RE: Duplicate IPs for Radius Clients with different secrets - allow any client IP?

[Eric Geier]

Thank you for the info, David.

I think the following is an example of how this could work, which I googled:

> client 212.37.57.2 {
>        secret = "%{sql:SELECT secret FROM accesspoints WHERE id =
%{raw:NAS-Identifier}}"
>        shortname = "just one of our example networks"
>}

I'm thinking I could even just have one client entry like this...but set to
allow any IP. Is that possible?

This would prevent me from having to track Internet IP changes among the
multiple offices and locations where these separate WPA-Enterprise networks
will be located at.

Thanks! Eric
> -----Original Message-----
> From: freeradius-users-bounces+me=egeier....@lists.freeradius.org
> [mailto:freeradius-users-bounces+me=egeier....@lists.freeradius.org] On
> Behalf Of wlanmac
> Sent: Wednesday, December 17, 2008 8:42 AM
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Duplicate IPs for Radius Clients with different secrets
> 
> It's easy! Just google for rlm_raw and use it with a SQL xlat rule to
> pick out the shared secret from a database. I have been doing this way
> for years... in FreeRADIUS v1 and v2.
> 
> David
> coova.org
> 
> > Date: Wed, 17 Dec 2008 10:16:17 +0200
> > From: Johan Meiring <jmeir...@pcservices.co.za>
> > Subject: Re: Duplicate IPs for Radius Clients with different secrets
> > To: FreeRadius users mailing list
> >     <freeradius-users@lists.freeradius.org>
> > Message-ID: <4948b551.6030...@pcservices.co.za>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > Eric Geier wrote:
> > >
> > > If I understand what you said, I would only need one IP entry (the
> Internet
> > > IP) in the config file for each location, right?
> > >
> > > Most of these locations will be using dynamic Internet IPs; I'm not
> sure
> > > how'd I keep the config updated. Plus this would make each
> location/network
> > > use the same shared secret among all their APs, which I want to
> prevent.
> > >
> >
> >
> > Alan,
> >
> > The Nas-Identifier being available to dynamic clients will also solve
> > Eric's problem.
> >
> > Any update on when it might be available?
> >
> > Thanks!
> >
> >
> > --
> >
> >
> > Johan Meiring
> > Cape PC Services CC
> > Tel: (021) 883-8271
> > Fax: (021) 886-7782
> >
> >
> 
> 
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.176 / Virus Database: 270.9.19/1853 - Release Date:
> 12/17/2008 8:31 AM

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html