Re: (RADIUS) Rejecting users in alternate relams

Mihai Ibanescu (misa@dntis.ro)
Thu, 2 Apr 1998 13:54:18 +0300 (EET DST)

On Thu, 26 Mar 1998 alexander@innocent.com wrote:

> Trying to solve a problem concerning realms, and problem users. Currently
> I'm running Radius with a large number of realms for resellers. My problem
> starts when a users of a realm that I do not control the radius server on
> (Something I don't approve of but I don't own the company) beings spamming.
> Is there a way to block a user before he is forwarded to the RADIUS server
> of the realm in question, without just blocking the realm all together, or
> having to wait for them to get around to editing the user.

If I remember correctly, radius-2.01-C (and D) has a feature called
"stopuser" (and "denyuser").

Another way to do it is to use a proxy (my proxy :-), and use a regexp for
that user, sending the packets in The Big Hole (TM). I've written a RADIUS
proxy, and I can define realms based on regexps. So, it shouldn't be too
difficult to create a realm based on a regexp like

^baduser@somerealm.com$

and to ignore authentication (or to send it to a port where noone listens
to; you'll get a Connection refused, and a reject).

Hope this works.

Best wishes,

Mihai

Mihai Ibanescu Dynamic Network Technologies
http://sysadm.dntis.ro/~misa Moara de Foc 35, et. 7, 6600 Iasi
misa@dntis.ro tel. +40-32-252936

-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-radius' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>