freeradius and ADSL-Agent-Circuit-Id

Tim Sylvester tim.sylvester at networkradius.com
Tue Jul 20 22:07:56 CEST 2010


Ad this into the authorize section:


authorize {

        if %{ADSL-Agent-Circuit-Id} {
                update request {
                        User-Name := "%{ADSL-Agent-Circuit-Id}"
                        Password  := "%{ADSL-Agent-Circuit-Id}"
                }
        }

Make sure that to add the User-Name (ADSL-Agent-Circuit-Id) to radcheck and
set the password to the value of ADSL-Agent-Circuit-Id.

+--------+-----------+--------------------+----+-----------+
| id     | username  | attribute          | op | value     |
+--------+-----------+--------------------+----+-----------+
| 226529 | adslagent | Cleartext-Password | := | adslagent |
+--------+-----------+--------------------+----+-----------+
1 row in set (0.00 sec)

Tim

> -----Original Message-----
> From: freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+tim.sylvester=networkradius.com at lists.freeradius.org] On Behalf
> Of Mike
> Sent: Tuesday, July 20, 2010 12:37 PM
> To: FreeRadius users mailing list
> Subject: freeradius and ADSL-Agent-Circuit-Id
>
> Greetings,
>
>     I would like to be able to incorporate processing of
> ADSL-Agent-Circuit-Id into my freeradius / mysql environment. I have a
> stock debian / freeradius2 server with a local mysql database, and my
> bras is correctly getting this attribute to me and I see it under
> freeradius -X. I would like to implement a policy of 'ignore
> username/password' and instead authenticate based on the presence of
> this attribute and the database entry corresponding to it. I do not
> want
> to simply overwrite User-Name with the attribute, I really want to only
> peform this step if the attribute is actualy present otherwise proceed
> normally for chap/pap. So I guess the question is, how can I
> conditionally authenticate based on presence of this attribute (and a
> corresponding db entry saying "Auth-type = Accept" or "Reject")?
> Previous posters suggesting overwriting User-Name open up a hole where
> if anyone just makes their username the same as a valid circuit ID,
> they'd be allowed and really I want to enforce it based on the presence
> of the acutal attribute itself.
>
> Mike-
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list