Different Authentication for several devices (several Nas-Ip-Address)
nicolaskarp at free.fr
nicolaskarp at free.fr
Mon Jul 23 11:13:13 CEST 2007
Hello,
Thank you for your help but I don't understand how you can make it.
Here my configuration that I try:
#Replae The Nas-Ip6address by Proxy-IP
attr_rewrite overwrite_nasip {
attribute = "NAS-IP-Address"
searchfor = ".*"
packet = packet
replacewith = "10.28.65.130"
max_matches = 1
}
# Dev Eqpt : 192.168.48.0/24
attr_rewrite dev_equipment {
attribute = "Calling-Station-Id"
searchfor = ".*"
packet = packet
replacewith = "Dev" --> Replace String Dev for all Eqpts but not for
192.168.48.0/24!!
max_matches = 1
}
preproxy {
files
overwrite_nasip
dev_equipment
}
Here what I want :
1.
If [ NAS-IP-Address =~ 192.168.48.* ]
Calling-Station-Id = Dev
else
if [ NAS-IP-Address =~ 192.168.49.* ]
Calling-station-id = Prod
else
Calling-station-id = Any
fi
fi
2.
the proxy forwards the access-request to the radius server
3.
The radius server receives the acces-request
If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
instance_openldap-Ldap-Group == CiscoDev
else
If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
instance_openldap-Ldap-Group == CiscoProd
else
instance_openldap-Ldap-Group == CiscoOthers
fi
fi
Thank you for your assistance
Nicolas.
More information about the Freeradius-Users
mailing list