If I'm trying to lock an ISDN user out of the general modem pool, I first
need a line like this:
luser Auth-Type = System, NAS-Port-Type = ISDN
[ Reply items go here ]
This checks first for a login on the system, then makes sure that
the port is an ISDN. If the login is correct AND it's an ISDN port,
the reply items are sent.
However, if the ISDN user is trying to come in on an Async line, this
entry fails, and RADIUS will authenticate this user with my DEFAULT item:
DEFAULT Auth-Type = System, NAS-Port-Type = Async
[ Reply items go here ]
According to the list archives, the solution is to have a second entry
for the user immediately after the first which would reject the login:
luser Auth-Type = System, NAS-Port-Type = ISDN
[ Reply items go here ]
luser Auth-Type = Reject
OK, easy enough, but wait - there's more! I'm using the DBM stuff in
RADIUS since it compiled in by default, even though I only have about
100 items in my list.
My problem is that builddbm rejects the second entry for the user since
it has a duplicate username! Must I use the flat file version to be able to
keep ISDN users out of the analog modem pool??
Thanks in advance for any suggestions.
========================================================================
Joe Hartley - jh@brainiac.com - brainiac services, inc
PO Box 5069 : Greene, RI : 02827 - vox 401.539.9050 : fax 401.539.2070
Without deviation from the norm, "progress" is not possible. - FZappa