Hi,
I have about 2000 Juniper MX devices in our network, but these devices are
not having continuous IP addresses. They are scattered in a /16 network and
frequently more devices are added to this pool.
So I cannot use pattern based handler for this solution. I had thought of
generating dynamic handler for each IP using _some_ perl script.
<Handler NAS-IP-Address=/10\.91\.114\.122/>
AuthLog auth_log
AuthBy juniper_auth
</Handler>
Has someone developed configuration for such requirement ?
I am already adding clients from LDAP every 90 min in radius using following, I
want to do something similar for handlers
<ClientListLDAP>
Host 127.0.0.1
Port 389
AuthDN uid=xxxxxxx
AuthPassword xxxxxxx
BaseDN ou=xxxxx
Scope subtree
SearchFilter (|(RadiusClientIp=*)(remoteradiusip=*))
RefreshPeriod 900
ClientAttrDef remoteradiusip,Name
ClientAttrDef remoteradiussecret,Secret
ClientAttrDef RadiusClientip,Name
ClientAttrDef RadiusClientSecret,Secret
ClientAttrDef RadiusClientDupInterval,DupInterval
#Debug 255
</ClientListLDAP>
I cannot use realm criteria because user length cannot exceed 8 char and I
cannot use NAS-identifier as well because this is different for each device
depending upon datacenter, customer and country.
Regards,
-Manish
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
