Hi, Not sure if this is the correct list - if not, apologies. I've set up mod_auth_radius, which is working great, but it doesn't include the user's IP address in the radius query. It would be nice to be able to check against this in certain circumstances. Of course, proxies and other things can mess with this, so it can't always be trusted for authorization purposes, but on corporate LANs where the network is known it should be safe to use, and is always good to log. The following mini patch adds the Calling-Station-Id attribute to the RADIUS request, with apache's remote_ip as the value. Cheers, Matthew
From 08cbb6eb5df3246c602fbce54c61ae3f124ca415 Mon Sep 17 00:00:00 2001 From: Matthew Newton <mcn4@leicester.ac.uk> Date: Tue, 1 May 2012 15:08:52 +0100 Subject: [PATCH] add calling-station-id = client ip to radius request
--- mod_auth_radius-2.0.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/mod_auth_radius-2.0.c b/mod_auth_radius-2.0.c index 8b659f4..08671ef 100644 --- a/mod_auth_radius-2.0.c +++ b/mod_auth_radius-2.0.c @@ -348,6 +348,7 @@ typedef struct radius_packet_t { #define RADIUS_REPLY_MESSAGE 18 #define RADIUS_STATE 24 #define RADIUS_SESSION_TIMEOUT 27 +#define RADIUS_CALLING_STATION_ID 31 #define RADIUS_NAS_IDENTIFIER 32 /* service types : authenticate only for now */ @@ -883,6 +884,10 @@ radius_authenticate(request_rec *r, radius_server_config_rec *scr, /* ************************************************************ */ + /* add client IP address */ + add_attribute(packet, RADIUS_CALLING_STATION_ID, r->connection->remote_ip, strlen(r->connection->remote_ip)); + + /* ************************************************************ */ /* add state, if requested */ if (state != NULL) { add_attribute(packet, RADIUS_STATE, state, strlen(state)); -- 1.7.2.5 -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>