Hi, Alen Thanks for initial answer I will check. And I will try to provide more information here so you can help me. I am testing possibilities of BNG. On access side of BNG I am trying to setup PPPoE client. Client has next attributes: Username, password, Circuit ID and Remote ID. Authentication goes through Radius server. In my setup I have to version of radius. One with Daloradius (Sql-web base Radius) and regular freeradius. I want to establish PPPoE session and to try authentication according to the Circuit ID attribute filed not according to the username and password. User and pass should stand in a flow, but main authentication should be performed according to the Circuit ID. Example: I have user: test1 and password: test1 Circuit ID is: gige 6/27/0:100.1 Remote ID is: BNG These two attributes I received on Radius: (0) ADSL-Agent-Circuit-Id = 0x6769676520362f32372f303a3130302e31 (0) ADSL-Agent-Remote-Id = 0x424e47 In order to establish authentication according to the ADSL-Agent-Circuit-Id Attribute how should I setup: 1. Regluar freeradius setup without mysql base? Is the config from below appropriate? 2. Freeradius setup with Daloradius on top? Thanks in advance, if some more information is needed I will try to provide 😊 BR, Filip -----Original Message----- From: Freeradius-Users <freeradius-users-bounces+filip.m.nikolic=roamingnetworks.rs@lists.freeradius.org <mailto:freeradius-users-bounces+filip.m.nikolic=roamingnetworks.rs@lists.freeradius.org> > On Behalf Of Alan DeKok Sent: Thursday, November 10, 2022 5:47 PM To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org <mailto:freeradius-users@lists.freeradius.org> > Subject: Re: FreeRadius and Circuit-ID On Nov 10, 2022, at 4:28 PM, <filip.m.nikolic@roamingnetworks.rs <mailto:filip.m.nikolic@roamingnetworks.rs> > <filip.m.nikolic@roamingnetworks.rs <mailto:filip.m.nikolic@roamingnetworks.rs> > wrote:
We are playing around with a scenario for subscriber attachment based
on circuit-id and remote-id and ignoring PAP/CHAP.
That's fine.
Idea is that you do not need to authenticate a user, just grant him
access based on the fixed port in the access node.
We struggle in the right configuration, so we are wondering if someone
play with that and if someone can help us?
Read the debug log to see what attributes are in the packet, and what their values are. Then, in a virtual server do: authorize { ... if (... attribute matches value ..) { update control { Auth-Type := Accept } } ... } If you want a more detailed answer, you will need to ask a more detailed question. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html