Setting internal attributes per client
Nathan Ward
lists+freeradius at daork.net
Mon Oct 30 01:54:47 CET 2017
Hi,
We have some RADIUS servers handling clients from 3 different vendors/models of BNGs and so on, and have to return different attributes to each (Cisco-AVPair to Ciscos, etc. etc.).
Right now I have some policies that match request:NAS-IP-Address against a list of IPs. It’s a bit annoying to have to add clients in clients.conf and in the policy config. Manageable sure, but, I’m wondering if there’s a better way.
Is there a way to have some sort of per-client policy, other than matching NAS-IP-Address or similar? Can I look at shortname as configured in clients.conf (I could add tokens to this, for example, ‘iosxrbng_<original hostname>’.
I considered multiple virtual servers, which is still something I’m considering but not sure that’s the best solution either.
Open to suggestions!
It occurred to me that a useful thing would be setting attributes in clients.conf, i.e.:
client example.org {
ipaddr = radius.example.org
secret = testing123
Tmp-String-0 = BNGFlavourPurple
}
Maybe. :-)
--
Nathan Ward
More information about the Freeradius-Users
mailing list