Different Authentication for several devices (severalNas-Ip-Address)
nicolaskarp at free.fr
nicolaskarp at free.fr
Mon Jul 23 17:30:00 CEST 2007
Called-Station-Id isn't equal to Nas-Ip-Address, it equal to the PC where I
initiate telnet Connection.
It's not equal to my Nas-Ip :(
So, i would change the called-station-id to Nas-Ip-Adress and Nas-Ip-Address to
proxy address.
Any idea ?
Selon tnt at kalik.co.yu:
> OK. If you devices put their IP addresses in Called-Station-Id field
> there is no need to do rewrites. You can use regexp operators to
> controll access as Called-Station-Id attribute is a string.
>
> NAS1 NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.48."
> Dev group(s) in reply
>
> NAS2 NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.49."
> Prod group(s) in reply
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> You can leave this out proxy IP check if all traffic comes over the
> proxy. You might need to escape periods in regexp.
>
> Dana 23/7/2007, "nicolaskarp at free.fr" <nicolaskarp at free.fr> pi¹e:
>
> >Re-Hello ;-)
> >
> >I search how i can do this but i don't find...
> >
> >I want to do this :
> >
> >If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Dev"
> >else
> > If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to
> "Prod"
> > else
> > Do nothing.
> > fi
> >fi
> >
> >I don't know how check the NAS-IP-ADDRESS attribute and rewrite an other
> >attribute (Calling-Station-ID)..
> >
> >Thank you for your help !!
> >
> >NicolaS.
> >
> >Selon nicolaskarp at free.fr:
> >
> >> Hello,
> >>
> >> Thank you for your help but I don't understand how you can make it.
> >>
> >> Here my configuration that I try:
> >>
> >> #Replae The Nas-Ip6address by Proxy-IP
> >> attr_rewrite overwrite_nasip {
> >> attribute = "NAS-IP-Address"
> >> searchfor = ".*"
> >> packet = packet
> >> replacewith = "10.28.65.130"
> >> max_matches = 1
> >> }
> >>
> >> # Dev Eqpt : 192.168.48.0/24
> >> attr_rewrite dev_equipment {
> >> attribute = "Calling-Station-Id"
> >> searchfor = ".*"
> >> packet = packet
> >> replacewith = "Dev" --> Replace String Dev for all Eqpts but not
> for
> >> 192.168.48.0/24!!
> >> max_matches = 1
> >> }
> >>
> >> preproxy {
> >> files
> >> overwrite_nasip
> >> dev_equipment
> >> }
> >>
> >> Here what I want :
> >>
> >> 1.
> >>
> >> If [ NAS-IP-Address =~ 192.168.48.* ]
> >> Calling-Station-Id = Dev
> >> else
> >> if [ NAS-IP-Address =~ 192.168.49.* ]
> >> Calling-station-id = Prod
> >> else
> >> Calling-station-id = Any
> >> fi
> >> fi
> >>
> >> 2.
> >> the proxy forwards the access-request to the radius server
> >>
> >> 3.
> >> The radius server receives the acces-request
> >> If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
> >> instance_openldap-Ldap-Group == CiscoDev
> >> else
> >> If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
> >> instance_openldap-Ldap-Group == CiscoProd
> >> else
> >> instance_openldap-Ldap-Group == CiscoOthers
> >> fi
> >> fi
> >>
> >> Thank you for your assistance
> >>
> >> Nicolas.
> >>
> >>
> >>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list