Im working with dialup provider that is acting as the nas and they are
authenticating off my radius server. Authentication works fine. They
have this fastnet program that is supposed to make the internet
faster. Attached is what they told me to do. I have added it to the
dynamic group in mysql and the user is part of that group. But nothing.
If you run your own radius server:
For those of you that run your own radius server, you must configure
your radius server to authenticate the enduser. The authentication
will be passed to you, via the same radius servers that authentication
currently comes from for pass through radius. The customer must login
to the software using their dial-up username and password.
You will need to pass back to us the following attribute.
(You will need to add this to your dictionary file):
VENDORATTR 7000 Slipstream-Auth 1 string
Set this equal to 'true' for those that have web acceleration and
'false' for those that do not. By default right now it accepts all
users, so be sure to test it with setting one user equal to false and
trying to login, it should deny them.
Example of how this can be done (using Radiator):
Add to your dictionary file at /usr/local/etc/raddb/dictionary:
VENDORATTR 7000 Slipstream-Auth 1 string
Next, In Radiator you will want to configure like we have listed
below. The default entry should be listed after all the webcompress
users but before all normal users.
Example of how this can be done (Most Radius's):
Open up your current dictionary file. Search for the word : cisco-
avpair . This is attribute # 1 of vendor 9. You need to create a
similar entry, but it should be attribute # 1 of vendor 7000. Follow
the example of how the other entry is in your dictionary file.
If you cannot find this attribute, it could be under a sub dictionary
file. Perhaps something called dictionary.cisco . You may have some
INCLUDE lines at the top of your dictionary file that call include
dictionary.cisco. If so, you will want to add an INCLUDE line for
something like dictionary.slipstream and then follow the example on
how dictionary.cisco is setup to make your own dictionary.slipstream
file and add that one attribute in it.
To Accept a user (this will accept dial-up and accept slipstream):
[EMAIL PROTECTED] Auth-Type := Local, User-Password == "trial"
Slipstream-Auth = "true"
To Deny a user from Slipstream.
Do not pass back the Slipstream-Auth = "true". We deny all
customers
that do not hae a Slipstream-Auth = "true" attribute.
Dustin Schuemann . Network Engineer
. . . . . . . . . . . . . . . . . . . . . . . . . .
AMS/The Support Dept
400 Ann St NW Suite 102
Grand Rapids, MI 49504
p. 616.235.0725 ext. 7007
e. [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
