Re: Using Client-Ip-Address attribute in preprocess files

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Sun, 15 Apr 2007 23:32:23 +0100

A.L.M.Buxey@lboro.ac.uk wrote:

Hi,

Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to 

work,

if this because the Client-Ip-Address is written to the request packet 

at the end of pre-process

and not the beginning ? Or is there more strangeness afoot ?

are you sure you want Client-IP-Address and not NAS-IP-Address ?

utilizing the NAS-IP-Address allows you to define authorization etc
based on the access point that the user has connected via.

alan

- 

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

NAS's can lie :)
.

I'm still trying to do this without perl....and this is the last thing ! 

The very last thing I need to make it all work.

nas_hints
#/* Authentication Mediums */
#    '802.1',  # 802.1 (Wired LAN)
#    '802.11', # 802.11 (Wireless LAN)
#    'IPSEC',  # IPSEC (VPN)
#    'SSH',      # Secure Shell/Nas Prompt Login
#    'HTTPS',  # Captive Portal/Nas Web Interface
#    'PROXY',  # Client Isn't a NAS it's an offsite Proxy
#    'unused', # For future use
#    'unused', # For future use
#/* Extended Features */
#    'RADACCT',# NAS Can do RADIUS Accounting
#    'D802.Q', # NAS Can do Dynamic Vlan Assignment
#    'MULTIBESSID'); # NAS Can have multiple SSIDs / BSSIDs

#############################################################
# Debug entry for home testing.
DEFAULT Packet-Src-IP-Address = '81.6.252.244'
       NAS-Feature-Set = '00000100000'

#############################################################
# Set the 'PROXY' flag in the feature set for the JRS proxies
DEFAULT Packet-Src-IP-Address == roaming0.ja.net
       NAS-Feature-Set = '00000100000'

DEFAULT Packet-Src-IP-Address == roaming1.ja.net
       NAS-Feature-Set = '00000100000'

DEFAULT Packet-Src-IP-Address == roaming2.ja.net
       NAS-Feature-Set = '00000100000'

#############################################################
# Retrieve the feature set for all none recognised clients
# from the NetReg3 Database
DEFAULT NAS-Feature-Set =* ANY

       NAS-Feature-Set = "%{sql_clients:SELECT 

EXPORT_SET(master.nas_flags,'1','0','',20) FROM `master` WHERE 

CONCAT(ip1,'.',ip2,'.',ip3,'.',ip4) = '%{Packet-Src-IP-Address}'}"

Need to be able to set static NAS profiles for the few weird clients 

that can't be included in the NetReg clients database.

*sigh*

Don't suppose you know how to match multiple values in a request 

attribute without regexp ? as in could be a,b or c ?

Always assumed you couldn't , but may as well ask :)

Thanks,
Arran