Scenario/Problem:
==============
Upon successful authentication of a user, have to send default WiMAX attribute
(Initial Service Flow [ISF]) as part of "Access-Accept"; Only if specific WiMax
attributes (user specific service flows) are *not* defined for the user in
radreply;
Example:
=======
Let's assume our default ISF response should be:
WiMAX-Packet-Data-Flow-Id 1
WiMAX-Service-Data-Flow-Id 1
WiMAX-Direction 2
WiMAX-Activation-Trigger 4
WiMAX-Transport-Type 1
WiMAX-Downlink-QOS-Id 1
WiMAX-Downlink-Classifier permit in any src any dst any
WiMAX-QoS-Id 1
WiMAX-Schedule-Type 2
WiMAX-Traffic-Priority 1
WiMAX-Maximum-Sustained-Traffic-Rate 2200000
WiMAX-Minimum-Reserved-Traffic-Rate 1000
WiMAX-Transmission-Policy 208
And User "ABC" is configured to have below service flow response (in radreply),
which is different from default ISF:
WiMAX-Packet-Data-Flow-Id 111
WiMAX-Service-Data-Flow-Id 101
WiMAX-Direction 1
WiMAX-Activation-Trigger 4
WiMAX-Transport-Type 1
WiMAX-Uplink-QOS-Id 111
WiMAX-Uplink-Classifier permit in ip src any dst any 0-66
priority 3
WiMAX-Uplink-Classifier permit in ip src any dst any
69-65535 priority 3
WiMAX-QoS-Id 111
WiMAX-Schedule-Type 5
WiMAX-Traffic-Priority 1
WiMAX-Maximum-Sustained-Traffic-Rate 5500000
WiMAX-Minimum-Reserved-Traffic-Rate 0
WiMAX-Tolerated-Jitter 1000
WiMAX-Maximum-Latency 1000
WiMAX-Unsolicited-Grant-Interval 40
WiMAX-Transmission-Policy 211
Expected Response
===============
1) If User "ABC" successfully authenticates -> want to send only service
flow configured above for "ABC".
2) If User other than ABC (say XYZ, 123, etc... for whom no service flow
is configured in radreply) authenticates successfully (with default auth-type
set to eap) -> want to send default IFS.
Approach we took
==============
1) Added an entry in "radusergroup" table with username and groupname as
"DEFAULT-IFS"
+-------------+-------------+----------+
| username | groupname | priority |
+-------------+-------------+----------+
| DEFAULT-ISF | DEFAULT-ISF | 1 |
+-------------+-------------+----------+
2) Added Default-IFS WiMAX attribute entries in "radgroupreply" table with
groupname = "DEFAULT-IFS"
3) updated group_membership_query in dialup.conf file
From:
group_membership_query = "SELECT groupname \
FROM ${usergroup_table} \
WHERE username = '%{SQL-User-Name}' \
ORDER BY priority"
To:
group_membership_query = "SELECT groupname \
FROM ${usergroup_table} \
WHERE username = '%{SQL-User-Name}' \
OR (NOT EXISTS (select 1 from radreply where
username='%{SQL-User-Name}') \
AND username='DEFAULT-ISF') \
ORDER BY priority"
Question
=======
The above approach works and provided the access-accept response we expected,
but want to confirm if this is the correct approach to the scenario we
described or is there a better way to handle this?
Sorry for the long email, wanted to provide as much background as possible
Thanks
-Hanu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
