Re: [Emerald] Restricting an ADSL user from dialing in

Dale E. Reed Jr. ( (no email) )
Wed, 17 Nov 1999 15:07:35 -0800

Todd Coward wrote:
>
> We offer ADSL service along with our regular dialup service. Since both are
> configured as standard PPP accounts with the standard radius attributes
> (framed-user, and PPP protocol), this means that anyone with an ADSL account
> can use that same account (same user ID & PW) to log on in a standard dialup
> mode.
>
> Is there any way -- possibly through other radius attributes -- to restrict
> an ADSL user from using that same account as a standard dialup account?

Check to see if the DSL RADIUS client returns anything special/different
than the dialups do. For example, NAS-Port-Type, etc. Also, you could
put a RadCheck attribute of the NASIdentifier of the DSL box (or
whatever
its returning as a NAS-Identifier) to prevent the user from logging onto
another box. That way if the user tries to log into a PPP client, the
NAS-Identifier wouldn't match the DSL RADIUS client's NAS-Identifier,
and
RadiusNT would reject the login.

-- 

Dale E. Reed Jr. Emerald and RadiusNT__________________________________________IEA Software, Inc. www.iea-software.com

For more information about this list (including removal) go to:http://www.iea-software.com/support/maillists/liststart