Bind radius client requests to a database

Alan Buxey alan.buxey at gmail.com
Fri Sep 22 18:29:41 CEST 2017


Only if they've got the right secret. You need to check what each NAS is
sending.... There may be something the request that you can key off for DB
access... Eg if you have a decent deployment plan you might have the
country or region locations or customer details etc

alan

On 22 Sep 2017 4:48 pm, "Ti Ti" <tt91em at gmail.com> wrote:

> 2017-09-22 17:30 GMT+02:00 Alan DeKok <aland at deployingradius.com>:
>
> > On Sep 22, 2017, at 11:10 AM, Ti Ti <tt91em at gmail.com> wrote:
> > > My purpose is to obtain this result:
> > > A NAS, so the radius client, make an auth or acct request to the
> > > freeradius server; this server has to discriminate the requests using
> the
> > > nassecret
> >
> >   That's not how RADIUS works.  You can't accept packets from random IPs,
> > and "check the secret".
> >
> >   The secret isn't in the packet.
> >
>
>  Thanks for the replies.
>  Do you have any advice on what parameter can I use to discriminate the sql
> database instead of src-ip? As you described before
>
> *>if (Packet-Src-IP-Address == client1) {
> *>  *sql1
> *>*}*
>
>
> And in any case can I use 0.0.0.0/0 to accept packets from all the
> possible IPs?
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/
> list/users.html


More information about the Freeradius-Users mailing list