On 23/8/2013 7:25 μμ, Arran Cudbard-Bell wrote:
See ldap_xlathttp://wiki.freeradius.org/modules/Rlm_ldap
Use a query that searches for the value of NAS-IP-Address in the user object in
a custom attribute.
If the query expands to something other than a zero length string, the
attribute exists.
authorize {
if ("%{ldap:<query>}" == '') {
reject
}
}
Thanks Aran,
I'll focus on the 1st part for now.
I understand that the value of NAS-IP-Address (CheckItem) can be checked
against '%{Packet-Src-IP-Address}'. Right?
authorize {
if ("%{ldap:<query>}" == '%{Packet-Src-IP-Address}') {
# accept
update control {
Auth-Type := Accept
}
}
else {
reject
}
}
Is there a way to also check the port of the NAS being used by the host
to connect as well (I guess the NAS should provide this info somehow
during auth)?
Thanks again,
Nick
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html