Grant access to a groups of users to a determinated subnets

Condor condor_bulto at yahoo.com
Tue Feb 4 14:20:17 CET 2020


Hi Matthew, i'm running FreeRADIUS Version 3.0.4 

Are you sure i need to update? 

Even if the "if" throw me "TRUE" not work either

Thanks!


On Tuesday, February 4, 2020, 10:04:25 AM GMT-3, Matthew Newton <mcn at freeradius.org> wrote: 



On Tue, 2020-02-04 at 12:44 +0000, Condor via Freeradius-Users wrote:
>  Now if i do this:
>    (0)    if (<ipv4prefix>&NAS-IP-Address < 192.168.0.0/16)  ->
> FALSE 
>        (NAS-IP-Address=192.168.212.250)
> But, if i do this:
>    if (<ipv4prefix>192.168.212.250 < 192.168.0.0/16)  -> TRUE

Can you send plaintext e-mail, rather than the mangled up HTML version.


It works fine in the latest version:

if (&NAS-IP-Address < 192.168.0.0/24) {
  update reply {
    Reply-Message += "in 192"
  }
}

if (&NAS-IP-Address < 127.0.0.0/8) {
  update reply {
    Reply-Message += "in 127"
  }
}


$ radtest bob test 127.0.0.1 0 testing123
Sent Access-Request Id 188 from 0.0.0.0:35671 to 127.0.0.1:1812 length
73
    User-Name = "bob"
    User-Password = "test"
    NAS-IP-Address = 127.0.1.1
    NAS-Port = 0
    Message-Authenticator = 0x00
    Cleartext-Password = "test"
Received Access-Accept Id 188 from 127.0.0.1:1812 to 127.0.0.1:35671
length 28
    Reply-Message = "in 127"


(0)    if (&NAS-IP-Address < 192.168.0.0/24) {
(0)    if (&NAS-IP-Address < 192.168.0.0/24)  -> FALSE
(0)    if (&NAS-IP-Address < 127.0.0.0/8) {
(0)    if (&NAS-IP-Address < 127.0.0.0/8)  -> TRUE
(0)    if (&NAS-IP-Address < 127.0.0.0/8)  {
(0)      update reply {
(0)        Reply-Message += "in 127"
(0)      } # update reply = noop
(0)    } # if (&NAS-IP-Address < 127.0.0.0/8)  = noop


What version of FreeRADIUS are you running? You probably need to
upgrade.


-- 
Matthew


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list