Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available?
Jonathan De Graeve
Jonathan.De.Graeve at imelda.be
Mon Mar 27 20:28:20 CEST 2006
Uh, huntgroups?
J.
> -----Oorspronkelijk bericht-----
> Van: freeradius-users-
> bounces+jonathan.de.graeve=imelda.be at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+jonathan.de.graeve=imelda.be at lists.freeradius.org] Namens John
> Mylchreest
> Verzonden: maandag 27 maart 2006 15:00
> Aan: FreeRadius users mailing list
> Onderwerp: RE: Different user attributes based on NAS-IP-Address?
> AlsoSuffixwildcards available?
>
> Funnily enough, I asked the very same thing recently. We do it quite
> crudely at the moment, but it works.
>
> We add an nshortname field to radreply/anything else necessary, and in
> sql.conf we link it to the user reply. Ie:
>
> Something like this would work:
>
> authorize_reply_query = "SELECT
radreply.id,UserName,Attribute,Value,Op
> FROM radreply, nas WHERE Username = '%{SQL-User-Name}' AND nas.ipaddr
=
> %{Client-IP-Address}' AND (radreply.nshortname = nas.shortname OR
> radreply.nshortname is NULL) ORDER BY id"
>
> If you find any cleaner solution using the default schema, I would
LOVE to
> hear about it, since that's the problem/task I'm currently facing.
>
> -----Original Message-----
> From: freeradius-users-
> bounces+john.mylchreest=ioko.com at lists.freeradius.org
[mailto:freeradius-
> users-bounces+john.mylchreest=ioko.com at lists.freeradius.org] On Behalf
Of
> Andy Coates
> Sent: 27 March 2006 13:35
> To: freeradius-users at lists.freeradius.org
> Subject: Different user attributes based on NAS-IP-Address? Also
> Suffixwildcards available?
>
>
> Hey,
>
> Is this even possible?
>
> The basic problem is that I have 2 devices that will use the same
> username.
> For example, one device handles dialup, one handles DSL. I'd like the
> user
> to have the same username, and depending on the NAS sending the
request
> the
> correct IP/Netmask would be returned.
>
> I've setup huntgroups for the NAS, and can match them in various
setups in
> the users file - but this only seems like it would work for group
based
> attributes (i.e. common fields). Returning unique fields for each
user
> based on the NAS-IP-Address doesn't seem possible?
>
> That aside, does anyone know if its possible to use wildcards with
Suffix
> when stripping usernames? I've tried "@*" or "@*.domain.com" and it
> doesn't
> seem to match :(
>
> Thanks in advance,
> Andy.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> Communications on or through ioko's computer systems may be monitored
or
> recorded to secure effective system operation and for other lawful
> purposes.
>
> Unless otherwise agreed expressly in writing, this communication is to
be
> treated as confidential and the information in it may not be used or
> disclosed except for the purpose for which it has been sent. If you
have
> reason to believe that you are not the intended recipient of this
> communication, please contact the sender immediately. No employee is
> authorised to conclude any binding agreement on behalf of ioko with
> another party by e-mail without prior express written confirmation.
>
> ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights
reserved.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list