From owner-freebsd-isp  Tue Mar 31 08:31:44 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA15020
          for freebsd-isp-outgoing; Tue, 31 Mar 1998 08:31:44 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from gratia.it.hq.nasa.gov (gratia.it.hq.nasa.gov [131.182.119.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA15015
          for <freebsd-isp@FreeBSD.ORG>; Tue, 31 Mar 1998 08:31:41 -0800 (PST)
          (envelope-from cshenton@gratia.it.hq.nasa.gov)
Received: from wirehead.it.hq.nasa.gov (WireHead.it.hq.nasa.gov [131.182.119.88]) by gratia.it.hq.nasa.gov (8.7.5/8.7.3) with ESMTP id LAA06372; Tue, 31 Mar 1998 11:24:43 -0500 (EST)
Received: (from cshenton@localhost)
	by wirehead.it.hq.nasa.gov (8.8.8/8.8.8) id LAA03515;
	Tue, 31 Mar 1998 11:31:34 -0500 (EST)
To: Andreas Klemm <aklemm@hightek.com>
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: radius, how to enable/diable logins on different type of NAS ?
References: <19980331111110.62824@hightek.com> <xoipvj2hmql.fsf@wirehead.it.hq.nasa.gov> <19980331180843.61228@hightek.com>
From: Chris Shenton <cshenton@it.hq.nasa.gov>
Date: 31 Mar 1998 11:31:34 -0500
In-Reply-To: Andreas Klemm's message of Tue, 31 Mar 1998 18:08:43 +0200
Message-ID: <xoig1jyhleh.fsf@wirehead.it.hq.nasa.gov>
Lines: 36
X-Mailer: Gnus v5.5/Emacs 20.2
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Andreas Klemm <aklemm@hightek.com> writes:

> We are Livingston customer and do have v 2.01 ;-)

Cool, much nicer than the Ascend RADIUSes I've had to use.


> Hmm is it perhaps the feature:
> 
> "NAS-IP-Address"

I don't think so. Again I haven't used it yet, but from the relnotes I
recall is was more a UNIX group type of thing. My impression was that
a *username* would be checked to make sure they're in the right
group. The ISP I support wants to use it to make sure dialup users (in
group "dialup") can PPP login, but not their secondary email-only
accounts. 

> 	= check item to specify the IP address of a particular
> 	  PortMaster. When this setting is used as a check item
>           in a user entry, the user must attempt to start a connection
> 	  on the specified PortMaster for the connection to succeed. 

You could certainly do it this way too, but this would restrict
certain users to logging in on certain NASes. 

Maybe I'm misunderstanding what you want; you said:

    > Is there a way to define different kind of users within radius config
    > like:	- "modem"
    > 	- "router"
    > and teach every network access server, that he should only accept
    > users of type modem or of type router ?

Typically users aren't modems or routers (although "some of my best
friends are routers" :-). 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message