Using Client-Ip-Address attribute in preprocess files

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Mon Apr 16 00:32:23 CEST 2007 

A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>   
>>>> Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to 
>>>> work,
>>>> if this because the Client-Ip-Address is written to the request packet 
>>>> at the end of pre-process
>>>> and not the beginning ? Or is there more strangeness afoot ?
>>>>         
>
> are you sure you want Client-IP-Address and not NAS-IP-Address ?
>
> utilizing the NAS-IP-Address allows you to define authorization etc
> based on the access point that the user has connected via.
>
> alan
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   
NAS's can lie :)
.

I'm still trying to do this without perl....and this is the last thing ! 
The very last thing I need to make it all work.

nas_hints
#/* Authentication Mediums */
#    '802.1',  # 802.1 (Wired LAN)
#    '802.11', # 802.11 (Wireless LAN)
#    'IPSEC',  # IPSEC (VPN)
#    'SSH',      # Secure Shell/Nas Prompt Login
#    'HTTPS',  # Captive Portal/Nas Web Interface
#    'PROXY',  # Client Isn't a NAS it's an offsite Proxy
#    'unused', # For future use
#    'unused', # For future use
#/* Extended Features */
#    'RADACCT',# NAS Can do RADIUS Accounting
#    'D802.Q', # NAS Can do Dynamic Vlan Assignment
#    'MULTIBESSID'); # NAS Can have multiple SSIDs / BSSIDs

#############################################################
# Debug entry for home testing.
DEFAULT Packet-Src-IP-Address = '81.6.252.244'
        NAS-Feature-Set = '00000100000'

#############################################################
# Set the 'PROXY' flag in the feature set for the JRS proxies
DEFAULT Packet-Src-IP-Address == roaming0.ja.net
        NAS-Feature-Set = '00000100000'

DEFAULT Packet-Src-IP-Address == roaming1.ja.net
        NAS-Feature-Set = '00000100000'

DEFAULT Packet-Src-IP-Address == roaming2.ja.net
        NAS-Feature-Set = '00000100000'

#############################################################
# Retrieve the feature set for all none recognised clients
# from the NetReg3 Database
DEFAULT NAS-Feature-Set =* ANY
        NAS-Feature-Set = "%{sql_clients:SELECT 
EXPORT_SET(master.nas_flags,'1','0','',20) FROM `master` WHERE 
CONCAT(ip1,'.',ip2,'.',ip3,'.',ip4) = '%{Packet-Src-IP-Address}'}"

Need to be able to set static NAS profiles for the few weird clients 
that can't be included in the NetReg clients database.

*sigh*

Don't suppose you know how to match multiple values in a request 
attribute without regexp ? as in could be a,b or c ?
Always assumed you couldn't , but may as well ask :)

Thanks,
Arran

More information about the Freeradius-Users mailing list