NAS-Group? - different replies to different NASes?
Adrian
adrian at dsl4u.ca
Tue Feb 26 04:44:43 CET 2008
I'm not sure we use the users file (I have the radius.conf pointed to
sql.conf).
This is what I thought might have to happen but I'm not sure if it makes
sense.
Create 2 Groups in radgroupreply like this:
Telco_LAC_Group - with all the tunnel attributes
LNS_Group - which all the users would be assigned to and whatever attributes
they need to share.
In "radgroupcheck" enter a NAS-IP-Address check for the Telco_LAC_Group that
matches on the LAC's IPs.
In "usergroup" assign the user to the LNS_Group
Everything else remains the same as before (radreply and radcheck with the
specific user info)
Does that make sense?
Any other way to group attributes for specific NASes?
Adrian
-----Original Message-----
From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
Behalf Of Ivan Kalik
Sent: Sunday, February 24, 2008 3:57 PM
To: FreeRadius users mailing list
Subject: RE: NAS-Group? - different replies to different NASes?
You would normally use a DEFAULT entry in users file. In 2.0 you can use
unlang and do it in sql.
Ivan Kalik
Kalik Informatika ISP
Dana 24/2/2008, "Adrian" <adrian at dsl4u.ca> piše:
>Hello Ivan,
>
>Can you point me in the right direction with doing separate requests based
>on the NAS-IP-Address Attribute? Do I do this in the radius.conf file or
in
>the mysql DB somehow under the groups?
>
>Currently I use the nas list from the flat file and the DB for everything
>else including groups.
>
>Thanks
>Adrian
>
>-----Original Message-----
>From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
>[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
>Behalf Of Ivan Kalik
>Sent: Friday, February 22, 2008 10:22 AM
>To: FreeRadius users mailing list
>Subject: RE: NAS-Group? - different replies to different NASes?
>
>NAS-IP-Address should be different in LAC and LNS requests. And unlang
>works in version 2.0 not 1.1.x (later post).
>
>Ivan Kalik
>Kalik Informatika ISP
>
>
>Dana 22/2/2008, "Adrian" <adrian at dsl4u.ca> piše:
>
>>Hello Ivan,
>>
>>The Telco wants me to send those parameters to them. I have no choice in
>>that. I'm confused because with every other Telco the setup was straight
>>forward, I setup a tunnel/vpnd-group+virtual template from our LNS to the
>>Telco's LAC and the requests for the user authentication comes from their
>>LAC through my LNS all the time. With this Telco, I see the same request
>>twice. Once from their Radius and then from my LNS. The problem is
>>distinguishing between them and answering differently.
>>
>>Maybe I don't even have to do that, is just that I'm not sure how to do it
>>otherwise.
>>
>>For now I'll do some reading on "unlang" as per Alan's request and see how
>>that goes.
>>
>>Thanks
>>Adrian
>>
>>-----Original Message-----
>>From: freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org
>>[mailto:freeradius-users-bounces+adrian=dsl4u.ca at lists.freeradius.org] On
>>Behalf Of Ivan Kalik
>>Sent: Friday, February 22, 2008 6:32 AM
>>To: FreeRadius users mailing list
>>Subject: RE: NAS-Group? - different replies to different NASes?
>>
>>>4. Our radius sends the Tunnel information back to Telco Radius
>>
>>Why? It will be the same every time for every user. Configure tunnel
>>parametars on the (virtual) interface.
>>
>>Ivan Kalik
>>Kalik Informatika ISP
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>>
>>-
>>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>>
>>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list