Hello,
Couple of questions:
I have freeradius-0.7.1 running on 2 linux boxes, at separate ISPs (ISP1
and ISP2). The two ISPs have different access numbers (three numbers
for ISP1, and one number for ISP2). Obviously each ISP has separate
/etc/passwd and /etc/shadow files, which implies separate users, right?
Now, all four access numbers are pointed to the same channelized T1s by
my telco. My telco uses a CVX for my access traffic. In my
/etc/raddb/users file, which lives on a server at IPS1, I check to see
if a user coming in has called the access number for ISP2, and if so, I
proxy them over to ISP2 for authentication; i.e.,
DEFAULT Called-Station-ID == "9286348077", Simultaneous-Use := 1,
Proxy-To-Realm := verdenet
Acct-Interim-Interval = 600,
Fall-Through = No
If the access number is one for ISP1 (i.e., not 9286348077), then it
falls through to the DEFAULT for IPS1. ISP1 also has a
'Simultaneous-Use := 1' default. This all works well, no complaints.
What I am trying to do is support the case where I have a user at IPS1
with the same username as a user at IPS2. For example, I have a user at
IPS1 with the username "grandma," and a user at ISP2 with the same
username. If one of the 'grandma' users is logged in, the other can not
login. I get around this by adding 2 entries in my /etc/raddb/users
file for 'grandma,' i.e.,
grandma Called-Station-ID == "9286348077", Simultaneous-Use :=
2, Proxy-To-Realm := verdenet
Acct-Interim-Interval = 600,
Fall-Through = No
grandma Auth-Type := System, Simultaneous-Use := 2
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = None,
Framed-MTU = 1500,
Acct-Interim-Interval = 600,
Framed-Compression = Van-Jacobsen-TCP-IP,
Idle-Timeout = 1800
This works, but it is not very elegant.
>From what I can read, freeradius just queries the CVX (in this case) for
the username and if it sees a session with that username, it will not
allow another one, correct?
How can I make freeradius check for the username AND the Called-Number?
I could probably do this in checkrad, if I knew where to look for the
vector coming back from the CVX, or I could do it in radiusd.c and
recompile.
I can't get checkrad to work though, that is, I turned debugging on, I
thought, in /usr/local/sbin/checkrad by setting
$debug = "/var/log/radius/checkrad.log";
but I get no traffic in /var/log/radius/checkrad.log, so it doesn't look
like checkrad is even being called.
Can some one help here please?
Thanks,
Murrah Boswell
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
