Re: radisu help

Wed, 02 Aug 2000 07:28:07 -0500 

Take a look also at www.xtradius.com which is a cistron-radius extension....

Bye
Nat


At 21.47 01/08/2000 -0500, you wrote: 
> Does anyone know how can I limit the access in radius to a group of users?
> my users file is like this

First of all, I use Cistron Radius, so some of this may be native to
Cistron.

I added groups to my Debian system... email, isdn1, isdn2,
dedicate. Email-Only accounts can't get logged in. They
don't pay for dial-up access, only POP accounts. They won't
actually see the Reply-Message if the use Windows (MS doesn't
follow the PPP specs on that one...).

ISDN1 is allowed 56/64K only.
ISDN2 is allowed 2 ISDN channels.
Dedicate never gets kicked off (they pay for 24x7).

Just add the user accounts to the proper groups on Debian.

# Users in the UNIX /etc/group 'email' group can't login....

DEFAULT Group = "email", Auth-Type = Reject
        Reply-Message = "Your account is for email only"


DEFAULT Group = "isdn1", Auth-Type = System, Simultaneous-Use = 1
        Port-Limit = 1,
        Fall-Through = Yes

DEFAULT Group = "isdn2", Auth-Type = System, Simultaneous-Use = 2
        Port-Limit = 2,
        Fall-Through = Yes

DEFAULT Group = "dedicate", Auth-Type = System, Simultaneous-Use = 1
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Compression = Van-Jacobson-TCP-IP,
        Framed-MTU = 1500,
        Fall-Through = No


# All other accounts are to be checked against the UNIX /etc/passwd.
# Accounts are limited to 1 concurrent login, 6 hour session limit, and
# a 20 minute idle timer. Also, Analog calls Only! No ISDN!


DEFAULT Auth-Type = System, Simultaneous-Use = 1
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 255.255.255.254,
        Framed-IP-Netmask = 255.255.255.255,
        Framed-Compression = Van-Jacobson-TCP-IP,
        Framed-MTU = 1500,
        Session-Timeout = 21600,
        Idle-Timeout = 1200,
        Port-Limit = 0,
        Fall-Through = No


Good Luck,
Mark

======================================================================
Mark A. Bialik                                          (414) 290-6749
Network/Security Manager                          http://www.linux.org
Infinity HealthCare, Inc.               [EMAIL PROTECTED]
Mequon, WI USA                  Debian/GNU Linux Documentation Project
======================================================================


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to