how to configure my scenario

Stefan Winter stefan.winter at
Thu Feb 23 12:35:32 CET 2006


> My problem is how to select the correct authorize
> method of an instance depending on the NAS-IP-Address
> of the Access-Request packet. For example, if the
> NAS-IP-Address is a.b.c.d I would like to use the
> authorize method of interface1 (and NOT the authorize
> method of interface2 or interface3)

to seperate within the authorize section, you have set Autz-Type as well. That 
would be

DEFAULT NAS-IP-Address == a.b.c.d, Auth-Type :=LDAP1, Autz-Type := LDAP1
DEFAULT NAS-IP-Address == a2.b2.c2.d2, Auth-Type :=LDAP2, Autz-Type := LDAP2
DEFAULT NAS-IP-Address == a3.b3.c3.d3, Auth-Type :=LDAP3, Autz-Type := LDAP3

(just always make sure that files is before the interfaceX bits, to ensure 
that Autz-Type is already set. You can then do

> authorize{
>    preprocess
>    suffix
>    files
        Autz-Type LDAP1 {
       Autz-Type LDAP2 {
       Autz-Type LDAP3 {
> }

That should work, I did a very similar thing just last week :-)


Stefan Winter


Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de 
la Recherche
Ingenieur Forschung & Entwicklung

6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
E-Mail: stefan.winter at     Tel.:     +352 424409-1                Fax:      +352 422473

More information about the Freeradius-Users mailing list