Hi,
Actually, what I am trying to do is this:
I have several access points that have hotspot
and use radius for AAA. I would like to register
users in radius so that they are able to login
using some of the access points, and not able to
login using the others.
The way that I was trying to do it is like this:
Suppose that there are the access points A1, A2, A3
and the user 'test' should be able to access the
internet only from A1 and A3. The data in radius
that would make this scenario work, could be like this:
radcheck:
+------+----------+------------------+----+-------+
| id | UserName | Attribute | op | Value |
+------+----------+------------------+----+-------+
| 5272 | test | User-Password | := | test |
| 5262 | test | Simultaneous-Use | := | 5 |
+------+----------+------------------+----+-------+
radreply:
+----+----------+---------------+----+----------+
| id | UserName | Attribute | op | Value |
+----+----------+---------------+----+----------+
| 42 | test | Auth-Type | := | Reject |
| 43 | test | Fall-Through | := | Yes |
+----+----------+---------------+----+----------+
usergroup:
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| test | A1 | 1 |
| test | A2 | 1 |
| test | A3 | 1 |
+----------+-----------+----------+
radgroupcheck:
+----+-----------+----------------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+----------------+----+-------+
| 42 | A1 | NAS-Identifier | == | ID-A1 |
| 43 | A2 | NAS-Identifier | == | ID-A2 |
| 44 | A2 | NAS-Identifier | == | ID-A3 |
+----+-----------+----------------+----+-------+
radgroupreply:
+----+-----------+---------------+----+--------+
| id | GroupName | Attribute | op | Value |
+----+-----------+---------------+----+--------+
| 52 | A1 | Auth-Type | := | Accept |
| 53 | A1 | Fall-Through | := | No |
| 54 | A2 | Auth-Type | := | Reject |
| 55 | A2 | Fall-Through | := | Yes |
| 56 | A3 | Auth-Type | := | Accept |
| 57 | A3 | Fall-Through | := | No |
+----+-----------+---------------+----+--------+
However, if the radius does not follow the algorithm
described in http://wiki.freeradius.org/Rlm_sql,
then this setup should not work.
Do you have any suggestion or idea on how to make the
scenario above work?
Regards,
Dashamir
Dashamir Hoxha wrote:
I have installed freeradius-1.1.7 in fedora8. However I find that the
module
rlm_sql does not work as described in this page:
http://wiki.freeradius.org/Rlm_sql
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
