[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnu-radius] Re: Forcing GNU-Radius to change authentication type
From: |
Sergey Poznyakoff |
Subject: |
[Help-gnu-radius] Re: Forcing GNU-Radius to change authentication type |
Date: |
Thu, 17 Sep 2009 13:03:33 +0300 |
Hi Paul,
> I've foud out that my NAS was sending the same NAS-Port-ID attribute
> which is `0/0/0/0' for my pppoe users (normal because I have only one
> port from where all the users are connected, physical port 0 on the
> NAS). But the problem with that setting is that the radwho command will
> obviously show only the last user getting connected and disconnect the
> previous one...In my understanding, the session in GNU-Radius is
> defined by the couple of `NAS-Port / Nas IP address' which explains
> that behavior when issuing the radwho command.
Yes, that's right.
> I am trying now to set the session to use only the session ID rather
> than that couple which won't make radwho work for me. Need your help
> hare implementing this...
The usual solution is to implement a rewriting function that would
create a unique NAS-Port ID from another pieces of information in the
request. This approach is described in section 10.2.4 "Rewriting Incoming
Requests" of the documentation (available online at
http://www.gnu.org/software/radius/manual/html_node/Rewriting-Incoming-Req
uests.html).
The examples/ directory contains some working samples, which might help
you implement your own rewriting procedure:
examples/cisco.rw: function cisco_pid, called from cisco_fixup.
examples/c3620.rw: function c3620_decode, called from c3620_fixup.
examples/ascend.rw: function max_decode_port, called from max_fixup.
If you need any further help, please do not hesitate to write.
> Another thing : does radzap physically disconnect the customer from the
> NAS
No, of course it does not. It has no way of doing so: there is no
general interface which would connect to NAS and tell it to drop a line.
Radzap is a last resort utility for bringing the system database in
synch with the actual state of user pools. It operates only on
rad[wu]tmp files. Normally, you rarely need to use it, if at all.
Regards,
Sergey