Alan,
Thanks for your reply and sorry for my sluggishness in getting
back to you with more info...
Alan DeKok [EMAIL PROTECTED] wrote:
Yes. The server allows you nearly unlimited control over what to
look for, and what to do when it finds data of interest.
That is good to know :)
Your description is useful, but still a little vague. You describe
what you want, but not how the data is seen by the RADIUS server
(i.e. attributes).
Ok.. lets give this an other shot.. the setup I'm building is to
authenticate/authorize and account mobile users.
The user will specify his username (User-Name), his password
(User-Password) and the NAS is also configured to send the
MS-ISDN to the radius server which I'm told is send using
Calling-Station-ID.
Now the way I want this to work is that as soon as a request comes
in from the NAS the radius server will check Calling-Station-ID
against a list of known values and if no match is found it denies
the request.
If a match is found it will go on to check for a valid username
and password combination. If none is found it should reject the
session. If a match is found it should reply with the proper
attributes.
In an ideal situation I'd like to use realms and bind a group of
known Calling-Station-ID's to a specific realm. If this is not possible
than a generic list of Calling-Station-ID's for all users will also
work but is the less preferred solution.
So if I go thru the steps I get..
1. Check realm
a) no realm - reject
b) realm found go to 2
2. Check Calling-Station-ID
a) no match found for this realm - reject
b) match - go to 3
3. Check user+pass
a) no match - reject
b) match - return attribs for user
So in this situation:
realm test1:
- known cli's ,1112,1113
- known users [EMAIL PROTECTED] w/ pass moo
realm test2:
- known cli's ,2223,2224
- known users [EMAIL PROTECTED] w/ pass bla
If [EMAIL PROTECTED] tries to login with pass of moo coming from cli -1113
he is allow - any other cli will not be allowed.
I was the rlm_checkval module.. is this what I would use for this?
A sample configuration and users file entry would be really appreciated.
I hope this helps to clarify the issue,
Thanks,
- Jasper
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html