pls help: restrict authentication for certain realms from particular clients
Hi all, We just upgraded our freeradius server from 1.7 to 2.1.1. I'd like to restrict authentication requests as following: client A accepts: @realm1, @realm2 client B accepts: @realm2, @realm3 so that requests like follwoing will be rejected: @realm3 to client A @realm1 to client B Would anyone please help? Sorry for newbie question. Thank you very much. /ST Wong
clientA Realm == realm3, Auth-Type := Reject You can achieve the same using unlang, groups in SQL, ... Ivan Kalik Kalik Informatika ISP Dana 14/10/2008, "ST Wong (ITSC)" <ST@itsc.cuhk.edu.hk> piše:
Hi all,
We just upgraded our freeradius server from 1.7 to 2.1.1. I'd like to restrict authentication requests as following:
client A accepts: @realm1, @realm2 client B accepts: @realm2, @realm3
so that requests like follwoing will be rejected:
@realm3 to client A @realm1 to client B
Would anyone please help? Sorry for newbie question.
Thank you very much. /ST Wong
Hi all, We're using freeradius 2.1.1 and are looking for proxy authorization like following: 1. NAS1 (192.168.10.1) : accepts realmA and realmB, and proxy to remote radius serverA 2. NAS2 (192.168.10.2) : accepts realmB and realmC, and proxy to remote radius serverB 3. NAS3 (192.168.10.3) : accepts all realms except realmA, realmB, and realmC, and proxy to remote radius serverC 4. All other NAS and realm combinations are rejected. We're studying unlang but have no idea where to add the checking. Would anyone please help? Sorry for the newbie question... Thanks a lot. /ST Wong
ST Wong (ITSC) wrote:
We're using freeradius 2.1.1 and are looking for proxy authorization like following:
1. NAS1 (192.168.10.1) : accepts realmA and realmB, and proxy to remote radius serverA 2. NAS2 (192.168.10.2) : accepts realmB and realmC, and proxy to remote radius serverB 3. NAS3 (192.168.10.3) : accepts all realms except realmA, realmB, and realmC, and proxy to remote radius serverC 4. All other NAS and realm combinations are rejected.
We're studying unlang but have no idea where to add the checking.
In the "authorize" section. It's run before packets are proxied. ... if ((Packet-Src-IP-Address == 192.168.0.1) && (Realm == "a")) { update control { Proxy-To-Realm := "serverA" } } Alan DeKok.
participants (3)
-
Alan DeKok -
ST Wong (ITSC) -
tnt@kalik.net