Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Aug 2000 13:20:56 -0500 
From:      Jason Young <jyoung@accessus.net>
To:        'Dave Wilson' <davew@sai.co.za>, freebsd-isp@FreeBSD.ORG
Subject:   RE: USR radius filter attributes for email only clients
Message-ID:  <AFD8E724533ED4119EEB00508B9A2140CFF7@exchange.accessus.net>
next in thread | raw e-mail | index | archive | help 

Framed-Filter-ID indicates use of a filter which is already installed on the
NAS. Try creating a filter called "mailonly" on the USR TC rack itself.
Alternately, if you create a mailonly.in and mailonly.out set of filters,
specifying "mailonly" as the Framed-Filter-ID is supposed to do the right
thing with the two .in/.out filters.

Jason Young
Access US(tm) Chief Network Engineer 

-----Original Message-----
From: Dave Wilson [mailto:davew@sai.co.za]
Sent: Wednesday, August 02, 2000 11:41 AM
To: freebsd-isp@FreeBSD.ORG
Subject: USR radius filter attributes for email only clients


Hi Guys, howzit going?

I'm trying to limit our dial-up users to only accessing our mailserver and
no other hosts.
I'm using Cistron radiusd to authenticate users dialing in to a USR Total
Control Rack and have specified the following in my "users" file:

username   Auth-Type = System
                 Service-Type = Framed-User,
                 Framed-MTU = 1500,
                 Framed-Filter-Id = "mailonly",
                 Fall-Through = Yes

With regards to the "Framed-Filter-Id = "mailonly""  line I have read that a
file must exist in the same folder as the "users" file, with a name
"mailonly".
So in the "mailonly" file I have put the following:

USR-PW_USR_OFilter_IP = "mymailserverIP"
USR-PW_USR_IFilter_IP = "mymailserverIP"

What happens is that the user dials in authenticates and then is
disconnected about 2 seconds afterwards.
I have looked at the radius logs and it says "login OK"

Has anyone else out there set up IP filtering with a USR Total Control Rack,
running Cistron radiusd or any other radiusd ?

Please help if you can, I can't seem to find any documentation anywhere on
IP filtering with USR radius attributes.
Thanks.  ;-)



Regards
Dave Wilson
The S.A. Internet
(033) 3456777
0825496159
http://www.sai.co.za
 "Who is General Failure and why is he reading my hard drive ?"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AFD8E724533ED4119EEB00508B9A2140CFF7>