Conditional radreply with Freeradius. Possible somehow ?
Pere Hospital
pere at secways.com
Tue May 25 10:19:01 CEST 2010
Hi all,
Here is the situation.
We have a freeradius server that receives autnetication/authorization
requests from multiple vpn servers.
For just CERTAIN servers we want to return a Framed-IP-Address via
radreply.
We would control the Framed-IP-Address return value (if any) via
Nas-Identifier parameter that we receive from the VPN servers.
So the logic of the process would be :
Receive auth request from VPN server
---> Authenticate/Authorize user (via radcheck, checking expiration
date, number of simultaneous logins ...). ---> If NAS-Identifier = X
then return (via radreply) Framed-IP-Address=Y ---> If NAS-Identifier
= Z then return (via radreply) Framed-IP-Address=W ---> otherwise
don't return a Framed-IP-Address
Is this possible somehow ?
We are using SQL module in freeradius.
Details :
Debian 5.0.4
freeradius 2.0.4+dfsg-6
Regards,
Pere
--
Pere Hospital, CISSP®, OSCP®
secWays
Security First
p: +34 933905455
m: +34 649827299
e: pere at secways.com
w: www.secways.com
PGP keyid: 0x100D35BDA0F669A8
http://keyserver.pgp.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100525/5f952b03/attachment.pgp>
More information about the Freeradius-Users
mailing list