Check on ADSL-Agent-Remote-Id instead of username
Marijn van Gool
marijn.vangool at comsave.com
Mon Apr 16 12:19:11 CEST 2018
Hi Martin,
Thanks a lot for your answer.
I was looking around a bit more and started experimenting with the SQL query Alan provided me earlier:
if ("%{sql:SELECT agent_remote_id FROM table WHERE agent_remote_id = '%{ADSL-Agent-Remote-Id}}" != "") {
update control {
Auth-Type := Accept
}
}
I do receive the remote ID: (285) ADSL-Agent-Remote-Id = 0x31323639314d563338
As you can see it’s hex encoded..
I believe this one will work once I know how to convert the ADSL-Agent-Remote-Id HEX encoded string to regular STRING hat I receive in the Access-Request packet.
I’ve googled around a bit and haven;t been able to find a solution to this.
Can I unhex it at freeradius level or do I have to look at the NAS sending / relaying the packet (it’s a Juniper MX router). Or even put the hex string in the radius server..
> Since you need both, Rene's suggestion might be the way to go:
> Transfer the contents of ADSL-Agent-Remote-Id into User-Name,
> and leave the "key" in [freeradius|raddb]/modules/files
> as it is. To achieve this, place an appropriate unlang
> statement in config file mentioned above.
> http://networkradius.com/doc/3.0.10/unlang/home.html
> Looks like a good starting point.
Alright, will try this!
Met vriendelijke groet \ With kind regards,
Marijn van Gool
NOC Network Engineer
noc at comsave.com <mailto:noc at comave.com>
+31 88 999 5555
marijn.vangool at comsave.com <mailto:marijn.vangool at comsave.com>
www.comsave.nl <http://www.comsave.nl/>
> On 16 Apr 2018, at 11:12, Martin Pauly <pauly at hrz.uni-marburg.de> wrote:
>
> Hi Marijn,
>> Where do I find this?
>> I would need some more guidance here to find the things you mean.
> if you only have one server on your (presumably virtual) machine, it is called
> default
> and its config resides in
> /etc/freeradius/sites-available/default
> To call it to life, there's a symlink of the same name in
> /etc/[freeradius|raddb]/sites-enable/
> See https://wiki.freeradius.org/config/Virtual-server
> If this reminds you of an Apache config, you're right:
> https://wiki.freeradius.org/config/Sites-configuration
>
>> I’ve got clients connecting via the Remote ID AND clients connecting with the username.
>> How would I accomplish that? I need both to work.
>> RIght, but eventually I need to return stuff like Framed-IP-Address and Framed-Netmask attributes back into the Access-Accept packet.
>> All queries I find select these values based on the username.
>
> Since you need both, Rene's suggestion might be the way to go:
> Transfer the contents of ADSL-Agent-Remote-Id into User-Name,
> and leave the "key" in [freeradius|raddb]/modules/files
> as it is. To achieve this, place an appropriate unlang
> statement in config file mentioned above.
> http://networkradius.com/doc/3.0.10/unlang/home.html
> Looks like a good starting point.
>
> Cheers, Martin
>
> --
> Dr. Martin Pauly Phone: +49-6421-28-23527
> HRZ Univ. Marburg Fax: +49-6421-28-26994
> Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
> D-35032 Marburg
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list