Different user attributes based on NAS-IP-Address?AlsoSuffixwildcards available?

Tue Mar 28 09:56:00 CEST 2006

How would they work in this case?

-----Original Message-----
From: freeradius-users-bounces+john.mylchreest=ioko.com at lists.freeradius.org [mailto:freeradius-users-bounces+john.mylchreest=ioko.com at lists.freeradius.org] On Behalf Of Jonathan De Graeve
Sent: 27 March 2006 19:28
To: FreeRadius users mailing list
Subject: RE: Different user attributes based on NAS-IP-Address?AlsoSuffixwildcards available?

Uh, huntgroups?

J.

> -----Oorspronkelijk bericht-----
> Van: freeradius-users-
> bounces+jonathan.de.graeve=imelda.be at lists.freeradius.org
> [mailto:freeradius-users-
> bounces+jonathan.de.graeve=imelda.be at lists.freeradius.org] Namens John
> Mylchreest
> Verzonden: maandag 27 maart 2006 15:00
> Aan: FreeRadius users mailing list
> Onderwerp: RE: Different user attributes based on NAS-IP-Address?
> AlsoSuffixwildcards available?
> 
> Funnily enough, I asked the very same thing recently. We do it quite
> crudely at the moment, but it works.
> 
> We add an nshortname field to radreply/anything else necessary, and in
> sql.conf we link it to the user reply. Ie:
> 
> Something like this would work:
> 
> authorize_reply_query = "SELECT
radreply.id,UserName,Attribute,Value,Op
> FROM radreply, nas WHERE Username = '%{SQL-User-Name}' AND nas.ipaddr
=
> %{Client-IP-Address}' AND (radreply.nshortname = nas.shortname OR
> radreply.nshortname is NULL) ORDER BY id"
> 
> If you find any cleaner solution using the default schema, I would
LOVE to
> hear about it, since that's the problem/task I'm currently facing.
> 
> -----Original Message-----
> From: freeradius-users-
> bounces+john.mylchreest=ioko.com at lists.freeradius.org
[mailto:freeradius-
> users-bounces+john.mylchreest=ioko.com at lists.freeradius.org] On Behalf
Of
> Andy Coates
> Sent: 27 March 2006 13:35
> To: freeradius-users at lists.freeradius.org
> Subject: Different user attributes based on NAS-IP-Address? Also
> Suffixwildcards available?
> 
> 
> Hey,
> 
> Is this even possible?
> 
> The basic problem is that I have 2 devices that will use the same
> username.
> For example, one device handles dialup, one handles DSL.  I'd like the
> user
> to have the same username, and depending on the NAS sending the
request
> the
> correct IP/Netmask would be returned.
> 
> I've setup huntgroups for the NAS, and can match them in various
setups in
> the users file - but this only seems like it would work for group
based
> attributes (i.e. common fields).  Returning unique fields for each
user
> based on the NAS-IP-Address doesn't seem possible?
> 
> That aside, does anyone know if its possible to use wildcards with
Suffix
> when stripping usernames?  I've tried "@*" or "@*.domain.com" and it
> doesn't
> seem to match :(
> 
> Thanks in advance,
> Andy.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> Communications on or through ioko's computer systems may be monitored
or
> recorded to secure effective system operation and for other lawful
> purposes.
> 
> Unless otherwise agreed expressly in writing, this communication is to
be
> treated as confidential and the information in it may not be used or
> disclosed except for the purpose for which it has been sent. If you
have
> reason to believe that you are not the intended recipient of this
> communication, please contact the sender immediately. No employee is
> authorised to conclude any binding agreement on behalf of ioko with
> another party by e-mail without prior express written confirmation.
> 
> ioko365 Ltd.  VAT reg 656 2443 31. Reg no 3048367. All rights
reserved.
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.

Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation.

ioko365 Ltd.  VAT reg 656 2443 31. Reg no 3048367. All rights reserved.