User authentication for remote NAS'?
Brian Candler
b.candler at pobox.com
Thu Mar 30 15:20:22 CEST 2017
On 30/03/2017 13:44, Alan DeKok wrote:
>> I was thinking about using the NAS-ID or called-station-id to authenticate instead. The NAS-ID is in the rad_recv request so I'm figuring somehow it must be possible to use that?
> It's not possible.
>
If you have multiple NASes behind a NAT, then obviously you can't have
different shared secrets for each one, but I don't think that's what the
OP was asking.
The question was "how I can base authentication on which NAS a user is
trying to log in from?", which I took to mean "how can I make the
authentication response vary depending on which NAS originated the
radius request?"
It is clearly possible to use NAS-Identifier for that purpose. Given the
constraints in the original question, it seems like a reasonable
solution to me.
Regards,
Brian.
More information about the Freeradius-Users
mailing list