We are a rural ISP serving northern Texas and southern Oklahoma and would
like to use the Merit version of radius to accomplish:
1) Variable simultaneous-use counts per dial in account
2) Session time limits
3) Session idle limits
4) Restrict authentication to *users* only, never refer to /etc/passwd
The intent is to run a *users* file on mercury.texoma.com, which is the ONLY
source of authentication, OIW:
./usr/private/etc/raddb/users contains only dial-in accts
./etc/passwd contains dial in accts + extra email-only accts (allowing
multiple email per dial in)
./etc/passwd should not be used as an authentication source
Running on BSDI 2.0 with 3 portmasters.
Could you please point out what I am doing incorrectly?
Please reply with cc:vaden@texoma.com as I have summary only mode on for
portmaster-users and would like a response as early today as possible.
Again, thanks.
Larry Vaden, founder and CEO
Internet Texoma, Inc.
vaden@texoma.com
Attachments imbedded:
Here is a sniplet of the logfile (as you can see, radacct directory is empty)
------------
Mon Nov 6 06:27:35 1995: reconfig: HUP signal received
Mon Nov 6 06:27:35 1995: config_files: /usr/private/etc/raddb/clients (4
entries) read to memory
Mon Nov 6 06:27:35 1995: read_users: /usr/private/etc/raddb/users (933
entries) read to memory
Mon Nov 6 06:27:35 1995: read_auth: /usr/private/etc/raddb/authfile (3
entries) read to memory
Mon Nov 6 06:27:54 1995: config_files: /usr/private/etc/raddb/clients (4
entries) read to memory
Mon Nov 6 06:27:54 1995: read_users: /usr/private/etc/raddb/users (933
entries) read to memory
Mon Nov 6 06:27:54 1995: read_auth: /usr/private/etc/raddb/authfile (3
entries) read to memory
Mon Nov 6 06:28:22 1995: Accounting: 219/24 'apocalypse' via
ts01.texoma.com from ts01.texoma.com port 4 Stop - OK
Mon Nov 6 06:30:25 1995: rad_authenticate: 220/23 "kreed" at
ts01.texoma.com dumb
Mon Nov 6 06:30:25 1995: Authentication: 220/23 'kreed' via ts01.texoma.com
from ts01.texoma.com port 4 dumb - OK
Mon Nov 6 06:30:29 1995: Accounting: 221/25 'kreed' via ts01.texoma.com
from ts01.texoma.com port 4 Start - OK
Mon Nov 6 06:31:32 1995: Accounting: 222/26 'kreed' via ts01.texoma.com
from ts01.texoma.com port 4 Stop - OK
Mon Nov 6 06:56:23 1995: rad_authenticate: 100/24 "sysadm" at
mercury.texoma.com PPP
Mon Nov 6 06:56:23 1995: Authentication: 100/24 'sysadm' via
mercury.texoma.com from mercury.texoma.com port 1 PPP - OK
Mon Nov 6 06:56:50 1995: rad_authenticate: 227/25 "ldv" at
mercury.texoma.com PPP
Mon Nov 6 06:56:50 1995: Authentication: 227/25 'ldv' via
mercury.texoma.com from mercury.texoma.com port 1 PPP - OK
mercury# ls ../radacct
mercury#
mercury# date
Mon Nov 6 06:58:14 CST 1995
-------------
users sniplet:
-------------
DEFAULT Authentication-Type = Realm
pppuser Authentication-Type = None
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = None,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobson-TCP-IP
1stnational Password = "xxx"
a0013 Password = "xxx"
aadams Password = "xxx"
abarck Password = "xxx"
abark Password = "xxx"
vaden Password = "xxx", Simultaneous-Use=1
Idle-Timeout = 1260,
Session-Limit = 28800
------------
authfile
------------
texoma (texoma.com, texoma.net) RADIUS mercury.texoma.com
DEFAULT RADIUS mercury.texoma.com
NULL RADIUS mercury.texoma.com
------------
realms.las
------------
# Realm.Name LAS-AATV LASACCT-AATV
# ---------- -------- ------------
#
# Token.Pool.Name Max.Usable
# --------------- ----------
#
texoma
POOL-texoma
DEFAULT
-------------
tokenpool.las
-------------
# Token.Pool.Name Number.of.Tokens
# --------------- ----------------
POOL-texoma -1
Larry Vaden, founder and CEO vaden@texoma.com
Internet Texoma, Inc. Voice: 903.465.9331
bringing the real Internet to rural Texomaland Modem: 903.465.9335