IP Address as User name
Darren Ward (darrward)
darrward at cisco.com
Thu Feb 6 23:28:52 CET 2014
Hi Alan
Actually in cases where we do authorisation based on IP address such as in ISG we do need the IP or MAC as the username but you are correct I said clients when I meant users file
e.g. a WiFi user who gets an IP from DHCP then attempt to go through to the Internet - we have no auth details yet but have a need to control the session
It also worked out that my problem was that the users file was in two places on my system and I was editing the wrong one! So easily fixed
The entry in the users file would be:
192.168.10.10 Cleartext-Password := "cisco"
xxxxx attributes list;
Here's a snippet of ISG config:
!
class type control always event session-start
20 service-policy type service name WIFI_OPENGARDEN_SERVICE
40 service-policy type service name WIFI_L4REDIRECT_SERVICE
60 authorize aaa list IP_AUTHOR_LIST password cisco identifier source-ip-address
!
What this does is when a new subscriber appears on the system it contacts the AAA servers in the list IP_AUTHOR_LIST and authorises using the IP address on the incoming session with a password of cisco - all before the user has to authenticate to say a web portal or accept some T&C's
This is for IPoE or IP sessions rather than PPP/PPPoE etc which has built in AAA
Of course once they login via a web-portal we can change the services activated by sending a CoA to the gateway
Darren
-----Original Message-----
From: freeradius-users-bounces+darrward=cisco.com at lists.freeradius.org [mailto:freeradius-users-bounces+darrward=cisco.com at lists.freeradius.org] On Behalf Of Alan DeKok
Sent: Friday, 7 February 2014 5:59 AM
To: FreeRadius users mailing list
Subject: Re: IP Address as User name
Darren Ward (darrward) wrote:
> I’m struggling with getting an IP address to eb accepted as a username
> in the clients file and suspect it’s somehow being filtered but I
> can’t find where
That question is very confused. You don't mean the "clients" file.
You mean the "users" file. Computers are particular about that kind of thing.
And you can't get IP's accepted as a User-Name. They're a different attribute.
> I’ve create a user like:
>
> Test Cleartext-Password := “test”
>
> And using radtest can get an access-accept
Because that's how it works.
> but when I try:
>
> 1.1.1.1 Cleartext-Password := “test”
>
> I get an access-reject and it has a noop against the files in the
> debug
Because the "users" file is keyed by User-Name. Read the comments at the top of the "users" file. This is documented.
> I have tried in quotes as well but no luck
Have you tried reading raddb/modules/files? This is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list