How to use rewrite.called_station_id IN dynamic clients authorize section
Alan DeKok
aland at deployingradius.com
Thu Mar 26 14:49:34 CET 2015
On Mar 26, 2015, at 8:36 AM, James Wood <james.wood at purplewifi.com> wrote:
> I would love to, but it is not under our control. As a hotspot provider,
> that supplies tens of thousands of customers around the world, all using
> different IP addresses (that change), we simply cannot use the normal way of
> auth via the source IP. We do not own the customers (NAS) equipment, or have
> control over it, so we can't make them VPN all traffic to us or other way.
> This is why we're having to auth on Called-Station-Id instead of IP Address.
I’m always surprised at just how *terrible* networks are. There is simply no reason for WiFi access points to talk directly to your RADIUS server. They should instead talk to to a local RADIUS server. That RADIUS server should deal with local IP changes. It should have a static IP to talk to your RADIUS server.
> If you can think of a better way, please advise.
TBH, I’m not sure there is one. I have serious issues with butchering the FreeRADIUS source to deal with broken networks.
> My original question remains, how can the module rewrite.called_station_id
> be used with a dynamic client setup? At the moment it does not work, so is
> that a bug, problem with my code, or something else?
In v3, you can manually unpack binary attributes. But rlm_raw won’t work there.
You’ll have to write your own module for v2.
Alan DeKok.
More information about the Freeradius-Users
mailing list