Authenticate/Attributes based on NAS-IP-Address

N White nwtech at tele-net.net
Thu Jun 9 00:30:43 CEST 2005 

Graeme Hinchliffe wrote:

>Hiya
>	perhaps you could do it using huntgroups.
>
>	Put the static attributes for the user in the radreply table, then
>assign each nas to a huntgroup, so say
>
>NAS-dynamic
>
>	Then in radgroupreply you put the attributes for for dynamic IP
>assignment on the NAS-dynamic, and ensure there is an attribute to
>override the static settings.
>
>not 100% about the overriding of the static IP settings, but would think
>it possible using the assignment ( := ) operator and possibly a null
>value?
>
>Hope thats of some help.
>  
>
Do I need to setup a "HuntGroups" field like Mike suggested? Ok, so in 
huntgroups file:

Wireless         NAS-IP-Address = (the IP of the Wireless NAS)
                      Autz-Type = SQL1 (modify radiusd.conf to include 
this, and sql.conf like in Mike's post?)
NAS-dynamic      NAS-IP-Address = (ip of dialup NAS)
                            NAS-IP-Address = (ip of isdn NAS)

in radgroupreply:

+-------------+--------------------+----+---------------------+-----------+
|   GroupName | Attribute          | op | Value               | HuntGroup |
+-------------+--------------------+----+---------------------+-----------+
| Wireless   | Service-Type       | =  | Framed-User         | Wireless   |
| Wireless   | Framed-Protocol    | =  | PPP                 | Wireless   |
| Wireless   | Framed-IP-Address  | =  | 255.255.255.254     | Wireless   |
| Wireless   | Framed-IP-Netmask  | =  | 255.255.255.255     | Wireless   |
| Wireless   | Framed-Compression | =  | Van-Jacobson-TCP-IP | Wireless   |
+-------------+--------------------+----+---------------------+-----------+
All Other users would go into the Dial-Up Group, which would have a HuntGroup of NAS-dynamic?

in radreply:

+-----------+-------------------+-----+---------------+
| UserName  | Attribute         | op  | Value         |
+-----------+-------------------+-----+---------------+
| test123   | Framed-IP-Address | :=  | 192.168.2.10  |
+-----------+-------------------+-----+---------------+

Now in radgroupcheck do I need a NAS-IP-Address check for each group(or 
the wireless group?)?
Thanks for everyone's help.

-Nick

More information about the Freeradius-Users mailing list