Is it possible to split authentication and authorizationrequests based on NAS IP?

Tue, 01 Apr 2003 07:34:35 -0800

Title: Is it possible to split authentication and authorization requests based on NAS IP?

I will try to make this as simple to understand as possible. Basically in our production environment we are trying to use our FreeRADIUS server to do authentication for both VPN users (stored in radcheck) and Sprint dialup users. In my radcheck table, I have the typical UserName, Attribute, Value, and op fields, but I also have a lot of user information. My table structure looks like this:

+---------------+-----------------+------+-----+---------------------+----------------+
| Field         | Type            | Null | Key | Default             | Extra          |
+---------------+-----------------+------+-----+---------------------+----------------+
| id            | int(5) unsigned |      | PRI | NULL                | auto_increment |
| UserName      | varchar(64)     |      | MUL |                     |                |
| Attribute     | varchar(16)     |      |     | Password            |                |
| Value         | varchar(253)    |      |     |                     |                |
| op            | char(2)         | YES  |     | :=                  |                |
| Org           | varchar(16)     |      |     |                     |                |
| Name          | varchar(64)     |      |     |                     |                |
| Mail          | varchar(128)    |      |     |                     |                |
| WorkPhone     | varchar(24)     |      |     |                     |                |
| Requestor     | varchar(128)    |      |     |                     |                |
| DateCreated   | datetime        |      |     | 0000-00-00 00:00:00 |                |
| DateUpdated   | datetime        |      |     | 0000-00-00 00:00:00 |                |
| Profile       | varchar(8)      |      |     |                     |                |
| Sprint        | enum('N','Y')   |      |     | N                   |                |
| NewNotice     | enum('N','Y')   |      |     | N                   |                |
| ExpiredNotice | enum('N','Y')   |      |     | N                   |                |
+---------------+-----------------+------+-----+---------------------+----------------+

All VPN authentication requests come from our VPN NAS IP-Address (Static), and Sprint requests come from a totally different NAS IP-Address (Static). I don't want to duplicate data into radcheck, so I was curious if FreeRADIUS has (or is planning to have) the capability (maybe in sql.conf?) to do different queries based on different inbound requests? Maybe a some IF THEN logic which can say if the nas-ip is equal to value then execute authentication_query number 1, else execute authentication_query number 2. Would this be possible to add into your program? If it's already available then please let me know, because I can't seem to get separate queries to work at this moment.


Cordially,
 
Chris DeRamus
OCIO VPN Administrator
Verizon
301-903-2093

Reply via email to