Hi everyone,
I have a particular authentication problem that I need to solve
quickly, and I need your help... here it is:
First, I am using FreeRadius 0.8.1 with the "users" file.
My freeradius server will receive two authentication requests for
the same User-Name, but will have to return different attributes
depending on the NAS connecting to it.
So, if it receives a request for [EMAIL PROTECTED] and the request
packet contains NAS-IP-Address 192.168.100.1 then I know I have
to reply with some predefined attributes.
Next, if a request comes in again for [EMAIL PROTECTED], but this time
the NAS-IP-Address attribute is set to something else than 192.168.100.1
then I need to return another set of Attributes in reply.
I've tried to set two "[EMAIL PROTECTED]" entries in the users file,
the first having a check list that looks like this:
[EMAIL PROTECTED] User-Password == "password"
Auth-Type := Local,
Service-Type = Framed-User
...
and another entry below:
[EMAIL PROTECTED] NAS-IP-Address == "192.168.100.1", User-Password ==
"Password"
Auth-Type := Local,
Service-Type = Outbound-User
...
Now, that just don't work. Because the requests are specific
to a single User-Name, it will always match on the first entry it finds
in the users file, matching this User-Name.
Is there a way I can tell FreeRadius not to stop his match
on the first occurence of "[EMAIL PROTECTED]", but carefully inspect
all values in the checklist ?
At best,
Would it be possible to have a "catch-all" entry that just watches for
the NAS-IP-Address 192.168.100.1 and return the proper attributes ?
I want avoid having to run a separate radius server AND also having
double entries for each user in the users file.
Thank you for your help.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
