User authentication for remote NAS'?

wefwe fewfew totallimpbizkit at hotmail.com
Thu Mar 30 04:15:20 CEST 2017 

Hi,


I'm completely new to Freeradius and mysql and have been playing around with it for the past couple of weeks. A lot of fun but also a bit frustrating at times.


So far I've managed to get Freeradius and mysql working. I can even authenticate users and send back attributes to them to limit time online, link speed etc. This part I've got working.


However one thing I'm totally unable to figure out is how I can base authentication on which NAS a user is trying to log in from.


I've been reading the mailing lists, googling, and there are people with similar questions but I've yet to find an answer. Hopefully somebody can give me some pointers :)


Goal:

Have multiple NAS' in remote locations authenticate with a central Freeradius server.


The NAS' will be in remote locations, I won't always know the IP and in some cases they will be using the same IP as they are behind a private network. Setting up radius proxies at the remote locations is not an option.


I was thinking about using the NAS-ID or called-station-id to authenticate instead. The NAS-ID is in the rad_recv request so I'm figuring somehow it must be possible to use that?


My non-programmer-way-of-thinking


Freeradius receives request from NAS

NAS request includes NAS-ID

Freeradius somehow checks if NAS-ID is present in mysql table

If not present -> Reject request

If present -> check usergroup that corresponds with the NAS-ID and authenticate against the users in that group.


Very simple minded I thought that it might be as simple as modifying the hunt group tutorial on the wiki by replacing the nas-ip with nas-id but that didn't work. After some more reading all the mailing list entries tell me the wiki is wrong and won't work.


Right now I'm at a loss and don't know what to do. The mailing list is my last resort.


I would like to know if A) its possible to use anything other than the IP to identify the NAS and B) How would I go about achieving that?


By the way, if I ever get this working, can I write  a guide and submit it to the wiki?

Freeradius version 2.2.8

Freeradius -X: None as I don't think that'll answer my question at this point ;)


Thanks.

More information about the Freeradius-Users mailing list