Hi. I knew how to make all you wrote above. I need to know how to accept customer, when sim-use rejected him.
Regards, Alexander. 2011/12/21 Fajar A. Nugraha <l...@fajar.net> > On Wed, Dec 21, 2011 at 5:29 AM, Fajar A. Nugraha <l...@fajar.net> wrote: > > On Wed, Dec 21, 2011 at 4:18 AM, Alexander Kosykh <avkos...@gmail.com> > wrote: > > >> I tried to do this in my config > > >> but radius answer is reject whatever and pppoe didn't up > > You know what, since you say it's pppoe, I can share a setup on my > environment that might be adaptable for you. > > The situation: > - pppoe > - IP address is (normally) allocated by nas, dynamically, using public > IP address > - AAA using freeradius > > The problem: > - we want disabled users to still be able to login, but they'd be > placed on a special network where they'd only be able to access an > info page (or, in your terms, "error page") > > The solution: > - setup a private IP pool on the NAS (e.g. 10.x.x.x) > - put disabled users in a special group (e.g. "disabled-users") > - setup sqlippool for that IP address pool (e.g. "disabled-users-pool") > - setup a special DNS server (any authoritative DNS server supporting > wildcard will do) that will resolve all DNS record to a special web > server. > - setup routing on the NAS so that the private IP pool can access the > DNS server and the web server, but it can't access public IP address > - add radgroupcheck entry for that group which points to the pool > (e.g. Pool-Name := "disabled-users-pool") > - add radgroupreply entry which will tell users to use the special DNS > server (e.g MS-Primary-DNS-Server := "10.0.0.10") > > That way, when a user in "disabled-users" group logs in, he'd get a > private IP address, and whatever address he typed in browser will > bring him to the info page. > > You might be able to adapt it to your needs by adding Pool-Name and > MS-Primary-DNS-Server attribute dynamically using unlang, based on an > sql query which checks whether a user is already logged in or not. > Somewhat complicated, but should work. > > If you're still having trouble understanding the example, better ask > an expert to help you. > > -- > Fajar > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html