Scenario/Problem: ==============
Upon successful authentication of a user, have to send default WiMAX attribute (Initial Service Flow [ISF]) as part of "Access-Accept"; Only if specific WiMax attributes (user specific service flows) are *not* defined for the user in radreply; Example: ======= Let's assume our default ISF response should be: WiMAX-Packet-Data-Flow-Id 1 WiMAX-Service-Data-Flow-Id 1 WiMAX-Direction 2 WiMAX-Activation-Trigger 4 WiMAX-Transport-Type 1 WiMAX-Downlink-QOS-Id 1 WiMAX-Downlink-Classifier permit in any src any dst any WiMAX-QoS-Id 1 WiMAX-Schedule-Type 2 WiMAX-Traffic-Priority 1 WiMAX-Maximum-Sustained-Traffic-Rate 2200000 WiMAX-Minimum-Reserved-Traffic-Rate 1000 WiMAX-Transmission-Policy 208 And User "ABC" is configured to have below service flow response (in radreply), which is different from default ISF: WiMAX-Packet-Data-Flow-Id 111 WiMAX-Service-Data-Flow-Id 101 WiMAX-Direction 1 WiMAX-Activation-Trigger 4 WiMAX-Transport-Type 1 WiMAX-Uplink-QOS-Id 111 WiMAX-Uplink-Classifier permit in ip src any dst any 0-66 priority 3 WiMAX-Uplink-Classifier permit in ip src any dst any 69-65535 priority 3 WiMAX-QoS-Id 111 WiMAX-Schedule-Type 5 WiMAX-Traffic-Priority 1 WiMAX-Maximum-Sustained-Traffic-Rate 5500000 WiMAX-Minimum-Reserved-Traffic-Rate 0 WiMAX-Tolerated-Jitter 1000 WiMAX-Maximum-Latency 1000 WiMAX-Unsolicited-Grant-Interval 40 WiMAX-Transmission-Policy 211 Expected Response =============== 1) If User "ABC" successfully authenticates -> want to send only service flow configured above for "ABC". 2) If User other than ABC (say XYZ, 123, etc... for whom no service flow is configured in radreply) authenticates successfully (with default auth-type set to eap) -> want to send default IFS. Approach we took ============== 1) Added an entry in "radusergroup" table with username and groupname as "DEFAULT-IFS" +-------------+-------------+----------+ | username | groupname | priority | +-------------+-------------+----------+ | DEFAULT-ISF | DEFAULT-ISF | 1 | +-------------+-------------+----------+ 2) Added Default-IFS WiMAX attribute entries in "radgroupreply" table with groupname = "DEFAULT-IFS" 3) updated group_membership_query in dialup.conf file From: group_membership_query = "SELECT groupname \ FROM ${usergroup_table} \ WHERE username = '%{SQL-User-Name}' \ ORDER BY priority" To: group_membership_query = "SELECT groupname \ FROM ${usergroup_table} \ WHERE username = '%{SQL-User-Name}' \ OR (NOT EXISTS (select 1 from radreply where username='%{SQL-User-Name}') \ AND username='DEFAULT-ISF') \ ORDER BY priority" Question ======= The above approach works and provided the access-accept response we expected, but want to confirm if this is the correct approach to the scenario we described or is there a better way to handle this? Sorry for the long email, wanted to provide as much background as possible Thanks -Hanu
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html