Gene Hinds wrote:
>     I am trying to determine how to have freeradius respond with
> different attributes for a user depending on what device he telnets
> into.

  You key off of the source IP address.  See "man unlang"

        if (Packet-Src-IP-Address == 1.2.3.4) {
                update reply {
                        Reply-Message := "Foo!"
                }
        }

        ...

> If he is a level 1 tech and telnets into a customer router I want
> him to have admin rights but if he telnets into a Core router I want him
> to only have Cisco level 1 access. Since these are naturally different
> attributes the response from freeradius needs to be different depending
> on the routers sending the request. From reading it seems this is
> possible with some rules in possibly the "radcheck" table but I cannot
> fully grasp the concept. 

  I'm not sure that the SQL schema is up to that task.

>     Can someone please give me some direct documentation or
> configuration examples on this issue? I seem to know just just enough to
> get myself in trouble so the more detailed the instructions the better.

  What you can do instead is to abstract the privilege level from the
returned attributes.  e.g. create a schema with <admin, ip, privilege>

  Then do:

        update control {
                Tmp-String-0 = "%{sql: SELECT foo from bar WHERE user = 
%{User-Name} ..."
        }

        switch "%{Tmp-String-0}" {
                case low {
                        update reply {
                                ...
                        }
                }
                case high {
                        update reply {
                                ...
                        }
                }
        }

  Hope that makes sense.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to