Freeradius-Users Digest, Vol 108, Issue 24

Alan DeKok aland at deployingradius.com
Sat Apr 5 05:24:33 CEST 2014


Rui Ribeiro wrote:
> Probably you are using a Cisco that always fill it´s virtual port as 29
> in every connection.
> I log everything to MySQL and see all the authentications there. So
> essentially it is a bug from Cisco, I think.

  In v3, you could hash the User-Name and MAC address, which should be
fairly unique.  Then pull the NAS-Port from that.

  if (client always has the same NAS-Port) {
    update request {
	Tmp-Octets-0 := "0x%{md5:%{User-Name}%{Calling-Station-Id}}
    }

    update request {
	NAS-Port = "%{unpack:&Tmp-Octets-0 short 0}"
    }
  }

  You'll need two configure the "if" check somehow for the client.
Then, you'll need two "update" sections.

  But that should make the NAS-Port a 16-bit field which is relatively
random.  If that isn't good enough, change "short" to "integer".

  Alan DeKok.


More information about the Freeradius-Users mailing list