gets accepted with an alternate IP pool instead of being rejected? > > > >> > > > >> the idea is to force suspended users through a web proxy that tells > > > >> them that they have a billing issue, instead of rejecting their > > > >> connection altogether. > > > >> > > > >> > > > >> Any help would be appreciated.... > > > >> > > > >> > > > >> Vlad > > > > > > > > > > > > JB > > > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html