Re: Question regarding DEFAULT entry in /etc/raddb/users (fwd)

Jason Hatch (zone@loomis.berkshire.net)
Tue, 18 Jun 1996 01:20:20 -0400 (EDT)

We have ours setup where users are doing BOTH shell and PPP. We started
out giving the PPP users 2 usernames. The first, a ppp username with a "p"
(ex "userp")at the end and the second, known only by the UNIX machine, was
for shell, or when they use POP3 to get their email.

The DEFAULT line we have looks like this:

DEFAULT Password = "UNIX"
User-Service-Type = Login-User,
Login-Service = Rlogin

This way if a shell user wanted to drop to the shell from the portmaster
login, all she would need to do is enter her unix username and password.

PPP users have an entry, ONE PER USER, like so:

userp Password = "asdy43",
User-Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-MTU = 1006,
Framed-Compression = Van-Jacobsen-TCP-IP

Users who weren't familiar with the shell, get really confused when we
explained to them that they needed to login with their PPP dialer using
userp (example "zonep") and then getting their mail via POP-3 using simply
user (example "zone").

The people who wanted to use the UNIX shell were no problem.

Eventually, we STOPPED giving them 2 usernames, only giving the people
who wanted to use the shell a "p" username. This means that joeppp can't
get to shell using Telix at the portmaster login, as it would try to
establish a PPP session.

My question is, knowing how we have it setup, knowing that it would be a
complete nightmare explaining to 400 users that they will no longer use
their "p" usernames, how can we either get all ppp and all shells to
authenticate off UNIX, or switch it so that the PPP users, who make up
90% of our users, use one DEFAULT entry, and then add seperate
"User-Service-Type = Login-User" for the shell people.

This way, when ppp users change their password using a POP-3 client, it
will affect both passwords, etc.

I can see that its going to get really messy before it gets any easier.

-Jason

On Tue, 18 Jun 1996, Jon Lewis wrote:

> On Mon, 17 Jun 1996, MegaZone wrote:
>
> > You don't put user names in at all. Just this entry below:
> >
> > >DEFAULT Password = "UNIX"
> > > User-Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> !> > Framed-Address = 255.255.255.254,
> !> > Framed-Netmask = 255.255.255.255,
> !> > Framed-Routing = None,
> !> > Framed-Compression = Van-Jacobsen-TCP-IP,
>
> Are the marked lines really necessary? What is hte signifigance of
> 255.255.255.254?
>
> ------------------------------------------------------------------
> Jon Lewis | Mime attachments are OK
> jlewis@inorganic5.fdt.net | But please ask before sending
> http://inorganic5.fdt.net | unsolicited huge files.
> ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
>