diff options
Diffstat (limited to 'raddb/mods-config/preprocess')
-rw-r--r-- | raddb/mods-config/preprocess/hints | 86 | ||||
-rw-r--r-- | raddb/mods-config/preprocess/huntgroups | 43 |
2 files changed, 129 insertions, 0 deletions
diff --git a/raddb/mods-config/preprocess/hints b/raddb/mods-config/preprocess/hints new file mode 100644 index 0000000..84d4d78 --- /dev/null +++ b/raddb/mods-config/preprocess/hints @@ -0,0 +1,86 @@ +# +# hints +# +# The hints file. This file is used to match +# a request, and then add attributes to it. This +# process allows a user to login as "bob.ppp" (for example), +# and receive a PPP connection, even if the NAS doesn't +# ask for PPP. The "hints" file is used to match the +# ".ppp" portion of the username, and to add a set of +# "user requested PPP" attributes to the request. +# +# Matching can take place with the the Prefix and Suffix +# attributes, just like in the "users" file. +# These attributes operate ONLY on the username, though. +# +# Note that the attributes that are set for each entry are +# NOT added to the reply attributes passed back to the NAS. +# Instead they are added to the list of attributes in the +# request that has been SENT by the NAS. +# +# This extra information can be used in the users file to +# match on. Usually this is done in the DEFAULT entries, +# of which there can be more than one. +# +# In addition a matching entry can transform a username +# for authentication purposes if the "Strip-User-Name" +# variable is set to Yes in an entry (default is Yes). +# +# A special non-protocol name-value pair called "Hint" +# can be set to match on in the "users" file. +# +# As with the "users" file, the first entry that matches the +# incoming request will cause the server to stop looking for +# more hints. If the "Fall-Through" attribute is set to +# "Yes" in an entry then the server will not stop, but +# continue to process further hints from the file. Matches +# on subsequent hints will be against the altered request +# from the previous hints, not against the original request. +# +# The following is how most dial-up ISPs want to set this up. +# +# Version: $Id$ +# + + +DEFAULT Suffix == ".ppp", Strip-User-Name = Yes + Hint = "PPP", + Service-Type = Framed-User, + Framed-Protocol = PPP + +DEFAULT Suffix == ".slip", Strip-User-Name = Yes + Hint = "SLIP", + Service-Type = Framed-User, + Framed-Protocol = SLIP + +DEFAULT Suffix == ".cslip", Strip-User-Name = Yes + Hint = "CSLIP", + Service-Type = Framed-User, + Framed-Protocol = SLIP, + Framed-Compression = Van-Jacobson-TCP-IP + +###################################################################### +# +# These entries are old, and commented out by default. +# They confuse too many people when "Peter" logs in, and the +# server thinks that the user "eter" is asking for PPP. +# +#DEFAULT Prefix == "U", Strip-User-Name = No +# Hint = "UUCP" + +#DEFAULT Prefix == "P", Strip-User-Name = Yes +# Hint = "PPP", +# Service-Type = Framed-User, +# Framed-Protocol = PPP + +#DEFAULT Prefix == "S", Strip-User-Name = Yes +# Hint = "SLIP", +# Service-Type = Framed-User, +# Framed-Protocol = SLIP + +#DEFAULT Prefix == "C", Strip-User-Name = Yes +# Hint = "CSLIP", +# Service-Type = Framed-User, +# Framed-Protocol = SLIP, +# Framed-Compression = Van-Jacobson-TCP-IP + diff --git a/raddb/mods-config/preprocess/huntgroups b/raddb/mods-config/preprocess/huntgroups new file mode 100644 index 0000000..da28dba --- /dev/null +++ b/raddb/mods-config/preprocess/huntgroups @@ -0,0 +1,43 @@ +# +# huntgroups This file defines the `huntgroups' that you have. A +# huntgroup is defined by specifying the IP address of +# the NAS and possibly a port. +# +# Matching is done while RADIUS scans the user file; if it +# includes the selection criteria "Huntgroup-Name == XXX" +# the huntgroup is looked up in this file to see if it +# matches. There can be multiple definitions of the same +# huntgroup; the first one that matches will be used. +# +# This file can also be used to define restricted access +# to certain huntgroups. The second and following lines +# define the access restrictions (based on username and +# UNIX usergroup) for the huntgroup. +# + +# +# Our POP in Alphen a/d Rijn has 3 terminal servers. Create a Huntgroup-Name +# called Alphen that matches on all three terminal servers. +# +#alphen NAS-IP-Address == 192.0.2.5 +#alphen NAS-IP-Address == 192.0.2.6 +#alphen NAS-IP-Address == 192.0.2.7 + +# +# The POP in Delft consists of only one terminal server. +# +#delft NAS-IP-Address == 198.51.100.5 + +# +# Port 0 on the first terminal server in Alphen are connected to +# a huntgroup that is for business users only. Note that only one +# of the username or groupname has to match to get access (OR/OR). +# +# Note that this huntgroup is a subset of the "alphen" huntgroup. +# +#business NAS-IP-Address == 198.51.100.5, NAS-Port-Id == 0 +# User-Name == rogerl, +# User-Name == henks, +# Group == business, +# Group == staff + |