On Sat, 04 Nov 2000, Mariano Absatz wrote:
> Hi,
>
> Our customer sells on-line internet access through wireless technology.
> The customers use a kind of "pseudo-dial-in", they tunnel through a
> shasta and the shasta authenticates users through our radius.
>
> We are in the process of migrating from cistron to Radiator.
>
> The point is the salespeople want to start wholesaling this connections
> to other ISP's for their users.
>
> That is, ISP's that only have dial-in capabilities will be able to offer
> on line connections to their users through our ISP.
>
> The point is that when we receive an Auth-Request from the shasta, we
> usually validate the user, and reply using a propietary vendor attribute
> (named Shasta-Profile) that tells the NAS (shasta) what QoS apply to that
> customer.
>
> Now, in this new wholesaling scenario, our ISP intends to sell to other
> ISPs different QoS like this:
>
> ispX is buying:
> 20 256Mbps connections
> 50 128Mbps connections
> 200 64Mbps connections
>
> Obviously, we'll be proxying the auth request to them as they own the
> user database.
>
> What we want is:
> 1) not allow over-use of connections on a per-ISP (not a per-user) basis.
> That is, that the other ISP is not able to over-sell the connections (or
> if they do, that WE reject the n+1th user of a kind).
>
> 2) that the other ISP has a mechanism not to allow a user of QoS x to use
> QoS y.
>
> Our idea is the following:
>
> if we are using 3 different QoS, to use 3 different realms for every
> customer ISP, that is, in the previous example:
>
> QoS256.ispX.com
> QoS128.ispX.com
> QoS64.ispX.com
>
> We proxy the three realms to the same server (ispX's radius), they
> receive the realm part so they are able to reject [EMAIL PROTECTED]
> if userY only payed THEM for QoS 64kbps.
>
> In each realm we should be able to handle a kind of "Simultaneous-Use"
> per realm (instead of "per user").
>
> Is this possible?
> Is this reasonable? (anyway, it's difficult to get a salesperson to be
> reasonable).
>
> How do you recommend doing this?
>
You would use the AuthBy PORTLIMITCHECK clause to do this.
Have a look at section 6.38 in the Radiator 2.16.3 reference manual.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
