subject:"RE\: Different Authentication for several devices\(severalNas\-Ip\-Address\)"

Re: Different Authentication for several devices(severalNas-Ip-Address)

2007-07-23 Thread nicolas

In the USERS file or Pre_Proxy_Users file ?

Thanks !


Nicolas.

Hugh Messenger wrote:
> [EMAIL PROTECTED] said
>   
>> If [ NAS-IP-Address =~ 192.168.48.* ]
>>   Calling-Station-Id = Dev
>> else
>>if [ NAS-IP-Address =~ 192.168.49.* ]
>>Calling-station-id = Prod
>>else
>>Calling-station-id = Any
>>fi
>> fi
>> 
>
> You might try:
>
> DEFAULT NAS-IP-Address =~ "^192\.168\.48\."
>   Calling-Station-Id := Dev
>   Fall-Through = 1
>
> DEFAULT NAS-IP-Address =~ "^192\.168\.48\."
>   Calling-Station-Id := Prod
>   Fall-Through = 1
>
> DEFAULT NAS-IP-Address !~ "^(192\.168\.48\.|192\.168\.49\.)"
>   Calling-Station-Id := Any
>   Fall-Through = 1
>
>-- hugh
>
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>   

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Different Authentication for several devices(severalNas-Ip-Address)

2007-07-23 Thread Hugh Messenger

[EMAIL PROTECTED] said
> If [ NAS-IP-Address =~ 192.168.48.* ]
>   Calling-Station-Id = Dev
> else
>if [ NAS-IP-Address =~ 192.168.49.* ]
>Calling-station-id = Prod
>else
>Calling-station-id = Any
>fi
> fi

You might try:

DEFAULT NAS-IP-Address =~ "^192\.168\.48\."
Calling-Station-Id := Dev
Fall-Through = 1

DEFAULT NAS-IP-Address =~ "^192\.168\.48\."
Calling-Station-Id := Prod
Fall-Through = 1

DEFAULT NAS-IP-Address !~ "^(192\.168\.48\.|192\.168\.49\.)"
Calling-Station-Id := Any
Fall-Through = 1

   -- hugh


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Different Authentication for several devices (severalNas-Ip-Address)

2007-07-23 Thread nicolaskarp


Moreover, i use a proxy because in the huntgroup file, i can't use a CIDR
network just a Host IP.



Selon [EMAIL PROTECTED]:

> OK. If you devices put their IP addresses in Called-Station-Id field
> there is no need to do rewrites. You can use regexp operators to
> controll access as Called-Station-Id attribute is a string.
>
> NAS1   NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.48."
>Dev group(s) in reply
>
> NAS2   NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.49."
>Prod group(s) in reply
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> You can leave this out proxy IP check if all traffic comes over the
> proxy. You might need to escape periods in regexp.
>
> Dana 23/7/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> pi¹e:
>
> >Re-Hello ;-)
> >
> >I search how i can do this but i don't find...
> >
> >I want to do this :
> >
> >If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Dev"
> >else
> >  If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to
> "Prod"
> >  else
> >Do nothing.
> >  fi
> >fi
> >
> >I don't know how check the NAS-IP-ADDRESS attribute and rewrite an other
> >attribute (Calling-Station-ID)..
> >
> >Thank you for your help !!
> >
> >NicolaS.
> >
> >Selon [EMAIL PROTECTED]:
> >
> >> Hello,
> >>
> >> Thank you for your help but I don't understand how you can make it.
> >>
> >> Here my configuration that I try:
> >>
> >> #Replae The Nas-Ip6address by Proxy-IP
> >> attr_rewrite overwrite_nasip {
> >> attribute = "NAS-IP-Address"
> >> searchfor = ".*"
> >> packet= packet
> >> replacewith = "10.28.65.130"
> >> max_matches = 1
> >> }
> >>
> >> # Dev Eqpt : 192.168.48.0/24
> >> attr_rewrite dev_equipment {
> >> attribute = "Calling-Station-Id"
> >> searchfor = ".*"
> >> packet= packet
> >> replacewith = "Dev"  --> Replace String Dev for all Eqpts but not
> for
> >> 192.168.48.0/24!!
> >> max_matches = 1
> >> }
> >>
> >> preproxy {
> >>   files
> >>   overwrite_nasip
> >>   dev_equipment
> >> }
> >>
> >> Here what I want :
> >>
> >> 1.
> >>
> >> If [ NAS-IP-Address =~ 192.168.48.* ]
> >>   Calling-Station-Id = Dev
> >> else
> >>if [ NAS-IP-Address =~ 192.168.49.* ]
> >>Calling-station-id = Prod
> >>else
> >>Calling-station-id = Any
> >>fi
> >> fi
> >>
> >> 2.
> >> the proxy forwards the access-request to the radius server
> >>
> >> 3.
> >> The radius server receives the acces-request
> >>If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
> >>  instance_openldap-Ldap-Group == CiscoDev
> >>else
> >>   If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
> >>  instance_openldap-Ldap-Group == CiscoProd
> >>   else
> >>  instance_openldap-Ldap-Group == CiscoOthers
> >>   fi
> >>fi
> >>
> >> Thank you for your assistance
> >>
> >> Nicolas.
> >>
> >>
> >>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Different Authentication for several devices (severalNas-Ip-Address)

