Different user attributes based on NAS-IP-Address? Also Suffixwildcards available?
John Mylchreest
John.Mylchreest at ioko.com
Mon Mar 27 15:00:24 CEST 2006
Funnily enough, I asked the very same thing recently. We do it quite crudely at the moment, but it works.
We add an nshortname field to radreply/anything else necessary, and in sql.conf we link it to the user reply. Ie:
Something like this would work:
authorize_reply_query = "SELECT radreply.id,UserName,Attribute,Value,Op FROM radreply, nas WHERE Username = '%{SQL-User-Name}' AND nas.ipaddr = %{Client-IP-Address}' AND (radreply.nshortname = nas.shortname OR radreply.nshortname is NULL) ORDER BY id"
If you find any cleaner solution using the default schema, I would LOVE to hear about it, since that’s the problem/task I'm currently facing.
-----Original Message-----
From: freeradius-users-bounces+john.mylchreest=ioko.com at lists.freeradius.org [mailto:freeradius-users-bounces+john.mylchreest=ioko.com at lists.freeradius.org] On Behalf Of Andy Coates
Sent: 27 March 2006 13:35
To: freeradius-users at lists.freeradius.org
Subject: Different user attributes based on NAS-IP-Address? Also Suffixwildcards available?
Hey,
Is this even possible?
The basic problem is that I have 2 devices that will use the same username.
For example, one device handles dialup, one handles DSL. I'd like the user
to have the same username, and depending on the NAS sending the request the
correct IP/Netmask would be returned.
I've setup huntgroups for the NAS, and can match them in various setups in
the users file - but this only seems like it would work for group based
attributes (i.e. common fields). Returning unique fields for each user
based on the NAS-IP-Address doesn't seem possible?
That aside, does anyone know if its possible to use wildcards with Suffix
when stripping usernames? I've tried "@*" or "@*.domain.com" and it doesn't
seem to match :(
Thanks in advance,
Andy.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.
Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation.
ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved.
More information about the Freeradius-Users
mailing list