Authorising Clients by Calling Station ID Not IP

Johan Meiring jmeiring at
Tue Oct 25 11:45:45 CEST 2011

On 2011/10/24 09:06 PM, Jennyanydots Napoleon Shoehorn wrote:
> OH! I've looked too many lines of code over the last week.
> I have no idea how to patch but will investigate. Was thinking we might have 
> to use nas-id instead.
> The ultimate intention was to use the mac address of the nas and a nas 
> specific shared secret.
> In your opinion, are there better ways to deal with dynamic clients?
> Thanks again


I look up my clients using "dynamic clients" and Nas-Identifier.

You need a module that is not included by default called rlm_raw.
You can download a patch here:

The last file wont apply cleanly to 2.1.12, just manually add rlm_raw to the "src/modules/stable" file.  (Look at the patch).

In your freeradius config, you need to "instantiate" rlm_raw.

instantiate {

You need a module:
raw {

My dynamic clients config:
client dymamic {
  ipaddr =
  netmask = 0
  dynamic_clients = dynamic_nas
  lifetime = 86400

server dynamic_nas {
  authorize {
    if ("%{sql: select count(*) from Nas where Identifier='%{raw:NAS-Identifier}'}" == "1") {
      update control {
        FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
        FreeRADIUS-Client-Require-MA = no
        FreeRADIUS-Client-Secret = "%{sql: select RadiusSecret from Nas where Identifier='%{raw:NAS-Identifier}' and NasTypeID=1}"
        FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
        FreeRADIUS-Client-NAS-Type = "other"
        FreeRADIUS-Client-Virtual-Server = "dynamic_server"

- "dynamic_server" is the spesific virtual server than handles the dynamic clients.
- the rlm_raw packet MIGHT contain Calling-Station-Id (or do you mean Called-Station-Id??) as well.  You will have to look.

Hope this helps.



Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782

Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:

More information about the Freeradius-Users mailing list