RE: Different user attributes based on NAS-IP-Address?AlsoSuffixwildcards available?
I think you missed the question then. This is a single username, but the return being selective based on NAS. For example: Radreply will reply with an IP of 1.2.0.1 if NAS=1 else it will respond with IP of 1.1.0.1 if NAS=2, else it will respond with an IP of 1.3.0.1 The radcheck would be at the wrong phase to do this. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: 29 March 2006 18:56 To: FreeRadius users mailing list Subject: Re: Different user attributes based on NAS-IP-Address?AlsoSuffixwildcards available? John Mylchreest [EMAIL PROTECTED] wrote: Can you give me an example in SQL please of how I might implement it using this fashion? You put the attribute name, operator, and value into SQL. Is it not just a case of if it passes radcheck, then it will respond with radreply? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes. Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation. ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Different user attributes based on NAS-IP-Address?AlsoSuffixwildcards available?
John Mylchreest [EMAIL PROTECTED] wrote: This is a single username, but the return being selective based on NAS. For example: Radreply will reply with an IP of 1.2.0.1 if NAS=1 else it will respond with IP of 1.1.0.1 if NAS=2, else it will respond with an IP of 1.3.0.1 I'm not sure that the SQL module supports this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available?
Can you give me an example in SQL please of how I might implement it using this fashion? Is it not just a case of if it passes radcheck, then it will respond with radreply? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: 28 March 2006 18:14 To: FreeRadius users mailing list Subject: Re: Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available? John Mylchreest [EMAIL PROTECTED] wrote: When you mean key off the NAS-IP-Address, do you mean like I suggested in my previous example, or a cleaner solution? The NAS-IP-Address can be used as a check item, just like anything else. DEFAULT NAS-IP-Address == 1.2.3.4 Reply-Message = Hello you guy from 1.2.3.4 The same config can be applied to SQL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes. Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation. ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available?
John Mylchreest [EMAIL PROTECTED] wrote: Can you give me an example in SQL please of how I might implement it using this fashion? You put the attribute name, operator, and value into SQL. Is it not just a case of if it passes radcheck, then it will respond with radreply? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Different user attributes based on NAS-IP-Address?AlsoSuffixwildcards available?
How would they work in this case?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan De
Graeve
Sent: 27 March 2006 19:28
To: FreeRadius users mailing list
Subject: RE: Different user attributes based on
NAS-IP-Address?AlsoSuffixwildcards available?
Uh, huntgroups?
J.
-Oorspronkelijk bericht-
Van: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL PROTECTED] Namens John
Mylchreest
Verzonden: maandag 27 maart 2006 15:00
Aan: FreeRadius users mailing list
Onderwerp: RE: Different user attributes based on NAS-IP-Address?
AlsoSuffixwildcards available?
Funnily enough, I asked the very same thing recently. We do it quite
crudely at the moment, but it works.
We add an nshortname field to radreply/anything else necessary, and in
sql.conf we link it to the user reply. Ie:
Something like this would work:
authorize_reply_query = SELECT
radreply.id,UserName,Attribute,Value,Op
FROM radreply, nas WHERE Username = '%{SQL-User-Name}' AND nas.ipaddr
=
%{Client-IP-Address}' AND (radreply.nshortname = nas.shortname OR
radreply.nshortname is NULL) ORDER BY id
If you find any cleaner solution using the default schema, I would
LOVE to
hear about it, since that's the problem/task I'm currently facing.
-Original Message-
From: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-
[EMAIL PROTECTED] On Behalf
Of
Andy Coates
Sent: 27 March 2006 13:35
To: freeradius-users@lists.freeradius.org
Subject: Different user attributes based on NAS-IP-Address? Also
Suffixwildcards available?
Hey,
Is this even possible?
The basic problem is that I have 2 devices that will use the same
username.
For example, one device handles dialup, one handles DSL. I'd like the
user
to have the same username, and depending on the NAS sending the
request
the
correct IP/Netmask would be returned.
I've setup huntgroups for the NAS, and can match them in various
setups in
the users file - but this only seems like it would work for group
based
attributes (i.e. common fields). Returning unique fields for each
user
based on the NAS-IP-Address doesn't seem possible?
