Date: 31 Mar 1998 11:31:34 -0500 From: Chris Shenton <cshenton@it.hq.nasa.gov> To: Andreas Klemm <aklemm@hightek.com> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: radius, how to enable/diable logins on different type of NAS ? Message-ID: <xoig1jyhleh.fsf@wirehead.it.hq.nasa.gov> In-Reply-To: Andreas Klemm's message of Tue, 31 Mar 1998 18:08:43 %2B0200 References: <19980331111110.62824@hightek.com> <xoipvj2hmql.fsf@wirehead.it.hq.nasa.gov> <19980331180843.61228@hightek.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andreas Klemm <aklemm@hightek.com> writes:
> We are Livingston customer and do have v 2.01 ;-)
Cool, much nicer than the Ascend RADIUSes I've had to use.
> Hmm is it perhaps the feature:
>
> "NAS-IP-Address"
I don't think so. Again I haven't used it yet, but from the relnotes I
recall is was more a UNIX group type of thing. My impression was that
a *username* would be checked to make sure they're in the right
group. The ISP I support wants to use it to make sure dialup users (in
group "dialup") can PPP login, but not their secondary email-only
accounts.
> = check item to specify the IP address of a particular
> PortMaster. When this setting is used as a check item
> in a user entry, the user must attempt to start a connection
> on the specified PortMaster for the connection to succeed.
You could certainly do it this way too, but this would restrict
certain users to logging in on certain NASes.
Maybe I'm misunderstanding what you want; you said:
> Is there a way to define different kind of users within radius config
> like: - "modem"
> - "router"
> and teach every network access server, that he should only accept
> users of type modem or of type router ?
Typically users aren't modems or routers (although "some of my best
friends are routers" :-).
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xoig1jyhleh.fsf>