Thats one possibility, but ive never done it..
Peter Marelas
On Tue, 18 Jun 1996, Jason Hatch wrote:
>
> Thanks! I'll check that out.
>
> On another note, since login messages are handled by the portmaster, and
> both our postmasters are the same with exception of the system's IP and
> host name, is it possible to CLONE an entire portmaster, or make changes
> to one variable in several portmasters at once?
>
> -Jason
>
> On Tue, 18 Jun 1996, Peter Marelas wrote:
>
> > For starters, i would leave the DEFAULT as PPP.
> >
> > Second, I would provide a login message explaining how to start shell access, because someone running telix will actually see the screen, whereas someone doing an autodial in winsock is clueless..
> >
> > Thirdly, their are patches on www.enteract.com to make radius provide a "login type" based on the username entered..
> >
> > For instance..
> >
> > SDEFAULT = "UNIX"
> > User-Service-Type = Login-User,
> > Login-Service = Rlogin
> >
> > would provide shell access if the user logged in with Susername..
> >
> > Peter
> >
> > On Tue, 18 Jun 1996, Jason Hatch wrote:
> >
> > >
> > >
> > > We have ours setup where users are doing BOTH shell and PPP. We started
> > > out giving the PPP users 2 usernames. The first, a ppp username with a "p"
> > > (ex "userp")at the end and the second, known only by the UNIX machine, was
> > > for shell, or when they use POP3 to get their email.
> > >
> > > The DEFAULT line we have looks like this:
> > >
> > > DEFAULT Password = "UNIX"
> > > User-Service-Type = Login-User,
> > > Login-Service = Rlogin
> > >
> > > This way if a shell user wanted to drop to the shell from the portmaster
> > > login, all she would need to do is enter her unix username and password.
> > >
> > > PPP users have an entry, ONE PER USER, like so:
> > >
> > > userp Password = "asdy43",
> > > User-Service-Type = Framed-User,
> > > Framed-Protocol = PPP,
> > > Framed-Address = 255.255.255.254,
> > > Framed-Netmask = 255.255.255.0,
> > > Framed-Routing = Broadcast-Listen,
> > > Framed-MTU = 1006,
> > > Framed-Compression = Van-Jacobsen-TCP-IP
> > >
> > > Users who weren't familiar with the shell, get really confused when we
> > > explained to them that they needed to login with their PPP dialer using
> > > userp (example "zonep") and then getting their mail via POP-3 using simply
> > > user (example "zone").
> > >
> > > The people who wanted to use the UNIX shell were no problem.
> > >
> > > Eventually, we STOPPED giving them 2 usernames, only giving the people
> > > who wanted to use the shell a "p" username. This means that joeppp can't
> > > get to shell using Telix at the portmaster login, as it would try to
> > > establish a PPP session.
> > >
> > > My question is, knowing how we have it setup, knowing that it would be a
> > > complete nightmare explaining to 400 users that they will no longer use
> > > their "p" usernames, how can we either get all ppp and all shells to
> > > authenticate off UNIX, or switch it so that the PPP users, who make up
> > > 90% of our users, use one DEFAULT entry, and then add seperate
> > > "User-Service-Type = Login-User" for the shell people.
> > >
> > > This way, when ppp users change their password using a POP-3 client, it
> > > will affect both passwords, etc.
> > >
> > > I can see that its going to get really messy before it gets any easier.
> > >
> > > -Jason
> > >
> > > On Tue, 18 Jun 1996, Jon Lewis wrote:
> > >
> > > > On Mon, 17 Jun 1996, MegaZone wrote:
> > > >
> > > > > You don't put user names in at all. Just this entry below:
> > > > >
> > > > > >DEFAULT Password = "UNIX"
> > > > > > User-Service-Type = Framed-User,
> > > > > > Framed-Protocol = PPP,
> > > > !> > Framed-Address = 255.255.255.254,
> > > > !> > Framed-Netmask = 255.255.255.255,
> > > > !> > Framed-Routing = None,
> > > > !> > Framed-Compression = Van-Jacobsen-TCP-IP,
> > > >
> > > > Are the marked lines really necessary? What is hte signifigance of
> > > > 255.255.255.254?
> > > >
> > > > ------------------------------------------------------------------
> > > > Jon Lewis | Mime attachments are OK
> > > > jlewis@inorganic5.fdt.net | But please ask before sending
> > > > http://inorganic5.fdt.net | unsolicited huge files.
> > > > ________Finger jlewis@inorganic5.fdt.net for PGP public key_______
> > > >
> > >
> >
>