NAS-Group? - different replies to different NASes?

Adrian adrian at dsl4u.ca
Tue Feb 26 14:34:41 CET 2008 

Hello Alan, Ivan

I think I might have another issue, as per the documentation the first item
to be checked is the radcheck table for any attributes.   Since my user
exists in there I don't think the request will fall through to the
radgroupcheck table anymore.  

The issue becomes more complicated since I want to send the LAC a different
response, on the same user, than my LNS. 

What if I add another column in the radcheck table that is called
"NAS-Group" for example.  Then modify the sql.conf (I suspect a SQL
statement in there) to do a check against that new field for allowing
authentications?
Also, if at the same time I add a new column in Radcheckgroup (or maybe in
the nas table) that has the same field name as the "NAS-Group" above and in
there I assign each LNS/LAC a NAS-Group Identifier?

Will that even be remotely possible?

Remember, my original problem is that I need to send the Telco's Proxy
Radius (based on an individual user) a specific set of attributes that will
be passed on to their LAC.  Once on their LAC that same request will filter
through to my LNS and I do not wish to send my LNS the same specific
attributes but the rather standard IP/Netmask/Framed-Route attributes.

PS.  Thank you all for putting up with my questions.

Thanks
Adrian

-----Original Message-----
From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: Tuesday, February 26, 2008 3:57 AM
To: FreeRadius users mailing list
Subject: Re: NAS-Group? - different replies to different NASes?

Adrian wrote:
> Create 2 Groups in radgroupreply like this:
> Telco_LAC_Group - with all the tunnel attributes
> LNS_Group - which all the users would be assigned to and whatever
attributes
> they need to share.
> 
> In "radgroupcheck" enter a NAS-IP-Address check for the Telco_LAC_Group
that
> matches on the LAC's IPs.
> In "usergroup" assign the user to the LNS_Group
> Everything else remains the same as before (radreply and radcheck with the
> specific user info)
> 
> Does that make sense?

  It should work.

> Any other way to group attributes for specific NASes?

  Many.  But without knowing details of your needs and configurations,
it's a little hard to make suggestions.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list