Looking to pay for customization
Hi, if anyone is interested in customizing the source code for me, please check out either site: http://www.getacoder.com/projects/c_developer_radius_expe_102912.html http://www.odesk.com/jobs/Developer-with-RADIUS-Experience_~~f48a82c177d7e1b 3?tot=129&pos=7 I would like FreeRADIUS to check incoming requests based upon the domain (derived from the username), instead of the NAS IP addresses. Thanks! Eric Geier
You should be able to achieve this with unlang without any source modification if I understand what you are looking for http://freeradius.org/radiusd/man/unlang.html On 13-Apr-09, at 11:46 PM, Eric Geier wrote:
Hi, if anyone is interested in customizing the source code for me, please check out either site:
http://www.getacoder.com/projects/c_developer_radius_expe_102912.html
http://www.odesk.com/jobs/Developer-with-RADIUS- Experience_~~f48a82c177d7e1b 3?tot=129&pos=7
I would like FreeRADIUS to check incoming requests based upon the domain (derived from the username), instead of the NAS IP addresses.
Thanks! Eric Geier
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Gabriel Blanchard wrote:
You should be able to achieve this with unlang without any source modification if I understand what you are looking for
Unfortunately, no. The signature for packets is checked *before* any modules are executed. And checking the signature requires the shared secret. And, unlike 1.x, the shared secret is *not* copied into the REQUEST structure. So it can't be re-written dynamically. It requires some additional work to do this... Alan DeKok.
Alan DeKok <aland@deployingradius.com> wrote:
Gabriel Blanchard wrote:
You should be able to achieve this with unlang without any source modification if I understand what you are looking for
Unfortunately, no.
The signature for packets is checked *before* any modules are executed. And checking the signature requires the shared secret. And, unlike 1.x, the shared secret is *not* copied into the REQUEST structure. So it can't be re-written dynamically.
It requires some additional work to do this...
Probably better to write a mini-proxy server infront of FreeRADIUS just to do all the shared-secret malarkey and then pass back to FreeRADIUS afterwards[1]. The following Perl module looks like it can do all the hard work: http://search.cpan.org/~tpg/Net-Radius-PacketOrdered-1.54/lib/Net/Radius/Pac... This is how I would do it, but my rate is a tad higher than $20/hour :) Good Luck Cheers [1] FreeRADIUS can then do the interesting stuff -- Alexander Clouter .sigmonster says: Would that my hand were as swift as my tongue. -- Alfieri
Hi,
You should be able to achieve this with unlang without any source modification if I understand what you are looking for
but the system would still have to care about the NAS IP address - the client check, the creation of a message authenticator etc - the NAS would have to be reprogrammed to not bother with key exchange etc too. alan
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Alexander Clouter -
Eric Geier -
Gabriel Blanchard