Freeradius 3.2.0 with dynamic clients on LDAP
Igor Sousa
igorvolt at gmail.com
Tue Sep 6 17:28:58 UTC 2022
Alan,
Thanks for your explanation.
--
Igor Sousa
Em seg., 5 de set. de 2022 às 19:18, Alan DeKok <aland at deployingradius.com>
escreveu:
> On Sep 4, 2022, at 9:50 AM, Igor Sousa <igorvolt at gmail.com> wrote:
> > I googled it more and I found this post
> >
> https://lists.freeradius.org/pipermail/freeradius-users/2014-August/073292.html
> > (yeah, I know this happened 8 years ago).
>
> The documentation is always up to date. There's no need to google
> things.
>
> > I've understood that the rlm_raw
> > module is necessary to access the Called-Station-Id attribute on
> > site-enabled/dynamic-clients (
> >
> https://lists.freeradius.org/pipermail/freeradius-users/2015-March/076430.html
> > and , but you warned us to not use the rlm_raw module. I don't find this
> > module in https://freeradius.org/modules/.
>
> Because it's a third-party module which isn't supported.
>
> > Then, is it possible to access
> > NAS MAC addresses in dynamic-clients configuration in Freeradius 3.2?
>
> No.
>
> RADIUS client are always keyed off of IP addresses. What people usually
> want is to key off of MAC address, and then do that on a per-packet basis.
> That's just not possible.
>
> If you want to key off of NAS identity instead of IP address, use
> radsec. (RADIUS over TLS). That's what it's for. You can verify the
> client certificate of the NAS. In which case you don't care about its' IP
> address, or its MAC address.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list