Hiya,
Use Client-IP rather than NAS-IP as NAS-IP can be spoofed.
GraemeOn Wed, 2005-06-08 at 15:30 -0700, N White wrote: > Graeme Hinchliffe wrote: > > >Hiya > > perhaps you could do it using huntgroups. > > > > Put the static attributes for the user in the radreply table, then > >assign each nas to a huntgroup, so say > > > >NAS-dynamic > > > > Then in radgroupreply you put the attributes for for dynamic IP > >assignment on the NAS-dynamic, and ensure there is an attribute to > >override the static settings. > > > >not 100% about the overriding of the static IP settings, but would think > >it possible using the assignment ( := ) operator and possibly a null > >value? > > > >Hope thats of some help. > > > > > Do I need to setup a "HuntGroups" field like Mike suggested? Ok, so in > huntgroups file: > > Wireless NAS-IP-Address = (the IP of the Wireless NAS) > Autz-Type = SQL1 (modify radiusd.conf to include > this, and sql.conf like in Mike's post?) > NAS-dynamic NAS-IP-Address = (ip of dialup NAS) > NAS-IP-Address = (ip of isdn NAS) > > in radgroupreply: > > +-------------+--------------------+----+---------------------+-----------+ > | GroupName | Attribute | op | Value | HuntGroup | > +-------------+--------------------+----+---------------------+-----------+ > | Wireless | Service-Type | = | Framed-User | Wireless | > | Wireless | Framed-Protocol | = | PPP | Wireless | > | Wireless | Framed-IP-Address | = | 255.255.255.254 | Wireless | > | Wireless | Framed-IP-Netmask | = | 255.255.255.255 | Wireless | > | Wireless | Framed-Compression | = | Van-Jacobson-TCP-IP | Wireless | > +-------------+--------------------+----+---------------------+-----------+ > All Other users would go into the Dial-Up Group, which would have a HuntGroup > of NAS-dynamic? > > in radreply: > > +-----------+-------------------+-----+---------------+ > | UserName | Attribute | op | Value | > +-----------+-------------------+-----+---------------+ > | test123 | Framed-IP-Address | := | 192.168.2.10 | > +-----------+-------------------+-----+---------------+ > > Now in radgroupcheck do I need a NAS-IP-Address check for each group(or > the wireless group?)? > Thanks for everyone's help. > > -Nick > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ----- Graeme Hinchliffe (BSc) Core Systems Designer Zen Internet (http://www.zen.co.uk/) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005
signature.asc
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
