Monitor current NAS list with dynamic clients
Lorenzo Milesi
maxxer at ufficyo.com
Wed Apr 16 09:31:24 CEST 2014
> Are you sure?
>
> See raddb/sites-available/dynamic-clients for how to read clients
> dynamically from SQL. If you're not using that, you don't have dynamic
> clients.
This is the content of my dnyamic-clients file in sites-enabled (as taken from [1]) :
#
client dymamic {
ipaddr = 0.0.0.0
netmask = 0
dynamic_clients = dynamic_client_server
lifetime = 86400
}
server dynamic_client_server {
authorize {
if("%{raw:Called-Station-Id}"){
if ("%{sql: select count(*) from nas where community='%{raw:Called-Station-Id}'}" == 1) {
update control {
FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
FreeRADIUS-Client-Require-MA = no
FreeRADIUS-Client-Secret = "%{sql: select nas.secret from nas where nas.community='%{raw:Called-Station-Id}'}"
FreeRADIUS-Client-Shortname = "%{sql: select shortname from nas where community='%{raw:Called-Station-Id}'}"
FreeRADIUS-Client-NAS-Type = "other"
}
ok
}
}
}
}
> NASes shouldn't move IPs very often. RADIUS depends on NASes having
> static IP addresses.
I know, that's why I mostly use VPN for NASes on dynamic connections. But in certain cases I do testing with my office IP address, then after some days I deploy the same NAS to customer's connection and I get failed logins. Restarting radius fixes the login, but this means dynamic clients configuration is not working...
thanks for the help
[1] http://sourceforge.net/apps/trac/hotcakes/wiki/YfiTechDynamicClients
--
Lorenzo Milesi - lorenzo.milesi at yetopen.it
YetOpen S.r.l. - http://www.yetopen.it/
More information about the Freeradius-Users
mailing list