NAS-Group? - different replies to different NASes?

Adrian adrian at dsl4u.ca
Tue Feb 26 04:44:43 CET 2008


I'm not sure we use the users file (I have the radius.conf pointed to
sql.conf).

This is what I thought might have to happen but I'm not sure if it makes
sense.

Create 2 Groups in radgroupreply like this:
Telco_LAC_Group - with all the tunnel attributes
LNS_Group - which all the users would be assigned to and whatever attributes
they need to share.

In "radgroupcheck" enter a NAS-IP-Address check for the Telco_LAC_Group that
matches on the LAC's IPs.
In "usergroup" assign the user to the LNS_Group
Everything else remains the same as before (radreply and radcheck with the
specific user info)

Does that make sense?

Any other way to group attributes for specific NASes?
Adrian


-----Original Message-----
From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
Behalf Of Ivan Kalik
Sent: Sunday, February 24, 2008 3:57 PM
To: FreeRadius users mailing list
Subject: RE: NAS-Group? - different replies to different NASes?

You would normally use a DEFAULT entry in users file. In 2.0 you can use
unlang and do it in sql.

Ivan Kalik
Kalik Informatika ISP


Dana 24/2/2008, "Adrian" <adrian at dsl4u.ca> piše:

>Hello Ivan,
>
>Can you point me in the right direction with doing separate requests based
>on the NAS-IP-Address Attribute?  Do I do this in the radius.conf file or
in
>the mysql DB somehow under the groups?
>
>Currently I use the nas list from the flat file and the DB for everything
>else including groups.
>
>Thanks
>Adrian
>
>-----Original Message-----
>From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
>[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
>Behalf Of Ivan Kalik
>Sent: Friday, February 22, 2008 10:22 AM
>To: FreeRadius users mailing list
>Subject: RE: NAS-Group? - different replies to different NASes?
>
>NAS-IP-Address should be different in LAC and LNS requests. And unlang
>works in version 2.0 not 1.1.x (later post).
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 22/2/2008, "Adrian" <adrian at dsl4u.ca> piše:
>
>>Hello Ivan,
>>
>>The Telco wants me to send those parameters to them.  I have no choice in
>>that.  I'm confused because with every other Telco the setup was straight
>>forward, I setup a tunnel/vpnd-group+virtual template from our LNS to the
>>Telco's LAC and the requests for the user authentication comes from their
>>LAC through my LNS all the time.  With this Telco,  I see the same request
>>twice.  Once from their Radius and then from my LNS.  The problem is
>>distinguishing between them and answering differently.
>>
>>Maybe I don't even have to do that, is just that I'm not sure how to do it
>>otherwise.
>>
>>For now I'll do some reading on "unlang" as per Alan's request and see how
>>that goes.
>>
>>Thanks
>>Adrian
>>
>>-----Original Message-----
>>From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
>>[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
>>Behalf Of Ivan Kalik
>>Sent: Friday, February 22, 2008 6:32 AM
>>To: FreeRadius users mailing list
>>Subject: RE: NAS-Group? - different replies to different NASes?
>>
>>>4. Our radius sends the Tunnel information back to Telco Radius
>>
>>Why? It will be the same every time for every user. Configure tunnel
>>parametars on the (virtual) interface.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>-
>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>
>>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





More information about the Freeradius-Users mailing list