On 09/04/2014 07:14 AM, Arya, Manish Kumar wrote:
> I have about 2000 Juniper MX devices in our network, but these
> devices are not having continuous IP addresses. They are scattered in a
> /16 network and frequently more devices are added to this pool.
>
> So I cannot use pattern based handler for this solution. I had thought
> of generating dynamic handler for each IP using _some_ perl script.
You could try this: Group the clients with identifiers and use the
identifier to select the correct Handler. Something like this:
<Handler Client-Identifier=group1>
....
<ClientListLDAP>
...
ClientAttrDef RadiusClientIdentifier, Identifier
...
The value RadiusClientIdentifier value in LDAP for some devices would be
'group1', 'group2' for some others, etc.
You may need to add an attribute in the LDAP schema for setting the
identifier, but I think this would be a better solution than creating
Handlers dynamically.
Thanks,
Heikki
--
Heikki Vatiainen <h...@open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
