Grant access to a groups of users to a determinated subnets
Condor
condor_bulto at yahoo.com
Mon Feb 3 14:41:24 CET 2020
One thing fixed: if (<ipv4prefix>&NAS-IP-Address < 192.168.0.0/16)
instead:
if (&NAS-IP-Address < 192.168.0.0/16)
In radiusd -X if (<ipv4prefix>&NAS-IP-Address == 192.168.0.0/16) -> FALSE
Any idea?Thanks!
On Monday, February 3, 2020, 10:04:36 AM GMT-3, Condor via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
Hi Matthew, thanks for help,
users:
test003 Crypt-Password := "$1$Z71ee$Z62hAIPIJbcaMDyHtUN/", Huntgroup-Name == gNetworking Auth-Type = System, Service-Type = Login, Reply-Message = "Hello Test001",
huntgroup : nothing
I put theses lines on sites-available/default in section "authorize":
if (&NAS-IP-Address < 192.168.0.0/16) { update control { &Huntgroup-Name == "gNetworking" } }
When i try to execute : Radiusd -X get this:
/etc/raddb/sites-enabled/default[273]: Parse error in condition if (&NAS-IP-Address < 192.168.0.0/16) { ^ Failed to parse value for attributeErrors reading or parsing /etc/raddb/radiusd.conf
Thanks !
On Wednesday, January 29, 2020, 11:15:16 AM GMT-3, Matthew Newton <mcn at freeradius.org> wrote:
On Wed, 2020-01-29 at 14:06 +0000, Condor via Freeradius-Users wrote:
> Sorry for ask again, there is an alternative to hunt group regex
> for subnet? unlang is possible maybe, but i don't understand how to
> use it. Someone could please point me some example
https://freeradius.org/radiusd/man/unlang.html
if (&NAS-IP-Address =~ /^192\.168\.(1?\d\d?|2[0-4]\d|25[0-5])\.(1?\d\d?|2[0-4]\d|25[0-5])$/) {
update control {
&Huntgroup-Name == "gNetworking"
}
}
You can also check if IPs are in a particular network - see the man
page. e.g.
if (<ipaddr>192.0.2.1 < 192.0.2.0/24) {
...
}
if (&NAS-IP-Address < 192.0.2.0/24) {
...
}
--
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list