Multiple NAS ips in home_server for COA packets

Alan DeKok aland at deployingradius.com
Thu Apr 7 15:05:57 UTC 2022


On Apr 7, 2022, at 10:24 AM, Daniele Mantovani <dmantovani at salesianisesto.it> wrote:
> First of all, thanks for this amazing software!

  Thanks!  We try. :)

> I'm trying to implement in my setup (currently a 3.0.17 freeradius)

  I suggest upgrading, but whatever.

> It works and it effectively prepare the packet, but in order to make
> it fully work, I had to create a home_server that correspond to the
> access points (NAS) I'm using for testing like this:

  Yes, that works.

> Now I need to deploy that configuration to all my access points, that
> are around 150, and making 150 home_server configurations, one for
> every NAS, it's really long and error prone.

  Create them from templates.  

> Is There's any way I can specify a home_server that represents all
> those access points?

  Unfortunately, no.  RADIUS depends on IP addresses.

> I've tried to set the "ipaddr" to a full ip class, like I've done in
> the client section, but it doesn't seem to accept a class of that size
> (it only accepts a /32 address).

  That's actually a reasonable thing to do.  I'll take a look at it for the 3.2.x releases.

  But in 3.0, you can do this:

* edit radiusd.conf, and add the following section before the "security { ... } section

templates {
	nas_template {
		type = coa
		port = 3799
		secret = xxxx

		... anything else from the "home_server" except "ipaddr"
	}

}

  You can then put this into proxy..conf:

home_server foo {
	ipaddr = 1.2.3.4
	$template nas_template
}

  And it will automatically fill in the rest of the fields from the template.  See raddb/templates.conf for more documentation.

  Alan DeKok.



More information about the Freeradius-Users mailing list