freeradius


How to configure a freeradius server to require NAS-IP-Address attribute?


I want to configure a freeradius server in the way that an authentication is successful only if NAS-IP-Address attribute is not empty and equals to some specific IP (of course a user name and a password match).
How should I do it? I have tried to read the documentation without success:
http://freeradius.org/rfc/attributes.html
http://freeradius.org/rfc/rfc2865.html#NAS-IP-Address
Sure, there are many ways of doing this.
authorize {
if (!NAS-IP-Address) {
reject
}
if (NAS-IP-Address != 192.168.0.2) {
reject
}
if ("%{sql:SELECT count(*) FROM table WHERE User-Name = '%{User-Name}' AND IP-Address = '%{NAS-IP-Address}'" == 0) {
reject
}
}
In v3.0.x subnet matching is also supported, where < > are reassigned to mean the set operators (< subset of) (> superset of).
if (!(<ipv4prefix>NAS-IP-Address < 192.168.0.0/16)) {
reject
}
NAS-IP-Address = 192.168.0.2
(0) ? if (<ipv4prefix>NAS-IP-Address < 192.168.0.0/16)
(0) ? if (<ipv4prefix>NAS-IP-Address < 192.168.0.0/16) -> TRUE
NAS-IP-Address = 192.169.0.2
(0) ? if (<ipv4prefix>NAS-IP-Address < 192.168.0.0/16)
(0) ? if (<ipv4prefix>NAS-IP-Address < 192.168.0.0/16) -> FALSE

Related Links

how to configure FreeRADIUS to proxy the PAP request inside an EAP-TTLS tunnel
Unable to authorize on FreeRADIUS
how can I configure FreeRADIUS to proxy the PAP request inside an EAP-PEAP-GTC tunnel?
Configure FreeRADIUS to only support EAP TTLS PAP
Freeradius V3 meta-attributes. Check item attributes
Freeradius Crypt-Password authentication
How to get User-Password in inner tunnel from iOS
freeRadius using EAP with custom auth script
How do I validate different users for different SSIDs on a FreeRADIUS server?
FreeRADIUS - how to create a profile for two differnet NAS
Free Radius - Session Timeout, Idle Timeout (disconnecting idle users)
Error from FreeRadius3: No dictionary definition for EAP method md5
Freeradius Unlang Checks against user file
running freeradius on ubuntu 12.04 LTS fails
How to configure a freeradius server to require NAS-IP-Address attribute?
freeradius sqlcounter reply-message and coovachilli

Categories

HOME
xpath
nam
firebase
protocol-buffers
apache-nifi
svn
weblogic12c
apple-push-notifications
focus
paypal-ipn
fogbugz
amp
apache-kafka-connect
impala
stored-procedures
tweepy
static-analysis
port
wine
sap-fiori
circleci
documentum
vimeo
spring-amqp
mailmerge
sonicwall
hidden
cloudsim
msdeploy
cube
social-networking
guice
john-the-ripper
shapeless
spring-rabbitmq
polyml
cups
formsauthenticationticket
ms-dos
unification
assemblies
newtons-method
cloudera-sentry
distributed-caching
robust
git-tfs
reverse-dns
viewmodel
aws-kinesis-firehose
supertest
lightning-workbench
hibernate-ogm
sharpdx
redisson
node-apn
winston
solr-query-syntax
sonatype
aurelia-fetch-client
case-when
alertify
gnucash
taco
webgrind
gdl
msgpack
apache-commons-digester
console.log
shell-extensions
text-align
mutators
tkx
password-recovery
device-admin
back
nidaqmx
otl
box2dweb
network-printers
nachos
prism.js
zend-search-lucene
jms-serializer
mp4parser
ofstream
contextswitchdeadlock
system-requirements
jquery-dialog
chronometer
fbml
microblogging
motodev-studio
eaccelerator
activestate
resharper-5.0
zend-test
yahoo-maps
data-retrieval
rendering-engine

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App