|
Kurt, Hugh,
We had a similar situation.
When we fail to get our subscription fee, we don't want our customers be able to
surf the Internet anymore (suing our Internet access service), but we do want
them to use a "guest" account, they can use to dial-in but access only
a single server, where they can check their status and read (webbased) email. I
guess this is a very common problem.
If you have a big dial-in network, possibly
shared, it's very difficult to manage ip-pools over all POPs. Sander Asberg
suggested to tackle this problem like this:
<Realm>
<AuthBy
FILE>
Filename
%D/guest.txt #
this file holds the "guest" account with (ascend)
ip-data-filter
</AuthBy>
</Realm>
<Realm DEFAULT>
# simulate
like the NAS added the name-value pair ('radiusProfile', '1')
PreAuthHook sub { ${$_[0]}-> add_attr('radiusProfile',
'1'); }
<AuthBy
LDAP>
Host xxx
... xxx
CheckAttr
radiusCheck
# The val;ue of this attribute should match
"radiusProfile=0"
</AuthBy>
</Realm> When we fail to get our
money, the billing process simply changes the value of radiusCheck into
"radiusProfile=0" and the user is not able to dialin using this
account anymore. He/she can dialin using "guest" and access the
service application.
- Wilbert
-----Original Message-----
From: Hugh Irvine <[EMAIL PROTECTED]> To: Kurt Richter <[EMAIL PROTECTED]>; [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: woensdag 28 juli 1999 4:57 Subject: Re: (RADIATOR) Disallow EMail Only accounts from logging in using Radiator wAuthByPLATYPUS At 6:32 AM 27/7/99, Kurt Richter wrote: |