2007-07-23 Thread nicolaskarp

Called-Station-Id isn't equal to Nas-Ip-Address, it equal to the PC where I
initiate telnet Connection.

It's not equal to my Nas-Ip :(

So, i would change the called-station-id to Nas-Ip-Adress and Nas-Ip-Address to
proxy address.

Any idea ?


Selon [EMAIL PROTECTED]:

> OK. If you devices put their IP addresses in Called-Station-Id field
> there is no need to do rewrites. You can use regexp operators to
> controll access as Called-Station-Id attribute is a string.
>
> NAS1   NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.48."
>Dev group(s) in reply
>
> NAS2   NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.49."
>Prod group(s) in reply
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> You can leave this out proxy IP check if all traffic comes over the
> proxy. You might need to escape periods in regexp.
>
> Dana 23/7/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> pi¹e:
>
> >Re-Hello ;-)
> >
> >I search how i can do this but i don't find...
> >
> >I want to do this :
> >
> >If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Dev"
> >else
> >  If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to
> "Prod"
> >  else
> >Do nothing.
> >  fi
> >fi
> >
> >I don't know how check the NAS-IP-ADDRESS attribute and rewrite an other
> >attribute (Calling-Station-ID)..
> >
> >Thank you for your help !!
> >
> >NicolaS.
> >
> >Selon [EMAIL PROTECTED]:
> >
> >> Hello,
> >>
> >> Thank you for your help but I don't understand how you can make it.
> >>
> >> Here my configuration that I try:
> >>
> >> #Replae The Nas-Ip6address by Proxy-IP
> >> attr_rewrite overwrite_nasip {
> >> attribute = "NAS-IP-Address"
> >> searchfor = ".*"
> >> packet= packet
> >> replacewith = "10.28.65.130"
> >> max_matches = 1
> >> }
> >>
> >> # Dev Eqpt : 192.168.48.0/24
> >> attr_rewrite dev_equipment {
> >> attribute = "Calling-Station-Id"
> >> searchfor = ".*"
> >> packet= packet
> >> replacewith = "Dev"  --> Replace String Dev for all Eqpts but not
> for
> >> 192.168.48.0/24!!
> >> max_matches = 1
> >> }
> >>
> >> preproxy {
> >>   files
> >>   overwrite_nasip
> >>   dev_equipment
> >> }
> >>
> >> Here what I want :
> >>
> >> 1.
> >>
> >> If [ NAS-IP-Address =~ 192.168.48.* ]
> >>   Calling-Station-Id = Dev
> >> else
> >>if [ NAS-IP-Address =~ 192.168.49.* ]
> >>Calling-station-id = Prod
> >>else
> >>Calling-station-id = Any
> >>fi
> >> fi
> >>
> >> 2.
> >> the proxy forwards the access-request to the radius server
> >>
> >> 3.
> >> The radius server receives the acces-request
> >>If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
> >>  instance_openldap-Ldap-Group == CiscoDev
> >>else
> >>   If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
> >>  instance_openldap-Ldap-Group == CiscoProd
> >>   else
> >>  instance_openldap-Ldap-Group == CiscoOthers
> >>   fi
> >>fi
> >>
> >> Thank you for your assistance
> >>
> >> Nicolas.
> >>
> >>
> >>
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Different Authentication for several devices (severalNas-Ip-Address)

