Using Client-Ip-Address attribute in preprocess files

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Mon Apr 16 17:25:53 CEST 2007 

Arran Cudbard-Bell wrote:
> A.L.M.Buxey at lboro.ac.uk wrote:
>> Hi,
>>
>>   
>>>>> Trying to use Client-Ip-Address is huntgroups and hints doesn't seem to 
>>>>> work,
>>>>> if this because the Client-Ip-Address is written to the request packet 
>>>>> at the end of pre-process
>>>>> and not the beginning ? Or is there more strangeness afoot ?
>>>>>         
>> are you sure you want Client-IP-Address and not NAS-IP-Address ?
>>
>> utilizing the NAS-IP-Address allows you to define authorization etc
>> based on the access point that the user has connected via.
>>
>> alan
>> - 
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>   
> NAS's can lie :)
> .
> 
> I'm still trying to do this without perl....and this is the last thing ! 
> The very last thing I need to make it all work.
> 
> nas_hints
> #/* Authentication Mediums */
> #    '802.1',  # 802.1 (Wired LAN)
> #    '802.11', # 802.11 (Wireless LAN)
> #    'IPSEC',  # IPSEC (VPN)
> #    'SSH',      # Secure Shell/Nas Prompt Login
> #    'HTTPS',  # Captive Portal/Nas Web Interface
> #    'PROXY',  # Client Isn't a NAS it's an offsite Proxy
> #    'unused', # For future use
> #    'unused', # For future use
> #/* Extended Features */
> #    'RADACCT',# NAS Can do RADIUS Accounting
> #    'D802.Q', # NAS Can do Dynamic Vlan Assignment
> #    'MULTIBESSID'); # NAS Can have multiple SSIDs / BSSIDs
> 
> #############################################################
> # Debug entry for home testing.
> DEFAULT Packet-Src-IP-Address = '81.6.252.244'
>         NAS-Feature-Set = '00000100000'
> 
> #############################################################
> # Set the 'PROXY' flag in the feature set for the JRS proxies
> DEFAULT Packet-Src-IP-Address == roaming0.ja.net
>         NAS-Feature-Set = '00000100000'
> 
> DEFAULT Packet-Src-IP-Address == roaming1.ja.net
>         NAS-Feature-Set = '00000100000'
> 
> DEFAULT Packet-Src-IP-Address == roaming2.ja.net
>         NAS-Feature-Set = '00000100000'
> 
> #############################################################
> # Retrieve the feature set for all none recognised clients
> # from the NetReg3 Database
> DEFAULT NAS-Feature-Set =* ANY
>         NAS-Feature-Set = "%{sql_clients:SELECT 
> EXPORT_SET(master.nas_flags,'1','0','',20) FROM `master` WHERE 
> CONCAT(ip1,'.',ip2,'.',ip3,'.',ip4) = '%{Packet-Src-IP-Address}'}"
> 
> Need to be able to set static NAS profiles for the few weird clients 
> that can't be included in the NetReg clients database.
> 
> *sigh*
> 
> Don't suppose you know how to match multiple values in a request 
> attribute without regexp ? as in could be a,b or c ?
> Always assumed you couldn't , but may as well ask :)
> 
> Thanks,
> Arran
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Hmm ignore the last message,

the issue is that now Packet-Src-Ip-Address Always matches ! Everywhere.....


Which exaplains the weirdness in hints and huntgroups.

-- 
Arran Cudbard-Bell (ac221 at sussex.ac.uk)
Authentication Authorisation & Accounting Officer
Infrastructure Services | ENG1 FF08
EXT:3900

More information about the Freeradius-Users mailing list