Hi,
Our customer sells on-line internet access through wireless technology.
The customers use a kind of "pseudo-dial-in", they tunnel through a
shasta and the shasta authenticates users through our radius.
We are in the process of migrating from cistron to Radiator.
The point is the salespeople want to start wholesaling this connections
to other ISP's for their users.
That is, ISP's that only have dial-in capabilities will be able to offer
on line connections to their users through our ISP.
The point is that when we receive an Auth-Request from the shasta, we
usually validate the user, and reply using a propietary vendor attribute
(named Shasta-Profile) that tells the NAS (shasta) what QoS apply to that
customer.
Now, in this new wholesaling scenario, our ISP intends to sell to other
ISPs different QoS like this:
ispX is buying:
20 256Mbps connections
50 128Mbps connections
200 64Mbps connections
Obviously, we'll be proxying the auth request to them as they own the
user database.
What we want is:
1) not allow over-use of connections on a per-ISP (not a per-user) basis.
That is, that the other ISP is not able to over-sell the connections (or
if they do, that WE reject the n+1th user of a kind).
2) that the other ISP has a mechanism not to allow a user of QoS x to use
QoS y.
Our idea is the following:
if we are using 3 different QoS, to use 3 different realms for every
customer ISP, that is, in the previous example:
QoS256.ispX.com
QoS128.ispX.com
QoS64.ispX.com
We proxy the three realms to the same server (ispX's radius), they
receive the realm part so they are able to reject [EMAIL PROTECTED]
if userY only payed THEM for QoS 64kbps.
In each realm we should be able to handle a kind of "Simultaneous-Use"
per realm (instead of "per user").
Is this possible?
Is this reasonable? (anyway, it's difficult to get a salesperson to be
reasonable).
How do you recommend doing this?
For our own users, we'll be using LDAP for user info & authentication
data (we could add a wholesale branch to the DIT and make "uid=customer
isp id"), and we'll be using mySQL to hold the on-line users database.
Comments?
Insults?
Flames?
:-)
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
