Hello,
running FreeRadius 0.9.3 w/ LDAP Backend on FreeBSD 4.9p9:
I have 4 Autz-Types, LDAP, SNS, POPS, PPPoE
LDAP = regular auth
SNS, POPS = Dialup
PPPoE = DSL
We have it setup and working so if a customer connects with a P, Q or S
prefix they will get their static IP assignment. Basically one customer
can have up to 2 static assignments (P/Q) and 1 subnet assignmnet (S):
To do this I had to setup some xlat functions, but we're having a problem.
If say we have a customer tester, he doesn't have any static assignments,
but he decided to connect to us with a P, it would return a static
assignment of 255.255.255.255 (basically a null responce from ldap). Which
gets the user connected, but they can't do anything (obviously). We're
trying to avoid this. We tried rejecting on Framed-IP-Address ==
255.255.255.255 but that didn't work, we also tried rejecting on
Framed-IP-Address =~ 255.255.255.255, but no dice. Is there a better
method to be using? Or maybe a better way to have this setup? For
cleanliness I'd like to try and avoid having more then 4 modules setup in
the radiusd.conf, but if that can't be avoided I'll go that route. Thanks
for any help and insight.
users file:
# Static IP P Assignment
DEFAULT Prefix == "P"
Framed-IP-Address =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusFramedIPAddressP?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Framed-IP-Netmask = 255.255.255.255,
Idle-Timeout =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusIdleTimeoutP?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Framed-Protocol == PPP,
Fall-Through = Yes
# Static IP Q Assignment
DEFAULT Prefix == "Q"
Framed-IP-Address =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusFramedIPAddressQ?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Framed-IP-Netmask = 255.255.255.255,
Idle-Timeout =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusIdleTimeoutQ?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Framed-Protocol == PPP,
Fall-Through = Yes
# Subnet Assignment
DEFAULT Prefix == "S"
Framed-IP-Address =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusFramedIPAddressS?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Framed-IP-Netmask =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusFramedIPNetmaskS?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Idle-Timeout =
`%{ldap:ldap:///ou=Users,o=gwi.net,dc=gwi,dc=net?radiusIdleTimeoutS?sub?uid=%{Stripped-User-Name:-%{User-Name}}}`,
Framed-Protocol == PPP,
Fall-Through = Yes
# Setup Auth Attributes
DEFAULT Auth-Type = LDAP, Autz-Type = LDAP
Fall-Through = Yes
DEFAULT Huntgroup-Name == pops, Autz-Type := POPS
Reply-Message = "Connecting to POPs",
Fall-Through = Yes
DEFAULT Huntgroup-Name == sns, Autz-Type := SNS
Reply-Message = "Connecting to SNS",
Fall-Through = Yes
DEFAULT Huntgroup-Name == stinger, Autz-Type := PPPoE
Ascend-PPPoE-Enable = PPPoE-Yes,
Ascend-Call-Type = 0,
Service-Type = Framed-user,
Framed-Protocol = PPP
this is my hints file:
DEFAULT Prefix == "P", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Prefix == "Q", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Prefix == "S", Strip-User-Name = Yes
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP
Thank you,
Lew A
GWI Operations
---------------------------------
A tiger can smile
A snake will say it loves you
Lies make us evil
---------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
