RE: providing IP address depending NAS origin
This is a discussion on RE: providing IP address depending NAS origin within the FreeRADIUS Users forums, part of the Networking and Network Related category; > Hi everybody, >=20 > We are deploying a GPRS Edge architecture with one=20 > router in a ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-29-2005
|
|||
|
|||
RE: providing IP address depending NAS origin
> Hi everybody,
>=20 > We are deploying a GPRS Edge architecture with one=20 > router in a DMZ area with 4 permanent IPSEC tunnels through=20 > our operator. >=20 > When the user is connecting, he should authenticate on the=20 > Freeradius server. >=20 > But the Radius have to provide an IP in a different subnet=20 > depending which NAS=20 > (a GGSN) have emited the request for the client. >=20 > Eg; > If the Auth request comes from GGSN-A, IP address should be in=20 > 192.168.200.0/24 > If the Auth request comes from GGSN-B, IP address should be in=20 > 192.168.201.0/24 >=20 > And, if the ip address could be statically provided depending=20 > the username,=20 > that would be very cool. >=20 > Eg: > If the Auth request comes from GGSN-A for user Joe, IP=20 > address should be=20 > 192.168.200.X (X is the Joe's one) > If the Auth request comes from GGSN-A for user Joe, IP=20 > address should be=20 > 192.168.201.Y (Y is the Toto's one) > > So, is it possible ?=20 > Can you explain me how i can do it, or do you have a link to=20 > something that=20 > can help me ? >=20 > Thank you in advance, > Ben. Ben, I think you can do the following: You can allways receive the IP-Address ot the NAS in the NAS-IP-Address Attribute. You can ( because I've done it ) build an stored procedure on your sql engine and do some if-else structure where you validate your IP Address. If your NAS-IP-Address attribute is IP-A, you return IP address in 192.168.201.0/24. If IP-B, then 192.168.200.0/24. It is easy, believe me. Of course you need to know how to build an stored procedure ... but is piece of cake. for example .... in my mssql.conf I have ....=20 authorize_check_query =3D "rad_authorize_check_query '%{Stripped-User-Name:-%{User-Name}}'" rad_authorize_check_query is an stored procedure. I only provide the username, but inside the storedprocedure I make lots of checks .... do you follow me ???? Hope it helps! Regards, Lucas --=20 No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.11.0 - Release Date: 29/04/2005 =20 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