2007-07-23 Thread tnt

OK. If you devices put their IP addresses in Called-Station-Id field
there is no need to do rewrites. You can use regexp operators to
controll access as Called-Station-Id attribute is a string.

NAS1   NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.48."
   Dev group(s) in reply

NAS2   NAS-IP-Address == proxyIP, Called-Station-Id =~ "^192.168.49."
   Prod group(s) in reply

Ivan Kalik
Kalik Informatika ISP


You can leave this out proxy IP check if all traffic comes over the
proxy. You might need to escape periods in regexp.

Dana 23/7/2007, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše:

>Re-Hello ;-)
>
>I search how i can do this but i don't find...
>
>I want to do this :
>
>If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Dev"
>else
>  If NAS-IP-Address == 192.168.48.0/24 --> Rewrite Calling-station-id to "Prod"
>  else
>Do nothing.
>  fi
>fi
>
>I don't know how check the NAS-IP-ADDRESS attribute and rewrite an other
>attribute (Calling-Station-ID)..
>
>Thank you for your help !!
>
>NicolaS.
>
>Selon [EMAIL PROTECTED]:
>
>> Hello,
>>
>> Thank you for your help but I don't understand how you can make it.
>>
>> Here my configuration that I try:
>>
>> #Replae The Nas-Ip6address by Proxy-IP
>> attr_rewrite overwrite_nasip {
>> attribute = "NAS-IP-Address"
>> searchfor = ".*"
>> packet= packet
>> replacewith = "10.28.65.130"
>> max_matches = 1
>> }
>>
>> # Dev Eqpt : 192.168.48.0/24
>> attr_rewrite dev_equipment {
>> attribute = "Calling-Station-Id"
>> searchfor = ".*"
>> packet= packet
>> replacewith = "Dev"  --> Replace String Dev for all Eqpts but not for
>> 192.168.48.0/24!!
>> max_matches = 1
>> }
>>
>> preproxy {
>>   files
>>   overwrite_nasip
>>   dev_equipment
>> }
>>
>> Here what I want :
>>
>> 1.
>>
>> If [ NAS-IP-Address =~ 192.168.48.* ]
>>   Calling-Station-Id = Dev
>> else
>>if [ NAS-IP-Address =~ 192.168.49.* ]
>>Calling-station-id = Prod
>>else
>>Calling-station-id = Any
>>fi
>> fi
>>
>> 2.
>> the proxy forwards the access-request to the radius server
>>
>> 3.
>> The radius server receives the acces-request
>>If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id == Dev ]
>>  instance_openldap-Ldap-Group == CiscoDev
>>else
>>   If [ Nas-IP-Address == Proxy-IP and Calling-Station-Id = Prod ]
>>  instance_openldap-Ldap-Group == CiscoProd
>>   else
>>  instance_openldap-Ldap-Group == CiscoOthers
>>   fi
>>fi
>>
>> Thank you for your assistance
>>
>> Nicolas.
>>
>>
>>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Different Authentication for several devices(severalNas-Ip-Address)

RE: Different Authentication for several devices(severalNas-Ip-Address)

Re: Different Authentication for several devices (severalNas-Ip-Address)

Re: Different Authentication for several devices (severalNas-Ip-Address)

Re: Different Authentication for several devices (severalNas-Ip-Address)

5 matches

Site Navigation

Mail list logo

Footer information