Using Client-Ip-Address attribute in preprocess files

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Mon Apr 16 16:50:22 CEST 2007 

Arran Cudbard-Bell wrote:
> A.L.M.Buxey at lboro.ac.uk wrote:
>> Hi,
>>
>>   
>>>>> Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to 
>>>>> work,
>>>>> if this because the Client-Ip-Address is written to the request packet 
>>>>> at the end of pre-process
>>>>> and not the beginning ? Or is there more strangeness afoot ?
>>>>>         
>> are you sure you want Client-IP-Address and not NAS-IP-Address ?
>>
>> utilizing the NAS-IP-Address allows you to define authorization etc
>> based on the access point that the user has connected via.
>>
>> alan
>> - 
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>   
> NAS's can lie :)
> .
> 
> I'm still trying to do this without perl....and this is the last thing ! 
> The very last thing I need to make it all work.
> 
> nas_hints
> #/* Authentication Mediums */
> #    '802.1',  # 802.1 (Wired LAN)
> #    '802.11', # 802.11 (Wireless LAN)
> #    'IPSEC',  # IPSEC (VPN)
> #    'SSH',      # Secure Shell/Nas Prompt Login
> #    'HTTPS',  # Captive Portal/Nas Web Interface
> #    'PROXY',  # Client Isn't a NAS it's an offsite Proxy
> #    'unused', # For future use
> #    'unused', # For future use
> #/* Extended Features */
> #    'RADACCT',# NAS Can do RADIUS Accounting
> #    'D802.Q', # NAS Can do Dynamic Vlan Assignment
> #    'MULTIBESSID'); # NAS Can have multiple SSIDs / BSSIDs
> 
> #############################################################
> # Debug entry for home testing.
> DEFAULT Packet-Src-IP-Address = '81.6.252.244'
>         NAS-Feature-Set = '00000100000'
> 
> #############################################################
> # Set the 'PROXY' flag in the feature set for the JRS proxies
> DEFAULT Packet-Src-IP-Address == roaming0.ja.net
>         NAS-Feature-Set = '00000100000'
> 
> DEFAULT Packet-Src-IP-Address == roaming1.ja.net
>         NAS-Feature-Set = '00000100000'
> 
> DEFAULT Packet-Src-IP-Address == roaming2.ja.net
>         NAS-Feature-Set = '00000100000'
> 
> #############################################################
> # Retrieve the feature set for all none recognised clients
> # from the NetReg3 Database
> DEFAULT NAS-Feature-Set =* ANY
>         NAS-Feature-Set = "%{sql_clients:SELECT 
> EXPORT_SET(master.nas_flags,'1','0','',20) FROM `master` WHERE 
> CONCAT(ip1,'.',ip2,'.',ip3,'.',ip4) = '%{Packet-Src-IP-Address}'}"
> 
> Need to be able to set static NAS profiles for the few weird clients 
> that can't be included in the NetReg clients database.
> 
> *sigh*
> 
> Don't suppose you know how to match multiple values in a request 
> attribute without regexp ? as in could be a,b or c ?
> Always assumed you couldn't , but may as well ask :)
> 
> Thanks,
> Arran
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Yep can confirm latest CVS commit fixed this,

Thanks Alan :D

Unfortunately Huntgroups are very broken ATM,

If the user is in the first huntgroup all is fine,
Even if that huntgroup has multiple entries.

If they're in the second huntgroup however, it doesn't match.

This is huntgroups in the order that they appear in the huntgroups file.

This isn't a major issue for me yet. But I know other people rely on 
them and would like them unbroken :)


-- 
Arran Cudbard-Bell (ac221 at sussex.ac.uk)
Authentication Authorisation & Accounting Officer
Infrastructure Services | ENG1 FF08
EXT:3900

More information about the Freeradius-Users mailing list