Date: Wed, 24 Aug 2011 01:25:03 +0300 From: Alexander Motin <mav@FreeBSD.org> To: Gruel Bruno <b.gruel@woody.hopto.org> Cc: freebsd-net <freebsd-net@freebsd.org> Subject: Re: MPD as LAC + Radius Message-ID: <4E5428BF.3070600@FreeBSD.org> In-Reply-To: <mailpost.1314056955.4315226.55608.mailing.freebsd.net@FreeBSD.cs.nctu.edu.tw> References: <mailpost.1314056955.4315226.55608.mailing.freebsd.net@FreeBSD.cs.nctu.edu.tw>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi. Gruel Bruno wrote: > I use MPD on FreeBSD 8.2 as LAC but i can't (or don't hnow how) check (user/password) off the pppoe client before "forwarding" the connection. > > I try a lot off variant on my mpd.conf without success. > > This is my config file (mpd.conf) : > > default: > load killa_lac > > killa_lac: > create link template L1 pppoe > set pppoe iface le0 > load radius > set link enable multilink > set link action forward L2 > set link enable incoming > create link template L2 l2tp > set l2tp peer X.X.X.X > set l2tp secret xxxxx > > radius: > set radius server X.X.X.X killa_lac > set radius retries 3 > set radius timeout 3 > set radius me X.X.X.X > set auth acct-update 300 > set auth enable radius-auth > set auth enable radius-acct > set radius disable message-authentic > > > Have got a idea ? In your configuration forwarding will happen without authorization just after link accepted. To have authorization you should remove "set link action forward L2" (or replace it with some "set link action bundle B1", if you want to terminate some calls locally by default) and instead make your RADIUS server to include to response vendor-specific AV-pair: mpd-action => "forward L2" As result, your RADIUS will be able to choose forward call (how and where), terminate it locally or just drop. -- Alexander Motin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E5428BF.3070600>