Authorising Clients by Calling Station ID Not IP

JennyBlunt jennyshoehorn at me.com
Mon Oct 24 20:02:06 CEST 2011


If I put in default authorize section, the called-station-id is present.

What I just don't understand is why it doesn't work in dynamic hosts and also why default is loaded at all?

The called-station-id is certainly present in the request:

rad_recv: Access-Request packet from host 94.x.x.x port 29429, id=3, length=141
server dynamic_client_server {
} # server dynamic_client_server
- Added client 94.x.x.x with shared secret testing123
rad_recv: Access-Request packet from host 94.x.x.x port 29429, id=3, length=141
	User-Name = "full"
	User-Password = "Y\270\306\323"
	NAS-Identifier = "simulator"
	NAS-Port-Type = Wireless-802.11
	Service-Type = Login-User
	NAS-IP-Address = 192.168.0.1
	Called-Station-Id = "00-00-00-11-00-10"
	Calling-Station-Id = "11-11-11-22-11-21"
	Acct-Session-Id = "JRadius-851365653dd8b055354910131660a6ad"
# Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default

---




On 24 Oct 2011, at 10:03, Fajar A. Nugraha-2 [via FreeRadius] wrote:

> On Mon, Oct 24, 2011 at 3:47 PM, JennyBlunt <[hidden email]> wrote:
> 
> > Hi, 
> > Huntgroup-Name := "%{sql:SELECT `groupname` FROM `radhuntgroup` WHERE 
> > nasipaddress='%{NAS-IP-Address}'}" 
> > 
> > The mysql query then looks like this: 
> > 
> > SELECT `groupname` FROM `radhuntgroup` WHERE nasipaddress='' 
> > 
> > If I use packet-src-ip-address, the query is fine. 
> > 
> > Replacing with called-station-id renders nothing as well. 
> > 
> > Does this have something to do with the dynamic clients??
> 
> It shouldn't. 
> 
> What does the debug log show? What attributes were sent by the NAS in 
> access-request packet? 
> 
> http://freeradius.org/rfc/rfc2865.html#NAS-IP-Address says "Either 
> NAS-IP-Address or NAS-Identifier MUST be present in an Access-Request 
> packet." 
> 
> so if your NAS sends neither, it's broken. 
> 
> -- 
> Fajar 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> If you reply to this email, your message will be added to the discussion below:
> http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4931798.html
> To unsubscribe from Authorising Clients by Calling Station ID Not IP, click here.



--
View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933540.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20111024/101f9df8/attachment.html>


More information about the Freeradius-Users mailing list