That aside, does anyone know if its possible to use wildcards with
Suffix
when stripping usernames? I've tried @* or @*.domain.com and it
doesn't
seem to match :(
Thanks in advance,
Andy.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Communications on or through ioko's computer systems may be monitored
or
recorded to secure effective system operation and for other lawful
purposes.
Unless otherwise agreed expressly in writing, this communication is to
be
treated as confidential and the information in it may not be used or
disclosed except for the purpose for which it has been sent. If you
have
reason to believe that you are not the intended recipient of this
communication, please contact the sender immediately. No employee is
authorised to conclude any binding agreement on behalf of ioko with
another party by e-mail without prior express written confirmation.
ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights
reserved.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Communications on or through ioko's computer systems may be monitored or
recorded to secure effective system operation and for other lawful purposes.
Unless otherwise agreed expressly in writing, this communication is to be
treated as confidential and the information in it may not be used or disclosed
except for the purpose for which it has been sent. If you have reason to
believe that you are not the intended recipient of this communication, please
contact the sender immediately. No employee is authorised to conclude any
binding agreement on behalf of ioko with another party by e-mail without prior
express written confirmation.
ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available?
The NAS-IP-Address can be used as a check item, just like anything else. DEFAULT NAS-IP-Address == 1.2.3.4 Reply-Message = Hello you guy from 1.2.3.4 The same config can be applied to SQL. But not with the current dialup_admin IIRC you have to put it in manually not? J. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Different user attributes based on NAS-IP-Address? AlsoSuffixwildcards available?
Uh, huntgroups?
J.
-Oorspronkelijk bericht-
Van: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-users-
[EMAIL PROTECTED] Namens John
Mylchreest
Verzonden: maandag 27 maart 2006 15:00
Aan: FreeRadius users mailing list
Onderwerp: RE: Different user attributes based on NAS-IP-Address?
AlsoSuffixwildcards available?
Funnily enough, I asked the very same thing recently. We do it quite
crudely at the moment, but it works.
We add an nshortname field to radreply/anything else necessary, and in
sql.conf we link it to the user reply. Ie:
Something like this would work:
authorize_reply_query = SELECT
radreply.id,UserName,Attribute,Value,Op
FROM radreply, nas WHERE Username = '%{SQL-User-Name}' AND nas.ipaddr
=
%{Client-IP-Address}' AND (radreply.nshortname = nas.shortname OR
radreply.nshortname is NULL) ORDER BY id
If you find any cleaner solution using the default schema, I would
LOVE to
hear about it, since that's the problem/task I'm currently facing.
-Original Message-
From: freeradius-users-
[EMAIL PROTECTED]
[mailto:freeradius-
[EMAIL PROTECTED] On Behalf
Of
Andy Coates
Sent: 27 March 2006 13:35
To: freeradius-users@lists.freeradius.org
Subject: Different user attributes based on NAS-IP-Address? Also
Suffixwildcards available?
Hey,
Is this even possible?
The basic problem is that I have 2 devices that will use the same
username.
For example, one device handles dialup, one handles DSL. I'd like the
user
to have the same username, and depending on the NAS sending the
request
the
correct IP/Netmask would be returned.
I've setup huntgroups for the NAS, and can match them in various
setups in
the users file - but this only seems like it would work for group
based
attributes (i.e. common fields). Returning unique fields for each
user
based on the NAS-IP-Address doesn't seem possible?
That aside, does anyone know if its possible to use wildcards with
Suffix
when stripping usernames? I've tried @* or @*.domain.com and it
doesn't
seem to match :(
Thanks in advance,
Andy.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Communications on or through ioko's computer systems may be monitored
or
recorded to secure effective system operation and for other lawful
purposes.
Unless otherwise agreed expressly in writing, this communication is to
be
treated as confidential and the information in it may not be used or
disclosed except for the purpose for which it has been sent. If you
have
reason to believe that you are not the intended recipient of this
communication, please contact the sender immediately. No employee is
authorised to conclude any binding agreement on behalf of ioko with
another party by e-mail without prior express written confirmation.
ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights
reserved.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
