Multiple NAS ips in home_server for COA packets

Daniele Mantovani dmantovani at salesianisesto.it
Thu Apr 7 14:24:31 UTC 2022 

Dear to All,

First of all, thanks for this amazing software!

I'm trying to implement in my setup (currently a 3.0.17 freeradius)
some logic to change the authorization of some clients connected to
some access points creating COA Request packet in response to the
accounting received from the access points.

I've managed to create the logic based on the example I've found in
the originate-coa virtual site that sends the coa packet if a
particular condition is met.
Here's a piece of the configuration inside the accounting {} area of
the virtual host I'm using for the testing:

if(Ldap-Group == "InternetAccess" || Ldap-Group == "TEACHER") {
    if(Extreme-User-Profile-Attribute == "4") {
        update coa {
            &User-Name = "%{User-Name}"
            &Acct-Session-Id = "%{Acct-Session-Id}"
            &NAS-IP-Address = "%{NAS-IP-Address}"
            Filter-Id = 2
        }
    }
}

It works and it effectively prepare the packet, but in order to make
it fully work, I had to create a home_server that correspond to the
access points (NAS) I'm using for testing like this:

home_server wifi_test_coa {
    type = coa
    ipaddr = x.x.x.x
    port = 3799
    secret = xxxxxxx

    #  CoA specific parameters.  See raddb/proxy.conf for details.
    coa {
        irt = 2
        mrt = 16
        mrc = 5
        mrd = 30
    }
}

Now I need to deploy that configuration to all my access points, that
are around 150, and making 150 home_server configurations, one for
every NAS, it's really long and error prone.
Is There's any way I can specify a home_server that represents all
those access points?

I've tried to set the "ipaddr" to a full ip class, like I've done in
the client section, but it doesn't seem to accept a class of that size
(it only accepts a /32 address).

Any work around?

Thanks to all
Cheers
Daniele

-- 
 <https://www.salesianisesto.it/> 
<https://www.google.it/maps/place/Opere+Sociali+Don+Bosco+-+Salesiani+Sesto/@45.5435274,9.2283012,17z/> 
<https://www.facebook.com/osdbsesto> 
<https://www.youtube.com/user/salesianisesto> 
<https://twitter.com/salesianisesto> 
<https://www.instagram.com/salesianisesto/>

More information about the Freeradius-Users mailing list