Re: Authentication problem

Kostas Kalevras Mon, 10 Mar 2003 04:21:46 -0800

On Fri, 7 Mar 2003, QAdmin wrote:

> Hi everyone,
> I have a particular authentication problem that I need to solve
> quickly, and I need your help... here it is:
>
> First, I am using FreeRadius 0.8.1 with the "users" file.
>
> My freeradius server will receive two authentication requests for
> the same User-Name, but will have to return different attributes
> depending on the NAS connecting to it.
>
> So, if it receives a request for [EMAIL PROTECTED] and the request
> packet contains NAS-IP-Address 192.168.100.1 then I know I have
> to reply with some predefined attributes.
>
> Next, if a request comes in again for [EMAIL PROTECTED], but this time
> the NAS-IP-Address attribute is set to something else than 192.168.100.1
> then I need to return another set of Attributes in reply.
>
> I've tried to set two "[EMAIL PROTECTED]" entries in the users file,
> the first having a check list that looks like this:
>
> [EMAIL PROTECTED]  User-Password == "password"
>         Auth-Type := Local,
>         Service-Type = Framed-User
>         ...
>
> and another entry below:
>
> [EMAIL PROTECTED]     NAS-IP-Address == "192.168.100.1", User-Password ==
> "Password"
>       Auth-Type := Local,
>       Service-Type = Outbound-User
>       ...
>
>
> Now, that just don't work. Because the requests are specific
> to a single User-Name, it will always match on the first entry it finds
> in the users file, matching this User-Name.
>
> Is there a way I can tell FreeRadius not to stop his match
> on the first occurence of "[EMAIL PROTECTED]", but carefully inspect
> all values in the checklist ?
>
> At best,
> Would it be possible to have a "catch-all" entry that just watches for
> the NAS-IP-Address 192.168.100.1 and return the proper attributes ?


DEFAULT NAS-IP-Address == "192.168.100.1", Auth-Type := Local
        Service-Type = Outbound-User

DEFAULT Auth-Type := Local
        Service-Type = Framed-User

[EMAIL PROTECTED]       User-Password == "Password"

>
> I want avoid having to run a separate radius server AND also having
> double entries for each user in the users file.
>
> Thank you for your help.
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras         Network Operations Center
[EMAIL PROTECTED]       National Technical University of Athens, Greece
Work Phone:             +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Authentication problem

Reply via email to