At Wed, 7 Apr 2004 01:36:11 +0400,
Alexander M. Pravking wrote:
>
Alexander thank you very much.
You understood exactly the locking senario I want to achieve.
Your first post seemed wonderfull, too bad it doesn't work. I will
look into rlm_perl if there is no other way.
Thanks again.
Kostas
> I'm sorry for misleading you, you can't configure it this way.
>
> On Tue, Apr 06, 2004 at 09:46:33AM +0400, Alexander M. Pravking wrote:
> > On Mon, Apr 05, 2004 at 08:16:24PM +0300, Kostas Zorbadelos wrote:
> > > Hello to everyone.
> > > I have the following problem where I work. We have a user, lets say
> > > kzorba that is an ADSL user and has a specific profile (check and
> > > reply attributes). We want to limit the Simultaneous-Use of
> > > the user for this service to 1. We also want for the same user to be
> > > able to use an ISDN 128 backup connection in case his ADSL line has a
> > > problem. I this case our user has a different profile and
> > > Simultaneous-Use 2 (in order to be able to login twice for the 2 isdn
> > > channels). So the question is: how can I lock the user in a way that
> > > when he uses his ADSL connection, not to be able to connect with ISDN
> > > at all (that's easy since Simultaneous-Use is 1 in this case and won't
> > > be allowed to login for anything else) and the opposite (when in as an
> > > ISDN not to be able to use the ADSL).
> > > Any suggestions are highly appreciated.
> >
> > You could do it in authorize {} section instead of session {}.
> > Say you have defined 2 attrs (e.g. of type integer): ADSL-Up and ISDN-Up.
> > Assuming you have accounting in SQL, you could do:
> >
> > ADSL-Up := `%{sql:SELECT count(*) FROM radacct WHERE UserName = '%u' AND
> > NASPortType = 'Ethernet' AND AcctStopTime IS NULL}`
> > ISDN-Up := `%{sql:SELECT count(*) FROM radacct WHERE UserName = '%u' AND
> > NASPortType = 'ISDN' AND AcctStopTime IS NULL}`
> >
> > (Note the backquotes; the behavour can change soon.)
>
> That's fine. But... These attributes should go into config items,
> so you cannot use users file to check them, since attributes being
> checked are always taken from the request:
>
> > Then put 2 entries in "users" file:
> > DEFAULT NAS-Port-Type == ISDN, ADSL-Up > 0, Auth-Type := Reject
> > Reply-Message := "You have your ADSL up, ISDN connections disabled"
> >
> > DEFAULT NAS-Port-Type == Ethernet, ISDN-Up > 0, Auth-Type := Reject
> > Reply-Message := "To use ADSL, first stop your backup ISDN connections"
>
> Instead, you can use rlm_perl (I'd recommend post-auth section, but then you
> should patch rlm_perl a little ;-):
>
> sub authorize {
> if ($RAD_REQUEST{'NAS-Port-Type'} eq 'ISDN'
> and $RAD_CHECK{'ADSL-Up'} > 0) {
>
> $RAD_REPLY{'Reply-Message'} =
> "You have your ADSL up, ISDN connections disabled";
> return RLM_MODULE_REJECT;
> }
>
> if ($RAD_REQUEST{'NAS-Port-Type'} eq 'Ethernet'
> and $RAD_CHECK{'ISDN-Up'} > 0) {
>
> $RAD_REPLY{'Reply-Message'} =
> "To use ADSL again, first stop your backup ISDN connections";
> return RLM_MODULE_REJECT;
> }
> return RLM_MODULE_NOOP;
> }
>
> --
> Fduch M. Pravking
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
