Second, I would provide a login message explaining how to start shell access, because someone running telix will actually see the screen, whereas someone doing an autodial in winsock is clueless..
Thirdly, their are patches on www.enteract.com to make radius provide a "login type" based on the username entered..
For instance..
SDEFAULT = "UNIX"
User-Service-Type = Login-User,
Login-Service = Rlogin
would provide shell access if the user logged in with Susername..
Peter
On Tue, 18 Jun 1996, Jason Hatch wrote:
>
>
> We have ours setup where users are doing BOTH shell and PPP. We started
> out giving the PPP users 2 usernames. The first, a ppp username with a "p"
> (ex "userp")at the end and the second, known only by the UNIX machine, was
> for shell, or when they use POP3 to get their email.
>
> The DEFAULT line we have looks like this:
>
> DEFAULT Password = "UNIX"
> User-Service-Type = Login-User,
> Login-Service = Rlogin
>
> This way if a shell user wanted to drop to the shell from the portmaster
> login, all she would need to do is enter her unix username and password.
>
> PPP users have an entry, ONE PER USER, like so:
>
> userp Password = "asdy43",
> User-Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Address = 255.255.255.254,
> Framed-Netmask = 255.255.255.0,
> Framed-Routing = Broadcast-Listen,
> Framed-MTU = 1006,
> Framed-Compression = Van-Jacobsen-TCP-IP
>
> Users who weren't familiar with the shell, get really confused when we
> explained to them that they needed to login with their PPP dialer using
> userp (example "zonep") and then getting their mail via POP-3 using simply
> user (example "zone").
>
> The people who wanted to use the UNIX shell were no problem.
>
> Eventually, we STOPPED giving them 2 usernames, only giving the people
> who wanted to use the shell a "p" username. This means that joeppp can't
> get to shell using Telix at the portmaster login, as it would try to
> establish a PPP session.
>
> My question is, knowing how we have it setup, knowing that it would be a
> complete nightmare explaining to 400 users that they will no longer use
> their "p" usernames, how can we either get all ppp and all shells to
> authenticate off UNIX, or switch it so that the PPP users, who make up
> 90% of our users, use one DEFAULT entry, and then add seperate
> "User-Service-Type = Login-User" for the shell people.
>
> This way, when ppp users change their password using a POP-3 client, it
> will affect both passwords, etc.
>
> I can see that its going to get really messy before it gets any easier.
>
> -Jason
>
> On Tue, 18 Jun 1996, Jon Lewis wrote:
>
> > On Mon, 17 Jun 1996, MegaZone wrote:
> >
> > > You don't put user names in at all. Just this entry below:
> > >
> > > >DEFAULT Password = "UNIX"
> > > > User-Service-Type = Framed-User,
> > > > Framed-Protocol = PPP,
> > !> > Framed-Address = 255.255.255.254,
> > !> > Framed-Netmask = 255.255.255.255,
> > !> > Framed-Routing = None,
> > !> > Framed-Compression = Van-Jacobsen-TCP-IP,
> >
> > Are the marked lines really necessary? What is hte signifigance of
> > 255.255.255.254?
> >
> > ------------------------------------------------------------------
> > Jon Lewis | Mime attachments are OK
> > jlewis@inorganic5.fdt.net | But please ask before sending
> > http://inorganic5.fdt.net | unsolicited huge files.
> > ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
> >
>