|
List, I am running FreeRadius with a MySQL backend.
Everything seems to be working fine except one thing… I am in a pass-through radius environment. We buy dialup through a wholesaler that
aggregates service on multiple dial networks. Radius requests are proxied
from their radius to mine. When
these requests come to our server, a “Network” attribute is sent
that tells my server which network they are on. It is usually something like “Network=qw” or “Network=uu”. I then have entries in radgroupcheck table that specify correspond these network
attributes with Radius groups. Each
user has an entry in the Usergroup table that says
what network they are supposed to be on.
So, when a user logs in from the Qwest network, the proper attributes
are returned so that mail will work etc. because the system returns the QW
group reply attributes I have setup.
Additionally, this configuration prevents users from logging in on the
wrong dialup network. The problem is, for one network, UU Net, depending on where
the user dials from the attribute that is passed to me is different. It is either UU,
U1, or U2. It even varies per
user. What I need to do is have the
SAME attributes returned for U1 and U2 as are returned for UU. Additionally, if a user is setup for UU,
then I don’t want them to be able to login except when UU, U2, or U1 is
passed. Otherwise, access should be
rejected. I think the solution is simply putting some operators in the
OP section of the radgroupcheck table for the uu, u1, and u2 networks, but I’m not sure what these need
to be. Any help would be GREATLY
appreciated.
|
- Re: Returning correct attributes Jeremy McGee
- Re: Returning correct attributes Alan DeKok
