> From: Ali Gunduz
> Sent: Wednesday, 1 October 2003 9:18 PM
> > -----Original Message-----
> > From: Berk D. Demir [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, October 01, 2003 12:13
> > To: [EMAIL PROTECTED]
> > Cc: [EMAIL PROTECTED]
> > Subject: new feature patch for rlm_ippool: reject-on-drain
> >
> >
> > Hi,
> >
> > rlm_ippool return NOOP when there are no available addresses in the
> > pool.
> > We considered using server side ip pool mgmt to simulate Group based
> > Simultaneous-Use enforcement.
> >
> > This patch adds the ability to send Access-Reject in the post-auth
> > section to rlm_ippool with a boolean parameter
> > "reject-on-drain" in case
> > there are no available addresses in the pool.
> >
> > Possible use case:
> >
> > In a scenario where a backbone provider gives virtual ISP service. The
> > agreement is generally on simultaneous use of port capacity basis. For
> > example maximum 1024 simultaneous connections nation-wide.
> >
> > This scenario holds at least for one ISP on the planet, the one that I
> > work for :)
This _could_ be handled with the configurable-failover, setting a REJECT
upon NOOP, I think...
In modules:
always reject {
rcode = reject
}
In post-auth:
group {
my_pool {
fail = return
notfound = return
noop = 1
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
reject
}
This will also reject people who haven't _gotten_ a Pool-Name check
item... So you may want to use the Post-Auth-Type support to only apply
this to people who've dialled in on these accounts.
I guess it also depends what else you want to do in post-auth.
--
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
On a sidewalk near Portland State
University someone wrote `Trust Jesus', and
someone else wrote `But Cut the Cards'.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
