Private attribute assigned in clients.conf and checked in huntgroups ?

Mon, 03 May 2010 10:08:24 -0700 

Hello freeradius-users,

In many cases, when there is no attributes in request to differenciate
the kind of NAS and if we need to build a reply with NAS-Dependant
(AVPAIR) attributes, the only solution is to affect the huntgroup by
checking again the NAS-IP-Address in preprocessing.

I would like to know if there is anyway to create a private attribute in
clients.conf to assign NAS type for Huntgroup selection ?

I made some checks but My-Nas-Type variable does not seems to be
accessible from within huntgroups as a checkItem.

As we have to manage more than 1000 various NAS, the idea is to have a
configured value in clients.conf to distinguish between different
kinds/manufacturers/models of NAS, to avoid later NAS-IP-Address check
again (it's already done in clients.conf) in Huntgroups, and to be able
to assign the HuntGroup by testing this private attribute.


For example :
dictionnary :
ATTRIBUTE       My-Nas-Type     3000    string

clients.conf :

client c1 {
        ipaddress = 10.1.1.1
        My-Nas-Type     = cisco
        nastype = cisco
}
client c2 {
        ipaddress = 10.1.1.2
        My-Nas-Type = cisco
        nastype = cisco
}
client c3 {
        ipaddress = 10.2.2.2
        My-Nas-Type = netscreen
        nastype = other
}
client c4 {
        ipaddress = 10.3.3.3
        My-Nas-Type = provider1
        nastype = other
}


huntgroups : 

cisco           Service-Type == Login-User, My-Nas-Type == "cisco"
netscreen       Service-Type == Login-User, My-Nas-Type == netscreen
provider1       Service-Type == Login-User, My-Nas-Type == "provider1"

ciscoByIP       NAS-IP-Address == 10.1.1.1, Service-Type == Login-User
ciscoByIP       NAS-IP-Address == 10.1.1.2, Service-Type == Login-User
netscreenByIP   NAS-IP-Address == 10.2.2.2, Service-Type == Login-User
p1ByIP          NAS-IP-Address == 10.3.3.3, Service-Type == Login-User
....

users : 

DEFAULT Huntgroup-Name == ciscogrp, Ldap-Group == "CiscoRW"
        Cisco-AVPair := "shell:priv-lvl=15"
DEFAULT Huntgroup-Name == netscreen Ldap-Group == "All-Admin-RW"
        NS-Admin-Privilege = "All-VSYS-Root-Admin"
DEFAULT Huntgroup-Name == provider1 Ldap-Group == "P1RW"
#Old config
DEFAULT Huntgroup-Name == ciscoByIP, Ldap-Group == "CiscoRW"
DEFAULT Huntgroup-Name == netscreenByIP, Ldap-Group == "All-Admin-RW"
DEFAULT Huntgroup-Name == p1ByIP, Ldap-Group == "P1RW"


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to