Authorising Clients by Calling Station ID Not IP

Phil Mayers p.mayers at imperial.ac.uk
Mon Oct 24 20:52:24 CEST 2011


On 10/24/2011 07:02 PM, JennyBlunt wrote:
> If I put in default authorize section, the called-station-id is present.
>
> What I just don't understand is why it doesn't work in dynamic hosts and

As per the comments in the "sample" dynamic-clients:

#  The request that is processed through this section
#  is EMPTY.  There are NO attributes.  The request is fake,
#  and is NOT the packet that triggered the lookup of
#  the dynamic client.
#
#  The ONLY piece of useful information is either
#
#       Packet-Src-IP-Address (IPv4 clients)
#       Packet-Src-IPv6-Address (IPv6 clients)
#
#  The attributes used to define a dynamic client mirror
#  the configuration items in the "client" structure.

You'll need to patch the source to make what you want work. This may (or 
may not) be a generally useful patch; the problem is that, in many 
cases, a single NAS might have >1 Called-Station-Id e.g. multiple BSSIDs 
for a wireless AP.



More information about the Freeradius-Users mailing list