---------- Forwarded message ----------
From: Ervin Malicdem <schadow1 at gmail dot com>
Date: Jul 28, 2006 11:04 AM
Subject: Re: [m0n0wall] Microsoft IAS and per-user bandwidth control and
logout user after specified time
To: "James W. McKeand" <james at mckeand dot biz>
thanks for the reply.
I had seen this additional entry at remote access policy in IAS. For hours,
I tried to input WISPr-Bandwidth-Max-Down... etc to it but would not work.
At last i finally found a PDF of RADIUS commands telling me about VSA's at
node 14122 and sub attribute for WISPr-Bandwidth-Max-Down and
WISPr-Bandwidth-Max-Up to 8 and 7 sub-attributes respectively. I tried to
place it and the desired integer value in kbps at one of the Remote Access
Policies at IAS and it worked.
The only thing that's left to learn is the session-timeout to limit the
users in minutes. I do hope I'm in the right direction.
On 7/28/06, James W. McKeand <james at mckeand dot biz> wrote:
> Ervin Malicdem wrote:
> > Hello,
> > I dont know much about networking but would like to learn bit by bit
> > depending on what i need for my small hotspot.
> > I was able to learn to use IAS in Windows 2003 for user
> > authentication with captive portal.
> > The next things I would like to learn are how to control per-user
> > bandwidthand specifying
> > the time a user will be logged out and cannot log-in again (lets say
> > 30 minutes).
> > I am currently using m0n0wall 1.23b1.
> > I have set up the desired default bandwidth, enabled reauthentication
> > per minute, use RADIUS session-timeout to default type and IETF MAC
> > format. (Let me know if I set up m0n0wall correctly for my needs.)
> > Next step is to know how to set up IAS to work with the above settings
> > (which i dont have any idea).
> First of all, don't bump messages...
> Second, IAS is a very light weight RADIUS, basically it allows RADIUS
> Client to Active Directory (or Local user account) connection. I.e. it
> allows a Windows box to respond to RADIUS authentication requests. I do
> not believe it has the desired capability to send additional user
> parameters. I could be wrong, but I don't think it is there.
> James W. McKeand
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch