Pending release of 2.1.9
Johan Meiring
jmeiring at pcservices.co.za
Fri May 14 11:08:05 CEST 2010
On 2010/05/14 10:35 AM, Alan DeKok wrote:
> Johan Meiring wrote:
>
> The "dynamic clients' code runs modules before the packet is
> decoded... but that's only because it doesn't *receive* the packet. So
> any "raw" access to the packet will return nothing.
>
> What are you doing with the module? I can't for the life of me see
> why it would be useful in *any* situation.
>
Its dynamic clients.
I use it inside dynamic clients to look up the client via the Nas-Identifier.
My clients don't have fixed IPs. The only way to give different Nas's
different shared secrets is by doing this.
You made a modification to dynamic clients a while ago where you could get
hold of the whole packet inside dynamic clients.
Dont know if you remember this.
You sent a mail to me about it on Wed, 27 May 2009 14:05:31 +0200
============================SNIP===================================
I've made some changes in revision control that should help you. The
"dynamic client" virtual server will now receive the *full* RADIUS
packet. Before, it was impossible to look at the contents.
You will *still* need to use the "rlm_raw" module to look at the raw
packet contents. The contents are *not* decoded into attributes, as
happens when receiving normal packets.
See http://git.freeradius.org/pre for a tar file that contains the
code changes. You will need to add rlm_raw to the build. But after
that, something like the following should work:
authorize {
...
if ("%{raw:NAS-Identifier}" == "foo") {
...
}
...
}
============================SNIP===================================
It is definately usefull to me!
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
More information about the Freeradius-Users
mailing list