On 20/3/09 12:25, [email protected] wrote:
I do not want visitors to be able to get onto the original service, and I
do not want normal users to get onto the visitor service.
My thoughts are to set up a new virtual server and add an 'if' statement
to look for the visitor user names, and reject or allow as necessary.
something like this in the new virtual server
if ( Stripped-User-Name != /visitor[0-9]?[0-9]/i ) { reject }
and the inverse for the old service.
if ( Stripped-User-Name =~ /visitor[0-9]?[0-9]/i ) { reject }
Is this syntax correct ? and where do I put it?
What about the service? You probably want:
if(("%{request:Service-Type}" == 'whatever') &&
("%{request:Stripped-User-Name}" !~
/visitor[0-9]?[0-9]/i)) {
reject
}
I don't think naked attribute names were supported in 2.0.5..
That goes in authorize section.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Arran Cudbard-Bell ([email protected]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
