Apache2 mod-auth-radius - include client IP address

Matthew Newton mcn4 at leicester.ac.uk
Tue May 1 16:28:09 CEST 2012


Not sure if this is the correct list - if not, apologies.

I've set up mod_auth_radius, which is working great, but it
doesn't include the user's IP address in the radius query. It
would be nice to be able to check against this in certain
circumstances. Of course, proxies and other things can mess with
this, so it can't always be trusted for authorization purposes,
but on corporate LANs where the network is known it should be safe
to use, and is always good to log.

The following mini patch adds the Calling-Station-Id attribute to
the RADIUS request, with apache's remote_ip as the value.



>From 08cbb6eb5df3246c602fbce54c61ae3f124ca415 Mon Sep 17 00:00:00 2001
From: Matthew Newton <mcn4 at leicester.ac.uk>
Date: Tue, 1 May 2012 15:08:52 +0100
Subject: [PATCH] add calling-station-id = client ip to radius request

 mod_auth_radius-2.0.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/mod_auth_radius-2.0.c b/mod_auth_radius-2.0.c
index 8b659f4..08671ef 100644
--- a/mod_auth_radius-2.0.c
+++ b/mod_auth_radius-2.0.c
@@ -348,6 +348,7 @@ typedef struct radius_packet_t {
 #define RADIUS_REPLY_MESSAGE          18
 #define RADIUS_STATE		      24
 #define RADIUS_SESSION_TIMEOUT        27
 #define	RADIUS_NAS_IDENTIFIER	      32
 /* service types : authenticate only for now */
@@ -883,6 +884,10 @@ radius_authenticate(request_rec *r, radius_server_config_rec *scr,
   /* ************************************************************ */
+  /* add client IP address */
+  add_attribute(packet, RADIUS_CALLING_STATION_ID, r->connection->remote_ip, strlen(r->connection->remote_ip));
+  /* ************************************************************ */
   /* add state, if requested */
   if (state != NULL) {
     add_attribute(packet, RADIUS_STATE, state, strlen(state));

Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Devel mailing list