Aw: add realm based on NAS-IP
tirili at web.de
tirili at web.de
Fri Jul 8 11:00:58 CEST 2016
I got a step further. I have to modify hints for := instead of =
DEFAULT NAS-IP-Address == "192.168.1.238"
User-Name := "%{User-Name}@test.local"
DEFAULT NAS-IP-Address == "127.0.0.1"
User-Name := "%{User-Name}@test.local"
# radtest testuser1 geheim 127.0.0.1:1812 0 testing123
Sending Access-Request Id 206 from 0.0.0.0:53968 to 127.0.0.1:1812
User-Name = 'testuser1'
User-Password = 'geheim'
NAS-IP-Address = 192.168.1.238
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Accept Id 206 from 127.0.0.1:1812 to 127.0.0.1:53968
length 20
But if s.b. I want to have a check if @ is contained in username, I get
a reject???
DEFAULT NAS-IP-Address == "192.168.1.238", User-Name !~ ".*@"
User-Name := "%{User-Name}@test.local"
DEFAULT NAS-IP-Address == "127.0.0.1", User-Name !~ ".*@"
User-Name := "%{User-Name}@test.local"
Request Id 172 from 0.0.0.0:59149 to 127.0.0.1:1812
User-Name = 'testuser1'
User-Password = 'geheim'
NAS-IP-Address = 141.4.217.238
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Reject Id 172 from 127.0.0.1:1812 to 127.0.0.1:59149
length 20
(0) -: Expected Access-Accept got Access-Reject
Why??
Best regards,
Thomas
An: freeradius-users at lists.freeradius.org
Betreff: add realm based on NAS-IP
Hello list,
I just want to add users coming from a specific NAS add a realm. This
seems not to be working.
Any help is appreciated.
These files are modified for testing purposes.
DEFAULT NAS-IP-Address == "127.0.0.1"
User-Name = "%{User-Name}@test.local"
DEFAULT NAS-IP-Address == "192.168.1.238"
User-Name = "%{User-Name}@test.local"
I have ./users to identify the user.
testuser1 at test.local Cleartext-Password := "geheim"
testuser2 Cleartext-Password := "geheim"
When performing a "radtest testuser1 at test.local geheim 127.0.0.1:1812 0
testing123"
this is working.
Sending Access-Request Id 146 from 0.0.0.0:43466 to 127.0.0.1:1812
User-Name = 'testuser1 at test.local'
User-Password = 'geheim'
NAS-IP-Address = 192.168.1.238
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Accept Id 146 from 127.0.0.1:1812 to 127.0.0.1:43466
length 20
When performing a "radtest testuser2 geheim 127.0.0.1:1812 0
testing123" this is working as well (but should not, as @test.local
should be appended!!)
Sending Access-Request Id 25 from 0.0.0.0:45877 to 127.0.0.1:1812
User-Name = 'testuser2'
User-Password = 'geheim'
NAS-IP-Address = 192.168.1.238
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Accept Id 25 from 127.0.0.1:1812 to 127.0.0.1:45877
length 20
When performing a "radtest testuser1 geheim 127.0.0.1:1812 0
testing123" I get a reject (but should not, as @test.local should be
appended).
Sending Access-Request Id 223 from 0.0.0.0:38701 to 127.0.0.1:1812
User-Name = 'testuser1'
User-Password = 'geheim'
NAS-IP-Address = 192.168.1.238
NAS-Port = 0
Message-Authenticator = 0x00
Received Access-Reject Id 223 from 127.0.0.1:1812 to 127.0.0.1:38701
length 20
(0) -: Expected Access-Accept got Access-Reject
Attached is full debug output.
Any help is appreciated.
Best regards,
Thomas
-
List info/subscribe/unsubscribe? See
[1]http://www.freeradius.org/list/users.html
References
1. http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list