Hi Dawn -
On Wed, 20 Oct 1999, Dawn Lovell wrote:
> At 09:57 AM 10/19/99 +1000, Hugh Irvine wrote:
> >I think I need to know a little bit more about what is in your "users" file,
> >shown above, as well as what form your usernames are and what makes them part
> >of the trial group other than the UNIX group file? ie - do they dial into a
> >different phone number? do they have a username of the form
> >[EMAIL PROTECTED]? In other words, how can we distinguish who they are
> >by the contents of the incoming packet. Otherwise, we will have to use a
> >PreClientHook or a PreHandlerHook to massage the packet prior to passing it to
> >the relevant Handler (which is going to be messy if we have to check the UNIX
> >group file). Hopefully we can come up with something a little more elegant.
>
.....
> Unfortunately, there is nothing to differentiate the userids other than
> the group. What we have is a group of "normal" userids that we want to
> track differently for billing purposes until they sign up for a higher
> level of service. They dial the same phone numbers as anyone else.
> As now configured, they would hit our default users file entry, which
> is shown below.
>
> DEFAULT Auth-Type = System, NAS-Port-Type = Async
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.255,
> Reply-Message="choice: ",
> Port-Limit = 1,
> Idle-Timeout = 1200,
> Session-Timeout = 28800
>
OK - here's a plan:
In your users file have two default entries (or more), one per group. Then
return a Class attribute depending on the group and use the Class attribute for
your AcctLogFileName.
# Users file with multiple DEFAULTS
# Return Class Attribute which will then appear in Accounting requests
DEFAULT Auth-Type = System, Group = Trial, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Reply-Message="choice: ",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Class = trial
DEFAULT Auth-Type = System, Group = Customer, NAS-Port-Type = Async
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Reply-Message="choice: ",
Port-Limit = 1,
Idle-Timeout = 1200,
Session-Timeout = 28800,
Class = customer
# Configuration to handle accounting with AcctLogFileName and %{Class}
AuthPort 1812
AcctPort 1813
LogDir /var/adm/radacct
DbDir /etc/raddb
SnmpgetProg /usr/local/bin/snmpget
<SessionDatabase DBM>
Filename %D/online
</SessionDatabase>
...
<<Client localhost>
Secret <not shown>
DupInterval 300
</Client>
...
<AuthBy UNIX>
Identifier System
Filename /etc/shadow
DefaultSimultaneousUse 1
</AuthBy>
<Handler>
<AuthBy FILE>
# The filename defaults to %D/users
</AuthBy>
AcctLogFileName %L/%N/detail.%{Class}
</Handler>
Thanks to Mike for the very excellent suggestion!
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
