Hello Mario -
The usual way to do this is with cascaded AuthBy clauses and DEFAULT's.
Something like this:
# define AuthBy clauses
<AuthBy ADSI>
Identifier CheckADSI
.....
</AuthBy><AuthBy FILE>
Identifier CheckUsers
Filename %D/users
# AddToReply for common reply attributes
AddToReply ......
</AuthBy>.....
# define Realms or Handlers
<Handler ...>
AuthBy CheckUsers
.....
</Handler>The "users" file would contain something like this:
# define DEFAULT users for the different Groups
DEFAULT Auth-Type = CheckADSI, Group = Access-512-512
Bandwidth-Max-Up = .....,
Bandwidth-Mas-Down = .....,
.....DEFAULT Auth-Type = CheckADSI, Group = Access-256-256
Bandwidth-Max-Up = .....,
Bandwidth-Max-Down = .....,
......DEFAULT ......
......
Hope that helps.
For the simultaneous use problem, you will need to look at the trace 4 debug from Radiator to see what attributes are present in the access requests that you can use to control the sessions.
regards
Hugh
On 21/12/2003, at 3:54 AM, Mario Lopez wrote:
Hi,
I will expose mi problem.
I am using Active Directory authentification which works ok, my problem is
that I have several kinds of users that depending on what they pay they get
a bandwidth limit, I can do bandwidth control in a per-user basis using the
WISPr VSA's included in dictionary file (Bandwidth-Max-Up,
Bandwidth-Max-Down), the problem is that I need to send this attributes when
user belongs to a specific Windows Group.
For example, if I had user Mario wich belongs to Windows Group
"Access 512-512", I would need to send the corresponding VSA attribute to
limit the bandwidth.
I know how to send the VSA's with "AddToReply", I can even send them with
AuthAttrDef reading the attributes from Active Directory.
What I would like to do is send the reply VSA IF the user belongs to Windows
Group = X.
Could I use the CheckGroup statement?
Is it possible to set CheckGroup Access512-512,WISPr-Bandwidth-Max-Down=512
and then send the WISPr-Bandwidth-Max-Down attribute?.
Another problem I am having is that Radiator does not know how to identify
concurrent conections from my NAS, because is treats them all as being from
the same user.
Thanks!
Mario.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
