Re: radisu help
> Does anyone know how can I limit the access in radius to a group of users?
> my users file is like this
First of all, I use Cistron Radius, so some of this may be native to
Cistron.
I added groups to my Debian system... email, isdn1, isdn2,
dedicate. Email-Only accounts can't get logged in. They
don't pay for dial-up access, only POP accounts. They won't
actually see the Reply-Message if the use Windows (MS doesn't
follow the PPP specs on that one...).
ISDN1 is allowed 56/64K only.
ISDN2 is allowed 2 ISDN channels.
Dedicate never gets kicked off (they pay for 24x7).
Just add the user accounts to the proper groups on Debian.
# Users in the UNIX /etc/group 'email' group can't login....
DEFAULT Group = "email", Auth-Type = Reject
Reply-Message = "Your account is for email only"
DEFAULT Group = "isdn1", Auth-Type = System, Simultaneous-Use = 1
Port-Limit = 1,
Fall-Through = Yes
DEFAULT Group = "isdn2", Auth-Type = System, Simultaneous-Use = 2
Port-Limit = 2,
Fall-Through = Yes
DEFAULT Group = "dedicate", Auth-Type = System, Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP,
Framed-MTU = 1500,
Fall-Through = No
# All other accounts are to be checked against the UNIX /etc/passwd.
# Accounts are limited to 1 concurrent login, 6 hour session limit, and
# a 20 minute idle timer. Also, Analog calls Only! No ISDN!
DEFAULT Auth-Type = System, Simultaneous-Use = 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP,
Framed-MTU = 1500,
Session-Timeout = 21600,
Idle-Timeout = 1200,
Port-Limit = 0,
Fall-Through = No
Good Luck,
Mark
======================================================================
Mark A. Bialik (414) 290-6749
Network/Security Manager http://www.linux.org
Infinity HealthCare, Inc. mbialik@infinityhealthcare.com
Mequon, WI USA Debian/GNU Linux Documentation Project
======================================================================
Reply to: