FreeRadius and Circuit-ID

filip.m.nikolic at roamingnetworks.rs filip.m.nikolic at roamingnetworks.rs
Mon Nov 14 09:19:35 UTC 2022 

Hi,

Alen

 

Thanks for initial answer I will check.

 

And I will try to provide more information here so you can help me.

I am testing possibilities of BNG. On access side of BNG I am trying to setup PPPoE client.

Client has next attributes: Username, password, Circuit ID and Remote ID.

Authentication goes through Radius server.

In my setup I have to version of radius. One with Daloradius (Sql-web base Radius) and regular freeradius.

 

I want to establish PPPoE session and to try authentication according to the Circuit ID attribute filed not according to the username and password. 

User and pass should stand in a flow, but main authentication should be performed according to the Circuit ID. 

 

Example: 

 

I have user: test1 and password: test1

Circuit ID is: gige 6/27/0:100.1

Remote ID is: BNG

 

These two attributes I received on Radius:

 

(0)   ADSL-Agent-Circuit-Id = 0x6769676520362f32372f303a3130302e31

(0)   ADSL-Agent-Remote-Id = 0x424e47 

 

 

In order to establish authentication according to the ADSL-Agent-Circuit-Id Attribute how should I setup:

 

1. Regluar freeradius setup without mysql base? Is the config from below appropriate?

2. Freeradius setup with Daloradius on top? 

 

 

Thanks in advance, if some more information is needed I will try to provide 😊 

 

BR,

Filip

 

-----Original Message-----

From: Freeradius-Users <freeradius-users-bounces+filip.m.nikolic=roamingnetworks.rs at lists.freeradius.org <mailto:freeradius-users-bounces+filip.m.nikolic=roamingnetworks.rs at lists.freeradius.org> > On Behalf Of Alan DeKok

Sent: Thursday, November 10, 2022 5:47 PM

To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org <mailto:freeradius-users at lists.freeradius.org> >

Subject: Re: FreeRadius and Circuit-ID

 

On Nov 10, 2022, at 4:28 PM, <filip.m.nikolic at roamingnetworks.rs <mailto:filip.m.nikolic at roamingnetworks.rs> > <filip.m.nikolic at roamingnetworks.rs <mailto:filip.m.nikolic at roamingnetworks.rs> > wrote:

> We are playing around with a scenario for subscriber attachment based 

> on circuit-id and remote-id and ignoring PAP/CHAP.

 

  That's fine.

 

> Idea is that you do not need to authenticate a user, just grant him 

> access based on the fixed port in the access node.

> 

> We struggle in the right configuration, so we are wondering if someone 

> play with that and if someone can help us?

 

  Read the debug log to see what attributes are in the packet, and what their values are.

 

  Then, in a virtual server do:

 

authorize {

                ...

                if (... attribute matches value ..)  {

                                update control {

                                                Auth-Type := Accept

                                }

 

                }

                ...

}

 

  If you want a more detailed answer, you will need to ask a more detailed question.

 

  Alan DeKok.

 

-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list