On May 29, 2020, at 11:28 PM, Gleb Lisikh <in4bit.general@gmail.com> wrote:
I'd like to be able to work in my python authorize function with the IP address of the NAS interface from which Access-Request is received (external). From the radiusd -X output this is the A1.A2.A3.A4 address I am interested in. ========================================= Received Access-Request Id 7 from A1.A2.A3.A4:54594 to B1.B2.B3.B4:1812 length 415 ========================================== This is the same IP address that gets tested against shared secret configured in clients.conf
Unfortunately, the tuple (p) that gets passed to the authorize function (authorize(p)) by rlm_python has a different (internal) NAS-IP-Address, which is of no use to me.
The attributes which get passed to Python are the ones in the packet. Not the various IP / UDP headers.
If radiusd is in principle aware of the A1.A2.A3.A4 IP address I am interested in, how can I gain access to it in my python authorize(p) or any other function?
You can get the source IP and convert it to a real attribute: update request { Packet-Src-IP-Address := "%{Packet-Src-IP-Address}" } It's a little weird, but this "realizes" the virtual src IP into a real attribute. Alan DeKok.