On Mar 26, 2015, at 8:36 AM, James Wood <james.wood@purplewifi.com> wrote:
I would love to, but it is not under our control. As a hotspot provider, that supplies tens of thousands of customers around the world, all using different IP addresses (that change), we simply cannot use the normal way of auth via the source IP. We do not own the customers (NAS) equipment, or have control over it, so we can't make them VPN all traffic to us or other way. This is why we're having to auth on Called-Station-Id instead of IP Address.
I’m always surprised at just how *terrible* networks are. There is simply no reason for WiFi access points to talk directly to your RADIUS server. They should instead talk to to a local RADIUS server. That RADIUS server should deal with local IP changes. It should have a static IP to talk to your RADIUS server.
If you can think of a better way, please advise.
TBH, I’m not sure there is one. I have serious issues with butchering the FreeRADIUS source to deal with broken networks.
My original question remains, how can the module rewrite.called_station_id be used with a dynamic client setup? At the moment it does not work, so is that a bug, problem with my code, or something else?
In v3, you can manually unpack binary attributes. But rlm_raw won’t work there. You’ll have to write your own module for v2. Alan DeKok.