Freeradius 3.2.0 with dynamic clients on LDAP

Alan DeKok aland at deployingradius.com
Mon Sep 5 22:18:27 UTC 2022


On Sep 4, 2022, at 9:50 AM, Igor Sousa <igorvolt at gmail.com> wrote:
> I googled it more and I found this post
> https://lists.freeradius.org/pipermail/freeradius-users/2014-August/073292.html
> (yeah, I know this happened 8 years ago).

  The documentation is always up to date.  There's no need to google things.

> I've understood that the rlm_raw
> module is necessary to access the Called-Station-Id attribute on
> site-enabled/dynamic-clients (
> https://lists.freeradius.org/pipermail/freeradius-users/2015-March/076430.html
> and , but you warned us to not use the rlm_raw module. I don't find this
> module in https://freeradius.org/modules/.

  Because it's a third-party module which isn't supported.

> Then, is it possible to access
> NAS MAC addresses in dynamic-clients configuration in Freeradius 3.2?

  No.

  RADIUS client are always keyed off of IP addresses.  What people usually want is to key off of MAC address, and then do that on a per-packet basis.  That's just not possible.

  If you want to key off of NAS identity instead of IP address, use radsec.  (RADIUS over TLS).  That's what it's for.  You can verify the client certificate of the NAS.  In which case you don't care about its' IP address, or its MAC address.

  Alan DeKok.



More information about the Freeradius-Users mailing list