add realm based on NAS-IP

tirili at web.de tirili at web.de
Fri Jul 8 10:24:08 CEST 2016


   Hello list,

   I just want to add users coming from a specific NAS add a realm. This
   seems not to be working.
   Any help is appreciated.

   These files are modified for testing purposes.

   DEFAULT NAS-IP-Address == "127.0.0.1"
           User-Name = "%{User-Name}@test.local"
   DEFAULT NAS-IP-Address == "192.168.1.238"
           User-Name = "%{User-Name}@test.local"
   I have ./users to identify the user.
   testuser1 at test.local   Cleartext-Password := "geheim"
   testuser2                    Cleartext-Password := "geheim"
   When performing a "radtest testuser1 at test.local geheim 127.0.0.1:1812 0
   testing123"
   this is working.

   Sending Access-Request Id 146 from 0.0.0.0:43466 to 127.0.0.1:1812
           User-Name = 'testuser1 at test.local'
           User-Password = 'geheim'
           NAS-IP-Address = 192.168.1.238
           NAS-Port = 0
           Message-Authenticator = 0x00
   Received Access-Accept Id 146 from 127.0.0.1:1812 to 127.0.0.1:43466
   length 20

   When performing a "radtest testuser2 geheim 127.0.0.1:1812 0
   testing123" this is working as well (but should not, as @test.local
   should be appended!!)

   Sending Access-Request Id 25 from 0.0.0.0:45877 to 127.0.0.1:1812
           User-Name = 'testuser2'
           User-Password = 'geheim'
           NAS-IP-Address = 192.168.1.238
           NAS-Port = 0
           Message-Authenticator = 0x00
   Received Access-Accept Id 25 from 127.0.0.1:1812 to 127.0.0.1:45877
   length 20

   When performing a "radtest testuser1 geheim 127.0.0.1:1812 0
   testing123" I get a reject (but should not, as @test.local should be
   appended).

   Sending Access-Request Id 223 from 0.0.0.0:38701 to 127.0.0.1:1812
           User-Name = 'testuser1'
           User-Password = 'geheim'
           NAS-IP-Address = 192.168.1.238
           NAS-Port = 0
           Message-Authenticator = 0x00
   Received Access-Reject Id 223 from 127.0.0.1:1812 to 127.0.0.1:38701
   length 20
   (0) -: Expected Access-Accept got Access-Reject

   Attached is full debug output.
   Any help is appreciated.

   Best regards,
   Thomas
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: freeradius-304-debug.txt
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160708/cf60260e/attachment-0001.txt>


More information about the Freeradius-Users mailing list