On 23/8/2013 9:19 μμ, Arran Cudbard-Bell wrote:
It'll either be in NAS-Port or NAS-Port-ID if the NAS is providing that
information.
Thanks Arran,
It was NAS-Port indeed. Strangely enough, this is not included either in
ldap.attrmap or the freeradius schema. Shouldn't it (and other
attributes missing from ldap.attrmap and freeradius schema but defined
in RFC 2865, like NAS-Port-Type) be included at least in future
FreeRadius releases? Or there is a particular reason for which they were
not included?
In any case, could I include the (desired) NAS-Port value in another
(seemingly unused) attribute of the FreeRadius Schema, like radiusHint
(which -if I understand right- has a suitable syntax: IA5 String), for
which I guess I should also add an entry in ldap.attrmap (because there
is no radiusHint attribute mapping therein), like:
checkItem NAS-Port radiusHint
...and then I could simply use my *exact current configuration* by
simply changing the ldap filter to:
filter =
"(&(macAddress=%{Calling-Station-Id})(radiusNASIpAddress=%{NAS-IP-Address})(radiusHint=%{NAS-Port}))"
...provided that I am storing the NAS (Cisco switch) IP address in
radiusNASIpAddress and radiusHint attributes respectively?
Would you agree in using radiusHint attribute for that purpose? If not,
any other? (I would like to avoid changing the freeradius schema by
adding attributes.)
Thanks and regards,
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
