User authentication for remote NAS'?

Brian Candler b.candler at
Thu Mar 30 15:20:22 CEST 2017

On 30/03/2017 13:44, Alan DeKok wrote:
>> I was thinking about using the NAS-ID or called-station-id to authenticate instead. The NAS-ID is in the rad_recv request so I'm figuring somehow it must be possible to use that?
>    It's not possible.
If you have multiple NASes behind a NAT, then obviously you can't have 
different shared secrets for each one, but I don't think that's what the 
OP was asking.

The question was "how I can base authentication on which NAS a user is 
trying to log in from?", which I took to mean "how can I make the 
authentication response vary depending on which NAS originated the 
radius request?"

It is clearly possible to use NAS-Identifier for that purpose. Given the 
constraints in the original question, it seems like a reasonable 
solution to me.



More information about the Freeradius-Users mailing list