NAS IP address for usergroup

Tevfik Ceydeliler tevfik.ceydeliler at astron.yasar.com.tr
Fri Sep 4 16:35:26 CEST 2015 

OK.
Now i know what I want
After rading how to on http://wiki.freeradius.org/guide/SQL-Huntgroup-HOWTO
then I create table and entries

+------------------+---------------+----------+
| username         | groupname     | priority |
+------------------+---------------+----------+
| tevfikceydeliler | UGR_Test_Wifi |        0 |
+------------------+---------------+----------+


+----+---------------+----------------+----+---------+
| id | groupname     | attribute      | op | value   |
+----+---------------+----------------+----+---------+
| 45 | UGR_Test_Wifi | Huntgroup-Name | == | PfSense |
+----+---------------+----------------+----+---------+


+----+-----------+--------------+-----------+
| id | groupname | nasipaddress | nasportid |
+----+-----------+--------------+-----------+
|  1 | PfSense   | 10.65.8.117  | NULL      |
+----+-----------+--------------+-----------+


rad_recv: Access-Request packet from host 10.1.1.27 port 1457, id=6, 
length=56
         User-Name = "tevfikceydeliler"
         User-Password = "Test01"
# Executing section authorize from file 
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
sql_xlat
         expand: %{User-Name} -> tevfikceydeliler
sql_set_user escaped user --> 'tevfikceydeliler'
         expand: SELECT groupname FROM radhuntgroup WHERE 
nasipaddress='%{NAS-IP-Address}' -> SELECT groupname FROM radhuntgroup 
WHERE nasipaddress=''
rlm_sql (sql): Reserving sql socket id: 4
SQL query did not return any results
rlm_sql (sql): Released sql socket id: 4
         expand: %{sql:SELECT groupname FROM radhuntgroup WHERE 
nasipaddress='%{NAS-IP-Address}'} ->
++[reply] returns notfound

Why nasipaddress comes empty?


On 09/04/2015 04:54 PM, Alan DeKok wrote:
> On Sep 4, 2015, at 9:31 AM, Tevfik Ceydeliler <tevfik.ceydeliler at astron.yasar.com.tr> wrote:
>> Does NAS-IP-Address attribute  work under user group?
>    Yes.
>
>> +----+-----------------------+------------------------+-----+------------------+
>> | id | groupname       | attribute              | op | value     |
>> +----+---------------+--------------------------------+----+-------------- -----+
>> | 45 | UGR_Test_Wifi | NAS-IP-Address | == | 10.65.8.117 |
>> +----+-----------------------+-------------------------+----+-------------------+
>    Which tells the server to match the NAS-IP-Address... but doesn't tell the server to DO anything.
>
>> I test it but user can get access-accept" from dşfferent NAS also
>> Or something wrong?
>    If you want the server to reject from different NASes, then you need to write that:
>
> 	NAS-IP-Address != 10.65.8.117
> 	Auth-Type := Reject
>
>    Alan DeKok.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--

More information about the Freeradius-Users mailing list