usually any ISP with DIAL-UP services has several authorization groups:
1. ordinary PPP with use NAS internal address pool service=ppp protocol=lcp service=ppp protocol=ip addr-pool=DIALUP # below only if users use terminals for insert username/password # (some non-standard, advanced or stupid dial-up clients) service=shell cmd= service=shell autocmd=ppp service=shell noescape=true
2. group = username - for ppp with static ip addr service=ppp protocol=lcp service=ppp protocol=ip addr=194.85.113.100
3. ppp with use tacppd internal ip addr pooling system this is our addition, but for NAS it will be converted to string "addr=address_from_pool_system" service=ppp protocol=lcp service=ppp protocol=ip addr=INT:addrpool=1
4. ppp with additional ip filters service=ppp protocol=lcp service=ppp protocol=ip addr-pool=DIALUP service=ppp protocol=ip inacl#1=deny ip any 192.168.0.0 0.0.0.255 service=ppp protocol=ip inacl#2=permit ip any any
5. uucp (rlogin access to uucp server) service=shell cmd= service=shell autocmd=rlogin aaa.bbb.ru /user uuuser service=shell noescape=true
6. admin access (unrestricted) service=shell cmd=
7. async tunnel: service=shell cmd= service=shell autocmd=telnet 192.168.10.100 3162 /stre am service=shell noescape=true
some comments:
a) if you use ppp multilink (for example, you have ISDN users), you should add: service=ppp protocol=multilink max-links=2
b) ppp callback service service=ppp protocol=lcp callback-dialstring= service=shell callback-dialstring= service=shell nocallback-verify=1