Hello William -
All of what you want to do is fairly straightforward, although dealing with ISDN will probably involve the use of Handlers.
Here is what I would do:
# define AuthBy clauses
<AuthBy SQL>
Identifier CheckISDN
.....
# set up AuthSelect for ISDN only
AuthSelect .....
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
.....
.....
</AuthBy>
<AuthBy SQL>
Identifier CheckAsync
.....
# set up AuthSelect
AuthSelect select PASSWORD, GID, REPLYATTR \
from USERS where USERNAME = '%U' \
and ISACTIVE <> 0
AuthColumnDef 0, Password, check
AuthColumnDef 1, Group-Id, request
AuthColumnDef 2, GENERIC, reply
.....
AddToReply Service-Type = Framed-User, \
Framed-Protocol = PPP, \
...
....
</AuthBy>
# define Handlers
<Handler NAS-Port-Type = ISDN>
AuthBy CheckISDN
.....
</Handler>
<Handler>
AuthBy CheckAsync
PostAuthHook file:"%D/postprocess.pl"
.....
</Handler>
The PostAuthHook would add the extra reply attributes according to the "Group-Id" pseudo-attribute added to the incoming access request by the AuthBy clause (it is easier to add the pseudo-attribute to the incoming request, because the packet is discarded after processing).
You will find some example hooks in the file "goodies/hooks.txt" in the Radiator distribution.
regards
Hugh
On Wednesday, Feb 5, 2003, at 06:39 Australia/Melbourne, William Taylor wrote:
Ok guys, Im trying to finish up my migration off of livingston radius.
Here is what I would like to do.
Currently in radiator I am authing users out of an SQL database.
Some of my users have Static IP address and Framed routes.
For these users I had entries in the Users File in livingston.
For other users I had differnt default entries based on what group they
belong to.
Some users can use 1 port or 2 ports.
Some users have differnt Session Timouts.
What I would like to do is:
AuthSelect select password,gid,replyattr from users where
username='%U' AND isactive <> 0 ( 0 means locked users in my database )
now if their replyattr is not NULL in the database send it along. This
would be for the static folks.
Now since I don't want a billion (ok not a billion) entries in my
database that are the same:
If replyattr is NULL I would like to go
if($gid == 200 ) {
send this replyattr:
Idle=Timeout = 1220,
Session-Timeout = 86400,
Port-Limit = 2
} elsif ($gid == 201 ) {
send this other replyattr :
Idle=Timeout = 1220,
Session-Timeout = 86400,
Port-Limit = 1
} else {
reject the call because there is no matching gid (maybe it's a
mailbox account)
}
Is this doable?
Also do you know if there is a way to say if they connect with an ISDN
line but they are using a dialup username, reject the call or make it so
they only connect at 56K?
Any help would be great.
Thanks,
William
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
