(RADIATOR) Blocking based on Caller ID

[Brian]

I have some NAS boxes that are in City A, and some NAS boxes that are in
City B.  City A is long distance from City B.  I do not want users to be
able to dial from City A to City B.

What is the best way to handle this?  I don't want to put something on
each "user" in radius.  I would rather do something with clients/realms,
so that if a call comes into a CLIENT that is in City B, and it sees
caller id from City a, it drops the call.

Tell me if this sounds like the way to do it:

1. Assign clients of city A to realm "CityA".
2. Assign clients of city B to realm "CityB".
3. Make a DefaultCheck for Realm CityA to check the areacode of the call,
using regexp.
4. Make a Defaultcheck for Realm CityB to check the areacode of the call,
using regexp.

Is their a better way?


-
Brian Feeny (BF304) [EMAIL PROTECTED]   
318-222-2638 x 109  http://www.shreve.net/~signal  
Network Administrator   ShreveNet Inc. (ASN 11881)


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Blocking based on Caller ID

[Stuart Henderson]

 Is their a better way?

If you can implement caller id-based filtering in the nas that
will be better as it will avoid toll calls for your users to try
to get authenticated only to find it failing. (I think many
people would just try again, and again, if it comes back saying
'bad password' or similar).

Cheers
Stuart

===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Blocking based on Caller ID

[Mike McCauley]

On May 5,  5:45pm, Stuart Henderson wrote:
 Subject: Re: (RADIATOR) Blocking based on Caller ID
  Is their a better way?

 If you can implement caller id-based filtering in the nas that
 will be better as it will avoid toll calls for your users to try
 to get authenticated only to find it failing. (I think many
 people would just try again, and again, if it comes back saying
 'bad password' or similar).

That sounds like good advice.

If Brian did want to implement in Radiator, its probably best to use Handlers
rather than Realms. By checking a combination of NAS-IP-Address and
Calling-Station-Id, you should be able to discriminate between the ones you are
prepared to handle

Handler NAS-Ip-Address=10.11.12.13,Calling-Station-Id=/^403/
# This will handle calls into that NAS from numbers that start with 403
/Handler

Handler NAS-Ip-Address=11.11.12.13,Calling-Station-Id=/^201/
# This will handle calls into that NAS from numbers that start with 201
/Handler

Handler
# This will handle all the "illegal" combinations.
# without an AuthBy it will always reject
/Handler

Hope that helps.

Cheers.

-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.