Grouping different kinds of clients and returning different attributes

David Bailey dr at
Thu Feb 12 23:38:00 CET 2009

I'm new to FreeRadius, so please understand that my understanding of the
vocabulary and structures are limited. I've read through the documentation
and I'm trying to do something that may be obvious to some.

I'm trying to configure FreeRadius to do administrator authentication from a
series of switches, routers, and firewalls. Some are Cisco IOS, some HP
Procurve, and some Juniper.

I've got it working so that all are properly authenticating. The back-end
authentication is LDAP.

The problem is that there are roughly 250 units on various IP addresses
across the WAN.

I'd like to redirect them all to the same RADIUS server.

The problem is that although I have some 250 client definitions in
clients.conf, I'd rather avoid using 250 definitions in users.

I'm trying to find a way to categorize the RADIUS clients into Cisco, HP,

What I was trying to do was to give each client a name:

client {
  ipaddr =
  secret = supersecret

client {
  ipaddr =
  secret = alsoverysecret

And then build something to refer to them in the users file along the lines

DEFAULT Client-Shortname =~ "Cisco_IOS.*", User-Name := "someadmin",
Cleartext-Password := "goodpassword"
  Service-Type = NAS-Prompt-User

DEFAULT Client-Shortname =~ "HP_Procurve.*", User-Name := "anotheradmin",
Cleartext-Password := "greatpassword"
  Service-Type = 6

of maybe

DEFAULT Client-Shortname =~ "Somethingelse.*", Auth-Type := Pam  (or LDAP)
   Service-Type = (something else),
   Other-attributes = XXXXXXX

I'm having some problems, so I'm either missing something, or I'm going down
an entirely wrong path. I got the "Client-Shortname" from the Run-time
variables page in the Wiki, but I suspect it isn't evaluating like I think
it ought to.

Thank you for your time.
View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list