Re: (RADIATOR) Stopping people using ISDN

[Stephen Roderick]

On Wed, 13 Sep 2000, Raymond Brighenti wrote:

> Hi,
> 
> What I'm after is a way to stop people using ISDN to connect to our Maxs, 
> I'm only using <Handler> in my config so would changing it to   <Handler 
> NAS-Port-Type=Async> be the best way about this or is there a better way of 
> handling this?

I control it on a per user basis from within my database. I also control
whether or not users can bond 2 channels or can only have 1 connection
through the database. Here is how I handle it:

<Handler NAS-IP-Address=/IP ADDRESS PATTERN OF MY ISDN NASs/>
    RewriteUsername   s/^([^@]+).*/$1\@somedomain.com/
    RewriteUsername   tr/A-Z/a-z/

    AuthByPolicy DoAllAuths
    AuthBy SQLAccountingStart
    AuthBy SQLAccountingStop
    AuthBy SQLAccountingETC
    AuthBy SQLAccountingETCETC
    <AuthBy FILE>
        # The following file will have a default entry which
        # specifies to use the "SQLAuthISDN" authentication defined
        # in a block later in this file
        Filename %D/usersISDN
    </AuthBy>
</Handler>

<Handler Realm=somephoneynamethatwillneverbeusedISDN>
    <AuthBy SQL>
        #
        # This block is referenced in the "usersISDN" file
        # it is then used to do the authentication.
        #
        Identifier SQLAuthISDN
        DBSource dbi:mydbd:mydbname:mydbhost
        DBUsername dbusername
        DBAuth dbpassword
        AuthSelect \
            SELECT passwd,check_items,reply_items, \
            concat('Simultaneous-Use = ',sim_use),\
            IF(status<3,'','Auth-Type = "Reject:Account blocked"'),
            IF(active=1,'','Auth-Type = "Reject:Account inactive"'),
            IF(useISDN=1,'','Auth-Type = "Reject:ISDN Access disabled"') \
            FROM users \
            WHERE (userid='%U')
        EncryptedPassword
        AuthColumnDef 0, Encrypted-Password, check
        AuthColumnDef 1, GENERIC, check
        AuthColumnDef 2, GENERIC, reply
        AuthColumnDef 3, GENERIC, check
        AuthColumnDef 4, GENERIC, check
        AuthColumnDef 5, GENERIC, check
        AuthColumnDef 6, GENERIC, check
    </AuthBy>
</Handler>

Then within my raddb/usersISDN file I have:

DEFAULT Auth-Type = SQLAuthISDN
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Routing = None,
        Framed-Compression = Van-Jacobson-TCP-IP

I hope that is helpful. Remember that is just the way I do it. Radiator is
VERY flexible and I am sure there are many other ways to do it.

Steve


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.