Different Authentication for several devices (several Nas-Ip-Address)

nicolaskarp at free.fr nicolaskarp at free.fr
Mon Jul 23 16:53:53 CEST 2007


Re-Hello ;-)

I search how i can do this but i don't find...

I want to do this :

If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Dev"
else
  If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Prod"
  else
    Do nothing.
  fi
fi

I don't know how check the NAS-IP-ADDRESS attribute and rewrite an other
attribute (Calling-Station-ID)..

Thank you for your help !!

NicolaS.

Selon nicolaskarp at free.fr:

> Hello,
>
> Thank you for your help but I don't understand how you can make it.
>
> Here my configuration that I try:
>
> #Replae The Nas-Ip6address by Proxy-IP
> attr_rewrite overwrite_nasip {
>         attribute = "NAS-IP-Address"
>         searchfor = ".*"
>         packet    = packet
>         replacewith = "10.28.65.130"
>         max_matches = 1
> }
>
> # Dev Eqpt : 192.168.48.0/24
> attr_rewrite dev_equipment {
>         attribute = "Calling-Station-Id"
>         searchfor = ".*"
>         packet    = packet
>         replacewith = "Dev"  --> Replace String Dev for all Eqpts but not for
> 192.168.48.0/24!!
>         max_matches = 1
> }
>
> preproxy {
>   files
>   overwrite_nasip
>   dev_equipment
> }
>
> Here what I want :
>
> 1.
>
> If [ NAS-IP-Address =~ 192.168.48.* ]
>   Calling-Station-Id = Dev
> else
>    if [ NAS-IP-Address =~ 192.168.49.* ]
>        Calling-station-id = Prod
>    else
>        Calling-station-id = Any
>    fi
> fi
>
> 2.
> the proxy forwards the access-request to the radius server
>
> 3.
> The radius server receives the acces-request
>    If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
>      instance_openldap-Ldap-Group == CiscoDev
>    else
>       If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
>          instance_openldap-Ldap-Group == CiscoProd
>       else
>          instance_openldap-Ldap-Group == CiscoOthers
>       fi
>    fi
>
> Thank you for your assistance
>
> Nicolas.
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>





More information about the Freeradius-Users mailing list