From owner-freebsd-isp Wed Aug 2 11:27:37 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail1.accessus.net (postal.accessus.net [209.145.150.75]) by hub.freebsd.org (Postfix) with ESMTP id E0C9637C2BC for ; Wed, 2 Aug 2000 11:27:27 -0700 (PDT) (envelope-from jyoung@accessus.net) Received: from exchange.accessus.net (exchange.accessus.net [207.206.171.65]) by mail1.accessus.net (Postfix) with ESMTP id 79C5972892; Wed, 2 Aug 2000 13:27:24 -0500 (CDT) Received: by exchange.accessus.net with Internet Mail Service (5.5.2650.21) id ; Wed, 2 Aug 2000 13:20:57 -0500 Message-ID: From: Jason Young To: 'Dave Wilson' , freebsd-isp@FreeBSD.ORG Subject: RE: USR radius filter attributes for email only clients Date: Wed, 2 Aug 2000 13:20:56 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2650.21) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Framed-Filter-ID indicates use of a filter which is already installed on the NAS. Try creating a filter called "mailonly" on the USR TC rack itself. Alternately, if you create a mailonly.in and mailonly.out set of filters, specifying "mailonly" as the Framed-Filter-ID is supposed to do the right thing with the two .in/.out filters. Jason Young Access US(tm) Chief Network Engineer -----Original Message----- From: Dave Wilson [mailto:davew@sai.co.za] Sent: Wednesday, August 02, 2000 11:41 AM To: freebsd-isp@FreeBSD.ORG Subject: USR radius filter attributes for email only clients Hi Guys, howzit going? I'm trying to limit our dial-up users to only accessing our mailserver and no other hosts. I'm using Cistron radiusd to authenticate users dialing in to a USR Total Control Rack and have specified the following in my "users" file: username Auth-Type = System Service-Type = Framed-User, Framed-MTU = 1500, Framed-Filter-Id = "mailonly", Fall-Through = Yes With regards to the "Framed-Filter-Id = "mailonly"" line I have read that a file must exist in the same folder as the "users" file, with a name "mailonly". So in the "mailonly" file I have put the following: USR-PW_USR_OFilter_IP = "mymailserverIP" USR-PW_USR_IFilter_IP = "mymailserverIP" What happens is that the user dials in authenticates and then is disconnected about 2 seconds afterwards. I have looked at the radius logs and it says "login OK" Has anyone else out there set up IP filtering with a USR Total Control Rack, running Cistron radiusd or any other radiusd ? Please help if you can, I can't seem to find any documentation anywhere on IP filtering with USR radius attributes. Thanks. ;-) Regards Dave Wilson The S.A. Internet (033) 3456777 0825496159 http://www.sai.co.za "Who is General Failure and why is he reading my hard drive ?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message