<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>It may not be pretty, but why not just sent all 3 sets of VSA’s. If the NAS doesn’t recognize it won’t it just ignore the attribute?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div style='border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt'><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> freeradius-users-bounces+hartwick=hartwick.com@lists.freeradius.org [mailto:freeradius-users-bounces+hartwick=hartwick.com@lists.freeradius.org] <b>On Behalf Of </b>Suman Dash<br><b>Sent:</b> Saturday, October 08, 2011 13:08<br><b>To:</b> FreeRadius users mailing list<br><b>Subject:</b> Re: Dynamic Attributes Based on NAS Type !<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'>To be specific , I am concerned about the QoS VSA's .<br><br>For Example.<br><br>Mikrotik NAS - Mikrotik-Rate-Limit <br>Chillispot - Chillispot-Max-UP , Chillispot-Max-Down<br>Cisco - Cisco-Policy-UP , Cisco-Policy-Down<br><br>Now if the user logged from different NAS's the VSA will differ so it is not possible to have a single entry in radgroupreply or radreply pertaining to a kind of NAS. <br><br>I guess that this is not an out of the box feature in freeradius , instead i need to use some kind of custom script in Post-Auth section which will check the NAS Type and reply out the correct VSA's<br><br>I am looking for a unique identifier from NAS by which freeradius can understand what type of NAS it is. I tried it and it seems that i have no control on the Access-Request sent by NAS to freeradius.<br><br>The only idea which currently comes into my mind is to use nas.type value in DB but incase the NAS Type is incorrectly specified reply attributes will go nuts .<br><br>So any idea if there are any unique identifiers ?<br><br>Regards<br>Suman<o:p></o:p></p><div><p class=MsoNormal>On Sat, Oct 8, 2011 at 9:40 PM, Stefan A. <<a href="mailto:a.freeradius@premit.de">a.freeradius@premit.de</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><a name="132e451999e02f2d__MailEndCompose"><span style='font-size:11.0pt;color:#1F497D'> </span></a><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Suman,</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>As you did not say anything about the exact attributes, you will send to the NAC, here is how we do this:</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>we are also using different NAS and have to reply with different VSAs for setting up the QOS.</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>We use the “existence of a specific VSAs” (specified per NAS type) in the request to select the VSAs to be used in responses.</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>e.g: if we found the Starent Networks VSA ‘SN-Service-Type’ in the request, we reply with ‘SN-QOS-Profile’ to set up QoS</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>This is save, as we won’t see any Starent VSAs in Cisco or Chillispot NASses.</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>To make this flexible, we have set up our own VSA to configure users QOS, which is then translated into the specific reply attributes for the NAS, the user is currently using.</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Regards</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'>Stefan</span><span lang=DE><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt;color:#1F497D'> </span><span lang=DE><o:p></o:p></span></p><div style='border:none;border-left:solid windowtext 1.5pt;padding:0in 0in 0in 4.0pt;border-color:-moz-use-text-color -moz-use-text-color -moz-use-text-color blue'><div><div style='border:none;border-top:solid windowtext 1.0pt;padding:3.0pt 0in 0in 0in;border-color:-moz-use-text-color -moz-use-text-color'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><span lang=DE style='font-size:10.0pt'>From:</span></b><span lang=DE style='font-size:10.0pt'> freeradius-users-bounces+a.freeradius=<a href="mailto:premit.de@lists.freeradius.org" target="_blank">premit.de@lists.freeradius.org</a> [mailto:<a href="mailto:freeradius-users-bounces%2Ba.freeradius" target="_blank">freeradius-users-bounces+a.freeradius</a>=<a href="mailto:premit.de@lists.freeradius.org" target="_blank">premit.de@lists.freeradius.org</a>] <b>On Behalf Of </b>Suman Dash<br><b>Sent:</b> Saturday, October 08, 2011 4:40 PM<br><b>To:</b> FreeRadius users mailing list<br><b>Subject:</b> Dynamic Attributes Based on NAS Type !</span><span lang=DE><o:p></o:p></span></p></div></div><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=DE> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;margin-bottom:12.0pt'><span lang=DE>Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. <br><br>As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS.<br><br>In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same.<br><br>I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me.<br><br>Cheers<br>Suman<o:p></o:p></span></p></div></div></div></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>