Identifying Virtual-Server from Inner-Tunnel
Jordan Dohms
wraezor at gmail.com
Fri Oct 5 17:30:05 CEST 2012
Exactly what I needed, thank you. This worked perfectly....and needs
just one virtual-server.
if ("%{outer.request:Packet-Dst-Port}" == "1912") {
}
elsif ("%{outer.request:Packet-Dst-Port}" == "1812") {
}
On Thu, Oct 4, 2012 at 4:21 PM, Matthew Newton <mcn4 at leicester.ac.uk> wrote:
> On Thu, Oct 04, 2012 at 01:07:57PM -0600, Jordan Dohms wrote:
>> - Depending on the virtual server the request was received through,
>> call a different mschap module from the inner-tunnel or reject the
>> request. (not working)
>
> You've gone to the hassle of duplicating RADIUS server configs in
> your clients and sending requests to different ports, so you could
> do your check based on Packet-Dst-Port.
>
>> If there's a better/cleaner/simpler way to do this, I'm all ears.
>
> If there is something in the packet that can indicate which
> network is being connected to, you likely don't need to use two
> ports as you can just do it all in one server (testing based on
> that attribute). For example, with wireless networks, you can
> usually get the SSID in the request somehow.
>
>> virtual-server? Should I need to set a separate variable in the
>> outer-server and read it below?
>
> I guess that's another way of doing it. Personally unless
> functionality was a lot different (which it doesn't sound like it
> is), I'd probably do it all in one outer server and test based on
> request attribute or Packet-Dst-Port, but if it works then it's
> OK.
>
> Cheers
>
> Matthew
>
>
> --
> Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
>
> Systems Architect (UNIX and Networks), Network Services,
> I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
>
> For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list