Re: Block group of ISDN connection

[Rohaizam Abu Bakar]

I've done as suggested.. but debug log giving below errors:-
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
/usr/local/etc/raddb/users[41]: Unexpected trailing comma in check item list 
for entry DEFAULT
Errors reading /usr/local/etc/raddb/users
radiusd.conf[1052]: files: Module instantiation failed.

Below is a few details that might help..
1) users file
##########################################
DEFAULT        NAS-Port-Type == "ISDN" ,Connection-Type == UNLIMITED, 
Auth-Type := Reject
              Reply-Message = "Your account has been disabled."

DEFAULT         Auth-Type := LDAP
###########################################
2) ldap.attrmap
#################################
checkItem       Connection-Type          radiusConnectionType
#################################
3) In LDAP entry
######################
radiusConnectionType: UNLIMITED
.
.
########################
4) Authorize entry
#############################################
authorize {
       preprocess
#       auth_log
#       attr_filter
       chap
       mschap
       IPASS
       suffix
#       ntdomain
       eap
#       sql
#       etc_smbpasswd
#       ldap
       redundant {
               ldap1
               ldap2
       }
#       daily
#       checkval
       files
}
###############################
----- Original Message ----- 
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <freeradius-users@lists.freeradius.org>
Sent: Sunday, January 02, 2005 21:50
Subject: Re: Block group of ISDN connection


On Fri, 31 Dec 2004, Rohaizam Abu Bakar wrote:
Hi,
OS: FreeBSD 4.9p4
Radius: Freeradius 1.0.1
I know how to block ALL ISDN..   using NAS-Port-Type attribute..
users file
======
DEFAULT        NAS-Port-Type == "ISDN", Auth-Type := Reject
                       Reply-Message = "Your account has been disabled."
DEFAULT                Auth-Type := LDAP
Tested seems working...
But I would like to block ISDN that has certain flag stored in LDAP.. let 
say I  stored  flag "unlimited = 1" in user's profile in LDAP... So only 
ISDN with this flag stored is block... All others ISDN will be through... 
Is it possible??? please help..
Map the unlimited attribute to a radius check attribute (like Hint, or 
create one of your own). Then in the users file (placed after ldap in the 
authorize section):

DEFAULT NAS-Port-Type == ISDN, Hint == 1, Auth-Type := Reject
--haizam



- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

[ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html