[freeside-devel] Introductions..

[ivan]

On Tue, May 23, 2000 at 01:59:25AM -0500, Brian Wolfe wrote:
> 
> 	One would intuitively think that if your account doesn't need
> dialup capabilities that you would un-select the slip ip in the account
> creation fields instead of making it fixed null.....

The service *definition* is a list of constraints for the service; a
template, if you will.  "Off" means that there is no constraint; "default"
of course specifies a default but still allows each individual service to 
change the field,  and "fixed" specifies a value that cannot be changed in
each individual service.

The export program doesn't actually look at the service definition; it's
ruleset is simple: If there's a slipip, export a line into the RADIUS
users file.  If there's a uid, export a line into the passwd file.

> On Mon, May 22, 2000 at 07:16:45PM -0700, ivan wrote:
> > On Sun, May 21, 2000 at 03:49:58PM -0500, Thomas Charron wrote:
> > >   Hello everyone..
> > > 
> > >   I've recently began to setup freeside for a local ISP using ziplink.net as 
> > > their wholesale provider, and I must thank you all for having a package 
> > > available that I had started to write myself..  :-)  That's what I get for not 
> > > looking hard enough first..
> > > 
> > >   I do have several questions regarding the system, more along the lines 
> > > of 'Should I implement this' in case no one has already..  :-P
> > > 
> > >   My first biggie is that apperently the export file will always export to both 
> > > the "users" radius file, and the "passwd" file.  I'd like it to be configurable 
> > > as to where they are exported.  This is becouse we will sell a shell account 
> > > that *DOES NOT INCLUDE DIALUP CAPABILITIES*, and hence, do NOT want it exported 
> > > to the radius file, as they shouldn't be able to auth via radius.  Has anyone 
> > > made changes to allow this yet?  By the same token, we also have PPP users who 
> > > auth off of radius but beyond that, should have no access to the system, aka, 
> > > no entries in the passwd file.  Yes, I know this means they will not be able to 
> > > recieve email (This is a feature, not a bug..  :-}).  Basically, we want to be 
> > > able to have several accounts.
> > > 
> > >   1) PPP with shell, mail, etc..
> > >     This is possible now simply by have the system export to both the radius 
> > > file, along with the passwd file, with a valid shell and home dir setup..
> > > 
> > >   2) PPP without anything
> > >     (See question)
> > > 
> > >   3) Shell with dialin, etc..
> > >     Again, possible with some minor modification to tell radius that it's a 
> > > shell forward.
> > > 
> > >   4) Shell with nadazilchnothing radius wise
> > >     Simply an entry in the passwd, but nothing going into the radius file.
> > > 
> > >   I'm asking these for simple thoughts on the matter.  I'm probrably going to 
> > > add a flag stating 'local', 'remote', or 'both' that will get detected by the 
> > > export scripts to tell where it should be exported to.  Easy enough..
> > 
> > Unneccessary.
> > 
> > To turn off export to the RADIUS users file, set the `slipip' in the
> > service definition to `Fixed' and blank.  To turn off export to the passwd
> > file, set the `uid' in the service definition to `Fixed' and blank.
> > 
> > Freeside *does* need some work to have accounts be generalized to any
> > number of machines/services, but the case you outline above is covered.
> > 
> > >   Another note is if wished I can supply a simple perl app that will import 
> > > ziplinks dialup numbers, simular to the one provided that pulls megapop.com's 
> > > access list.
> > 
> > Sure!
> > 
> > I'm also very interested in interfacing to the provisioning systems of
> > Megapop, Ziplink and other wholesale providers.  From what I understand,
> > many use proxy RADIUS, but there's also other options.
> > 
> > -- 
> > meow
> > _ivan

-- 
meow
_ivan