users lookup and another question

Fri, 27 Sep 2002 02:13:19 -0700 

Hi!

My users authenticated  with mschap module.
All users separated on 2 groups: "fast", and "slow".
They all can dial to one of many NAS.
Framed-IP-Address depend on NAS-IP-Address and user group.
I plan to user ippool module for Framed-IP-Address assigning.

So I need in general "NAS-quantity" X "group-quantity" pools.

My question is How radius can assign ippool?

I try to make this via users-file as shown below.

there is my /etc/raddb/users:

1: user0  User-Category := "fast"
2:       Fall-Through = 1
3:
4: user1   User-Category := "fast"
5:        Fall-Through = 1
6:
7: user2  User-Category := "slow"
8:        Fall-Through = 1
9:
10:DEFAULT User-Category == "slow", Pool-Name := "ippool-1-slow"
11:     Fall-Through = 1
12:
13:DEFAULT User-Category == "fast", Pool-Name := "ippool-1-fast"
14:     Fall-Through = 1
15:
16:DEFAULT       Service-Type == Framed-User
17:     Framed-MTU = 1500,
18:     Service-Type = Framed-User
  

debug output is:

Thread 1 handling request 0, (1 handled so far)
        Service-Type = Framed-User
        Framed-Protocol = PPP
        User-Name = "user1"
        MS-CHAP-Challenge = ....................
        MS-CHAP2-Response = ......................................
        NAS-IP-Address = 192.168.0.5
        NAS-Port = 0
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: password-of-user1
rlm_passwd: Added Group-Name: fast
rlm_passwd: Adding Auth-Type: MS-CHAP
  modcall[authorize]: module "raddb_userlist" returns ok
  modcall[authorize]: module "mschap" returns ok
    users: Matched user1 at 4
    users: Matched DEFAULT at 16

I think there have to be match at 13 line. But it isn't so. Why?

How slow will work such check with 500 users in /etc/raddb/users file?
Each user will described by 2 lines like:
 user0  User-Category := "fast"
       Fall-Through = 1


My other way was to create group-like file with format
groupname:::username
module rlm_unix can set Group attribute in appropriate value.
but it does not called in authenticate section because auth-type is
MS-CHAP after mschap module call in authorize section.
Can i force calling rlm_unix module in authenticate section when
Auth-Type == "MS-CHAP" ?


Thanks in advance!

Mike.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to