Different Authentication for several devices (several Nas-Ip-Address)
nicolaskarp at free.fr
nicolaskarp at free.fr
Mon Jul 23 16:53:53 CEST 2007
Re-Hello ;-)
I search how i can do this but i don't find...
I want to do this :
If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Dev"
else
If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Prod"
else
Do nothing.
fi
fi
I don't know how check the NAS-IP-ADDRESS attribute and rewrite an other
attribute (Calling-Station-ID)..
Thank you for your help !!
NicolaS.
Selon nicolaskarp at free.fr:
> Hello,
>
> Thank you for your help but I don't understand how you can make it.
>
> Here my configuration that I try:
>
> #Replae The Nas-Ip6address by Proxy-IP
> attr_rewrite overwrite_nasip {
> attribute = "NAS-IP-Address"
> searchfor = ".*"
> packet = packet
> replacewith = "10.28.65.130"
> max_matches = 1
> }
>
> # Dev Eqpt : 192.168.48.0/24
> attr_rewrite dev_equipment {
> attribute = "Calling-Station-Id"
> searchfor = ".*"
> packet = packet
> replacewith = "Dev" --> Replace String Dev for all Eqpts but not for
> 192.168.48.0/24!!
> max_matches = 1
> }
>
> preproxy {
> files
> overwrite_nasip
> dev_equipment
> }
>
> Here what I want :
>
> 1.
>
> If [ NAS-IP-Address =~ 192.168.48.* ]
> Calling-Station-Id = Dev
> else
> if [ NAS-IP-Address =~ 192.168.49.* ]
> Calling-station-id = Prod
> else
> Calling-station-id = Any
> fi
> fi
>
> 2.
> the proxy forwards the access-request to the radius server
>
> 3.
> The radius server receives the acces-request
> If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
> instance_openldap-Ldap-Group == CiscoDev
> else
> If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
> instance_openldap-Ldap-Group == CiscoProd
> else
> instance_openldap-Ldap-Group == CiscoOthers
> fi
> fi
>
> Thank you for your assistance
>
> Nicolas.
>
>
>
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list