Aw: add realm based on NAS-IP

tirili at web.de tirili at web.de
Fri Jul 8 11:00:58 CEST 2016


   I got a step further. I have to modify hints for := instead of =

   DEFAULT NAS-IP-Address == "192.168.1.238"
           User-Name := "%{User-Name}@test.local"
   DEFAULT NAS-IP-Address == "127.0.0.1"
           User-Name := "%{User-Name}@test.local"

   # radtest testuser1 geheim 127.0.0.1:1812 0 testing123
   Sending Access-Request Id 206 from 0.0.0.0:53968 to 127.0.0.1:1812
           User-Name = 'testuser1'
           User-Password = 'geheim'
           NAS-IP-Address = 192.168.1.238
           NAS-Port = 0
           Message-Authenticator = 0x00
   Received Access-Accept Id 206 from 127.0.0.1:1812 to 127.0.0.1:53968
   length 20

   But if s.b. I want to have a check if @ is contained in username, I get
   a reject???

   DEFAULT NAS-IP-Address == "192.168.1.238", User-Name !~ ".*@"
           User-Name := "%{User-Name}@test.local"
   DEFAULT NAS-IP-Address == "127.0.0.1", User-Name !~ ".*@"
           User-Name := "%{User-Name}@test.local"

   Request Id 172 from 0.0.0.0:59149 to 127.0.0.1:1812
           User-Name = 'testuser1'
           User-Password = 'geheim'
           NAS-IP-Address = 141.4.217.238
           NAS-Port = 0
           Message-Authenticator = 0x00
   Received Access-Reject Id 172 from 127.0.0.1:1812 to 127.0.0.1:59149
   length 20
   (0) -: Expected Access-Accept got Access-Reject

   Why??

   Best regards,
   Thomas

   An: freeradius-users at lists.freeradius.org
   Betreff: add realm based on NAS-IP
   Hello list,
   I just want to add users coming from a specific NAS add a realm. This
   seems not to be working.
   Any help is appreciated.
   These files are modified for testing purposes.
   DEFAULT NAS-IP-Address == "127.0.0.1"
   User-Name = "%{User-Name}@test.local"
   DEFAULT NAS-IP-Address == "192.168.1.238"
   User-Name = "%{User-Name}@test.local"
   I have ./users to identify the user.
   testuser1 at test.local Cleartext-Password := "geheim"
   testuser2 Cleartext-Password := "geheim"
   When performing a "radtest testuser1 at test.local geheim 127.0.0.1:1812 0
   testing123"
   this is working.
   Sending Access-Request Id 146 from 0.0.0.0:43466 to 127.0.0.1:1812
   User-Name = 'testuser1 at test.local'
   User-Password = 'geheim'
   NAS-IP-Address = 192.168.1.238
   NAS-Port = 0
   Message-Authenticator = 0x00
   Received Access-Accept Id 146 from 127.0.0.1:1812 to 127.0.0.1:43466
   length 20
   When performing a "radtest testuser2 geheim 127.0.0.1:1812 0
   testing123" this is working as well (but should not, as @test.local
   should be appended!!)
   Sending Access-Request Id 25 from 0.0.0.0:45877 to 127.0.0.1:1812
   User-Name = 'testuser2'
   User-Password = 'geheim'
   NAS-IP-Address = 192.168.1.238
   NAS-Port = 0
   Message-Authenticator = 0x00
   Received Access-Accept Id 25 from 127.0.0.1:1812 to 127.0.0.1:45877
   length 20
   When performing a "radtest testuser1 geheim 127.0.0.1:1812 0
   testing123" I get a reject (but should not, as @test.local should be
   appended).
   Sending Access-Request Id 223 from 0.0.0.0:38701 to 127.0.0.1:1812
   User-Name = 'testuser1'
   User-Password = 'geheim'
   NAS-IP-Address = 192.168.1.238
   NAS-Port = 0
   Message-Authenticator = 0x00
   Received Access-Reject Id 223 from 127.0.0.1:1812 to 127.0.0.1:38701
   length 20
   (0) -: Expected Access-Accept got Access-Reject
   Attached is full debug output.
   Any help is appreciated.
   Best regards,
   Thomas
   -
   List info/subscribe/unsubscribe? See
   [1]http://www.freeradius.org/list/users.html

References

   1. http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list