Hi all,I've done it in my custom rlm_perl module, in the authorization stage, I look at the Called-Number attribute to see which IP pool and user list I want to use (ie Staff vs Student, in a Uni environment):
It possible to set Auth-Type attribute (at the authorization{} stage) some way other than in users file?
so radiusd.conf:
modules {
perl myperl {
module = "/usr/local/freeradius/myperl.pl"
func_accounting = accounting
func_authentication = authenticate
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
}
ldap {
#ldap stuff in here...
}
unix {
# unix system passwd files setup here..
}
}
authorize {
myperl #refers to module declaration above
}
authenticate {
authtype student {
unix
} authtype staff {
ldap
}
}
And in my perl code... (myperl.pl)
sub authorize {
$RAD_CHECK{"Auth-Type"}="Reject"; # by default Reject...
if ((defined $RAD_REQUEST{"Framed-Protocol"}) && ($RAD_REQUEST{"Framed-Protocol"} eq "PPP")) { #it's dialup...
# this stuff get's sent regardless of which pool it is...
$RAD_REPLY{"Framed-MTU"} = 576;
$RAD_REPLY{"Service-Type"} = "Framed-User";
$RAD_REPLY{"Framed-Protocol"}="PPP";
if ($RAD_REQUEST{"Called-Station-Id"} =~ /6000$/) # Staff Dialup number - ends in 6000
{
$RAD_CHECK{"Auth-Type"}="staff"; # Do Staff authentication - this is 'Auth-Type'
$RAD_REPLY{"Cisco-AVPair"}="ip:addr-pool=staff"; # on a cisco NAS, define an IP pool by name, and the cisco will auto allocate from this pool.
}
elsif
($RAD_REQUEST{"Called-Station-Id"} =~ /6100$/) # student dialup number, ends with 6100
{
$RAD_CHECK{"Auth-Type"}="student"; #do student authentication - this is 'Auth-Type'
$RAD_REPLY{"Cisco-AVPair"}="ip:addr-pool=student";
}
}
if ($RAD_REQUEST{"User-Name"} eq "fred") { #username 'fred' is banned, reject the authorization to do this...
return RLM_MODULE_REJECT;
}
return RLM_MODULE_OK; }
There are other subroutines in the perl module, see 'example.pl' in the src/modules/rlm_perl directory.
BTW All this knowledge, thanks to "aaa.txt", Alan DeKok and Humberto (cheers people, you helped me a lot)
PS E&OE - there could be typos, ie understand this code, don't just copy it.
Mike G
--
-=--=--=--=--=--=--=--=--=--=--=--=--=+-=--=--=--=--=--=--=--=--=--=--=-
,-._|\ Network Administrator | Ph: (+618) 9360 2766
/ .au \ IT Services | Fax: (+618) 9360 6156
x_,--._/ Murdoch University, W.A. | ICQ: 519641
v |SMTP: [EMAIL PROTECTED]
smime.p7s
Description: S/MIME Cryptographic Signature
