Matching a prefix in huntgroups file
Brian Candler
b.candler at pobox.com
Mon Nov 7 10:43:06 CET 2016
On 06/11/2016 18:33, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> foo {
>> if (10.254.1.1 == 10.254.0.0/16) {
>> update {
>> Tmp-String-0 := "AAA"
>> }
>> }
>> update {
>> request:NAS-IP-Address := 10.254.1.1
>> }
>> if (&NAS-IP-Address == 10.254.0.0/16) {
>> update {
>> Tmp-String-1 := "BBB"
>> }
>> }
>> }
> given that you are mapping particular IP addresses as clients with particular needs, surely
> this will be easier just to add a local custom tag to the client definition instead and thus you
> can leave your foo policy alone.... eg add my_group to the client definition and then
>
> foo {
> update {
> Tmp-String-0 := &client:my_group
> }
> }
>
> ...as example....then your tmp-string-0 is exactly what that custom tag in the clients.conf is.
The update { Tmp-String-0 ... } is just a method I use to force some
output into the radiusd -X, to show a particular branch was taken and/or
show the contents of a particular attribute. Maybe there is a cleaner
way in freeradius to emit a debug message?
As for setting attributes in clients.conf: thanks for the suggestion,
but I don't think this is going to work if the messages go through a
proxy, as clients.conf will only match the proxy's IP address. I really
do want to match on the NAS-IP-Address attribute.
I could do a files or database lookup on NAS-IP-Address, but with a /16
that would be a lot of entries to populate. So right now, with less
that a dozen tests to do, a sequential lookup in unlang or huntgroups is
fine.
Regards,
Brian.
More information about the Freeradius-Users
mailing list