clients.conf - identifying a "client" - sql/ldap

Alan DeKok aland at
Wed Aug 20 17:43:11 CEST 2008

Johan Meiring wrote:
> Using the sites-available as an example I created the following:
> A Virtual Server with a authorize section that will create the client.
> Tested working using static info.
> Works perfectly.

  As designed.

> No I replace the "static info" above with a SQL query, again using the
> example
> -------------------------------------------------------------
> server dymamic_nas {
>   authorize {
>     if ("%{sql: select NasID from Nas where
> Identifier='%{NAS-Identifier}'}") {


> The problem is that %{NAS-Identifier} expands to nothing.
> This seems to be confirmed by the documentation.

  Ah... good point.

  Hmm... it's probably worth copying the NAS-Identifier to the fake
packet.  It's just useful enough to be worth it.

> The documentation however mentions that I can somehow get hold 
> of the NAS-Identifier and use it to set the "shared secret".

  That's the intent, but the code doesn't match.

> -------------------------------------------------------------
>     # You can use any policy here. e.g. Check NAS-Identifier,
>     # and define a shared secret by NAS-Identifier, rather than
> -------------------------------------------------------------
> How do I get hold of the NAS-Identifier in order to find the required
> secret.

  Give me a bit, and I'll go poke the code.

  Alan DeKok.

More information about the Freeradius-Users mailing list