Multiple NAS freeradius

Alejandro Gandara agandara at optaresolutions.com
Mon Oct 17 16:12:45 CEST 2011 

2011/10/4 Arran Cudbard-Bell <a.cudbardb at freeradius.org>

>
> On 4 Oct 2011, at 13:32, Alejandro Gandara wrote:
>
> Hi list,
>
> Im using freeradius 2.1.10 with ldap and I have a doubt.
>
> Im testing radius with two NAS , first one an  openvpn service and the
> other one  is a switch Procurve.
>
> My question is the following:
>
>  Can I configure the openvpn nas to read some attribute from the ldap ( as
> framedipaddress) and at the same time configure switch procurve to read the
> attribute pool-name from the radius?
>  How can I tell freeradius which attribute read for each nas?
>
> For example:
>
> User1 connect trhough openvpn so it will get the ip provided from
> framedipaddress attribute.
> User 1 disconnect openvpn
> User 1 connect with wired connection so it will get  the IP provided for
> ippool after read poolname attribute from ldap.
>
>
> Sure...
>
> sites-available/default
>
> authorize {
> if(Client-shortname == 'openvpn'){
>  update reply {
> Framed-IP-Address := "%{ldap:my ldap query}"
> }
>  }
> else {
> update reply {
> My-Other-Attribute := "%{ldap:my ldap query}"
>  }
> }
> }
>
> I' ve tried this way. But It didnt resolv my problem.
 if(NAS-Port-Type == 'Virtual'){
                update reply {
                        Framed-IP-Address := "%{RadiusFramedIPAddress}"
                }
        }

This step goes right, but for exemple

Client Mike.
It has 2 attributes in LDAP used by Radius.

RadiusFramedIPAddress = x.x.x.x
PoolName                      = Admin.

If client connect against openvpn it has to take RadiusFramedIPAddress but
if it connects through the switch He will take the IP provided for the pool
Admin.

The problem is the next one:  Pool override RadiusFramedIPAddress or
viceversa. I need use only one of them never both at same time.

Any solutions?



Thanks for all and sorry. Im asking too many things.


> clients.conf
>
> client <foo ip> {
> shortname = openvpn
> }
>
>
>  Arran Cudbard-Bell
> a.cudbardb at freeradius.org
>
> Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111017/a0a3962f/attachment.html>

More information about the Freeradius-Users mailing list