Hi Todd, I am using FR & MySQL and have the following in my radgroupcheck table to limit my dialup customers from connecting to my dsl aggregators. I have created different Groups (dialup & dsl for simplicity). In the dialup group I have rule that reads:
ID: xxx GroupName: dialup Attribute: NAS-IP-Address OP: !~ Value: (xxx.xxx.xxx.4|xxx.xxx.xxx.2) This prevents any user in FR with a group of dialup from connecting to a NAS device with an IP of xxx.xxx.xxx.4 or .2 Hope this gives you an idea on where to limit your customers. Cheers, Jeff. -----Original Message----- From: freeradius-users-bounces+listacct=genhex....@lists.freeradius.org [mailto:freeradius-users-bounces+listacct=genhex....@lists.freeradius.org] On Behalf Of Paul Bartell Sent: Friday, December 19, 2008 1:26 PM To: FreeRadius users mailing list Subject: Re: Restricting dialup users to certain client definitions only You would use the Calling-Station-ID or Called-Station-ID checks in the groupcheck table. On Fri, Dec 19, 2008 at 9:48 AM, Todd R. <tjrl...@lightwavetech.com> wrote: > In a nutshell here is what I need to do, the long story is after the short > version if you are interested. > > ########Short version########## > > I want to restrict dialup users or a group of dialup users living within my > MySQL tables to certain clients or list of clients. > > So when a user who is only allowed access when coming from clients 1 and 2 > dials in and the request comes from client 3 he is denied access. > > I already do this with the crappy Windows based radius solution we have been > stuck on for years, surely I can accomplish the same with FR. > > Any help in a language which a total FR novice can understand would be > appreciated. > > > ######end short version######## > > > > > ########Long Version########### > > I have read the docs, the archives, the readmes, the examples etc. > > So far, I can't get a good handle on how to accomplish the following so I am > again asking for some guidance from the list. > > Here is my situation and what I need to accomplish, any help in getting this > done would be most appreciated. I don't mind doing the footwork, research > etc. to build a solution that will work but please keep in mind that I am a > total FR Newb and need this in dufus language :) > > For the last 8 years or so we have been using a dreaded windows based Radius > solution that we just couldn't get away from due to how much code we have > written around this horrible solution. Finally, it's time to just do it and > deal with the pain. > > What we have right now is several dialup wholesale > networks/carriers/aggregators who proxy the radius request to us, we then > decide to accept or deny the dialup user based on many things but of course > username/pass etc.. One of the things we use to determine if they get access > or not is which client they came from meaning which of our wholesale dialup > network's radius server (client) sent us the request. > > So, in short I need to accomplish the same thing on FR. > > Let's say I have 5 clients, their short names and IPs configured in my FR > clients file. > > I need to somehow decide within FR when the request comes in from client #1 > that this user (in Mysql table) is allowed to have access to that dialup > network. > > So: > > Joeuser from client1 = OK (allow user) > Joeuser from client2 = Not OK (deny user) > > I am guessing I should do something with groups within the SQL tables such > as assign joeuser to dialgroup1 which is then somehow allowed from client1 > or for that fact clients 1, 3 and 5 but not allowed to client2. > > I researched huntgroups but can't find much documentation on that, not sure > if that's were I need to go or?? > > Regards, > Todd R. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Random quote of the week/month/whenever i get to updating it: "Opportunity knocked. My doorman threw him out." - Adrienne Gusoff "At school you don't get parole, good behavior only brings a longer sentence." - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html