Combine Proxy Answer with Local Information

Dan Fisher | Fluidata DanFisher at fluidata.co.uk
Wed Nov 18 13:39:34 CET 2009 

Hi all,

 

 

I am wondering if someone will be able to point me in the correct
direction with a setup I am trying to achieve. Basically we are rolling
out a new offering to our customers where we want to have our LAC's
query our radius servers which will then proxy requests on to our
customer's radius servers based on the domain used in the username. I
have got all of the proxy'ing working within radius - nice and easy
following the wiki and instructions - thanks.

 

My problem is that the response I send to our LAC has to contain extra
information depending on the domain. Is it possible to query a local
mysql database for this extra information (these are cisco av pairs
needed to establish the tunnels between the LAC and LNS) and add it into
the Access-Accept message that is returned to the LAC from the radius?

 

An example would of what I have at the moment is:

 

Sending Access-Accept of id 6 to xx.xx.xx.xx port 51274

        Framed-IP-Address = 192.168.0.1

        Service-Type = Framed-User

        Framed-Protocol = PPP

        Framed-IP-Netmask = 255.255.255.255

        Tunnel-Server-Endpoint:0 = "yy.yy.yy.yy"

 

And I need it contain 3 extra lines that would be stored locally (in
italics):

 

Sending Access-Accept of id 6 to xx.xx.xx.xx port 51274

        Framed-IP-Address = 192.168.0.1

        Service-Type = Framed-User

        Framed-Protocol = PPP

        Framed-IP-Netmask = 255.255.255.255

        Tunnel-Server-Endpoint:0 = "yy.yy.yy.yy"

        Tunnel-Type:0 = L2TP

        Tunnel-ID=DEFGH

        L2TP-Tunnel-Password=ABCDE"

 

This is currently running on FreeRADIUS Version 2.1.7. I have read the
documentation and the mailing lists but cant seem to find anyone who has
had to do a similar thing.

 

Kind Regards

Dan Fisher

 

Technical Manager

 

get your data flowing ...

 

DDI: 020 7099 8985

 

 

Tel: 0845 868 7848

Fax: 0845 868 7858

 

danfisher at fluidata.co.uk <mailto:danfisher at fluidata.co.uk> 

www.fluidata.co.uk <http://www.fluidata.co.uk/> 

 

This message is intended solely for the use of the individual or
organisation to whom it is addressed. It may contain privileged or
confidential information. If you have received this message in error,
please notify the originator immediately. If you are not the intended
recipient, you should not use, copy, alter, or disclose the contents of
this message. All information or opinions expressed in this message
and/or any attachments are those of the author and are not necessarily
those of Fluidata Ltd. Fluidata accepts no responsibility for loss or
damage arising from its use, including damage from virus.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091118/ee0990c0/attachment.html>

More information about the Freeradius-Users mailing list