Using multiple auth methods, ports

Geoff Silver geoff+freeradius at
Sun Feb 19 02:22:17 CET 2006

Phil Mayers wrote:
> Geoff Silver wrote:
>> a Packet-Src-Port attribute in the freeradius.internal dictionary, but I 
> I assume you mean Packet-Dst-Port, but yes that would be the way to do 
> it.
> Looking at it, it appears this is in CVS head but not in my tarball of 
> 1.1.0. doc/variables.txt in a CVS checkout lists Packet-Dst-Port as 
> supported and it's in the xlat_packet function.
Okay, I'll take a look at my 1.1.0 and check out the CVS tree as well 
when I get back into the office and see.  The only place I noticed it in 
1.1.0 was in the dictionary.

> What I can't figure out is how you might do this:
> DEFAULT %{request:Packet-Dst-Port}==1234, Autz-Type := "cert"
> ...i.e. have an expansion on the left hand side. I'm not sure you can, 
> but the code is quite big and I've only scanned it.
> What you can do (in CVS head) is use the following in the hints file 
> (which is actually quite appropriate):
Cool.  I'll give that a shot.

> DEFAULT User-Name =~ "^(.*)$"
>         Hint = "%{request:Packet-Dst-Port}"
> ...the have the "users" file read:
> DEFAULT Hint=="THEDESTPORT", Auth-Type := Accept
> ...and of course, add a 2nd listen section to the "radiusd.conf":
> listen {
>   ipaddr = *
>   port = THEDESTPORT
>   type = auth
> }

Does that work?  I *thought* I tried that and found that it only 
listened on the first port (but I may be entirely mistaken).  Again, 
I'll try when I get back in the office on Tuesday, if I don't have an 
opportunity to hop on our vpn and try it earlier.  I'll let you know how 
it goes.
> You can get more complex if you need to using Autz-Type based on the 
> hint, or whatever.
> Hope that helps.
> - List info/subscribe/unsubscribe? See 

More information about the Freeradius-Users mailing list