On Wed, 13 Sep 2000, Raymond Brighenti wrote:
> Hi,
>
> What I'm after is a way to stop people using ISDN to connect to our Maxs,
> I'm only using <Handler> in my config so would changing it to <Handler
> NAS-Port-Type=Async> be the best way about this or is there a better way of
> handling this?
I control it on a per user basis from within my database. I also control
whether or not users can bond 2 channels or can only have 1 connection
through the database. Here is how I handle it:
<Handler NAS-IP-Address=/IP ADDRESS PATTERN OF MY ISDN NASs/>
RewriteUsername s/^([^@]+).*/$1\@somedomain.com/
RewriteUsername tr/A-Z/a-z/
AuthByPolicy DoAllAuths
AuthBy SQLAccountingStart
AuthBy SQLAccountingStop
AuthBy SQLAccountingETC
AuthBy SQLAccountingETCETC
<AuthBy FILE>
# The following file will have a default entry which
# specifies to use the "SQLAuthISDN" authentication defined
# in a block later in this file
Filename %D/usersISDN
</AuthBy>
</Handler>
<Handler Realm=somephoneynamethatwillneverbeusedISDN>
<AuthBy SQL>
#
# This block is referenced in the "usersISDN" file
# it is then used to do the authentication.
#
Identifier SQLAuthISDN
DBSource dbi:mydbd:mydbname:mydbhost
DBUsername dbusername
DBAuth dbpassword
AuthSelect \
SELECT passwd,check_items,reply_items, \
concat('Simultaneous-Use = ',sim_use),\
IF(status<3,'','Auth-Type = "Reject:Account blocked"'),
IF(active=1,'','Auth-Type = "Reject:Account inactive"'),
IF(useISDN=1,'','Auth-Type = "Reject:ISDN Access disabled"') \
FROM users \
WHERE (userid='%U')
EncryptedPassword
AuthColumnDef 0, Encrypted-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
AuthColumnDef 3, GENERIC, check
AuthColumnDef 4, GENERIC, check
AuthColumnDef 5, GENERIC, check
AuthColumnDef 6, GENERIC, check
</AuthBy>
</Handler>
Then within my raddb/usersISDN file I have:
DEFAULT Auth-Type = SQLAuthISDN
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobson-TCP-IP
I hope that is helpful. Remember that is just the way I do it. Radiator is
VERY flexible and I am sure there are many other ways to do it.
Steve
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.