From owner-freebsd-isp  Tue Mar 31 01:23:45 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA18671
          for freebsd-isp-outgoing; Tue, 31 Mar 1998 01:23:45 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from sun-test.hightek.com (sun-test.hightek.com [194.74.141.100])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA18659
          for <freebsd-isp@FreeBSD.ORG>; Tue, 31 Mar 1998 01:23:38 -0800 (PST)
          (envelope-from andreas@klemm2.hightek.com)
Received: from klemm2.hightek.com ([195.90.203.76]) by sun-test.hightek.com
          (Netscape Mail Server v1.1) with ESMTP id AAA5603;
          Tue, 31 Mar 1998 11:24:52 +0200
Received: (from andreas@localhost)
	by klemm2.hightek.com (8.8.8/8.8.8) id LAA06731;
	Tue, 31 Mar 1998 11:23:28 +0200 (CEST)
	(envelope-from andreas)
Message-ID: <19980331112328.46108@hightek.com>
Date: Tue, 31 Mar 1998 11:23:28 +0200
From: Andreas Klemm <aklemm@hightek.com>
To: IBS / Andre Oppermann <andre@pipeline.ch>,
        Andreas Klemm <aklemm@hightek.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: radius, how to enable/diable logins on different type of NAS ?
References: <19980331111110.62824@hightek.com> <3520B4CF.81B2DBD3@pipeline.ch>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <3520B4CF.81B2DBD3@pipeline.ch>; from IBS / Andre Oppermann on Tue, Mar 31, 1998 at 11:18:07AM +0200
X-Operating-System: FreeBSD 2.2.6-BETA
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, Mar 31, 1998 at 11:18:07AM +0200, IBS / Andre Oppermann wrote:
> Andreas Klemm wrote:
> > 
> > Hi !
> > 
> > I'm using radius as authorization protocol for every kind of
> > NAS (network access router). I have two kinds of access servers:
> >         USR for modem dialin and
> >         Cisco router for router dialup
> > 
> > Is there a way to define different kind of users within radius config
> > like:   - "modem"
> >         - "router"
> > and teach every network access server, that he should only accept
> > users of type modem or of type router ?
> 
> What type of radiusd are you using (Merit, Livingston,...)?

Livingston v 2.0

> But I think that would not be easy with only one radius server.
> Try the following thing: create two radius config files, one
> with port numbers 1645 (auth) / 1646 (acct) for the normal USR
> and one with 1647 (auth) / 1648 (acct) for the cisco routers.
> Start two daemons with those ports and different user files and
> change the cisco radius ports to the ports above.

I wanted to avoid this, but if this would be the only possibility...

-- 
Andreas Klemm                                   <aklemm@hightek.com>
http://www.FreeBSD.ORG/~andreas/                <andreas@FreeBSD.ORG>

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message