MPD as LAC + Radius

Alexander Motin mav at
Tue Aug 23 22:56:09 UTC 2011


Gruel Bruno wrote:
> I use MPD on FreeBSD 8.2 as LAC but i can't (or don't hnow how) check (user/password) off the pppoe client before "forwarding" the connection.
> I try a lot off variant on my mpd.conf without success.
> This is my config file (mpd.conf) :
> default:
>         load killa_lac
> killa_lac:
>         create link template L1 pppoe
>         set pppoe iface le0
>         load radius
>         set link enable multilink
>         set link action forward L2
>         set link enable incoming
>         create link template L2 l2tp
>         set l2tp peer X.X.X.X
>         set l2tp secret xxxxx
> radius:
>         set radius server X.X.X.X killa_lac
>         set radius retries 3
>         set radius timeout 3
>         set radius me X.X.X.X
>         set auth acct-update 300
>         set auth enable radius-auth
>         set auth enable radius-acct
>         set radius disable message-authentic
> Have got a idea ?

In your configuration forwarding will happen without authorization just
after link accepted. To have authorization you should remove "set link
action forward L2" (or replace it with some "set link action bundle B1",
if you want to terminate some calls locally by default) and instead make
your RADIUS server to include to response vendor-specific AV-pair:
	mpd-action => "forward L2"

As result, your RADIUS will be able to choose forward call (how and
where), terminate it locally or just drop.

Alexander Motin

More information about the freebsd-net mailing list