From owner-freebsd-isp Wed Aug 2 9:30:27 2000 Delivered-To: freebsd-isp@freebsd.org Received: from cache.sai.co.za (mail.sai.co.za [196.33.40.1]) by hub.freebsd.org (Postfix) with ESMTP id 9CCB237BC20 for ; Wed, 2 Aug 2000 09:30:16 -0700 (PDT) (envelope-from davew@sai.co.za) Received: from fdisk (fdisk.pmburg.co.za [196.33.40.17]) by cache.sai.co.za (8.9.3/8.9.3) with SMTP id SAA73873 for ; Wed, 2 Aug 2000 18:30:29 +0200 (SAST) (envelope-from davew@sai.co.za) Message-ID: <01f601bffca0$7e432600$112821c4@sai.co.za> From: "Dave Wilson" To: Subject: USR radius filter attributes for email only clients Date: Wed, 2 Aug 2000 18:41:19 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_01F3_01BFFCB1.3F738710" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_01F3_01BFFCB1.3F738710 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Guys, howzit going? I'm trying to limit our dial-up users to only accessing our mailserver = and no other hosts. I'm using Cistron radiusd to authenticate users dialing in to a USR = Total Control Rack and have specified the following in my "users" file: username Auth-Type =3D System Service-Type =3D Framed-User, Framed-MTU =3D 1500, Framed-Filter-Id =3D "mailonly", Fall-Through =3D Yes With regards to the "Framed-Filter-Id =3D "mailonly"" line I have read = that a file must exist in the same folder as the "users" file, with a = name "mailonly". So in the "mailonly" file I have put the following: USR-PW_USR_OFilter_IP =3D "mymailserverIP" USR-PW_USR_IFilter_IP =3D "mymailserverIP" What happens is that the user dials in authenticates and then is = disconnected about 2 seconds afterwards. I have looked at the radius logs and it says "login OK" Has anyone else out there set up IP filtering with a USR Total Control = Rack, running Cistron radiusd or any other radiusd ? Please help if you can, I can't seem to find any documentation anywhere = on IP filtering with USR radius attributes. Thanks. ;-) Regards Dave Wilson The S.A. Internet (033) 3456777 0825496159 http://www.sai.co.za "Who is General Failure and why is he reading my hard drive ?" ------=_NextPart_000_01F3_01BFFCB1.3F738710 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi Guys, howzit = going?
 
I'm trying to limit our = dial-up users to=20 only accessing our mailserver and no other hosts.
I'm using Cistron radiusd to = authenticate=20 users dialing in to a USR Total Control Rack and have specified the = following in=20 my "users" file:
 
username   Auth-Type =3D=20 System
          &nb= sp;     =20 Service-Type =3D=20 Framed-User,
         &nb= sp;      =20 Framed-MTU =3D=20 1500,
          &nbs= p;     =20 Framed-Filter-Id =3D=20 "mailonly",
         &nbs= p;      =20 Fall-Through =3D Yes
With regards to the "Framed-Filter-Id =3D = "mailonly""  line I have=20 read that a file must exist in the same folder as the "users" file, with = a name=20 "mailonly".
So in the "mailonly" file I have put the following:
 
USR-PW_USR_OFilter_IP =3D "mymailserverIP"
USR-PW_USR_IFilter_IP = =3D=20 "mymailserverIP"
What happens is that the user = dials in=20 authenticates and then is disconnected about 2 seconds = afterwards.
I have looked at the radius = logs and it=20 says "login OK"
 
Has anyone else out there set = up IP=20 filtering with a USR Total Control Rack, running Cistron radiusd or any = other=20 radiusd ?
 
Please help if you can, I = can't seem to=20 find any documentation anywhere on IP filtering with USR radius=20 attributes.
Thanks.  = ;-)
 

Regards
Dave Wilson
The = S.A.=20 Internet
(033) 3456777
0825496159
http://www.sai.co.za
 "Who is = General=20 Failure and why is he reading my hard drive = ?"
------=_NextPart_000_01F3_01BFFCB1.3F738710-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message