clients.conf - identifying a "client" - sql/ldap
Alan DeKok
aland at deployingradius.com
Wed Aug 20 17:43:11 CEST 2008
Johan Meiring wrote:
> Using the sites-available as an example I created the following:
>
> A Virtual Server with a authorize section that will create the client.
> Tested working using static info.
...
> Works perfectly.
As designed.
> No I replace the "static info" above with a SQL query, again using the
> example
>
> -------------------------------------------------------------
> server dymamic_nas {
> authorize {
> if ("%{sql: select NasID from Nas where
> Identifier='%{NAS-Identifier}'}") {
OK...
> The problem is that %{NAS-Identifier} expands to nothing.
> This seems to be confirmed by the documentation.
Ah... good point.
Hmm... it's probably worth copying the NAS-Identifier to the fake
packet. It's just useful enough to be worth it.
> The documentation however mentions that I can somehow get hold
> of the NAS-Identifier and use it to set the "shared secret".
That's the intent, but the code doesn't match.
> -------------------------------------------------------------
> # You can use any policy here. e.g. Check NAS-Identifier,
> # and define a shared secret by NAS-Identifier, rather than
> -------------------------------------------------------------
>
> How do I get hold of the NAS-Identifier in order to find the required
> secret.
Give me a bit, and I'll go poke the code.
Alan DeKok.
More information about the Freeradius-Users
mailing list