Grant access to a groups of users to a determinated subnets
Matthew Newton
mcn at freeradius.org
Tue Feb 4 14:04:15 CET 2020
On Tue, 2020-02-04 at 12:44 +0000, Condor via Freeradius-Users wrote:
> Now if i do this:
> (0) if (<ipv4prefix>&NAS-IP-Address < 192.168.0.0/16) ->
> FALSE
> (NAS-IP-Address=192.168.212.250)
> But, if i do this:
> if (<ipv4prefix>192.168.212.250 < 192.168.0.0/16) -> TRUE
Can you send plaintext e-mail, rather than the mangled up HTML version.
It works fine in the latest version:
if (&NAS-IP-Address < 192.168.0.0/24) {
update reply {
Reply-Message += "in 192"
}
}
if (&NAS-IP-Address < 127.0.0.0/8) {
update reply {
Reply-Message += "in 127"
}
}
$ radtest bob test 127.0.0.1 0 testing123
Sent Access-Request Id 188 from 0.0.0.0:35671 to 127.0.0.1:1812 length
73
User-Name = "bob"
User-Password = "test"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
Message-Authenticator = 0x00
Cleartext-Password = "test"
Received Access-Accept Id 188 from 127.0.0.1:1812 to 127.0.0.1:35671
length 28
Reply-Message = "in 127"
(0) if (&NAS-IP-Address < 192.168.0.0/24) {
(0) if (&NAS-IP-Address < 192.168.0.0/24) -> FALSE
(0) if (&NAS-IP-Address < 127.0.0.0/8) {
(0) if (&NAS-IP-Address < 127.0.0.0/8) -> TRUE
(0) if (&NAS-IP-Address < 127.0.0.0/8) {
(0) update reply {
(0) Reply-Message += "in 127"
(0) } # update reply = noop
(0) } # if (&NAS-IP-Address < 127.0.0.0/8) = noop
What version of FreeRADIUS are you running? You probably need to
upgrade.
--
Matthew
More information about the Freeradius-Users
mailing list