Realm Config

Carlos Botejara cbotejara at gmail.com
Thu Aug 24 21:28:15 UTC 2023 

Sorry Alan, I'll try to be as clear as possible now.

I have two scenarios, and I need to authorize users and devices separately.
In the first case, I have remote users that need to access a specific
network.
In the second case, I have remote devices installed in the field and I need
to access another network.
In both scenarios, I have installed a Mikrotik Router, configured to use a
Radius server to validate the connections. So far everything works fine.

Now, I need to send specific configurations to both scenarios, depending on
the Realm on where the connection comes from, like vlan-id, bandwidth,
quota, etc.

For example, for scenario1 (users), the authentication is through pppoe,
and the Mikrotik sends User and Password, and works fine.

Attach a log.

(9)   Mikrotik-Rate-Limit = "3584K/7168K"
(9)   Acct-Input-Octets = 2513739245
(9)   Acct-Input-Gigawords = 2
(9)   Acct-Input-Packets = 70402669
(9)   Acct-Output-Octets = 1999521214
(9)   Acct-Output-Gigawords = 36
(9)   Acct-Output-Packets = 123545125
(9)   Acct-Status-Type = Interim-Update
(9)   NAS-Identifier = "R2-UsersRouter"
(9)   Acct-Delay-Time = 0
(9)   Mikrotik-Realm = "Users"
(9)   NAS-IP-Address = 172.16.0.124


For scenario2, the devices need to be authenticated through mac address,
via DHCP server.
The dhcp server service is running in remote Mikrotik, because I have other
configs, like OSPF, BGP, etc.

What is the problem?
The DHCP Server sends to Radius the mac address device as username but
doesn't send a password.

What do I need?
I need to execute a different auth query to validate users or devices,
depending on what realm is advertised in freeradius through the attribute
Mikrotik-Realm (Mikrotik sends his attribute in this way).

I hope I have been clear now, and I hope you can help me.
If you need more information, please let me know.

Thanks in advance.

El jue, 24 ago 2023 a las 16:59, Alan DeKok (<aland at deployingradius.com>)
escribió:

> On Aug 24, 2023, at 3:12 PM, Carlos Botejara <cbotejara at gmail.com> wrote:
> >
> > Is there any other way to do it?
>
>   To do *what*?
>
>   You are very careful to say as little as possible about what you have,
> and what you want todo.
>
>   If you tried to do things and they didn't work, try to do different
> things.
>
> > I can't create 2 tables with different Realm names.
> > Should at least be able to take an action by reading the MIKROTIK-REALM
> > attribute and be able to execute the corresponding authorize_check_query.
>
>   The queries can be edited.  I suggest reading the comments which
> describe how the queries work.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list