I just worked this out yesterday.
Best way for me (I found) was to create two groups (one is pubnet-dialup the other is pubnet-extend)
I set this in the /etc/raddb/users file
# Authentication for pubnet-dialup group
DEFAULT Auth-Type = System, Group == "pubnet-dialup"
Fall-Through = 1
# authentication for pubnet-extend group
DEFAULT Auth-Type = System, Group == "pubnet-extend"
Fall-Through = 1
# Defaults for all framed connections.
#
# sets timeout for group "pubnet-dialup"
DEFAULT Service-Type == Framed-User, Group == "pubnet-dialup"
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Session-Timeout = 14400,
Idle-Timeout = 1800,
Fall-Through = Yes
# Sets timeout for group "pubnet-extend"
DEFAULT Service-Type == Framed-User, Group == "pubnet-extend"
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Session-Timeout = 28800,
Idle-Timeout = 1800,
Fall-Through = Yes
I authenticate against two groups. Then set the timeouts per each group (first is for 4 hours, second 8).
Hope that helps.
Regards,
David Galloway
Public Networks Administration
KRS IT Network Operations
Help Desk (805) 355-2444
Direct (805) 355-4512
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, February 23, 2006 3:43 AM
To: [email protected]
Subject: on the right track?
Hello all!
I've tried to search the web and the archives for an answer to this question and didn't come up with anything, so I hope I'm not duplicating a question that's already been answered.
Currently, where I work, we run two modem pools. One pool is limited to certain users who are allowed to connect up to 8 hrs at a time. The other pool is for general users who are given 15 min to quickly check email or search for something on the web (fwiw, they're allowed to reconnect after their time is up....).
As broadband has become more available, less and less users are using the modem pool. We still have a handful of people from both groups who are still using it. So, in the interest to provide the service for the people still using it while not paying for unused lines, we're trying to consolidate things.
We have a Cisco AS5300 terminal server that already uses freeradius w/ kerberos to authenticate users. We would like to take that a step further and use freeradius to limit usage time based on the user name (certain users are allowed 8hrs while all others are given 15min).
Looking over the config files in /etc/raddb, it appears the attrs file is just what I need to use. Would I be able to use a combination of huntgroups and the attrs file to accomplish what I need? I know in the documentation for the "fisp" entry, it talks about not having a Fall-Through entry. Does that mean it CANNOT have a Fall-Through entry, or that the given example does not? Am I on the right track with this, or should I look elsewhere?
Thanks for your help!
Brian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
