Matching a prefix in huntgroups file

Brian Candler b.candler at pobox.com
Mon Nov 7 10:43:06 CET 2016


On 06/11/2016 18:33, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> foo {
>>    if (10.254.1.1 == 10.254.0.0/16) {
>>      update {
>>        Tmp-String-0 := "AAA"
>>      }
>>    }
>>    update {
>>      request:NAS-IP-Address := 10.254.1.1
>>    }
>>    if (&NAS-IP-Address == 10.254.0.0/16) {
>>      update {
>>        Tmp-String-1 := "BBB"
>>      }
>>    }
>> }
> given that you are mapping particular IP addresses as clients with particular needs, surely
> this will be easier just to add a local custom tag to the client definition instead and thus you
> can leave your foo policy alone....  eg add  my_group to the client definition and then
>
>   foo {
>       update {
>         Tmp-String-0 := &client:my_group
>       }
>     }
>
> ...as example....then your tmp-string-0 is exactly what that custom tag in the clients.conf is.
The update { Tmp-String-0 ... } is just a method I use to force some 
output into the radiusd -X, to show a particular branch was taken and/or 
show the contents of a particular attribute. Maybe there is a cleaner 
way in freeradius to emit a debug message?

As for setting attributes in clients.conf: thanks for the suggestion, 
but I don't think this is going to work if the messages go through a 
proxy, as clients.conf will only match the proxy's IP address. I really 
do want to match on the NAS-IP-Address attribute.

I could do a files or database lookup on NAS-IP-Address, but with a /16 
that would be a lot of entries to populate.  So right now, with less 
that a dozen tests to do, a sequential lookup in unlang or huntgroups is 
fine.

Regards,

Brian.


More information about the Freeradius-Users mailing list