NAS-Group? - different replies to different NASes?
Ivan Kalik
tnt at kalik.net
Tue Feb 26 20:36:54 CET 2008
>
>A: I have a set of "master" tunnel attributes that I always have to send to
>this Telco.
>i.e. Service-type, Tunnel-Type, Tunnel-Preference, Tunnel-password,
>Tunnel-Server-Endpoint..etc
>The way this Telco obtains these attributes is by sending the
>Username/Password combination my way. (i.e. I need to authenticate
>userxyz at telco.com). Once I see that user come through from their boxes (3
>Static IPs) I have to send back to them the tunnel attributes above. Once
>the tunnel attributes were sent, they establish an L2TP tunnel to my LNS and
>my LNS now asks my Radius server again to authenticate the user. So I see
>the same userxyz at telco.com requesting to be authenticated. Since I
>currently cannot distinguish between NASes I am sending the same Tunnel
>Attributes to my LNS which causes my LNS to try to initiate a tunnel back to
>itself (because the Tunnel-Server-Endpoint attribute is the actual LNS).
>++++++++++++++++++++++++++++++++++++++
>
This is very strange. That information should be on telco radius server,
not yours. It should not have to proxy requests to you. They ought to
know the tunnel endpoint - *they* gave you the IP to set on your router
when they leased you the line.
Simplest thing to do is to create a huntgroup caled LAC and place those
static IPs there. Then put something like this i your users file:
DEFAULT Huntgroup-Name == "LAC", Auth-Type := Accept
Reply-Message = "You are one strange telco",
and list other reply attributes that you need to send
them.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list